Skip to main content

PKI.CAClient

persistent class PKI.CAClient extends %Library.Persistent

SQL Table Name: PKI.CAClient

Certificate Authority client. Use with PKI.CAServer.

Property Inventory

Method Inventory

Properties

property AttributePrompt as %String (MAXLEN = 100) [ InitialExpression = "Country,State or Province,Locality,Organization,Organizational Unit,Common Name" ];
Prompts to use when building a %List for constructing a Subject Distinguished Name.
Property methods: AttributePromptDisplayToLogical(), AttributePromptGet(), AttributePromptGetStored(), AttributePromptIsValid(), AttributePromptLogicalToDisplay(), AttributePromptLogicalToOdbc(), AttributePromptNormalize(), AttributePromptSet()
property AttributeType as %String [ InitialExpression = "C,ST,L,O,OU,CN" ];
Attribute type keywords to use when building the "-subject" argument to the "openssl req" command
Property methods: AttributeTypeDisplayToLogical(), AttributeTypeGet(), AttributeTypeGetStored(), AttributeTypeIsValid(), AttributeTypeLogicalToDisplay(), AttributeTypeLogicalToOdbc(), AttributeTypeNormalize(), AttributeTypeSet()
property ContactEmail as %String;
Email address of the local technical contact for this Certificate Authority client. Email notification will be sent to this address when an X.509 Certificate is issued for a Certificate Signing Request from this Certificate Authority client.
Property methods: ContactEmailDisplayToLogical(), ContactEmailGet(), ContactEmailGetStored(), ContactEmailIsValid(), ContactEmailLogicalToDisplay(), ContactEmailLogicalToOdbc(), ContactEmailNormalize(), ContactEmailSet()
property ContactName as %String [ Required ];
Name of the local technical contact for this Certificate Authority client. This is the person who will be contacted by the Certificate Authority server's administrator to verify the validity of Certificate Signing Requests from this client.
Property methods: ContactNameDisplayToLogical(), ContactNameGet(), ContactNameGetStored(), ContactNameIsValid(), ContactNameLogicalToDisplay(), ContactNameLogicalToOdbc(), ContactNameNormalize(), ContactNameSet()
property ContactPhone as %String;
Phone number of the local technical contact for this Certificate Authority client.
Property methods: ContactPhoneDisplayToLogical(), ContactPhoneGet(), ContactPhoneGetStored(), ContactPhoneIsValid(), ContactPhoneLogicalToDisplay(), ContactPhoneLogicalToOdbc(), ContactPhoneNormalize(), ContactPhoneSet()
property Name as %String [ InitialExpression = "IRIS CA" , Required ];
The default Certificate Authority client has the name "IRIS CA". There is at most one per InterSystems IRIS instance.
Property methods: NameDisplayToLogical(), NameGet(), NameGetStored(), NameIsValid(), NameLogicalToDisplay(), NameLogicalToOdbc(), NameNormalize(), NameSet()
property Path as %String [ InitialExpression = "/isc/pki/PKI.CAServer.cls" , Required ];
Path used to access the PKI.CAServer Web service
Property methods: PathDisplayToLogical(), PathGet(), PathGetStored(), PathIsValid(), PathLogicalToDisplay(), PathLogicalToOdbc(), PathNormalize(), PathSet()
property Port as %Integer [ Required ];
TCP port used to access the PKI.CAServer Web service
Property methods: PortDisplayToLogical(), PortGet(), PortGetStored(), PortIsValid(), PortLogicalToDisplay(), PortNormalize(), PortSet()
property Server as %String (MAXLEN = 100) [ Required ];
DNS hostname used to access the PKI.CAServer Web service
Property methods: ServerDisplayToLogical(), ServerGet(), ServerGetStored(), ServerIsValid(), ServerLogicalToDisplay(), ServerLogicalToOdbc(), ServerNormalize(), ServerSet()
property TLSConfiguration as %String (MAXLEN = 64);
Property methods: TLSConfigurationDisplayToLogical(), TLSConfigurationGet(), TLSConfigurationGetStored(), TLSConfigurationIsValid(), TLSConfigurationLogicalToDisplay(), TLSConfigurationLogicalToOdbc(), TLSConfigurationNormalize(), TLSConfigurationSet()
property UseTLS as %Boolean;
Property methods: UseTLSDisplayToLogical(), UseTLSGet(), UseTLSGetStored(), UseTLSIsValid(), UseTLSLogicalToDisplay(), UseTLSNormalize(), UseTLSSet()

Methods

method BuildSubject(values As %List) as %String
Build the "-subject" argument to the "openssl req" command or the "-dname" argument to the "keytool -genkeypair" command from a %List
classmethod Configure(client As PKI.CAClient, ByRef st As %Status) as %String
Configure this Certificate Authority client. Must be called before Certificate Signing Requests can be submitted. Creates the OpenSSL configuration file "openssl.cnf" if it does not exist. Parameter:
client - PKI.CAClient object, with all required properties set
st - On return, contains a status code
Return value:
String describing successful configuration, or error
method ConfigureData()
method GetCertificate(number As %String, ByRef st As %Status) as %String
Get an X.509 Certificate issued by the Certificate Authority server. This method retrieves a PKI.Certificate object and saves the contents in a Certificate (.cer) file.
Parameter:
number - serial number of the X.509 Certificate requested, or 0 to request the Certificate Authority server's X.509 Certificate
st - On return, contains a status code
Return value:
String describing saved Certificate file, or error
method ListCertificates(hostname As %String = "", instance As %String = "", ByRef st As %Status) as %XML.DataSet
Get a list of X.509 Certificates issued by the Certificate Authority server.
Parameters:
hostname - Hostname from which signing requests for certificates was received
instance - InterSystems IRIS instance from which signing requests for certificates were received
Note: If both hostname and instance are not specified, all issued certificates are listed. st - On return, contains a status code
Return value:
An %XML.DataSet object
method SubmitCSR(filename As %String, attrList As %List, password As %String, ByRef st As %Status) as %String
Generate and submit a Certificate Signing Request to the Certificate Authority server. This method creates Certificate Signing Request (.csr) and Private Key (.key) files, creates a PKI.CSR object, and submits that object to the Certificate Authority server.
Parameters:
filename - Name to use for created Certificate Signing Request (.csr) and Private Key (.key) files
attrList - %List containing attribute values to be used in constructing this Certificate Signing Request's Subject Distinguished Name
password - Password used to protect Private Key file (optional)
st - On return, contains a status code or SOAP fault
Return value:
String describing successful submission, or error

Indexes

index (NameIndex on Name) [IdKey, Type = key];
Index methods: NameIndexCheck(), NameIndexDelete(), NameIndexExists(), NameIndexOpen(), NameIndexSQLCheckUnique(), NameIndexSQLExists(), NameIndexSQLFindPKeyByConstraint(), NameIndexSQLFindRowIDByConstraint()

Inherited Members

Inherited Methods

Storage

Storage Model: Storage (PKI.CAClient)

^PKI.CAClientD(ID)
=
%%CLASSNAME
Server
Port
Path
AttributeType
AttributePrompt
ContactName
ContactPhone
ContactEmail
UseTLS
TLSConfiguration
FeedbackOpens in a new tab