Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages
OpenXPKI::Crypto::Backend::OpenSSL::Config(3) User Contributed Perl Documentation OpenXPKI::Crypto::Backend::OpenSSL::Config(3)


This module was designed to create an OpenSSL configuration on the fly for the various operations of OpenXPKI. The module support the following different section types:
- general OpenSSL configuration
- engine configuration
- new OIDs
- CA configuration
- CRL extension configuration
- certificate extension configuration
- CRL distribution points
- subject alternative names

- new
- set_engine
- set_profile
- set_crl_items
This method prepares the OpenSSL-specific representation of the certificate database (index.txt). The method expects an arrayref containing a list of all certificates to revoke.

Each item in the array must be an array with one or more elements:

  • certificate serial number, either binary or as hex prefixed with 0x
  • time of revocation (epoch)
  • reason_code
  • time of invalidity (epoch)

The first argument is mandatory, all other element can be empty or even left out.

If a revocation time is specified, it is used as the revocation timestamp in the generated CRL. The timestamp is specified in seconds since epoch.

The reason code is accepted literally. It should be one of 'unspecified', 'keyCompromise', 'CACompromise', 'affiliationChanged', 'superseded', 'cessationOfOperation',

The reason codes 'certificateHold', 'removeFromCRL'.

are currently not handled correctly and should be avoided. However, they will currently simply be passed in the CRL which may not have the desired result.

If the reason code is incorrect, a warning is logged and the reason code is set to 'unspecified' in order to make sure the certificate gets revoked at all.

Invalidity timestamp is only used in conjunction with a reason code of keyCompromise. The timestamp is specified in seconds since epoch.

- dump
- get_config_filename

my $profile = OpenXPKI::Crypto::Backend::OpenSSL::Config->new ( { TMP => '/tmp', }); $profile->set_engine($engine); $profile->set_profile($crl_profile); $profile->dump(); my $conf = $profile->get_config_filename(); ... execute an OpenSSL command with "-config $conf" ... ... or execute an OpenSSL command with "OPENSSL_CONF=$conf openssl" ...

OpenXPKI::Crypto::Profile::Base, OpenXPKI::Crypto::Profile::CRL, OpenXPKI::Crypto::Profile::Certificate and OpenXPKI::Crypto::Backend::OpenSSL
2022-05-14 perl v5.32.1

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.