| /openbmc/bmcweb/redfish-core/schema/dmtf/json-schema/ |
| H A D | CertificateCollection.json | 93 "/redfish/v1/AccountService/Accounts/{ManagerAccountId}/Certificates",
94 "/redfish/v1/AccountService/ActiveDirectory/Certificates",
95 "/redfish/v1/AccountService/LDAP/Certificates",
96 … "/redfish/v1/AccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates",
97 "/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates",
98 "/redfish/v1/AccountService/MultiFactorAuth/SecurID/Certificates",
99 … "/redfish/v1/Managers/{ManagerId}/RemoteAccountService/Accounts/{ManagerAccountId}/Certificates",
100 … "/redfish/v1/Managers/{ManagerId}/RemoteAccountService/ActiveDirectory/Certificates",
101 "/redfish/v1/Managers/{ManagerId}/RemoteAccountService/LDAP/Certificates",
102 …ManagerId}/RemoteAccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates",
[all …]
|
| H A D | SecurityPolicy.v1_0_3.json | 202 "description": "The revoked SPDM device certificates.",
203 …certificates. Certificates in this collection may contain leaf certificates, partial certificate …
217 "description": "The trusted SPDM device certificates.",
218 …certificates. Certificates in this collection may contain leaf certificates, partial certificate …
223 … If `true`, the manager shall verify the device certificate with the certificates found in the co…
472 "description": "The revoked TLS server certificates.",
473 …certificates. Certificates in this collection may contain leaf certificates, partial certificate …
478 "description": "The trusted TLS server certificates.",
479 …certificates. Certificates in this collection may contain leaf certificates, partial certificate …
484 …e`, the manager shall verify the remote endpoint certificate with the certificates found in the co…
|
| /openbmc/bmcweb/redfish-core/schema/dmtf/json-schema-installed/ |
| H A D | CertificateCollection.json | 93 "/redfish/v1/AccountService/Accounts/{ManagerAccountId}/Certificates",
94 "/redfish/v1/AccountService/ActiveDirectory/Certificates",
95 "/redfish/v1/AccountService/LDAP/Certificates",
96 "/redfish/v1/AccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates",
97 "/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates",
98 "/redfish/v1/AccountService/MultiFactorAuth/SecurID/Certificates",
99 "/redfish/v1/Managers/{ManagerId}/RemoteAccountService/Accounts/{ManagerAccountId}/Certificates",
100 "/redfish/v1/Managers/{ManagerId}/RemoteAccountService/ActiveDirectory/Certificates",
101 "/redfish/v1/Managers/{ManagerId}/RemoteAccountService/LDAP/Certificates",
102 "/redfish/v1/Managers/{ManagerId}/RemoteAccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates",
[all...] |
| /openbmc/bmcweb/redfish-core/schema/dmtf/installed/ |
| H A D | CertificateCollection_v1.xml | 42 …<Annotation Term="OData.Description" String="Certificates can be installed through a `POST` to the…
57 <String>/redfish/v1/AccountService/Accounts/{ManagerAccountId}/Certificates</String>
58 <String>/redfish/v1/AccountService/ActiveDirectory/Certificates</String>
59 <String>/redfish/v1/AccountService/LDAP/Certificates</String>
60 …edfish/v1/AccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates</String>
61 … <String>/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates</String>
62 <String>/redfish/v1/AccountService/MultiFactorAuth/SecurID/Certificates</String>
63 …fish/v1/Managers/{ManagerId}/RemoteAccountService/Accounts/{ManagerAccountId}/Certificates</String>
64 …<String>/redfish/v1/Managers/{ManagerId}/RemoteAccountService/ActiveDirectory/Certificates</String>
65 <String>/redfish/v1/Managers/{ManagerId}/RemoteAccountService/LDAP/Certificates</String>
[all …]
|
| H A D | Certificate_v1.xml | 51 … <Annotation Term="OData.Description" String="Use the `DELETE` operation to remove certificates."/>
56 …<String>/redfish/v1/AccountService/Accounts/{ManagerAccountId}/Certificates/{CertificateId}</Strin…
57 <String>/redfish/v1/AccountService/ActiveDirectory/Certificates/{CertificateId}</String>
58 <String>/redfish/v1/AccountService/LDAP/Certificates/{CertificateId}</String>
59 …1/AccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates/{CertificateId}…
60 …<String>/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates/{CertificateId}<…
61 … <String>/redfish/v1/AccountService/MultiFactorAuth/SecurID/Certificates/{CertificateId}</String>
62 …Managers/{ManagerId}/RemoteAccountService/Accounts/{ManagerAccountId}/Certificates/{CertificateId}…
63 …/redfish/v1/Managers/{ManagerId}/RemoteAccountService/ActiveDirectory/Certificates/{CertificateId}…
64 …<String>/redfish/v1/Managers/{ManagerId}/RemoteAccountService/LDAP/Certificates/{CertificateId}</S…
[all …]
|
| /openbmc/bmcweb/redfish-core/schema/dmtf/csdl/ |
| H A D | CertificateCollection_v1.xml | 42 …<Annotation Term="OData.Description" String="Certificates can be installed through a `POST` to the…
57 <String>/redfish/v1/AccountService/Accounts/{ManagerAccountId}/Certificates</String>
58 <String>/redfish/v1/AccountService/ActiveDirectory/Certificates</String>
59 <String>/redfish/v1/AccountService/LDAP/Certificates</String>
60 …edfish/v1/AccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates</String>
61 … <String>/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates</String>
62 <String>/redfish/v1/AccountService/MultiFactorAuth/SecurID/Certificates</String>
63 …fish/v1/Managers/{ManagerId}/RemoteAccountService/Accounts/{ManagerAccountId}/Certificates</String>
64 …<String>/redfish/v1/Managers/{ManagerId}/RemoteAccountService/ActiveDirectory/Certificates</String>
65 <String>/redfish/v1/Managers/{ManagerId}/RemoteAccountService/LDAP/Certificates</String>
[all …]
|
| H A D | Certificate_v1.xml | 51 … <Annotation Term="OData.Description" String="Use the `DELETE` operation to remove certificates."/>
56 …<String>/redfish/v1/AccountService/Accounts/{ManagerAccountId}/Certificates/{CertificateId}</Strin…
57 <String>/redfish/v1/AccountService/ActiveDirectory/Certificates/{CertificateId}</String>
58 <String>/redfish/v1/AccountService/LDAP/Certificates/{CertificateId}</String>
59 …1/AccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates/{CertificateId}…
60 …<String>/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates/{CertificateId}<…
61 … <String>/redfish/v1/AccountService/MultiFactorAuth/SecurID/Certificates/{CertificateId}</String>
62 …Managers/{ManagerId}/RemoteAccountService/Accounts/{ManagerAccountId}/Certificates/{CertificateId}…
63 …/redfish/v1/Managers/{ManagerId}/RemoteAccountService/ActiveDirectory/Certificates/{CertificateId}…
64 …<String>/redfish/v1/Managers/{ManagerId}/RemoteAccountService/LDAP/Certificates/{CertificateId}</S…
[all …]
|
| H A D | SecurityPolicy_v1.xml | 130 … If `true`, the manager shall verify the device certificate with the certificates found in the co…
134 <Annotation Term="OData.Description" String="The trusted SPDM device certificates."/>
135 …certificates. Certificates in this collection may contain leaf certificates, partial certificate …
139 <Annotation Term="OData.Description" String="The revoked SPDM device certificates."/>
140 …certificates. Certificates in this collection may contain leaf certificates, partial certificate …
209 …e`, the manager shall verify the remote endpoint certificate with the certificates found in the co…
213 <Annotation Term="OData.Description" String="The trusted TLS server certificates."/>
214 …certificates. Certificates in this collection may contain leaf certificates, partial certificate …
218 <Annotation Term="OData.Description" String="The revoked TLS server certificates."/>
219 …certificates. Certificates in this collection may contain leaf certificates, partial certificate …
|
| /openbmc/openbmc/poky/meta/recipes-support/ca-certificates/ |
| H A D | ca-certificates_20250419.bb | 1 SUMMARY = "Common CA certificates"
2 DESCRIPTION = "This package includes PEM files of CA certificates to allow \
4 This derived from Debian's CA Certificates."
5 HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
18 SRC_URI = "${DEBIAN_MIRROR}/main/c/ca-certificates/${BPN}_${PV}.tar.xz \
19 file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
20 file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
23 S = "${WORKDIR}/ca-certificates"
27 'CERTSDIR=${datadir}/ca-certificates' \
36 install -d ${D}${datadir}/ca-certificates \
[all …]
|
| /openbmc/openbmc/poky/meta/recipes-support/ca-certificates/ca-certificates/ |
| H A D | 0003-update-ca-certificates-use-relative-symlinks-from-ET.patch | 4 Subject: [PATCH] update-ca-certificates: use relative symlinks from
10 update-ca-certificates symlinks (trusted) certificates
12 update-ca-certificates can call hook scripts installed
13 into /etc/ca-certificates/update.d. Those scripts are
18 When running update-ca-certificates during image build
24 (or more) certificates as the target in $CERTSDIR and
31 will be trying to actually read the host's certificates
36 certificates.
44 sbin/update-ca-certificates | 6 ++++--
47 diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
[all …]
|
| H A D | 0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch | 4 Subject: [PATCH] ca-certificates: remove Debianism in run-parts invocation
6 ca-certificates is a package from Debian, but some host distros such as Fedora
12 | Running hooks in [...]/rootfs/etc/ca-certificates/update.d...
13 | [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found
14 | [...]/usr/sbin/update-ca-certificates: line 230: Not a directory: --: command not found
21 sbin/update-ca-certificates | 4 +---
24 diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
26 --- a/sbin/update-ca-certificates
27 +++ b/sbin/update-ca-certificates
|
| /openbmc/docs/designs/management-console/ |
| H A D | Authorities_List_Management.md | 9 There are use cases where a system has multiple root certificates installed to
14 multiple root certificates:
21 certificates
28 1. Bulk Installation: given a PEM file with multiple root certificates, it
31 2. Bulk Replacement: given a PEM file with multiple root certificates, it will
32 firstly delete all current root certificates and redo the installation
42 certificates in the list
55 corresponding object in DBus, dump individual certificates into PEM files in the
62 For other types of certificates (server & client), the service throws a NOT
81 certificates.
[all …]
|
| /openbmc/docs/designs/ |
| H A D | redfish-spdm-attestation.md | 55 2. Identity information, e.g., device identity certificates.
76 certificates.
164 up a connection with the SPDM-capable endpoints to get certificates and
211 6. Exchange SPDM messages to get device certificates.
220 which allows users to install or replace server/client certificates. However,
221 the existing certificates manager is designed for managing server/client
222 certificates for HTTPS/LDAP services. It's not suitable for device certificates.
229 Device certificates have different requirements:
231 - Device certificate manager manages several certificates for a group of
232 devices, for example, four GPUs would have four certificates.
[all …]
|
| H A D | certificate-revocation-list.md | 14 A certificate revocation list (CRL) is a list of digital certificates that have
17 install CRLs to the Redfish server, so that clients with revoked certificates
26 there are three types of certificates supported: client, server, and
31 consumer of these certificates; it uses certificates in its TLS handshake.
35 Google doesn't plan on using Redfish interfaces to manage certificates and CRLs.
48 authority/server/client certificates, that is, via file path or directory
83 it not only refreshes authority and server certificates, but also CRLs. Example
101 Manual integration tests: install CRLs and verify clients' revoked certificates
|
| H A D | redfish-tls-user-authentication.md | 21 SSL certificates provides validity periods, ability to revoke access from CA
101 CA's certificates for user authentication are kept at
102 `/redfish/v1/AccountService/TLSAuth/Certificates`. There can be more than one,
104 certificate stored there. New certificates can be uploaded by *POST*ing new
119 unnecessarily for processing invalid certificates.
126 "CertificateUri": "/redfish/v1/AccountService/TLSAuth/Certificates/1",
234 User certificate does not have to be signed by the exact CAs whose certificates
260 stored CA certificates, so it does not guarantee automated measures against
261 situations where certificates have been revoked, and user/admin has not yet
262 updated certificates on BMC.
[all …]
|
| /openbmc/qemu/docs/system/ |
| H A D | tls.rst | 7 session data encryption, along with x509 certificates for simple client
9 certificates suitable for usage with QEMU, and applies to the VNC
13 At a high level, QEMU requires certificates and private keys to be
14 provided in PEM format. Aside from the core fields, the certificates
19 used to easily generate certificates and keys in the required format
24 certificates to each server. If using x509 certificates for
30 certificate authority to create certificates. A self-signed CA is
39 The recommendation is for the server to keep its certificates in either
50 chain of the certificates issued with it is lost.
78 certificates.
[all …]
|
| /openbmc/phosphor-dbus-interfaces/yaml/xyz/openbmc_project/Certs/ |
| H A D | README.md | 8 server and client certificates. The REST interface allows to update the
24 the certificate application handling Certificate Authority certificates.
29 "certificates specific d-bus objects" installed in the system. This d-bus
33 new certificate is uploaded or change in the existing certificates.
37 certificate after successful delete (regards only server type certificates)
71 ### User flow for generating and installing Certificates(CSR Based)
127 "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/",
191 for installing certificates in the system.
198 "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates"
202 URI /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates mapped to
[all …]
|
| /openbmc/webui-vue/src/store/modules/SecurityAndAccess/ |
| H A D | CertificatesStore.js | 24 setCertificates(state, certificates) { argument
25 state.allCertificates = certificates;
41 )}/NetworkProtocol/HTTPS/Certificates/`,
46 location: '/redfish/v1/AccountService/LDAP/Certificates/',
53 )}/Truststore/Certificates/`,
69 Links: { Certificates }, field in AnonymousClass3283684f0601.data.Links
71 }) => Certificates.map((certificate) => certificate['@odata.id']),
79 const certificates = responses.map(({ data }) => {
103 !certificates
108 commit('setCertificates', certificates);
|
| /openbmc/webui-vue/src/views/SecurityAndAccess/Certificates/ |
| H A D | index.js | 1 import Certificates from './Certificates.vue';
2 export default Certificates;
|
| H A D | Certificates.vue | 6 <!-- Expired certificates banner -->
19 <!-- Expiring certificates banner -->
38 data-test-id="certificates-button-generateCsr"
120 name: 'Certificates',
173 certificates() {
174 return this.$store.getters['certificates/allCertificates'];
177 return this.certificates.map((certificate) => {
196 return this.$store.getters['certificates/availableUploadTypes'];
202 return this.certificates.reduce((acc, val) => {
211 return this.certificates.reduce((acc, val) => {
[all …]
|
| /openbmc/phosphor-webui/app/access-control/controllers/ |
| H A D | certificate-controller.html | 3 <h1 class="page-title">SSL certificates</h1>
6 <div ng-repeat="certificate in certificates | filter:{isExpiring:true}">
16 <div ng-repeat="certificate in certificates | filter:{isExpired:true}">
65 <div ng-if="certificates.length < 1" class="empty__logs">
66 There have been no certificates added.
68 <div ng-repeat="certificate in certificates">
|
| /openbmc/qemu/docs/system/devices/ |
| H A D | ccid.rst | 51 Using ccid-card-emulated with certificates stored in files
53 You must create the CA and card certificates. This is a one time process.
54 We use NSS certificates::
64 Note: you must have exactly three certificates.
66 You can use the emulated card type with the certificates backend::
68 …qemu -usb -device usb-ccid -device ccid-card-emulated,backend=certificates,db=sql:$PWD,cert1=id-ce…
70 To use the certificates in the guest, export the CA certificate::
84 certificate database early on), and then show you all three certificates
110 Using ccid-card-passthru with client side certificates
169 cards) compliant card and uses NSS to retrieve certificates and do
[all …]
|
| /openbmc/docs/security/ |
| H A D | TLS-configuration.md | 1 # How to configure the server TLS certificates for authentication
14 certificates signed by a CA that can be used to authenticate user requests to an
18 ## Certificates section in How to configure the server TLS certificates for authentication
35 If you already have certificates you can skip to
37 [Verify certificates](#verify-certificates) and check if they meet the above
42 To generate certificates with required parameters some modification must be made
97 `myext-server.cnf` for the client and server certificates respectively. Without
198 ### Verify certificates
200 To verify the signing request and both certificates you can use following
214 - Validity in both certificates,
[all …]
|
| /openbmc/openbmc/poky/meta/recipes-devtools/git/git/ |
| H A D | environment.d-git.sh | 6 elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
7 export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
14 elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
|
| /openbmc/openbmc/poky/meta/recipes-support/curl/curl/ |
| H A D | environment.d-curl.sh | 6 elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
7 export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
14 elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
|