Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages
OpenXPKI::Server::Workflow::Activity::Tools::CertificateExport(3) User Contributed Perl Documentation OpenXPKI::Server::Workflow::Activity::Tools::CertificateExport(3)


Create a text export for a certificate using a template. The export file can contain the chain and private key.

The cert to be exported.
The PEM encoded private key, protected by the given key_password. Mandatory if the private key can not be found in the datapool.
export_format, optional
Only used in plain export mode (no template and no key export), defines the format of the certificate to be written into the target_key. The default is to export the PEM encoded certificate.
Exports the certificate as PEM block
Exports the certificate in DER format as binary! Will obey the base64 flag.
Create a PKCS7 bundle including the issuer chain, will contain the root certificate if include_root_cert is set.
Same as PKCS7 but the output is the raw binary DER encoding, will obey the base64 flag.
Same as PKCS7 but the certificates are exported into the context as array of PEM encoded blocks. The entity certificate is the first item.
A template toolkit string or, in conjunction with template_dir, the name of a template file to be used to render the output. Will override export_format.

The parser is called with six parameters. Certificates are PEM encoded, keys might be in binary format, depending on the key_format parameter!

The cert_identifier
The PEM encoded certificate.
The subject of the certificate
The PEM encoded root certificate, might be empty if the chain can not be completed.
The private key, requires the key_password to be set to the correct value. Obviously, keys are only available if created or imported.
An ARRAY of PEM encoded intermediates, might be empty.
Optional, if set then template is considered to be a filename in template_dir that contains the template string.
The password which was used to persist the key, also used for encrypting the exported key if export_password is not set.
key_format, optional
@see OpenXPKI::Server::API2::Plugin::Cert::private_key
export_password, optional
Encrypt the key with this password instead of the input password. Ignored if empty, to export unencrypted, you must also set the unencrypted flag.
unencrypted, optional
Set this to a boolean true value AND set export_password to the empty string to export the key unencrypted.
alias, optional
For PKCS12 sets the so called "friendly name" for the certificate. For Java Keystore sets the keystore alias. Parameter is ignored for any other key types.
include_root_cert, optional
Only valid with PKCS12, JavaKeyStore or Bundle/PKCS7 format. If set to a true value, the root certificate will be included in the output. Warning: Root certificates should be distributed and validated with a defined process and not as a "drive-by"! Enable this only if you are sure about the implications.
Boolean, if true the activity will throw an exception if the private key could not be restored (which usually means that the wrong password was provided). If false/not set, the target_key is just empty on error.
target_key, optional
The context key to write the result to, default is certificate_export. Note: If you export a key and use a persisted workflow, this will leave the (password protected) key readable in the context forever.
base64, optional
Boolean, if set the output is wrapped by a base64 encoding to avoid raw binary data in context. Only available with format DER or PKCS7DER. Ineffective when a template is set, use the template definition instead.
2022-05-14 perl v5.32.1

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.