CertificateGeneratorValve
Note
Valve for generating self-signed X.509 certificates.
The generated certificate and private key will be added to a key store, put in an item property defined by configuration property ‘dest’.
Note: Generated key pair will be of type RSA and size 2048. Certificate is valid for one year (not configurable in this version).
Properties
| Name | Description | Default value | Mandatory | Supports property expansion |
|---|---|---|---|---|
| dest | Name of item property receiving the keystore containing key and certificate. | Yes | No | |
| keystore_format | Keystore format (PKCS12 or JKS). | "PKCS12" | No | No |
| keystore_password | The keystore and key password. | "" | No | No |
| keystore_alias | The keystore alias. | "" | No | No |
| cert_subject_dn | The certificate subject. Must be a valid x500 style string. | Yes | Yes | |
| cert_is_ca | Flag controlling the certificate CA extension (basicConstraints). | No | No | |
| cert_key_usage | Key usage string (see About X509 Valves). | No | No | |
| cert_ext_key_usage | Extended key usage string (see About X509 Valves). | No | No |
Example Configuration
{
"name": "CertificateGeneratorValve",
"enabled": "true",
"config": {
"dest": "keystore",
"keystore_format": "JKS",
"keystore_password": "{enc}iLshlMBuAOrybFnFztw02GCgP385ptNkyNjMa7cu7Y0=",
"keystore_alias": "key",
"cert_subject_dn": "CN=localhost",
"cert_is_ca": "false",
"cert_key_usage": "true,false,true"
}
}