1description: > 2 Implement to create Certificate Signing Request(CSR). 3 4methods: 5 - name: GenerateCSR 6 description: > 7 This command is used to initiate a certificate signing request. This 8 command only returns the D-Bus path name for the new CSR object. User 9 need to listen on InterfacesAdded signal emitted by 10 /xyz/openbmc_project/Certs to retrieve the CSR string after successful 11 CSR creation. 12 13 Note: Following Parameters are mandatory or optional based on the 14 Redfish documentation. 15 16 Caller is responsible for the input parameter validation. 17 18 If the caller does not wish a field to be included in the 19 CSR Request, initialize the Parameter with blank for strings 20 and zero for integers. 21 22 parameters: 23 - name: AlternativeNames 24 type: array[string] 25 description: > 26 Additional hostnames of the component that is being secured. 27 - name: ChallengePassword 28 type: string 29 description: > 30 The challenge password to be applied to the certificate for 31 revocation requests. 32 - name: City 33 type: string 34 description: > 35 The city or locality of the organization making the request. For 36 Example Austin This is a required parameter. 37 - name: CommonName 38 type: string 39 description: > 40 The fully qualified domain name of the component that is being 41 secured. This is a required parameter. 42 - name: ContactPerson 43 type: string 44 description: > 45 The name of the user making the request. 46 - name: Country 47 type: string 48 description: > 49 The country of the organization making the request. This is a 50 required parameter. 51 - name: Email 52 type: string 53 description: > 54 The email address of the contact within the organization making 55 the request. 56 - name: GivenName 57 type: string 58 description: > 59 The given name of the user making the request. 60 - name: Initials 61 type: string 62 description: > 63 The initials of the user making the request. 64 - name: KeyBitLength 65 type: int64 66 description: > 67 The length of the key in bits, if needed based on the value of 68 the KeyPairAlgorithm parameter. 69 70 Refer https://www.openssl.org/docs/man1.0.2/man1/genpkey.html 71 - name: KeyCurveId 72 type: string 73 description: > 74 The curve ID to be used with the key, if needed based on the 75 value of the KeyPairAlgorithm parameter. 76 77 Refer https://www.openssl.org/docs/man1.0.2/man1/genpkey.html 78 - name: KeyPairAlgorithm 79 type: string 80 description: > 81 The type of key pair for use with signing algorithms. 82 83 Valid built-in algorithm names for private key generation are 84 RSA and EC. 85 - name: KeyUsage 86 type: array[string] 87 description: > 88 Key usage extensions define the purpose of the public key 89 contained in a certificate. 90 91 Valid Key usage extensions and its usage description. 92 93 ClientAuthentication: The public key is used for TLS WWW client 94 authentication. 95 CodeSigning: The public key is used for the signing of 96 executable code. CRLSigning: The public key is used for 97 verifying signatures on 98 certificate revocation lists (CLRs). 99 DataEncipherment: The public key is used for directly 100 enciphering 101 raw user data without the use of an 102 intermediate 103 symmetric cipher. 104 DecipherOnly: The public key could be used for deciphering data 105 while performing key agreement. 106 DigitalSignature: The public key is used for verifying digital 107 signatures, other than signatures on 108 certificates 109 and CRLs. 110 EmailProtection: The public key is used for email protection. 111 EncipherOnly: The public key could be used for enciphering data 112 while performing key agreement. 113 KeyCertSign: The public key is used for verifying signatures on 114 public key certificates. 115 KeyEncipherment: The public key is used for enciphering private 116 or 117 secret keys. 118 NonRepudiation: The public key is used to verify digital 119 signatures, 120 other than signatures on certificates and CRLs, 121 and used to provide a non- repudiation service 122 that 123 protects against the signing entity falsely 124 denying 125 some action. 126 OCSPSigning: The public key is used for signing OCSP responses. 127 ServerAuthentication: The public key is used for TLS WWW server 128 authentication. 129 Timestamping: The public key is used for binding the hash of an 130 object to a time. 131 - name: Organization 132 type: string 133 description: > 134 The legal name of the organization. This should not be 135 abbreviated and should include suffixes such as Inc, Corp, or 136 LLC. For example, IBM Corp. This is a required parameter. 137 - name: OrganizationalUnit 138 type: string 139 description: > 140 The name of the unit or division of the organization making the 141 request. This is a required parameter. 142 - name: State 143 type: string 144 description: > 145 The state or province where the organization is located. This 146 should not be abbreviated. For example, Texas. This is a 147 required parameter. 148 - name: Surname 149 type: string 150 description: > 151 The surname of the user making the request. 152 - name: UnstructuredName 153 type: string 154 description: > 155 The unstructured name of the subject. 156 returns: 157 - name: path 158 type: string 159 description: > 160 The object path of the D-Bus object to be watch for retrieving 161 the CSR string. 162 errors: 163 - xyz.openbmc_project.Common.Error.InternalFailure 164