GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OpenXPKI::Server::API2::Plugin::Cert::private_key(3) User Contributed Perl Documentation OpenXPKI::Server::API2::Plugin::Cert::private_key(3)

OpenXPKI::Server::API2::Plugin::Cert::private_key

returns an ecrypted private key for a certificate if the private key was generated on the CA during the certificate request process.

Parameters are the same as for convert_private_key except that private_key must not be passed but is read from the datapool and cert_identifier is mandatory.

expects a private key and converts it into another format. If a bundle with certificates is requested (PKCS12, JKS), the certificate to use as the end entity certificate must be given via identifier or as first element of chain.

format - the output format
Enforces AES-256-CBC for key and certificate encryption, this is the default format in OpenSSL 3.0 and should work on most recent systems.
Enforces PBE-SHA1-3DES (key) and PBE-SHA1-RC2-40 (certificate). Should work on most aged systems but does NOT work on modern systems where RC2 is deprecated / prevented due to security reasons.
Do not pass any options to OpenSSL and use the default format. This is considered dangerous as changes in the system environment might affect the format of your generated containers.
  • password - the private key password

    Password that was used when the key was generated.

  • passout - the password for the exported key, default is PASSWORD

    The password to encrypt the exported key with, if empty the input password is used.

    This option is only supported with format OPENSSL_PRIVKEY, PKCS12 and JKS!

  • nopasswd

    If set to a true value, the key is exported without a password!. You must also set passout to the empty string.

  • identifier

    the identifier of the certificate to merge into the export file. The output file will contain also certificates of the chain, with or without root weather keeproot is set. Only used with JKS or PKCS12 export format.

  • keeproot

    Boolean, when set the root certifcate is included in the keystore. Only used when identifier is set to export PKCS12 or Java Keystore.

  • chain

    A PEM encoded list of certificates to be merged into the output file. Only used with JKS or PKCS12 export format, content is used "as is" and concatenated to the chain retrieved from identifier/keeproot.

    If identifier is not set, the first certificate of the chain must match the private key.

  • alias

    String to set as alias for the key/certificate for JKS or PKCS12.

  • csp

    String, write name as a Microsoft CSP name (PKCS12 only)

If the input password does not decrypt the private key, an exception is thrown.

Checks whether a corresponding CA-generated private key exists for the given certificate identifier (named parameter IDENTIFIER). Returns true if there is a private key, false otherwise.

Gets a private key from the database for a given certificate identifier by looking up the CSR serial of the certificate and extracting the private_key from the datapool. Returns undef if no key is available.

2025-07-15 perl v5.40.2
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.