GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  OPENXPKI::SERVER::WORKFLOW::ACTIVITY::TOOLS::RENDERSUBJECT (3)

.ds Aq ’

Name

OpenXPKI::Server::Workflow::Activity::Tools::RenderSubject;

CONTENTS

Description

Take the input parameters provided by the ui and render the subject and subject alternative according to the profiles template definition. The SAN part is made up from two seperate sources:

    templated SAN entries

Define template fields in the ui.subject section of you profile and use them in the rendering information in subject.san the same way you do for the subject.

Example:



  ui:
    subject:
    - hostname
    - hostname2
    - port

  subject:
    dn: CN=[% hostname %][% IF port AND port != 443 %]:[% port %][% END %],DC=Test Deployment,DC=OpenXPKI,DC=org
    san:
      dns:
      - "[% hostname %]"
      - "[% FOREACH entry = hostname2 %][% entry %]|[% END %]"



This will end up with a certificate which has the hostname as CN and additionally copied to the SAN. A second hostname is also put into the SAN section, empty or duplicate values are purged, in case that hostname2 is an array (multi input field), you need to use a foreach loop and end each entry with the pipe symbol |. Hint: The foreach loop automagically degrades if the given value is a scalar or even undef, so use foreach whenever a list is possible.

Templated entries are displayed to the user during request but can not be removed by the user.

    free SAN entries

To enable free SAN entries add a section ui.san next to you ui.subject. The form fields MUST have a key that fits any of the allowed SAN items (e.g DNS, IP, OID) and the value must be given in the approriate format for this item. The users input is mapped without further templating to the san section of the certificate (duplicate items and and leading/trailing whitespace are removed).

Note: If you upload a PKCS10 request having SANs, those ones that match the available type are prefilled. Items that do not match a defined type are discarded.

Example:



   # In the style definition
   ui:
     san:
        - san_dns
        - san_ip

   # In the template section
   template:
     san_dns:
       id: dns
       label: I18N_OPENXPKI_SAN_DNS
       description: I18N_OPENXPKI_SAN_DNS_DESCRIPTION
       type: freetext
       width: 40
       min: 0
       max: 20

    san_ip:
       id: ip
       label: I18N_OPENXPKI_SAN_IP
       description: I18N_OPENXPKI_SAN_IP_DESCRIPTION
       type: freetext
       width: 15
       min: 0
       max: 20



The above code will present the user up to 20 fields each to enter IPs or DNS names. Each entry will show up as is as a single san entry.

    context values

cert_subject_parts The main subject parameters, used for rendering the subject dn and in template mode for the san. The cert_subject_ prefix is removed from the keys name.
cert_profile Determines the used profile.
cert_subject_style Determines the used profile substyle-
cert_subject Holds the result for the subject.
cert_subject_alt_name Holds the result for the san section.
Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 OPENXPKI::SERVER::WORKFLOW::ACTIVITY::TOOLS::RENDERSUBJECT (3) 2016-04-03

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.