Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help


       This class publishes a single certificate based on the publishing
       information associated with the certificate profile or a	given prefix.
       The certificate is identified by	the parameter cert_identifier which
       can be set in the action	definition. If unset, the class	falls back to
       the context value of cert_identifier.

   Publication by Profile
       The publishing information is read from the connector at
       profile.<profile	name>.publish which must be a list of names (scalar is
       also ok). If the	node does not exists, profile.default.publish is used.
       Each name is expanded to	the path publishing.entity.<name> which	must
       be a connector reference. The publication target	is taken from the
       parameter publish_key or	defaults to the	certificates common name (CN
       attribute parsed	from the final subject). The data portion contains a
       hash ref	with the keys pem, der and subject (full dn of the cert).

       Note: if	the evaluation of publish_key is empty but defined, the
       publication is stopped.

       If you set unpublish to a true value, the list of connectors is read
       from the	configuration at profile.<profile name>.unpublish (or

       The data	portion	is extended by the fields revocation_time, reason_code
       and invalidity_time. Fields are present even for	non-revoked

   Publication without Profile
       Instead of reading the publication targets from the profile you can
       point the activity directly to a	list of	connectors setting prefix to
       the base	path of	a hash.	Each key is the	internal name of the target,
       the value must be a connector reference.

       If unpublish is set, the	extra fields in	data hash are present but the
       list of targets remains the same.

       Set the wanted connector	names in the certificates profile:

	   - extldap
	   - exthttp

       Define the connector references and implementations in publishing.yaml

	     extldap@: connector: publishing.connectors.ext-ldap
	     exthttp@: connector: publishing.connectors.ext-http

	     class: Connector::Proxy::Net::LDAP::Single
	     LOCATION: ldap://localhost:389

   Activity parameters
	   Enables publishing to a fixed set of	connectors, disables per
	   profile settings.

	   Set the identifier of the cert to publish, optional,	default	is the
	   value of the	context	key cert_identifier.

	   The value to	be used	as key for the publication call, optional.
	   E.g.	to publish using the context value with	key "user_email" set
	   this	to "$user_email".

	   Boolean, adds revocation information	and changes config node	to
	   read	targets.

	   Boolean, if set the full context is passed to the connector in the
	   third argument.

	   Define what to do on	problems with the publication connectors. One

	   exception (default)
	       The connector exception bubbles up and the workflow terminates.

	       Skip the	publication target and continue	with the next one.

	       Similar to skip,	but failed targets are added to	a queue. As
	       long as the queue is not	empty, pause/wake_up is	used to	retry
	       those targets with the retry parameters set. This obvioulsy
	       requires	retry_count to be set.

perl v5.32.0OpenXPKI::Server::Workflow::Activity::Tools::PublishCertificate(3)

Name | Description | Configuration

Want to link to this manual page? Use this URL:

home | help