CertificateIssuerValve
Note
Valve for issuing X.509 certificates.
The issued certificate will be added to item property ‘dest’ in PEM format.
Requires a configured CA.
Properties
Name | Description | Default value | Mandatory | Supports property expansion |
---|---|---|---|---|
dest | Name of item property receiving the certificate. | Yes | No | |
cert_subject_dn | Certificate subject. | Yes | Yes | |
cert_subject_key | Certificate public key. | Yes | Yes | |
ca_ref | Configuration ID of CA to use to issue the certificate. | Yes | Yes | |
cert_serial_number | Certificate serialnumber. | Yes | Yes | |
cert_ocsp_url | OCSP URL for verifying the certicate. | No | No | |
cert_not_before | Certificate start datetime.Formated as ISO-8601 String eg: 1970-01-01T00:00:00Z | No | Yes | |
cert_not_after | Certificate expiry datetime. Formated as ISO-8601 String eg: 1970-01-01T00:00:00Z | No | Yes | |
cert_key_usage | Key usage (see X509 common manual). | No | Yes | |
cert_ext_key_usage | Extended key usage (see X509 common manual). | No | Yes |
Example Configuration
{
"name": "CertificateIssuerValve",
"enabled": "true",
"config": {
"dest": "certificate",
"cert_subject_dn": "CN={{request.uid}}",
"cert_subject_key": "{{item.public_key}}",
"ca_ref": "6f9debd0-a9c0-4fcc-a364-c6c9b8fb8257",
"cert_serial_number": "{{request.serial_number}}",
"cert_ocsp_url":"https://ocsp.company.org",
"cert_not_before": "{{request.not_before}}",
"cert_not_after": "{{request.not_after}}",
"cert_key_usage": "true,false,true",
"cert_ext_key_usage": "clientAuth"
}
}