CertificateIssuerValve

Valve for issuing X.509 certificates.

The issued certificate will be added to item property ‘dest’ in PEM format.

Requires a configured CA.

Properties

Name Description Default value Mandatory Supports property expansion
dest Name of item property receiving the certificate. Yes No
cert_subject_dn Certificate subject. Yes Yes
cert_subject_key Certificate public key. Yes Yes
ca_ref Configuration ID of CA to use to issue the certificate. Yes Yes
cert_serial_number Certificate serialnumber. Yes Yes
cert_ocsp_url OCSP URL for verifying the certicate. No No
cert_not_before Certificate start datetime.Formated as ISO-8601 String eg: 1970-01-01T00:00:00Z No Yes
cert_not_after Certificate expiry datetime. Formated as ISO-8601 String eg: 1970-01-01T00:00:00Z No Yes
cert_key_usage Key usage (see X509 common manual). No Yes
cert_ext_key_usage Extended key usage (see X509 common manual). No Yes

Example Configuration

{
  "name": "CertificateIssuerValve",
  "enabled": "true",
  "config": {
    "dest": "certificate",
    "cert_subject_dn": "CN={{request.uid}}",
    "cert_subject_key": "{{item.public_key}}",
    "ca_ref": "6f9debd0-a9c0-4fcc-a364-c6c9b8fb8257",
    "cert_serial_number": "{{request.serial_number}}",
    "cert_ocsp_url":"https://ocsp.company.org",
    "cert_not_before": "{{request.not_before}}",
    "cert_not_after": "{{request.not_after}}",
    "cert_key_usage": "true,false,true",
    "cert_ext_key_usage": "clientAuth"
  }
}