|
%SYS
|
|
|
%SYS
|
|
Certificate Authority server. More...
Public Member Functions | |
| _.Library.String | BuildSubject (_.Library.List values) |
| Build the "-subject" argument to the "openssl req" command from a List. | |
| PKI.Certificate | GetCertificate (_.Library.String number) |
| Web method for retrieving an X.509 Certificate issued by this Certificate Authority server. More... | |
| _.XML.DataSet | ListCertificates (_.Library.String hostname, _.Library.String instance) |
| Web method for retrieving a list of X.509 Certificates issued by this Certificate Authority server. More... | |
| _.Library.String | Sign (_.Library.String name, _.Library.String password, _.Library.Integer certType, _.Library.Status st) |
| Issue an X.509 Certificate for a Certificate Signing Request. More... | |
| _.Library.String | SubmitCSR (PKI.CSR csr) |
| Web method for submitting a Certificate Signing Request. More... | |
Static Public Member Functions | |
| _.Library.String | Configure (PKI.CAServer server, _.Library.List attrList, _.Library.String password, _.Library.Integer days, _.Library.Status st) |
| Two use cases: More... | |
Public Attributes | |
| AdminEmail | |
| Email address of the administrator of this Certificate Authority server. More... | |
| AttributePrompt | |
| Prompts to use when building a List for constructing a Subject Distinguished Name. More... | |
| AttributeType | |
| Attribute type keywords to use when building the "-subject" argument to the "openssl req" command. More... | |
| CAFilename | |
| Name of this Certificate Authority server's Certificate (.cer) and Private Key (.key) files. More... | |
| CAPath | |
| Path to this Certificate Authority server's Certificate (.cer) and Private Key (.key) files. More... | |
| Days | |
| Validity period (in days) for issued certificates. More... | |
| Name | |
| The default Certificate Authority server has the name "IRIS CA". More... | |
| SMTPPassword | |
| SMTP password for sending email notification on receipt of a. More... | |
| SMTPServer | |
| SMTP server for sending email notification on receipt of a. More... | |
| SMTPUsername | |
| SMTP username for sending email notification on receipt of a. More... | |
Static Public Attributes | |
| NAMESPACE = None | |
| SOAP Namespace for the WebService. | |
| SERVICENAME = None | |
| Name of the WebService. | |
| USECLASSNAMESPACES = None | |
| Namespaces of referenced classes will be used in the WSDL. | |
Certificate Authority server.
Use with PKI.CAClient.
|
static |
Two use cases:
1) Configure this Certificate Authority server.
Must be called before Certificate Signing Requests can be submitted or Certificates issued. Creates the OpenSSL configuration file "openssl.cnf" if it does not exist. When called for the first time, this method creates this Certificate Authority server's Certificate (.cer) and Private Key (.key) files, and creates and saves its PKI.Certificate object. Once created these can not be changed. The other properties of this Certificate Authority server can be updated later.
Parameters:
server - PKI.CAServer object, with all required properties set
attrList - List containing attribute values to be used in constructing this Certificate Authority server's Subject Distinguished Name (first invocation only)
password - Password used to encrypt Private Key file (first invocation only)
days - desired validity period of CA certificate, in days
st - On return, contains a status code
Return value:
String describing successful configuration, or error<br>
2) Update the openssl.cnf file to the latest version
Calling ##class(PKI.CAServer).Configure() with no arguments will create or update the openssl.cnf file to the latest version.
| PKI.Certificate GetCertificate | ( | _.Library.String | number | ) |
Web method for retrieving an X.509 Certificate issued by this Certificate Authority server.
Parameter:
number - serial number of the X.509 Certificate requested, or 0 to request this Certificate Authority server's X.509 Certificate
Return value:
A PKI.Certificate object
| _.XML.DataSet ListCertificates | ( | _.Library.String | hostname, |
| _.Library.String | instance | ||
| ) |
Web method for retrieving a list of X.509 Certificates issued by this Certificate Authority server.
Return value:
An XML.DataSet object
| _.Library.String Sign | ( | _.Library.String | name, |
| _.Library.String | password, | ||
| _.Library.Integer | certType, | ||
| _.Library.Status | st | ||
| ) |
Issue an X.509 Certificate for a Certificate Signing Request.
This method creates and saves a PKI.Certificate object and sends notification to the email address of the local technical contact of the Certificate Authority client that generated the Certificate Signing Request.
Parameters:
name - Name of the Certificate Signing Request to be processed
password - Password for this Certificate Authority server's Private Key file
certType - Intended usage of the issued certificate
1 = TLS/SSL, XML encryption and signature verification
2 = Intermediate Certificate Authority server
st - On return, contains a status code
Return value:
String describing successful Certificate issuance, or error
| _.Library.String SubmitCSR | ( | PKI.CSR | csr | ) |
Web method for submitting a Certificate Signing Request.
This method saves the PKI.CSR object and sends notification to the email address of the administrator of this Certificate Authority server.
Parameter:
csr - a PKI.CSR object
Return value:
String describing successful Certificate Signing Request submission, or a SOAP fault on error
| AdminEmail |
Email address of the administrator of this Certificate Authority server.
Email notification will be sent to this address on receipt of a Certificate Signing Request.
| AttributePrompt |
Prompts to use when building a List for constructing a Subject Distinguished Name.
| AttributeType |
Attribute type keywords to use when building the "-subject" argument to the "openssl req" command.
| CAFilename |
Name of this Certificate Authority server's Certificate (.cer) and Private Key (.key) files.
| CAPath |
Path to this Certificate Authority server's Certificate (.cer) and Private Key (.key) files.
| Days |
Validity period (in days) for issued certificates.
| Name |
The default Certificate Authority server has the name "IRIS CA".
There is at most one per InterSystems IRIS instance.
| SMTPPassword |
SMTP password for sending email notification on receipt of a.
Certificate Signing Request or issuance of a Certificate
| SMTPServer |
SMTP server for sending email notification on receipt of a.
Certificate Signing Request or issuance of a Certificate
| SMTPUsername |
SMTP username for sending email notification on receipt of a.
Certificate Signing Request or issuance of a Certificate
1.9.1