||User Contributed Perl Documentation
Create a text export for a certificate using a template. The export file can
contain the chain and private key.
- The cert to be exported.
- The PEM encoded private key, protected by the given key_password.
Mandatory if the private key can not be found in the datapool.
- export_format, optional
- Only used in plain export mode (no template and no key export), defines
the format of the certificate to be written into the target_key. The
default is to export the PEM encoded certificate.
- Exports the certificate as PEM block
- Exports the certificate in DER format as binary! Will obey the
- Create a PKCS7 bundle including the issuer chain, will contain the root
certificate if include_root_cert is set.
- Same as PKCS7 but the output is the raw binary DER encoding, will obey the
- Same as PKCS7 but the certificates are exported into the context as array
of PEM encoded blocks. The entity certificate is the first item.
- A template toolkit string or, in conjunction with template_dir, the
name of a template file to be used to render the output. Will override
The parser is called with six parameters. Certificates are PEM
encoded, keys might be in binary format, depending on the key_format
- The cert_identifier
- The PEM encoded certificate.
- The subject of the certificate
- The PEM encoded root certificate, might be empty if the chain can not be
- The private key, requires the key_password to be set to the correct value.
Obviously, keys are only available if created or imported.
- An ARRAY of PEM encoded intermediates, might be empty.
- Optional, if set then template is considered to be a filename in
template_dir that contains the template string.
- The password which was used to persist the key, also used for encrypting
the exported key if export_password is not set.
- key_format, optional
- export_password, optional
- Encrypt the key with this password instead of the input password. Ignored
if empty, to export unencrypted, you must also set the unencrypted
- unencrypted, optional
- Set this to a boolean true value AND set export_password to the
empty string to export the key unencrypted.
- alias, optional
- For PKCS12 sets the so called "friendly name" for the
certificate. For Java Keystore sets the keystore alias. Parameter is
ignored for any other key types.
- include_root_cert, optional
- Only valid with PKCS12, JavaKeyStore or Bundle/PKCS7 format. If set to a
true value, the root certificate will be included in the output.
Warning: Root certificates should be distributed and validated with
a defined process and not as a "drive-by"! Enable this only if
you are sure about the implications.
- Boolean, if true the activity will throw an exception if the private key
could not be restored (which usually means that the wrong password was
provided). If false/not set, the target_key is just empty on error.
- target_key, optional
- The context key to write the result to, default is
certificate_export. Note: If you export a key and use a persisted
workflow, this will leave the (password protected) key readable in the
- base64, optional
- Boolean, if set the output is wrapped by a base64 encoding to avoid raw
binary data in context. Only available with format DER or PKCS7DER.
Ineffective when a template is set, use the template definition
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.