CertificateGeneratorValve

Valve for generating self-signed X.509 certificates.

The generated certificate and private key will be added to a key store, put in an item property defined by configuration property ‘dest’.

Note: Generated key pair will be of type RSA and size 2048. Certificate is valid for one year (not configurable in this version).

Properties

Name Description Default value Mandatory Supports property expansion
dest Name of item property receiving the keystore containing key and certificate. Yes No
keystore_format Keystore format (PKCS12 or JKS). "PKCS12" No No
keystore_password The keystore and key password. "" No No
keystore_alias The keystore alias. "" No No
cert_subject_dn The certificate subject. Must be a valid x500 style string. Yes Yes
cert_is_ca Flag controlling the certificate CA extension (basicConstraints). No No
cert_key_usage Key usage string (see X509 Common documentation). No No
cert_ext_key_usage Extended key usage string (see X509 Common documentation). No No

Example Configuration

{
  "name": "CertificateGeneratorValve",
  "enabled": "true",
  "config": {
    "dest": "keystore",
    "keystore_format": "JKS",
    "keystore_password": "{enc}iLshlMBuAOrybFnFztw02GCgP385ptNkyNjMa7cu7Y0=",
    "keystore_alias": "key",
    "cert_subject_dn": "CN=localhost",
    "cert_is_ca": "false",
    "cert_key_usage": "true,false,true"
  }
}