GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OpenXPKI::Server::Workflow::Activity::Tools::RenderSubject(3) User Contributed Perl Documentation OpenXPKI::Server::Workflow::Activity::Tools::RenderSubject(3)

OpenXPKI::Server::Workflow::Activity::Tools::RenderSubject;

Take the input parameters provided by the ui and render the subject and subject alternative according to the profiles template definition. The SAN part is made up from two seperate sources:

Define template fields in the ui.subject section of you profile and use them in the rendering information in subject.san the same way you do for the subject.

Example:

  ui:
    subject:
    - hostname
    - hostname2
    - port

  subject:
    dn: CN=[% hostname %][% IF port AND port != 443 %]:[% port %][% END %],DC=Test Deployment,DC=OpenXPKI,DC=org
    san:
      dns:
      - "[% hostname %]"
      - "[% FOREACH entry = hostname2 %][% entry %]|[% END %]"

This will end up with a certificate which has the hostname as CN and additionally copied to the SAN. A second hostname is also put into the SAN section, empty or duplicate values are purged, in case that hostname2 is an array (multi input field), you need to use a foreach loop and end each entry with the pipe symbol |. Hint: The foreach loop automagically degrades if the given value is a scalar or even undef, so use foreach whenever a list is possible.

Templated entries are displayed to the user during request but can not be removed by the user.

To enable free SAN entries add a section ui.san next to you ui.subject. The form fields MUST have a key that fits any of the allowed SAN items (e.g DNS, IP, OID) and the value must be given in the approriate format for this item. The users input is mapped without further templating to the san section of the certificate (duplicate items and and leading/trailing whitespace are removed).

Note: If you upload a PKCS10 request having SANs, those ones that match the available type are prefilled. Items that do not match a defined type are discarded.

Example:

   # In the style definition
   ui:
     san:
        - san_dns
        - san_ip

   # In the template section
   template:
     san_dns:
       id: dns
       label: I18N_OPENXPKI_SAN_DNS
       description: I18N_OPENXPKI_SAN_DNS_DESCRIPTION
       type: freetext
       width: 40
       min: 0
       max: 20

    san_ip:
       id: ip
       label: I18N_OPENXPKI_SAN_IP
       description: I18N_OPENXPKI_SAN_IP_DESCRIPTION
       type: freetext
       width: 15
       min: 0
       max: 20

The above code will present the user up to 20 fields each to enter IPs or DNS names. Each entry will show up "as is" as a single san entry.

cert_profile
Determines the used profile, has priority over context key.
cert_subject_style
Determines the used profile substyle, has priority over context key.

cert_subject_parts
The main subject parameters, used for rendering the subject dn and in template mode for the san. The "cert_subject_" prefix is removed from the keys name.
cert_profile (deprecated, use activity parameter)
Determines the used profile, activity parameter has priority!
cert_subject_style (deprecated, use activity parameter)
Determines the used profile substyle, activity parameter has priority!
cert_subject
Holds the result for the subject.
cert_subject_alt_name
Holds the result for the san section.
2022-05-14 perl v5.32.1

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.