cle_clock
Home > wikikonf >  jss/actions/by kikonf > ssl







Ssl

print

Action : jss.ssl   (Category : jss, Name : ssl, By : kikonf)
Complete Name : jss.ssl.by.kikonf
Version : 5.0        License : Modified BSD License

Purpose of the jss category :
Easy to customize. This category use in background the Java Keytools command to create and configure SSL JKS keystores (keys, certificates and PKCS12 keys).
You can use it to manage your JKS keystores, keys and csr requests.

Purpose of this ssl plugin : Manages Java SSL keystore and certficates

The following shows the Descriptor File for the Action : jss.ssl

Toggle lines
<!-- Copyright (c) 2008, Patrick Germain Placidoux                          -->
<!-- All rights reserved.                                                   -->
<!--                                                                        -->
<!-- This file is part of Kikonf Public Software.                           -->
<!--                                                                        -->
<!-- Kikonf Public Software is released under the modified BSD License,     -->
<!-- which should accompany it or any part of it in the file "COPYING".     -->
<!-- If you do not have this file you can access the license                -->
<!-- through the WWW at http://www.kikonf.org/license/bsd/license.txt.      -->
<!--                                                                        -->
<!-- Home page: http://www.kikonf.org                                       -->
<!-- Contact: kikonf@gmx.com                                                -->
<!-- ====================================================================== -->
<!--                                                                        -->
<!--                                                                        -->
<!--                                                                        -->
<!-- ====================================================================== -->
<!-- UPDATE     |     DATE     |   CODE   |  REASON                         -->
<!-- ====================================================================== -->
<!--            |              |          |                                 -->
<!--                                                                        -->
<!--                                                                        -->
<!-- ====================================================================== -->

<!--
All the tags below accepts default value so running empty tags is enougth to generate the all stuff, e.g.:
    <ssl type ='action' dir='$[temp_dir]'> 
        <p12/>
    </ssl>
-->


<!-- This will: -->
<!--    - create a keystore named : <@name>.jks -->
<!--    - create a key (aka self certificate) feed with the attributes <sc*> -->
<!--    - extract the key certificate into a file name <@label>.cert -->
<!--    - at the end list the content of the keystore -->
<ssl
    type = '{\
        *eq:action,\
        *required:True,\
        *display:False\
    }'
    bal = '{*display:False}'
    sub_type = '{\
        *value:configuration,\
        *eq:configuration,\
        *required:True,\
        *deny:True,\
        *display:False\
    }'
    softwares = "{
        '*type':'dict',
        '*dtype':
            {
                'was':
                {
                    '*ge':'6.1',
                    '*le':'7.9',
                    '*required':True
                }
            },
        '*deny':True, 
        '*display':False
    }"

    name="{'*value': 'my_srv_keystore','*required':True, '*help': '%lang/action.jss.en/ssl.name.help'}" 
    dir='{*required:True,*help:%lang/action.jss.en/ssl.dir.help}' 
    expire='{*value:3650,*required:True,*help:%lang/action.jss.en/ssl.expire.help}'
    password='{*value:mypass,*required:True,*help:%lang/action.jss.en/ssl.password.help}' 
    
    sclabel='{*value:my_srv_cert,*required:True,*help:%lang/action.jss.en/ssl.sclabel.help}'
    scfile='{*value:my_srv.cert,*required:True,*help:%lang/action.jss.en/ssl.scfile.help}'
    scsize='{*value:512,*checkIn:(512,1034,2048),*required:True,*help:%lang/action.jss.en/ssl.scsize.help,*lhelp:%lang/action.jss.en/ssl.scsize.lhelp}'
    scpassword='{*value:mypass,*required:True,*help:%lang/action.jss.en/ssl.scpassword.help}'
    scexpire='{*value:3650,*type:int,*required:True,*help:%lang/action.jss.en/ssl.scexpire.help,*lhelp:%lang/action.jss.en/ssl.scexpire.lhelp}'
    scalg='{*value:DSA,*checkIn:(DSA,RSA),*required:True,*help:%lang/action.jss.en/ssl.scalg.help,*lhelp:%lang/action.jss.en/ssl.scalg.lhelp}'
    scdn="{'*value': 'CN=my_srv,O=my_srv_company,OU=my_srv_unit,OU=my_srv_other_unit,C=US', '*required': True, '*help': '%lang/action.jss.en/ssl.scdn.help', '*lhelp': '%lang/action.jss.en/ssl.scdn.lhelp'}"
    __wk__='{\
        *le:1,\
        *help:%lang/action.jss.en/ssl.help,\
		*help:%lang/action.jss.en/ssl.lhelp,\
    }'
>

    <!-- If this tag is present, will add this certificate to the keystore -->
    <cert
        label='{*value:my_cert,*required:True,*help:%lang/action.jss.en/ssl.cert.label.help}'
        file='{*value:my_cert.cert,*required:True,*help:%lang/action.jss.en/ssl.cert.file.help,*lhelp:%lang/action.jss.en/ssl.cert.file.lhelp}'
        format='{*value:512,*checkIn:(512,10234,2048),*required:True,*help:%lang/action.jss.en/ssl.cert.format.help,*lhelp:%lang/action.jss.en/ssl.cert.format.lhelp}'
	    __wk__='{\
	        *le:1,\
	        *help:%lang/action.jss.en/ssl.cert.help,\
			*help:%lang/action.jss.en/ssl.cert.lhelp,\
	    }'
    />


    <!-- If this tag is present, will: -->    
    <!--    - create a p12 keystore named <@name>.p12 -->    
    <!--    - extract the key certificate into a file name <@label>.cert -->    
    <!--    - import the p12 certificate into the general keystore -->    
    <p12
        label='{*value:my_clt_cert,*required:True,*help:%lang/action.jss.en/ssl.p12.label.help}'
        name='{*value:my_clt_keystore,*required:True,*help:%lang/action.jss.en/ssl.p12.name.help}'
        kpassword='{*value:mypass,*help:%lang/action.jss.en/ssl.p12.kpassword.help}'
        password='{*value:mypass,*help:%lang/action.jss.en/ssl.p12.password.help}'
        expire='{*value:3650,*help:%lang/action.jss.en/ssl.p12.expire.help,*lhelp:%lang/action.jss.en/ssl.p12.expire.lhelp}'
        alg='{*value:DSA,*checkIn:(DSA,RSA),*required:True,*help:%lang/action.jss.en/ssl.p12.alg.help,*lhelp:%lang/action.jss.en/ssl.p12.alg.lhelp}'
        dn="{'*value': 'CN=my_clt,O=my_clt_company,OU=my_clt_unit,OU=my_clt_other_unit,C=US', '*required': True, '*help': '%lang/action.jss.en/ssl.p12.dn.help', '*lhelp': '%lang/action.jss.en/ssl.p12.dn.lhelp'}" 
	    __wk__='{\
	        *le:1,\
	        *help:%lang/action.jss.en/ssl.p12.help,\
			*help:%lang/action.jss.en/ssl.p12.lhelp,\
	    }'
    />
</ssl>
							
(Source: <KIKONF_INSTALLATION_DIR>/plugins/actions/jss/ssl/by/kikonf/ACT_INF/action.xml)


A descriptor file is a WYSISWYG xsd like schema, wich describes what are the supported Tags, Attributes and Attributes values for one Action.
The special Attributes : type, sub_type, bal, softwares, __wk__ are reserved by Kikonf.

The table below summarizes the informations provided by the jss.ssl Descriptor File :

/ssl>   Manages Java SSL keystore and certficates. All the tags below accepts default value so running empty tags is enougth to generate the all stuff, e.g.: Trademarks: ___________ "Java", "Java Keytools" are a registred trademarks of Oracle and/or its affiliates.
Name Default Type Required Denied Help
name my_srv_keystore   True   The Keystore name
dir     True   The directory path
expire 3650   True   The Keystore expire interval
password mypass   True   The Keystore password
sclabel my_srv_cert   True   The label for this Self Certificate into the cluster
scfile my_srv.cert   True   The file name for the Self Certificate
scsize 512 (512, 1034, 2048) True   The Self Certificate SSL size
scpassword mypass   True   The Keystore password
scexpire 3650 int True   The Self Certificate expire interval
scalg DSA (DSA, RSA) True   The Self Certificate signature algorythm
scdn CN=my_srv,O=my_srv_company,OU=my_srv_unit,OU=my_srv_other_unit,C=US   True   The Self Certificate dn

/ssl/cert>   Receive this certifcate into the keystore. Configure here the characteristics of the Certificate file to recevive.
Name Default Type Required Denied Help
label my_cert   True   The label for this Certificate into the cluster
file my_cert.cert   True   The file name for the Certificate
format 512 (512, 10234, 2048) True   The certificate SSL format

/ssl/p12>   Configures a p12 key. This creates a p12 keystore named <@name>.p12 extract the key certificate into a file name <@label>.cert import the p12 certificate into the general keystore
Name Default Type Required Denied Help
label my_clt_cert   True   The label for the p12 Certificate into the keystore
name my_clt_keystore   True   The p12 keystore name
kpassword mypass       The p12 keystore password
password mypass       The p12 Certificate password
expire 3650       The p12 Keystore expire interval
alg DSA (DSA, RSA) True   The Self p12 Certificate signature algorythm
dn CN=my_clt,O=my_clt_company,OU=my_clt_unit,OU=my_clt_other_unit,C=US   True   The p12 Certificate dn



Trademarks :
  • "Java" and "JVM" are a registred trademarks of Oracle and/or its affiliates.
  • Other names may be trademarks of their respective owners.

Copyright © 2011 - Patrick Placidoux, Hélène Malamoud