Name

OpenXPKI::Server::Workflow::Activity::Tools::ParseCertificate

Description

Take a PEM encoded certificate and extract information to the context.

pem: The PEM formatted certificate. If the input string consists of multiple concatenated PEM blocks, the first one is used, the remainder discarded.
subject_prefix: Prefix for context output keys to write the subject information into (cert_subject_parts, cert_san_parts, cert_subject_alt_name). Default is cert_.

Prefix for the subject parts can be changed by setting subject_prefix.

cert_subject: The extracted subject as string (comma seperated)
cert_identifier: The OpenXPKI identifier calculated from the certificate.
cert_issuer: The issuer dn as string.
cert_subject_key_identifier: The key identifier of the used public key, Hex with uppercased letters. The format is identical to the return value of the API method get_key_identifier_from_data and the format used in the certificates table.
notbefore / notafter: Validity dates of the certificate as epoch
serial: The serialnumber in integer notation
<prefix>_subject_parts: Contains the parsed DN as key-value pairs where the key is the shortname of the component (e.g: OU) and the value is an array of values found. Note that any component is an array even if it has only one item.
<prefix>_subject_alt_name: All SAN items as nested array list. Each item of the list is a two item array with name and value of one SAN item. The names are given as required to build then openssl extension file (otherName, email, DNS, dirName, URI, IP, RID).