description: > Implement to provide certificate management features. An OpenBMC implementation providing installed certificate management functions. An implementation service should additionally implement xyz.openbmc_project.Object.Delete to allow the deletion of individual certificate objects. properties: - name: CertificateString type: string description: > The string for the certificate. This is a X.509 public certificate in PEM format. PEM wiki - https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail An X.509 certificate contains a public key, validity, and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed. Refer https://en.wikipedia.org/wiki/X.509 for details. - name: KeyUsage type: array[string] description: > Key usage extensions define the purpose of the public key contained in a certificate. Valid Key usage extensions and its usage description is based on Redfish Resource and Schema Guide 2018.3 version. https://www.dmtf.org/sites/default/files/standards/documents/DSP2046_2018.3.pdf ClientAuthentication: The public key is used for TLS WWW client authentication. CodeSigning: The public key is used for the signing of executable code. CRLSigning: The public key is used for verifying signatures on certificate revocation lists (CLRs). DataEncipherment: The public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher. DecipherOnly: The public key could be used for deciphering data while performing key agreement. DigitalSignature: The public key is used for verifying digital signatures, other than signatures on certificates and CRLs. EmailProtection: The public key is used for email protection. EncipherOnly: The public key could be used for enciphering data while performing key agreement. KeyCertSign: The public key is used for verifying signatures on public key certificates. KeyEncipherment: The public key is used for enciphering private or secret keys. NonRepudiation: The public key is used to verify digital signatures, other than signatures on certificates and CRLs, and used to provide a non- repudiation service that protects against the signing entity falsely denying some action. OCSPSigning: The public key is used for signing OCSP responses. ServerAuthentication: The public key is used for TLS WWW server authentication. Timestamping: The public key is used for binding the hash of an object to a time. - name: Issuer type: string description: > The issuer of the certificate. Refer X.509 certificate wiki for the "Issuer" Key and value details. Example: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA Here C = country, O=organization, CN= common name. - name: Subject type: string description: > The subject of the certificate Refer X.509 certificate wiki for the "Subject" Key and value details. Refer https://en.wikipedia.org/wiki/X.509 Example: Subject: C=US, ST=New York, L=Armonk, O=International Business Machines Corporation, OU=research, CN=www.research.ibm.com Here C=country, ST=state, L=locality, O=organization, CN= common name. OU= organizational unit - name: ValidNotAfter type: uint64 description: > The certificate expiry date and time, in epoch time, in milliseconds - name: ValidNotBefore type: uint64 description: > The certificate validity start date and time, in epoch time, in milliseconds.