Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OpenXPKI::Server:OpenXUser:ContributedkPerl:Documentationols::RenderSubject(3)

Name
       OpenXPKI::Server::Workflow::Activity::Tools::RenderSubject;

Description
       Take the	input parameters provided by the ui and	render the subject and
       subject alternative according to	the profiles template definition.  The
       SAN part	is made	up from	two seperate sources:

   templated SAN entries
       Define template fields in the ui.subject	section	of you profile and use
       them in the rendering information in subject.san	the same way you do
       for the subject.

       Example:

	 ui:
	   subject:
	   - hostname
	   - hostname2
	   - port

	 subject:
	   dn: CN=[% hostname %][% IF port AND port != 443 %]:[% port %][% END %],DC=Test Deployment,DC=OpenXPKI,DC=org
	   san:
	     dns:
	     - "[% hostname %]"
	     - "[% FOREACH entry = hostname2 %][% entry	%]|[% END %]"

       This will end up	with a certificate which has the hostname as CN	and
       additionally copied to the SAN. A second	hostname is also put into the
       SAN section, empty or duplicate values are purged, in case that
       hostname2 is an array (multi input field), you need to use a foreach
       loop and	end each entry with the	pipe symbol |. Hint: The foreach loop
       automagically degrades if the given value is a scalar or	even undef, so
       use foreach whenever a list is possible.

       Templated entries are displayed to the user during request but can not
       be removed by the user.

   free	SAN entries
       To enable free SAN entries add a	section	ui.san next to you ui.subject.
       The form	fields MUST have a key that fits any of	the allowed SAN	items
       (e.g DNS, IP, OID) and the value	must be	given in the approriate	format
       for this	item.  The users input is mapped without further templating to
       the san section of the certificate (duplicate items and and
       leading/trailing	whitespace are removed).

       Note: If	you upload a PKCS10 request having SANs, those ones that match
       the available type are prefilled. Items that do not match a defined
       type are	discarded.

       Example:

	  # In the style definition
	  ui:
	    san:
	       - san_dns
	       - san_ip

	  # In the template section
	  template:
	    san_dns:
	      id: dns
	      label: I18N_OPENXPKI_SAN_DNS
	      description: I18N_OPENXPKI_SAN_DNS_DESCRIPTION
	      type: freetext
	      width: 40
	      min: 0
	      max: 20

	   san_ip:
	      id: ip
	      label: I18N_OPENXPKI_SAN_IP
	      description: I18N_OPENXPKI_SAN_IP_DESCRIPTION
	      type: freetext
	      width: 15
	      min: 0
	      max: 20

       The above code will present the user up to 20 fields each to enter IPs
       or DNS names. Each entry	will show up "as is" as	a single san entry.

Configuration
   Activity Parameters
       cert_profile
	   Determines the used profile,	has priority over context key.

       cert_subject_style
	   Determines the used profile substyle, has priority over context
	   key.

   context values
       cert_subject_parts
	   The main subject parameters,	used for rendering the subject dn and
	   in template mode for	the san. The "cert_subject_" prefix is removed
	   from	the keys name.

       cert_profile (deprecated, use activity parameter)
	   Determines the used profile,	activity parameter has priority!

       cert_subject_style (deprecated, use activity parameter)
	   Determines the used profile substyle, activity parameter has
	   priority!

       cert_subject
	   Holds the result for	the subject.

       cert_subject_alt_name
	   Holds the result for	the san	section.

perl v5.24.1	 OpenXPKI::Server::Workflow::Activity::Tools::RenderSubject(3)

Name | Description | Configuration

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Server::Workflow::Activity::Tools::RenderSubject&sektion=3&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help