CSRGeneratorValve
This valve can generate a CSR to be sent to a CA (that will then issue a certificate). The key pair needs to be created in advance, ex. using KeyPairGeneratorValve.
Remarks
Per item
This will execute once per item - you must have at least one item inte the flow before executing this valve. You can create an item if needed, for example with the ItemCreateValve or ItemCreateFromRequestValve (place the valve that creates the item before this valve in the pipe).
Secrets
This valve utilizes secrets to avoid accidentally leaking secrets into, for example, logs or similar by accident.
Properties
| Name | Description | Default value | Mandatory | Supports property expansion |
|---|---|---|---|---|
| keyPairSecretId | Id of the secret where the keypair can be found. | Yes | Yes | |
| csrSubjectDn | The subject to request in the CSR For security reasons, we strongly suggest that you don't construct a DN manually by concatenating strings, instead use ex. DNCombinerValve |
Yes | Yes | |
| csrKeyUsage | The key usage to embed into the CSR. See the X.509 standard for details. | 128 |
Yes | |
| csrPropertyName | The property name where to CSR should be written. The CSR will be PEM-encoded. | Yes |
Example configuration
In the example below, in the item, the property myKeyPairSecretId will contain the id of a secret of a previously
generated key pair.
{
"name": "CSRGeneratorValve",
"enabled": "true",
"config": {
"keyPairSecretId": "{{item.myKeyPairSecretId}}",
"csrSubjectDn":"CN=foo bar",
"csrKeyUsage": "152",
"csrPropertyName": "myCsr"
}
}
After executing this, a CSR (PEM-formatted) will be found in the item, in the property myCsr.
Requirements
The key pair must have been generated/retrieved previously in the pipe.