GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OpenXPKI::Server::NICE::Local(3) User Contributed Perl Documentation OpenXPKI::Server::NICE::Local(3)

OpenXPKI::Server::NICE::Local

This module implements the OpenXPKI NICE Interface using the local crypto backend

The module does not require any configuration options but some advanced features can be enabled via the nice config item.

Boolean, assign a monotonic sequence id to each revocation request and use it to issue CRLs. This is required for synchronisation when using RA/CA split and enables reproducible CRL builds.

Issues a certitficate, will autodetect the most current ca for the requested profile. Issuer can be enforced by passing the issuer alias as second parameter, the certificates validity will be tailored to fit into the CA validity window.

Takes only the key information from the pkcs10 and requires subject, SAN and validity to be given as context parameters.

Currently only an alias for issueCertificate

Set the status field of the certificate table to "CRL_ISSUANCE_PENDING". If use_revocation_id is on, also sets the revocation_id to the next available serial. In case two revocations are processed at the same time the query will either wait for a database lock or the transaction will fail on commit depending on your database isolation level.

Queries the certifictes status from the local certificate datasbase. Returns 0 if the certificate is not revoked, for revoked certificates returns the value of revocation_id or 1 if use_revocation_id is off.

Creates a crl for the given ca and pushes it into the database for publication. Incremental CRLs are not supported.

The first parameter must be the ca-alias, the second parameter is as hash with options:

the profile definition to use
OpenXPKI::DateTime relative date, overrides the profile validity.
not supported yet.
List of reason codes to be included in the CRL (CRL Scope), default is to include all reason codes.
Boolean, if set, only certifcates with a notafter greater than now are included in the CRL, by default the CRL also lists expired certificates.

See OpenXPKI::Server::NICE::Role::KeyGenerationLocal

See OpenXPKI::Server::NICE::Role::KeyInDataPool

not implemented. returns undef.

2025-07-15 perl v5.40.2
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.