CertificateIssuerValve

Valve for issuing X.509 certificates.

The issued certificate will be added to item property ‘dest’ in PEM format.

Requires a configured CA.

Properties

Name Description Default value Mandatory Supports property expansion
dest Name of item property receiving the certificate Yes No
cert_subject_dn Certificate subject Yes Yes
cert_subject_key Certificate public key Yes Yes
ca_ref Configuration ID of CA to use to issue the certificate Yes Yes
cert_serial_number Certificate serialnumber Yes Yes
cert_ocsp_url OCSP URL for verifying the certicate No No
cert_not_before Certificate start datetime No Yes
cert_not_after Certificate expiry datetime No Yes
cert_key_usage Key usage (see X509 common manual) No Yes
cert_ext_key_usage Extended key usage (see X509 common manual) No Yes

Example Configuration

{
  "name": "CertificateIssuerValve",
  "enabled": "true",
  "config": {
    "dest": "certificate",
    "cert_subject_dn": "CN={{request.uid}}",
    "cert_subject_key": "{{item.public_key}}",
    "ca_ref": "6f9debd0-a9c0-4fcc-a364-c6c9b8fb8257",
    "cert_serial_number": "{{request.serial_number}}",
    "cert_not_before": "{{request.not_before}}",
    "cert_not_after": "{{request.not_after}}",
    "cert_key_usage": "true,false,true",
    "cert_ext_key_usage": "clientAuth"
  }
}