| /openbmc/phosphor-dbus-interfaces/yaml/xyz/openbmc_project/Certs/ |
| H A D | README.md | 1 # BMC Certificate management
5 Certificate management allows to replace the existing certificate and private
6 key file with another (possibly certification Authority (CA) signed) certificate
7 and private key file. Certificate management allows the user to install both the
9 certificate, using an unencrypted certificate and private key file in .pem
10 format, which includes both private key and signed certificate.
12 ### Signed Certificate upload Design flow(Pre-generated)
14 - The REST Server copies the certificate and private key file to a temporary
17 The recommendation for the D-Bus application implementing certificate D-Bus
20 certificate application handling Https server certificate.
[all …]
|
| H A D | Certificate.interface.yaml | 2 Implement to provide certificate management features.
4 An OpenBMC implementation providing installed certificate management
7 certificate objects.
12 The string for the certificate.
14 This is a X.509 public certificate in PEM format. PEM wiki -
17 An X.509 certificate contains a public key, validity, and an identity
19 signed by a certificate authority or self-signed. Refer
25 a certificate.
35 certificate revocation lists (CLRs).
65 The issuer of the certificate.
[all …]
|
| /openbmc/openbmc-test-automation/redfish/managers/ |
| H A D | test_certificate.robot | 2 Documentation Test certificate in OpenBMC.
10 Test Tags Certificate
25 Verify Server Certificate Replace
26 [Documentation] Verify server certificate replace.
28 [Template] Replace Certificate Via Redfish
31 Server Valid Certificate Valid Privatekey ok
32 Server Empty Certificate Valid Privatekey error
33 Server Valid Certificate Empty Privatekey error
34 Server Empty Certificate Empty Privatekey error
37 Verify Client Certificate Replace
[all …]
|
| /openbmc/phosphor-certificate-manager/ |
| H A D | certificate.hpp | 9 #include <xyz/openbmc_project/Certs/Certificate/server.hpp>
22 // Certificate types
66 sdbusplus::xyz::openbmc_project::Certs::server::Certificate,
74 class Manager; // Forward declaration for Certificate Manager.
76 /** @class Certificate
77 * @brief OpenBMC Certificate entry implementation.
79 * xyz.openbmc_project.Certs.Certificate DBus API
82 class Certificate : public internal::CertificateInterface class
85 Certificate() = delete;
86 Certificate(const Certificate&) = delete;
[all …]
|
| H A D | README.md | 1 # phosphor-certificate-manager
3 Certificate management allows to replace the existing certificate and private
4 key file with another (possibly CA signed) Certificate key file. Certificate
14 Multiple instances of `phosphor-certificate-manager` are usually run on the bmc
18 Usage: ./phosphor-certificate-manager [options]
21 --type certificate type
24 --path certificate file path
28 ### Https certificate management
30 **Purpose:** Server https certificate
33 ./phosphor-certificate-manager --type=server --endpoint=https \
[all …]
|
| H A D | x509_utils.hpp | 13 * certificate, and returns it
20 /** @brief Loads Certificate file into the X509 structure.
21 * @param[in] filePath - Certificate and key full file path.
28 * @brief Parses the certificate and throws error if certificate NotBefore date
30 * @param[in] cert Reference to certificate object uploaded
36 * @brief Validates the certificate against the trusted certificates store and
37 * throws error if certificate is not valid
39 * @param[in] cert Reference to certificate to be validated
45 * @brief Validates the certificate can be used in an SSL context, otherwise,
47 * @param[in] cert Reference to certificate to be validated
[all …]
|
| H A D | certificate.cpp | 3 #include "certificate.hpp"
56 // http://redfish.dmtf.org/schemas/v1/Certificate.json#/definitions/KeyUsage for
73 // http://redfish.dmtf.org/schemas/v1/Certificate.json#/definitions/KeyUsage for
84 * @brief Dumps the PEM encoded certificate to installFilePath
86 * @param[in] pem - PEM encoded X509 certificate buffer.
108 "Failed to dump certificate, ERR:{ERR}, SRC_PEM:{SRC_PEM}, DST:{DST}", in dumpCertificate()
115 void Certificate::copyCertificate(const std::string& certSrcFilePath, in copyCertificate()
120 // Copy the certificate to the installation path in copyCertificate()
132 "Failed to copy certificate, ERR:{ERR}, SRC:{SRC}, DST:{DST}", in copyCertificate()
138 std::string Certificate::generateUniqueFilePath( in generateUniqueFilePath()
[all …]
|
| /openbmc/openbmc-test-automation/redfish/dmtf_tools/ |
| H A D | test_redfishtool_certificate.robot | 4 Documentation Suite to test certificate via DMTF redfishtool.
31 Verify Redfishtool Replace Server Certificate Valid CertKey
32 [Documentation] Verify replace server certificate.
35 Verify Redfishtool Replace Certificate Server Valid Certificate Valid Privatekey ok
38 Verify Redfishtool Replace Client Certificate Valid CertKey
39 [Documentation] Verify replace client certificate.
42 Verify Redfishtool Replace Certificate Client Valid Certificate Valid Privatekey ok
45 Verify Redfishtool Replace CA Certificate Valid Cert
46 [Documentation] Verify replace CA certificate.
49 Verify Redfishtool Replace Certificate CA Valid Certificate ok
[all …]
|
| /openbmc/phosphor-webui/app/common/directives/ |
| H A D | certificate.js | 4 angular.module('app.common.directives').directive('certificate', [
9 'template': require('./certificate.html'),
20 * certificate types. The backend description for the certificate
21 * type is 'TrustStore Certificate', this function will make sure we
22 * display 'CA Certificate' on the frontend
23 * @param {string} : certificate Description property
24 * @returns {string} : certificate name that should appear on GUI
28 availableCertificateTypes.find(function(certificate) { argument
29 return certificate.Description === certificateDescription;
38 $scope.isDeletable = function(certificate) {
[all …]
|
| /openbmc/openbmc-test-automation/gui/gui_test/security_and_access_menu/ |
| H A D | test_certificates_sub_menu.robot | 17 ${xpath_add_certificate_button} //button[contains(text(),"Add new certificate")]
19 ${xpath_generate_csr_heading} //h5[contains(text(), "Generate a Certificate Signing Request")]
35 Verify Navigation To Certificate Page
36 [Documentation] Verify navigation to certificate page.
42 Verify Existence Of All Sections In Certificate Page
43 [Documentation] Verify existence of all sections in certificate page.
46 Page should contain Certificate
53 Verify Existence Of Add Certificate Button
54 [Documentation] Verify existence of add certificate button.
59 Verify Generate CSR Certificate Button
[all …]
|
| H A D | test_multiple_interfaces.robot | 20 ${xpath_add_new_certificate} //*[contains(text(), ' Add new certificate ')]
21 ${xpath_certificate_type} //*[@id="certificate-type"]
22 ${xpath_upload_file} //*[@id="certificate-file"]
45 [Documentation] Verify ability to load LDAP certificate using eth1 IP address.
67 [Documentation] Load certificate on BMC via GUI.
73 # certificate_type Certificate type.
74 # (e.g. "LDAP Certificate" or "CA Certificate").
75 # file_path Certificate file path (e.g. "/home/folder/file.pem").
79 Delete All CA Certificate Via Redfish
81 Delete Certificate Via BMC CLI ${certificate_type}
[all …]
|
| /openbmc/bmcweb/redfish-core/schema/dmtf/installed/ |
| H A D | Certificate_v1.xml | 4 <!--# Redfish Schema: Certificate v1.11.0 -->
31 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Certificate">
35 <EntityType Name="Certificate" BaseType="Resource.v1_0_0.Resource" Abstract="true">
36 <Annotation Term="OData.Description" String="The `Certificate` schema describes a certificate that proves the identity of a component, account, or service."/>
37 <Annotation Term="OData.LongDescription" String="This resource shall represent a certificate for a Redfish implementation."/>
152 <Annotation Term="OData.Description" String="A Privacy Enhanced Mail (PEM)-encoded single certificate."/>
153 <Annotation Term="OData.LongDescription" String="This value shall indicate the format of the certificate shall contain a Privacy Enhanced Mail (PEM)-encoded string, containing RFC5280-defined structures, representing a single certificate."/>
156 <Annotation Term="OData.Description" String="A Privacy Enhanced Mail (PEM)-encoded certificate chai
[all...] |
| /openbmc/bmcweb/redfish-core/schema/dmtf/csdl/ |
| H A D | Certificate_v1.xml | 4 <!--# Redfish Schema: Certificate v1.11.0 -->
31 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Certificate">
35 <EntityType Name="Certificate" BaseType="Resource.v1_0_0.Resource" Abstract="true">
36 …<Annotation Term="OData.Description" String="The `Certificate` schema describes a certificate that…
37 …n Term="OData.LongDescription" String="This resource shall represent a certificate for a Redfish i…
152 …ation Term="OData.Description" String="A Privacy Enhanced Mail (PEM)-encoded single certificate."/>
153 …the certificate shall contain a Privacy Enhanced Mail (PEM)-encoded string, containing RFC5280-def…
156 …tation Term="OData.Description" String="A Privacy Enhanced Mail (PEM)-encoded certificate chain."/>
157 …certificate shall contain a Privacy Enhanced Mail (PEM)-encoded string, containing RFC5280-defined…
168 …tation Term="OData.Description" String="A Privacy Enhanced Mail (PEM)-encoded PKCS7 certificate."/>
[all …]
|
| /openbmc/openbmc-test-automation/openpower/ext_interfaces/ |
| H A D | test_vmicert_management.robot | 3 Documentation VMI certificate exchange tests.
36 [Template] Get Certificate Signed By VMI
51 Get Root Certificate Using Different Privilege Users Role
52 [Documentation] Get root certificate using different users.
54 [Template] Get Root Certificate
57 # Request root certificate from admin user.
60 # Request root certificate from operator user.
63 # Request root certificate from ReadOnly user.
66 # Request root certificate from NoAccess user.
76 [Template] Get Certificate Signed By VMI
[all …]
|
| /openbmc/openbmc-test-automation/lib/ |
| H A D | certificate_utils.robot | 2 Documentation Certificate utilities keywords.
10 # Default wait sync time for certificate install and restart services.
16 Install Certificate File On BMC
17 [Documentation] Install certificate file in BMC using POST operation.
21 # uri URI for installing certificate file via Redfish
23 # status Expected status of certificate installation via Redfish
48 Get Certificate Content From BMC Via Openssl
49 [Documentation] Get certificate content from BMC via openssl.
58 ... ${output} -----END CERTIFICATE-----
59 ${result}= Fetch From Right ${result} -----BEGIN CERTIFICATE-----
[all …]
|
| /openbmc/openbmc-test-automation/docs/ |
| H A D | certificate_generate.md | 1 ## Steps to create and install CA signed certificate
3 To create and install a CA signed server certificate, follow these steps:
5 A. Create your own SSL certificate authority
7 B. Generate CSR for server certificate
9 C. Create CA signed server certificate using CSR request
11 D. Install CA signed server certificate
13 **Create your own SSL certificate authority**
15 1. Create private key for certificate authority(CA).
22 2. Create a root CA certificate using the private key created in step 1.
27 incorporated into your certificate request.
[all …]
|
| /openbmc/bmcweb/redfish-core/schema/dmtf/json-schema-installed/ |
| H A D | Certificate.v1_11_0.json | 2 "$id": "http://redfish.dmtf.org/schemas/v1/Certificate.v1_11_0.json",
3 "$ref": "#/definitions/Certificate",
26 "#Certificate.ForceAutomaticRenew": {
29 "#Certificate.Rekey": {
32 "#Certificate.Renew": {
43 "Certificate": { object
45 …"description": "The `Certificate` schema describes a certificate that proves the identity of a com…
46 … "longDescription": "This resource shall represent a certificate for a Redfish implementation.",
80 "description": "The string for the certificate.",
81 …certificate, and the format shall follow the requirements specified by the `CertificateType` prope…
[all …]
|
| H A D | CertificateService.v1_2_0.json | 42 "description": "The automatic certificate enrollment service configuration.",
43 …tion": "This type shall contain the configuration and status of automatic certificate enrollment.",
60 … "description": "The certificate usage types that support automatic enrollments for this service.",
64 … "$ref": "http://redfish.dmtf.org/schemas/v1/Certificate.json#/definitions/CertificateUsageType"
71 …"longDescription": "This property shall contain an array of certificate usage types that support a…
95 …"longDescription": "This property shall indicate whether automatic certificate enrollment is enabl…
108 …"description": "The `CertificateService` schema describes a certificate service that represents th…
109 …"longDescription": "This resource shall represent the certificate service properties for a Redfish…
151 "description": "The automatic certificate enrollment configuration.",
152 …": "This property shall contain the configuration and status of automatic certificate enrollment.",
[all …]
|
| /openbmc/bmcweb/redfish-core/schema/dmtf/json-schema/ |
| H A D | Certificate.v1_11_0.json | 2 "$id": "http://redfish.dmtf.org/schemas/v1/Certificate.v1_11_0.json",
3 "$ref": "#/definitions/Certificate",
26 "#Certificate.ForceAutomaticRenew": {
29 "#Certificate.Rekey": {
32 "#Certificate.Renew": {
43 "Certificate": { object
45 …"description": "The `Certificate` schema describes a certificate that proves the identity of a com…
46 … "longDescription": "This resource shall represent a certificate for a Redfish implementation.",
80 "description": "The string for the certificate.",
81 …certificate, and the format shall follow the requirements specified by the `CertificateType` prope…
[all …]
|
| H A D | CertificateService.v1_2_0.json | 42 "description": "The automatic certificate enrollment service configuration.",
43 …tion": "This type shall contain the configuration and status of automatic certificate enrollment.",
60 … "description": "The certificate usage types that support automatic enrollments for this service.",
64 … "$ref": "http://redfish.dmtf.org/schemas/v1/Certificate.json#/definitions/CertificateUsageType"
71 …"longDescription": "This property shall contain an array of certificate usage types that support a…
95 …"longDescription": "This property shall indicate whether automatic certificate enrollment is enabl…
108 …"description": "The `CertificateService` schema describes a certificate service that represents th…
109 …"longDescription": "This resource shall represent the certificate service properties for a Redfish…
151 "description": "The automatic certificate enrollment configuration.",
152 …": "This property shall contain the configuration and status of automatic certificate enrollment.",
[all …]
|
| /openbmc/docs/designs/management-console/ |
| H A D | VMI_Certificate_Exchange.md | 1 # VMI Certificate Exchange
30 BMC needs to provide certificate exchange functionality to management console
39 and gets the signed certificate and the CA certificate from VMI. This design
53 self-signed root certificate is created using this key pair.
55 its self-signed certificate to sign CSR from client.
61 BMC will provide an interface for management console to exchange certificate
67 certificate and Root CA certificate via proposed BMC interface.
72 HMC can query BMC state and use this API to initiate certificate exchange.If HMC
106 ### VMI certificate exchange
111 #### Get Signed certificate
[all …]
|
| H A D | Authorities_List_Management.md | 13 The current phosphor-certificate-manager doesn't have good support to manage
19 2. It only extracts the first certificate given a PEM encoded file with multiple
25 Phosphor-certificate-manager (only the Authority Manager) and BMCWeb will
34 3. Redfish: BMCWeb will export all authorities as Redfish Certificate
36 4. Recovery at boot up: when the phosphor-certificate-manager gets instantiated,
41 is an invalid certificate in the list, the service won't install any of the
53 When certificate type is Authority, rather than just extract the first
54 certificate, we will iterate through each certificate, validate it, create
57 boost's `ssl_context`) for each certificate, and finally copy the PEM file to
70 The certificate manager will implement the new ReplaceAll interface. Upon
[all …]
|
| /openbmc/docs/designs/ |
| H A D | redfish-tls-user-authentication.md | 13 addition to those user can gain access to nodes by providing certificate upon
19 Redfish currently lacks support for modern authentication methods. Certificate
26 - [Certificate Schema Definition](https://redfish.dmtf.org/schemas/v1/Certificate_v1.xml)
29 - [DSP-IS0008 DMTF's Redfish Certificate Management Document](https://www.dmtf.org/dsp/DSP-IS0008)
47 Whenever `CA`'s certificate changes `User` shall provide `Redfish` with it.
50 proper `user`'s certificate from `CA`. After this certificate is acquired,
51 `User` can use this certificate when initializing HTTPS sessions.
57 │ Request CA's certificate │ │
60 │ Return CA's certificate │ │
63 │ │ Upload CA Certificate │
[all …]
|
| /openbmc/openbmc-tools/openbmctool/ |
| H A D | README.md | 90 ## BMC Certificate management
92 Certificate management allows replacing the existing certificate and private key
93 file with another (possibly certification Authority (CA) signed) certificate and
94 private key file. Certificate management allows the user to install server,
97 ### Update HTTPS server certificate
100 openbmctool <connection options> certificate update server https -f <File>
104 containing both certificate and private key.
106 ### Update LDAP client certificate
109 openbmctool <connection options> certificate update client ldap -f <File>
112 File: The PEM file containing both certificate and private key.
[all …]
|
| /openbmc/phosphor-webui/app/access-control/controllers/ |
| H A D | certificate-controller.html | 6 <div ng-repeat="certificate in certificates | filter:{isExpiring:true}">
9 The uploaded {{ certificate.name }} is expiring in
10 {{ getDays(certificate.ValidNotAfter) === 0
12 : getDays(certificate.ValidNotAfter) + " days!" }}
13 Consider replacing it with a new certificate.
16 <div ng-repeat="certificate in certificates | filter:{isExpired:true}">
19 The uploaded {{ certificate.name }} has expired! Consider replacing it
20 with a new certificate.
33 Add new certificate
45 Certificate
[all …]
|