FreeBSD Manual Pages
OpenXPKI::SeOpenXPKI::UsereContributed:PerliDocumentationPublishCertificate(3) Name OpenXPKI::Server::Workflow::Activity::Tools::PublishCertificate Description This class publishes a single certificate based on the publishing information associated with the certificate profile or a given prefix. The certificate is identified by the parameter cert_identifier which can be set in the action definition. If unset, the class falls back to the context value of cert_identifier. Publication by Profile The publishing information is read from the connector at profile.<profile name>.publish which must be a list of names (scalar is also ok). If the node does not exists, profile.default.publish is used. Each name is expanded to the path publishing.entity.<name> which must be a connector reference. The publication target is taken from the parameter publish_key or defaults to the certificates common name (CN attribute parsed from the final subject). The data portion contains a hash ref with the keys pem, der and subject (full dn of the cert). Note: if the evaluation of publish_key is empty but defined, the publication is stopped. Un-Publish If you set unpublish to a true value, the list of connectors is read from the configuration at profile.<profile name>.unpublish (or profile.default.unpublish). The data portion is extended by the fields revocation_time, reason_code and invalidity_time. Fields are present even for non-revoked certificates. Publication without Profile Instead of reading the publication targets from the profile you can point the activity directly to a list of connectors setting prefix to the base path of a hash. Each key is the internal name of the target, the value must be a connector reference. If unpublish is set, the extra fields in data hash are present but the list of targets remains the same. Configuration Set the wanted connector names in the certificates profile: publish: - extldap - exthttp Define the connector references and implementations in publishing.yaml entity: extldap@: connector: publishing.connectors.ext-ldap exthttp@: connector: publishing.connectors.ext-http connectors: ext-ldap: class: Connector::Proxy::Net::LDAP::Single LOCATION: ldap://localhost:389 .... Activity parameters prefix Enables publishing to a fixed set of connectors, disables per profile settings. cert_identifier Set the identifier of the cert to publish, optional, default is the value of the context key cert_identifier. publish_key The value to be used as key for the publication call, optional. E.g. to publish using the context value with key "user_email" set this to "$user_email". unpublish Boolean, adds revocation information and changes config node to read targets. export_context Boolean, if set the full context is passed to the connector in the third argument. on_error Define what to do on problems with the publication connectors. One of: exception (default) The connector exception bubbles up and the workflow terminates. skip Skip the publication target and continue with the next one. queue Similar to skip, but failed targets are added to a queue. As long as the queue is not empty, pause/wake_up is used to retry those targets with the retry parameters set. This obvioulsy requires retry_count to be set. perl v5.32.0OpenXPKI::Server::Workflow::Activity::Tools::PublishCertificate(3)
Name | Description | Configuration
Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Server::Workflow::Activity::Tools::PublishCertificate&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>