KeystoreExtractorValve

Valve for creating items from the keystore loaded into PAS configuration.

Keystore attributes are added as item properties.

Properties

Name Description Default value Mandatory Supports property expansion
attributes Select which certificate attributes to read. * means all. * No No

Attributes

Supports extraction of the following certificate attributes:

Name Description

subject

Certificate subject name

issuer

Certificate issuer name

not_before

Certificate not before value as an ISO date/time

not_after

Certificate not after value as an ISO date/time

serial

Serial number

key_usage

Key usage as a comma separated string of booleans (true/false)

basic_contraints

Basic constraints as int

sign_algorithm

Algorithm used for signing

ext_key_usage

Comma separated string of extended key usage values

pub_key

Certificate public key in PEM

pub_key_algorithm

Public key algorithm

pub_key_format

Public key algorithm (X.509)

pub_key_type

Public key type (RSA)

pub_key_size

Public key size (1024, 2048, etc)

crl_distribution_points

Comma separated list of CRL distribution points

ocsp_locations

Comma separated list of OCSP location

ocsp_issuers

Comma separated list of OCSP issuers

san_otherName

Subject Alternative Name - Other name

san_rfc822Name

Subject Alternative Name - Email

san_dNSName

Subject Alternative Name - DNS

san_x400Address

Subject Alternative Name -X.400

san_directoryName

Subject Alternative Name - DirName

san_ediPartyName

Subject Alternative Name - EID

san_uniformResourceIdentifier

Subject Alternative Name - URL

san_iPAddress

Subject Alternative Name - IP address
san_registeredID
Subject Alternative Name - OID

Example Configuration

{
  "name": "KeystoreExtractorValve",
  "config": {
    "attributes" : "subject,not_before,not_after"
  }
}