/openbmc/phosphor-webui/app/common/directives/ |
H A D | certificate.js | 38 $scope.isDeletable = function(certificate) { 42 $scope.confirmDeleteCert = function(certificate) { 43 initRemoveModal(certificate); 50 function initRemoveModal(certificate) { 59 this.certificate = certificate; 64 deleteCert(certificate); 76 function deleteCert(certificate) { 78 APIUtils.deleteRedfishObject(certificate['@odata.id']) 97 $scope.replaceCertificate = function(certificate) { 99 if (certificate.file.name.split('.').pop() !== [all …]
|
/openbmc/phosphor-dbus-interfaces/yaml/xyz/openbmc_project/Certs/ |
H A D | README.md | 9 certificate, using an unencrypted certificate and private key file in .pem 20 certificate application handling Https server certificate. 22 certificate application handling LDAP client certificate. 81 to create SSL certificate. 154 certificate. 170 certificate. 171 - In case of server type certificate deleting a signed certificate will create a 179 - In case of no Https certificate or invalid Https certificate, certificate 180 manager should update the https certificate with self signed certificate. 238 certificate details. [all …]
|
H A D | Certificate.interface.yaml | 2 Implement to provide certificate management features. 4 An OpenBMC implementation providing installed certificate management 7 certificate objects. 12 The string for the certificate. 19 signed by a certificate authority or self-signed. Refer 25 a certificate. 35 certificate revocation lists (CLRs). 65 The issuer of the certificate. 75 The subject of the certificate 102 certificate. [all …]
|
H A D | Replace.interface.yaml | 2 Certificate interface to replace existing certificate. 6 Replace the certificate and restart the associated services. 11 Path of file that contains both the certificate public and 13 certificate and private key).
|
/openbmc/phosphor-certificate-manager/ |
H A D | README.md | 1 # phosphor-certificate-manager 18 Usage: ./phosphor-certificate-manager [options] 21 --type certificate type 24 --path certificate file path 28 ### Https certificate management 30 **Purpose:** Server https certificate 37 ### CA certificate management 39 **Purpose:** Client certificate validation 46 ### LDAP client certificate management 48 **Purpose:** LDAP client certificate validation [all …]
|
/openbmc/docs/designs/management-console/ |
H A D | VMI_Certificate_Exchange.md | 39 and gets the signed certificate and the CA certificate from VMI. This design 67 certificate and Root CA certificate via proposed BMC interface. 106 ### VMI certificate exchange 111 #### Get Signed certificate: 123 certificate 132 #### Get Root certificate: 143 certificate. 162 certificate authority in order to apply for a digital identity certificate. 165 - CSR certificate is passed onto the CA to sign the certificate and then upload 166 CSR signed certificate and install the certificate. [all …]
|
H A D | Authorities_List_Management.md | 13 The current phosphor-certificate-manager doesn't have good support to manage 19 2. It only extracts the first certificate given a PEM encoded file with multiple 25 Phosphor-certificate-manager (only the Authority Manager) and BMCWeb will 36 4. Recovery at boot up: when the phosphor-certificate-manager gets instantiated, 41 is an invalid certificate in the list, the service won't install any of the 53 When certificate type is Authority, rather than just extract the first 54 certificate, we will iterate through each certificate, validate it, create 57 boost's `ssl_context`) for each certificate, and finally copy the PEM file to 70 The certificate manager will implement the new ReplaceAll interface. Upon 74 For other types of certificate manager (server & client), the service throws a [all …]
|
/openbmc/webui-vue/src/views/SecurityAndAccess/Certificates/ |
H A D | ModalUploadCertificate.vue | 4 <template v-if="certificate"> 16 <dd>{{ certificate.certificate }}</dd> 24 label-for="certificate-type" 27 id="certificate-type" 44 id="certificate-file" 58 <template v-if="certificate"> 81 certificate: { 140 addNew: !this.certificate, 142 location: this.certificate ? this.certificate.location : null, 143 type: this.certificate [all …]
|
H A D | Certificates.vue | 97 <modal-upload-certificate :certificate="modalCertificate" @ok="onModalOk" /> 142 key: 'certificate', 176 ...certificate, 202 acc.push(val.certificate); 211 acc.push(val.certificate); 239 this.modalCertificate = certificate; 242 initModalDeleteCertificate(certificate) { 246 issuedBy: certificate.issuedBy, 247 certificate: certificate.certificate, 262 // Upload a new certificate [all …]
|
/openbmc/webui-vue/src/store/modules/SecurityAndAccess/ |
H A D | CertificatesStore.js | 5 const certificate = certificateTypes.find( constant 6 (certificate) => certificate.type === type, 8 return certificate ? certificate[prop] : null; 71 }) => Certificates.map((certificate) => certificate['@odata.id']), 90 certificate: getCertificateProp( 104 .map((certificate) => certificate.type) 126 certificate: getCertificateProp( property in AnonymousClass3283684f0c01 155 certificate: getCertificateProp( property in AnonymousClass3283684f0f01 175 certificate: getCertificateProp( property in AnonymousClass3283684f1201
|
/openbmc/openbmc-test-automation/docs/ |
H A D | certificate_generate.md | 1 ## Steps to create and install CA signed certificate 5 A. Create your own SSL certificate authority 7 B. Generate CSR for server certificate 11 D. Install CA signed server certificate 13 **Create your own SSL certificate authority** 31 into your certificate request. 46 **Generate CSR for server certificate** 131 $ cat certificate.json 144 Replace server certificate using JSON file (above) with CA signed certificate 145 details (certificate.json). [all …]
|
H A D | redfish_request_via_mTLS.md | 14 - **VALID_CERT** indicates valid mTLS certificate for authentication. When a 15 redfish request doesn't specify a certificate, no certificate by default. 27 ## How to send a redfish request with certificate 30 library **requests** with certificate. It supports for all Redfish REST 36 cert_dict = kwargs.pop('certificate', {"certificate_name":VALID_CERT}) 45 the request with the default certificate ${VALID_CERT}. 47 - The example provides Redfish request to use other certificate in the Robot 52 Redfish.Get ${VALID_URL} certificate=&{certificate_dict} 60 mTLS authentication. (Requires test certificate with different privileges or 70 follows: Prepare a certificate with the user name "admin_user" in advance. Use [all …]
|
/openbmc/docs/designs/ |
H A D | redfish-tls-user-authentication.md | 50 proper `user`'s certificate from `CA`. After this certificate is acquired, 51 `User` can use this certificate when initializing HTTPS sessions. 105 certificate object on CertificateCollection. 145 +---------+ Is certificate valid | 204 responsible for determining whether certificate is valid or not. For certificate 211 - certificate has to be in it's validity period 213 - has to be properly signed by certificate authority 214 - certificate cannot be revoked 215 - certificate is well-formed according to X.509 216 - certificate cannot be self-signed [all …]
|
H A D | certificate-revocation-list.md | 9 This design is to add management interfaces for certificate revocation list in 14 A certificate revocation list (CRL) is a list of digital certificates that have 15 been revoked by the issuing certificate authority (CA) before their actual or 21 Current OpenBMC certificate management architecture contains two main 24 1. [phosphor-certificate-manager](https://github.com/openbmc/phosphor-certificate-manager) 25 owns certificate objects and implements management interfaces; currently 30 translates certificate objects into Redfish resources. BMCWeb is also a 45 2. whenever CRLs change, the certificate management system shall notify 62 ### phosphor-certificate-manager 64 We propose to add a new type of certificate-manager (CRL-manager) to the [all …]
|
/openbmc/openbmc-tools/openbmctool/ |
H A D | README.md | 97 ### Update HTTPS server certificate 104 containing both certificate and private key. 106 ### Update LDAP client certificate 114 ### Update LDAP root certificate 120 File: The PEM file containing only certificate. 122 ### Delete HTTPS server certificate 128 Deleting a certificate will create a new self-signed certificate and will 131 ### Delete LDAP client certificate 137 ### Delete LDAP root certificate 180 admin to upload the CA certificate to the BMC. [all …]
|
/openbmc/docs/security/ |
H A D | TLS-configuration.md | 20 For a certificate to be marked as valid, it (and every certificate in the chain) 26 certificate and `serverAuth` for server certificate (see rfc 3280 4.2.1.13) 118 ### Create a new CA certificate 134 ### Create client certificate signed by given CA certificate 145 Generate a certificate signing request. 155 Sign the certificate using your `CA-cert.pem` certificate with following 164 ### Create server certificate signed by given CA certificate 167 [Create a new CA certificate](#Create-a-new-CA-certificate), although a 189 Sign the certificate using your `CA-cert.pem` certificate with following 427 If TLS is enabled, valid CA certificate was uploaded and the server certificate [all …]
|
/openbmc/openbmc-test-automation/redfish/dmtf_tools/ |
H A D | test_redfishtool_certificate.robot | 4 Documentation Suite to test certificate via DMTF redfishtool. 32 [Documentation] Verify replace server certificate. 39 [Documentation] Verify replace client certificate. 46 [Documentation] Verify replace CA certificate. 117 # Create certificate file for uploading. 122 # Install CA certificate. 125 # Adding delay after certificate installation. 128 # Check error while uploading same certificate. 275 Logging Installed certificate id: ${cert_id} 278 # Adding delay after certificate installation. [all …]
|
/openbmc/openbmc-test-automation/redfish/managers/ |
H A D | test_certificate.robot | 2 Documentation Test certificate in OpenBMC. 26 [Documentation] Verify server certificate replace. 38 [Documentation] Verify client certificate replace. 50 [Documentation] Verify CA certificate replace. 60 [Documentation] Verify client certificate install. 72 [Documentation] Verify CA certificate install. 86 # Get CA certificate count from BMC. 104 # Create certificate file for uploading. 109 # Install CA certificate. 112 # Adding delay after certificate installation. [all …]
|
/openbmc/openbmc-test-automation/lib/ |
H A D | certificate_utils.robot | 10 # Default wait sync time for certificate install and restart services. 21 # uri URI for installing certificate file via Redfish 48 [Documentation] Get certificate content from BMC via openssl. 72 RETURN ${certificate} 134 [Documentation] Get certificate content from certificate file. 138 # cert_file_path Downloaded certificate file path. 166 [Documentation] Delete all CA certificate via Redfish. 176 [Documentation] Delete certificate via BMC CLI. 212 # Install certificate before replacing client or CA certificate. 281 Logging Installed certificate id: ${cert_id} [all …]
|
/openbmc/phosphor-webui/app/access-control/controllers/ |
H A D | certificate-controller.js | 107 var certificate = data; 108 isExpiring(certificate); 109 updateAvailableTypes(certificate); 110 $scope.certificates.push(certificate); 115 var isExpiring = function(certificate) { argument 123 certificate.isExpired = true; 125 certificate.isExpiring = true; 127 certificate.isExpired = false; 128 certificate.isExpiring = false; 279 var updateAvailableTypes = function(certificate) { argument [all …]
|
/openbmc/openbmc-test-automation/gui/gui_test/security_and_access_menu/ |
H A D | test_certificates_sub_menu.robot | 36 [Documentation] Verify navigation to certificate page. 43 [Documentation] Verify existence of all sections in certificate page. 54 [Documentation] Verify existence of add certificate button. 80 [Documentation] Install CA certificate and verify the same via GUI. 85 # Install CA certificate via Redfish. 89 # Refresh GUI and verify CA certificate availability in GUI. 98 # Replace HTTPS certificate. 103 # Verify certificate is available in GUI. 114 # Install LDAP certificate. 119 # Refresh GUI and verify certificate is available in GUI. [all …]
|
/openbmc/phosphor-certificate-manager/dist/ |
H A D | meson.build | 5 cert_manager_dir = get_option('datadir') / 'phosphor-certificate-manager' 9 service_files = [ 'phosphor-certificate-manager@.service' ] 21 '../phosphor-certificate-manager@.service', 22 'multi-user.target.wants/phosphor-certificate-manager@bmcweb.service' 30 '../phosphor-certificate-manager@.service', 31 'multi-user.target.wants/phosphor-certificate-manager@authority.service'
|
/openbmc/openbmc/meta-phosphor/recipes-phosphor/certificate/ |
H A D | phosphor-certificate-manager_git.bb | 3 HOMEPAGE = "https://github.com/openbmc/phosphor-certificate-manager" 22 SRC_URI = "git://github.com/openbmc/phosphor-certificate-manager;branch=master;protocol=https" 25 SYSTEMD_SERVICE:${PN} = "phosphor-certificate-manager@.service" 27 phosphor-certificate-manager@.service \ 29 …${@bb.utils.contains('PACKAGECONFIG', 'authority-cert', 'phosphor-certificate-manager@authority.se… 30 …${@bb.utils.contains('PACKAGECONFIG', 'bmcweb', 'phosphor-certificate-manager@bmcweb.service', '',…
|
/openbmc/qemu/docs/system/ |
H A D | tls.rst | 20 with expected data present. Alternatively a certificate management 26 certificate. 30 certificate authority to create certificates. A self-signed CA is 72 extension to indicate this certificate is for a CA, while 125 # certtool --generate-certificate \ 126 --load-ca-certificate ca-cert.pem \ 156 a certificate. The client certificate contains enough metadata to 178 # certtool --generate-certificate \ 179 --load-ca-certificate ca-cert.pem \ 229 # certtool --generate-certificate \ [all …]
|
/openbmc/openbmc-test-automation/openpower/ext_interfaces/ |
H A D | test_vmicert_management.robot | 3 Documentation VMI certificate exchange tests. 57 # Request root certificate from admin user. 60 # Request root certificate from operator user. 63 # Request root certificate from ReadOnly user. 66 # Request root certificate from NoAccess user. 120 # Request root certificate from operator user. 123 # Request root certificate from ReadOnly user. 126 # Request root certificate from NoAccess user. 139 # Request root certificate from operator user. 274 ... and verify gets root certificate and signed certificate. [all …]
|