This package is the public Yast2 API to the CA management.
Returns a list of available CAs
Returns a list of lists of the available CAs containing the issuer caName.
Create a new selfsigned root CA and creates the whole needed infrastructure.
Example 40.
my $data = { 'caName' => 'My_CA', 'keyPasswd' => 'system', 'commonName' => 'My CA', 'emailAddress' => 'my@example.com', 'keyLength' => '2048', 'days' => '3650', 'countryName' => 'US', 'localityName' => 'New York', 'organizationName' => 'My Inc.', }; my $res = YaPI::CaManagement->AddRootCA($data); if( not defined $res ) { # error } else { print "OK\n"; }
In $valueMap you can define the following keys:
Write the default values for the available certificate types. Keys which are not present, will be removed if they are available in the configuration file.
Returns a CA certificate as plain text or parsed map.
Create a request for a special CA and returns the name.
Example 44.
my $data = { 'caName' => 'My_CA', 'keyPasswd' => 'system', 'commonName' => 'My New Request', 'emailAddress' => 'my@example.com', 'keyLength' => '2048', 'days' => '365', 'countryName' => 'DE', 'localityName' => 'Nuremberg', 'stateOrProvinceName' => 'Bavaria', 'organizationName' => 'My Linux AG', 'nsComment' => "YaST Generated Certificate" }; my $res = YaPI::CaManagement->AddRequest($data); if( not defined $res ) { # error } else { print "OK Name of the request is: '$res'\n"; }
Issue a certificate and returns the name of the new certificate.
Example 45.
my $data = { 'caName' => 'My_CA', 'request' => $request, 'certType' => 'client', 'caPasswd' => 'system', 'days' => '365', 'crlDistributionPoints' => "URI:ldap://my.linux.tux/?cn=My_CA%2Cou=PKI%2Cdc=example%2Cdc=com", 'nsComment' => "YaST Generated Certificate", }; my $res = YaPI::CaManagement->IssueCertificate($data); if( not defined $res ) { # error } else { print STDERR "OK: '$res'\n"; }
Create a new Certificate and returns the name
Example 46.
my $data = { 'caName' => 'My_CA', 'certType' => 'client', 'keyPasswd' => 'system', 'caPasswd' => 'system', 'commonName' => 'John Doe', 'emailAddress' => 'John.Doe@example.com', 'keyLength' => '2048', 'days' => '365', 'countryName' => 'US', 'localityName' => 'New York', 'organizationalUnitName'=> 'IT', 'organizationName' => 'My Inc.', 'crlDistributionPoints' => "URI:ldap://ldap.example.com/?cn=My_CA%2Cou=PKI%2Cdc=example%2Cdc=com", 'nsComment' => "YaST Generated Certificate", }; my $res = YaPI::CaManagement->AddCertificate($data); if( not defined $res ) { # error } else { print "OK: '$res'\n"; }
Returns a list of maps with all certificates of the defined CA.
Update the internal openssl database.
Returns a certificate as plain text or parsed map.
Example 49.
use Data::Dumper; foreach my $type ("parsed", "plain", "extended") { my $data = { 'caName' => 'My_CA', 'type' => $type, 'certificate' => $certName }; my $res = YaPI::CaManagement->ReadCertificate($data); if( not defined $res ) { # error } else { print Data::Dumper->Dump([$res])."\n"; } }
Revoke a certificate.
Create a new CRL.
Returns a CRL as plain text or parsed map.
Export a CA to a file or returns it in different formats.
Example 53.
PEM_CERT (export only the Certificate im PEM format) PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format) PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format) DER_CERT (export the Certificate in DER Format) PKCS12 (export the Certificate and the Key in PKCS12 Format) PKCS12_CHAIN (like PKCS12 + include the CA Chain )
Example 54.
foreach my $ef ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY","DER_CERT", "PKCS12", "PKCS12_CHAIN") { my $data = { 'caName' => 'My_CA', 'exportFormat' => $ef, 'caPasswd' => "system", }; if($ef =~ /^PKCS12/) { $data->{'P12Password'} = "p12pass"; } my $res = YaPI::CaManagement->ExportCA($data); if( not defined $res ) { # error } else { if(! open(OUT, "> /tmp/certs/$ef")) { print STDERR "OPEN_FAILED\n"; exit 1; } print OUT $res; close OUT; } }
Export a certificate to a file or returns it in different formats.
Example 55.
PEM_CERT (export only the Certificate im PEM format) PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format) PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format) DER_CERT (export the Certificate in DER Format) PKCS12 (export the Certificate and the Key in PKCS12 Format) PKCS12_CHAIN (like PKCS12 + include the CA Chain )
Example 56.
foreach my $ef ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY","DER_CERT", "PKCS12", "PKCS12_CHAIN") { my $data = { 'caName' => 'My_CA', 'certificate' => $certName, 'exportFormat' => $ef, 'keyPasswd' => "system", }; if($ef =~ /^PKCS12/) { $data->{'P12Password'} = "p12pass"; } my $res = YaPI::CaManagement->ExportCertificate($data); if( not defined $res ) { # error } else { if(! open(OUT, "> /tmp/certs/$ef")) { print STDERR "OPEN_FAILED\n"; exit 1; } print OUT $res; close OUT; } }
Export a CRL to a file or returns it in different formats.
Verify a certificate.
create a new CA signed by another CA.
Example 60.
my $data = { 'caName' => 'My_CA', 'newCaName' => 'My_New_Sub_CA', 'keyPasswd' => 'newPasswd', 'caPasswd' => 'system', 'commonName' => 'My CA New Sub CA', 'emailAddress' => 'my@example.com', 'keyLength' => '2048', 'days' => '3000', 'countryName' => 'US', 'localityName' => 'New York', 'organizationName' => 'My Inc.', 'basicConstraints' => 'CA:TRUE', 'crlDistributionPoints' => 'URI:http://my.example.com/', }; my $res = YaPI::CaManagement->AddSubCA($data); if( not defined $res ) { # error } else { print "OK '$res'\n"; }
Export a CA in a LDAP Directory.
Example 61.
my $data = { caName => 'My_CA', ldapHostname => 'myhost.example.com', ldapPort => 389, destinationDN => "cn=My_CA,ou=PKI,dc=suse,dc=de", BindDN => "cn=Admin,dc=example,dc=com", ldapPasswd => "system" }; my $res = YaPI::CaManagement->ExportCAToLDAP($data); if( not defined $res ) { # error } else { print STDERR "OK\n"; }
Export a CRL in a LDAP Directory
Example 62.
my $data = { caName => 'My_CA', ldapHostname => 'myhost.example.com', ldapPort => 389, destinationDN => "cn=My_CA,ou=PKI,dc=suse,dc=de", BindDN => "cn=Admin,dc=example,dc=com", ldapPasswd => "system" }; my $res = YaPI::CaManagement->ExportCRLToLDAP($data); if( not defined $res ) { # error } else { print STDERR "OK\n"; }
Return the defaults for export CA, CRL or certificates to LDAP. If an error ocured with code = LDAP_CONFIG_NEEDED, you have to call InitLDAPcaManagement() first.
Creates the default configuration structure in LDAP
Export a Certificate in a LDAP Directory. This function is designed for exporting user certificates. The destination entry must have the objectclass 'inetOrgPerson'.
Example 65.
my $data = { caName => 'My_CA', certificate => $certificateName, ldapHostname => 'myhost.example.com', ldapPort => 389, destinationDN => "uid=me,ou=people,dc=suse,dc=de", BindDN => "cn=Admin,dc=example,dc=com", ldapPasswd => "system" }; my $res = YaPI::CaManagement->ExportCertificateToLDAP($data); if( not defined $res ) { # error } else { print STDERR "OK\n"; }
Delete a Certificate. This function removes also the request and the private key.
Import a server certificate plus correspondenting CA and copy them to a place where other YaST modules look for such a common certificate.
Returns a certificate or CRL as plain text or parsed map.
Example 68.
use Data::Dumper; foreach my $type ("parsed", "plain", "extended") { my $data = { 'datatype' => "CERTIFICATE", 'inFile' => '/path/to/a/certificate.pem', 'inForm' => "PEM" 'type' => $type, }; my $res = YaPI::CaManagement->ReadFile($data); if( not defined $res ) { # error } else { print Data::Dumper->Dump([$res])."\n"; } }
Returns a request as plain text or parsed map.
Returns a list of maps with all requests of the defined CA.
Import a request in a CA repository.
Delete a Request. This function removes also the private key if one is available.
Import a CA certificate and private key and creates a infrastructure.
In $valueMap you can define the following keys:
Read the default values for a CRL. In $valueMap you can define the following keys:
Write the default values for creating a CRL. Keys which are not present, will be removed if they are available in the configuration file except for the 'days' key.