GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OpenXPKI::Server::NICE::Local(3) User Contributed Perl Documentation OpenXPKI::Server::NICE::Local(3)

OpenXPKI::Server::NICE::Local

This module implements the OpenXPKI NICE Interface using the local crypto backend

The module does not require any configuration options but some advanced features can be enabled via the nice config item.

auth.use_revocation_id
Boolean, assign a monotonic sequence id to each revocation request and use it to issue CRLs. This is required for synchronisation when using RA/CA split and enables reproducible CRL builds.

Issues a certitficate, will autodetect the most current ca for the requested profile. Issuer can be enforced by passing the issuer alias as second parameter, the certificates validity will be tailored to fit into the CA validity window.

Takes only the key information from the pkcs10 and requires subject, SAN and validity to be given as context parameters.

Currently only an alias for issueCertificate

Set the status field of the certificate table to "CRL_ISSUANCE_PENDING". If use_revocation_id is on, also sets the revocation_id to the next available serial. In case two revocations are processed at the same time the query will either wait for a database lock or the transaction will fail on commit depending on your database isolation level.

Queries the certifictes status from the local certificate datasbase. Returns 0 if the certificate is not revoked, for revoked certificates returns the value of revocation_id or 1 if use_revocation_id is off.

Creates a crl for the given ca and pushes it into the database for publication. Incremental CRLs are not supported.

The first parameter must be the ca-alias, the second parameter is as hash with options:

crl_profile (optional)
the profile definition to use
crl_validity
OpenXPKI::DateTime relative date, overrides the profile validity.
delta_crl
not supported yet.
reason_code
List of reason codes to be included in the CRL (CRL Scope), default is to include all reason codes.
remove_expired
Boolean, if set, only certifcates with a notafter greater than now are included in the CRL, by default the CRL also lists expired certificates.

Calls the local API method generate_key, input parameters are "drop in" compatible to the Tools::GenerateKey activity. The return value is a hash:
pkey
The PEM encoded private key, including header/footer lines
pubkey
The base64 encoded public key (no line breaks or headers)
key_id
The key identifier, sha1 hash (uppercase hex) of pubkey, same format as subject_key_id of PKCS10 and x509 classes.

Loads the private key from the datapool based on the used key_id.

not implemented. returns undef.
2022-05-14 perl v5.32.1
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.