|
|
|
|
|
Ssl
Action : jss.ssl (Category : jss, Name : ssl, By : kikonf)
Complete Name : jss.ssl.by.kikonf Version : 5.0 License : Modified BSD License Purpose of the jss category : Easy to customize. This category use in background the Java Keytools ® command to create and configure SSL JKS keystores (keys, certificates and PKCS12 keys). You can use it to manage your JKS keystores, keys and csr requests. Purpose of this ssl plugin : Manages Java SSL keystore and certficates The following shows the Descriptor File for the Action : jss.ssl Toggle lines
<!-- Copyright (c) 2008, Patrick Germain Placidoux -->
<!-- All rights reserved. -->
<!-- -->
<!-- This file is part of Kikonf Public Software. -->
<!-- -->
<!-- Kikonf Public Software is released under the modified BSD License, -->
<!-- which should accompany it or any part of it in the file "COPYING". -->
<!-- If you do not have this file you can access the license -->
<!-- through the WWW at http://www.kikonf.org/license/bsd/license.txt. -->
<!-- -->
<!-- Home page: http://www.kikonf.org -->
<!-- Contact: kikonf@gmx.com -->
<!-- ====================================================================== -->
<!-- -->
<!-- -->
<!-- -->
<!-- ====================================================================== -->
<!-- UPDATE | DATE | CODE | REASON -->
<!-- ====================================================================== -->
<!-- | | | -->
<!-- -->
<!-- -->
<!-- ====================================================================== -->
<!--
All the tags below accepts default value so running empty tags is enougth to generate the all stuff, e.g.:
<ssl type ='action' dir='$[temp_dir]'>
<p12/>
</ssl>
-->
<!-- This will: -->
<!-- - create a keystore named : <@name>.jks -->
<!-- - create a key (aka self certificate) feed with the attributes <sc*> -->
<!-- - extract the key certificate into a file name <@label>.cert -->
<!-- - at the end list the content of the keystore -->
<ssl
type = '{\
*eq:action,\
*required:True,\
*display:False\
}'
bal = '{*display:False}'
sub_type = '{\
*value:configuration,\
*eq:configuration,\
*required:True,\
*deny:True,\
*display:False\
}'
softwares = "{
'*type':'dict',
'*dtype':
{
'was':
{
'*ge':'6.1',
'*le':'7.9',
'*required':True
}
},
'*deny':True,
'*display':False
}"
name="{'*value': 'my_srv_keystore','*required':True, '*help': '%lang/action.jss.en/ssl.name.help'}"
dir='{*required:True,*help:%lang/action.jss.en/ssl.dir.help}'
expire='{*value:3650,*required:True,*help:%lang/action.jss.en/ssl.expire.help}'
password='{*value:mypass,*required:True,*help:%lang/action.jss.en/ssl.password.help}'
sclabel='{*value:my_srv_cert,*required:True,*help:%lang/action.jss.en/ssl.sclabel.help}'
scfile='{*value:my_srv.cert,*required:True,*help:%lang/action.jss.en/ssl.scfile.help}'
scsize='{*value:512,*checkIn:(512,1034,2048),*required:True,*help:%lang/action.jss.en/ssl.scsize.help,*lhelp:%lang/action.jss.en/ssl.scsize.lhelp}'
scpassword='{*value:mypass,*required:True,*help:%lang/action.jss.en/ssl.scpassword.help}'
scexpire='{*value:3650,*type:int,*required:True,*help:%lang/action.jss.en/ssl.scexpire.help,*lhelp:%lang/action.jss.en/ssl.scexpire.lhelp}'
scalg='{*value:DSA,*checkIn:(DSA,RSA),*required:True,*help:%lang/action.jss.en/ssl.scalg.help,*lhelp:%lang/action.jss.en/ssl.scalg.lhelp}'
scdn="{'*value': 'CN=my_srv,O=my_srv_company,OU=my_srv_unit,OU=my_srv_other_unit,C=US', '*required': True, '*help': '%lang/action.jss.en/ssl.scdn.help', '*lhelp': '%lang/action.jss.en/ssl.scdn.lhelp'}"
__wk__='{\
*le:1,\
*help:%lang/action.jss.en/ssl.help,\
*help:%lang/action.jss.en/ssl.lhelp,\
}'
>
<!-- If this tag is present, will add this certificate to the keystore -->
<cert
label='{*value:my_cert,*required:True,*help:%lang/action.jss.en/ssl.cert.label.help}'
file='{*value:my_cert.cert,*required:True,*help:%lang/action.jss.en/ssl.cert.file.help,*lhelp:%lang/action.jss.en/ssl.cert.file.lhelp}'
format='{*value:512,*checkIn:(512,10234,2048),*required:True,*help:%lang/action.jss.en/ssl.cert.format.help,*lhelp:%lang/action.jss.en/ssl.cert.format.lhelp}'
__wk__='{\
*le:1,\
*help:%lang/action.jss.en/ssl.cert.help,\
*help:%lang/action.jss.en/ssl.cert.lhelp,\
}'
/>
<!-- If this tag is present, will: -->
<!-- - create a p12 keystore named <@name>.p12 -->
<!-- - extract the key certificate into a file name <@label>.cert -->
<!-- - import the p12 certificate into the general keystore -->
<p12
label='{*value:my_clt_cert,*required:True,*help:%lang/action.jss.en/ssl.p12.label.help}'
name='{*value:my_clt_keystore,*required:True,*help:%lang/action.jss.en/ssl.p12.name.help}'
kpassword='{*value:mypass,*help:%lang/action.jss.en/ssl.p12.kpassword.help}'
password='{*value:mypass,*help:%lang/action.jss.en/ssl.p12.password.help}'
expire='{*value:3650,*help:%lang/action.jss.en/ssl.p12.expire.help,*lhelp:%lang/action.jss.en/ssl.p12.expire.lhelp}'
alg='{*value:DSA,*checkIn:(DSA,RSA),*required:True,*help:%lang/action.jss.en/ssl.p12.alg.help,*lhelp:%lang/action.jss.en/ssl.p12.alg.lhelp}'
dn="{'*value': 'CN=my_clt,O=my_clt_company,OU=my_clt_unit,OU=my_clt_other_unit,C=US', '*required': True, '*help': '%lang/action.jss.en/ssl.p12.dn.help', '*lhelp': '%lang/action.jss.en/ssl.p12.dn.lhelp'}"
__wk__='{\
*le:1,\
*help:%lang/action.jss.en/ssl.p12.help,\
*help:%lang/action.jss.en/ssl.p12.lhelp,\
}'
/>
</ssl>
A descriptor file is a WYSISWYG xsd like schema, wich describes what are the supported Tags, Attributes and Attributes values for one Action. The special Attributes : type, sub_type, bal, softwares, __wk__ are reserved by Kikonf. The table below summarizes the informations provided by the jss.ssl Descriptor File : /ssl> Manages Java SSL keystore and certficates. All the tags below accepts default value so running empty tags is enougth to generate the all stuff, e.g.:
/ssl/cert> Receive this certifcate into the keystore. Configure here the characteristics of the Certificate file to recevive.
/ssl/p12> Configures a p12 key. This creates a p12 keystore named <@name>.p12 extract the key certificate into a file name <@label>.cert import the p12 certificate into the general keystore
Trademarks :
|
