Home
last modified time | relevance | path

Searched refs:certificate (Results 1 – 25 of 181) sorted by relevance

12345678

/openbmc/phosphor-webui/app/common/directives/
H A Dcertificate.js28 availableCertificateTypes.find(function(certificate) { argument
29 return certificate.Description === certificateDescription;
38 $scope.isDeletable = function(certificate) {
39 return certificate.Description == 'TrustStore Certificate';
42 $scope.confirmDeleteCert = function(certificate) {
43 initRemoveModal(certificate);
50 function initRemoveModal(certificate) {
59 this.certificate = certificate;
64 deleteCert(certificate);
76 function deleteCert(certificate) {
[all …]
/openbmc/phosphor-dbus-interfaces/yaml/xyz/openbmc_project/Certs/
H A DREADME.md5 Certificate management allows to replace the existing certificate and private
6 key file with another (possibly certification Authority (CA) signed) certificate
9 certificate, using an unencrypted certificate and private key file in .pem
10 format, which includes both private key and signed certificate.
14 - The REST Server copies the certificate and private key file to a temporary
17 The recommendation for the D-Bus application implementing certificate D-Bus
20 certificate application handling Https server certificate.
22 certificate application handling LDAP client certificate.
24 the certificate application handling Certificate Authority certificates.
25 - REST server should call the install method of the certificate application
[all …]
/openbmc/phosphor-certificate-manager/
H A DREADME.md1 # phosphor-certificate-manager
3 Certificate management allows to replace the existing certificate and private
14 Multiple instances of `phosphor-certificate-manager` are usually run on the bmc
18 Usage: ./phosphor-certificate-manager [options]
21 --type certificate type
24 --path certificate file path
28 ### Https certificate management
30 **Purpose:** Server https certificate
33 ./phosphor-certificate-manager --type=server --endpoint=https \
37 ### CA certificate management
[all …]
/openbmc/docs/designs/management-console/
H A DVMI_Certificate_Exchange.md30 BMC needs to provide certificate exchange functionality to management console
39 and gets the signed certificate and the CA certificate from VMI. This design
53 self-signed root certificate is created using this key pair.
55 its self-signed certificate to sign CSR from client.
61 BMC will provide an interface for management console to exchange certificate
67 certificate and Root CA certificate via proposed BMC interface.
72 HMC can query BMC state and use this API to initiate certificate exchange.If HMC
106 ### VMI certificate exchange
111 #### Get Signed certificate:
113 REST command to get signed client certificate from VMI
[all …]
H A DAuthorities_List_Management.md13 The current phosphor-certificate-manager doesn't have good support to manage
19 2. It only extracts the first certificate given a PEM encoded file with multiple
25 Phosphor-certificate-manager (only the Authority Manager) and BMCWeb will
36 4. Recovery at boot up: when the phosphor-certificate-manager gets instantiated,
41 is an invalid certificate in the list, the service won't install any of the
53 When certificate type is Authority, rather than just extract the first
54 certificate, we will iterate through each certificate, validate it, create
57 boost's `ssl_context`) for each certificate, and finally copy the PEM file to
70 The certificate manager will implement the new ReplaceAll interface. Upon
74 For other types of certificate manager (server & client), the service throws a
[all …]
/openbmc/webui-vue/src/views/SecurityAndAccess/Certificates/
H A DModalUploadCertificate.vue2 <b-modal id="upload-certificate" ref="modal" @ok="onOk" @hidden="resetForm">
4 <template v-if="certificate">
13 <template v-if="certificate !== null">
16 <dd>{{ certificate.certificate }}</dd>
24 label-for="certificate-type"
27 id="certificate-type"
44 id="certificate-file"
58 <template v-if="certificate">
83 certificate: {
90 Object.prototype.hasOwnProperty.call(prop, 'certificate')
[all …]
H A DCertificates.vue14 certificate: expiredCertificateTypes[0],
27 certificate: expiringCertificateTypes[0],
97 <modal-upload-certificate :certificate="modalCertificate" @ok="onModalOk" />
145 key: 'certificate',
146 label: i18n.global.t('pageCertificates.table.certificate'),
177 return this.certificates.map((certificate) => {
179 ...certificate,
189 certificate.type === 'TrustStore Certificate' ? true : false,
205 acc.push(val.certificate);
214 acc.push(val.certificate);
[all …]
/openbmc/openbmc-test-automation/docs/
H A Dcertificate_generate.md1 ## Steps to create and install CA signed certificate
3 To create and install a CA signed server certificate, follow these steps:
5 A. Create your own SSL certificate authority
7 B. Generate CSR for server certificate
9 C. Create CA signed server certificate using CSR request
11 D. Install CA signed server certificate
13 **Create your own SSL certificate authority**
15 1. Create private key for certificate authority(CA).
22 2. Create a root CA certificate using the private key created in step 1.
27 incorporated into your certificate request.
[all …]
H A Dredfish_request_via_mTLS.md14 - **VALID_CERT** indicates valid mTLS certificate for authentication. When a
15 redfish request doesn't specify a certificate, no certificate by default.
27 ## How to send a redfish request with certificate
30 library **requests** with certificate. It supports for all Redfish REST
36 cert_dict = kwargs.pop('certificate', {"certificate_name":VALID_CERT})
45 the request with the default certificate ${VALID_CERT}.
47 - The example provides Redfish request to use other certificate in the Robot
52 Redfish.Get ${VALID_URL} certificate=&{certificate_dict}
60 mTLS authentication. (Requires test certificate with different privileges or
70 follows: Prepare a certificate with the user name "admin_user" in advance. Use
[all …]
/openbmc/webui-vue/src/store/modules/SecurityAndAccess/
H A DCertificatesStore.js5 const certificate = certificateTypes.find( constant
6 (certificate) => certificate.type === type,
8 return certificate ? certificate[prop] : null;
71 }) => Certificates.map((certificate) => certificate['@odata.id']),
90 certificate: getCertificateProp(
104 .map((certificate) => certificate.type)
126 certificate: getCertificateProp( property in AnonymousClass3283684f0c01
157 certificate: getCertificateProp( property in AnonymousClass3283684f0f01
177 certificate: getCertificateProp( property in AnonymousClass3283684f1201
/openbmc/docs/designs/
H A Dredfish-tls-user-authentication.md13 addition to those user can gain access to nodes by providing certificate upon
47 Whenever `CA`'s certificate changes `User` shall provide `Redfish` with it.
50 proper `user`'s certificate from `CA`. After this certificate is acquired,
51 `User` can use this certificate when initializing HTTPS sessions.
57 │ Request CA's certificate │ │
60 │ Return CA's certificate │ │
70 │ Request certificate using CSR │ │
73 │ Return User's certificate │ │
86 │ ║ │ Provide certificate │ ║
103 so user must use certificate that is signed by **any CA** that have their valid
[all …]
H A Dcertificate-revocation-list.md9 This design is to add management interfaces for certificate revocation list in
14 A certificate revocation list (CRL) is a list of digital certificates that have
15 been revoked by the issuing certificate authority (CA) before their actual or
21 Current OpenBMC certificate management architecture contains two main
24 1. [phosphor-certificate-manager](https://github.com/openbmc/phosphor-certificate-manager)
25 owns certificate objects and implements management interfaces; currently
30 translates certificate objects into Redfish resources. BMCWeb is also a
34 [this discussion](https://redfishforum.com/thread/618/resource-certificate-revocation-list?page=1&s…
37 daemon interacts with the OpenBMC certificate management architecture via DBus
45 2. whenever CRLs change, the certificate management system shall notify
[all …]
/openbmc/openbmc-tools/openbmctool/
H A DREADME.md92 Certificate management allows replacing the existing certificate and private key
93 file with another (possibly certification Authority (CA) signed) certificate and
97 ### Update HTTPS server certificate
100 openbmctool <connection options> certificate update server https -f <File>
104 containing both certificate and private key.
106 ### Update LDAP client certificate
109 openbmctool <connection options> certificate update client ldap -f <File>
112 File: The PEM file containing both certificate and private key.
114 ### Update LDAP root certificate
117 openbmctool <connection options> certificate update authority ldap -f <File>
[all …]
/openbmc/docs/security/
H A DTLS-configuration.md20 For a certificate to be marked as valid, it (and every certificate in the chain)
26 certificate and `serverAuth` for server certificate (see rfc 3280 4.2.1.13)
28 - certificate has to be in its validity period
30 - has to be properly signed by certificate authority
31 - certificate is well-formed according to X.509
32 - issuer name has to match CA's subject name for client certificate
98 these files no extensions are added to the certificate.
118 ### Create a new CA certificate
120 First we need to create a private key to sign the CA certificate.
126 Now we can create a CA certificate, using the previously generated key. You will
[all …]
/openbmc/openbmc-test-automation/redfish/dmtf_tools/
H A Dtest_redfishtool_certificate.robot4 Documentation Suite to test certificate via DMTF redfishtool.
32 [Documentation] Verify replace server certificate.
39 [Documentation] Verify replace client certificate.
46 [Documentation] Verify replace CA certificate.
53 [Documentation] Verify client certificate installation.
67 [Documentation] Verify error while replacing invalid server certificate.
77 [Documentation] Verify error while replacing invalid client certificate.
87 [Documentation] Verify error while replacing invalid CA certificate.
95 [Documentation] Verify error while installing invalid client certificate.
105 [Documentation] Verify error while installing invalid CA certificate.
[all …]
/openbmc/openbmc-test-automation/redfish/managers/
H A Dtest_certificate.robot2 Documentation Test certificate in OpenBMC.
26 [Documentation] Verify server certificate replace.
38 [Documentation] Verify client certificate replace.
50 [Documentation] Verify CA certificate replace.
60 [Documentation] Verify client certificate install.
72 [Documentation] Verify CA certificate install.
82 [Documentation] Verify maximum CA certificate install.
86 # Get CA certificate count from BMC.
90 # Install CA certificate to reach maximum count of 10.
96 # Verify error while installing 11th CA certificate.
[all …]
/openbmc/openbmc-test-automation/lib/
H A Dcertificate_utils.robot10 # Default wait sync time for certificate install and restart services.
17 [Documentation] Install certificate file in BMC using POST operation.
21 # uri URI for installing certificate file via Redfish
23 # status Expected status of certificate installation via Redfish
48 [Documentation] Get certificate content from BMC via openssl.
63 [Documentation] Get required certificate file content from BMC.
69 ${certificate} ${stderr} ${rc}= Run Keyword If '${cert_type}' == 'Client'
72 RETURN ${certificate}
76 [Documentation] Create certificate file via openssl with required content
83 # time Number of days to certify the certificate for.
[all …]
/openbmc/phosphor-webui/app/access-control/controllers/
H A Dcertificate-controller.js107 var certificate = data;
108 isExpiring(certificate);
109 updateAvailableTypes(certificate);
110 $scope.certificates.push(certificate);
115 var isExpiring = function(certificate) { argument
120 var difference = (new Date(certificate.ValidNotAfter).getTime()) -
123 certificate.isExpired = true;
125 certificate.isExpiring = true;
127 certificate.isExpired = false;
128 certificate.isExpiring = false;
[all …]
/openbmc/openbmc-test-automation/gui/gui_test/security_and_access_menu/
H A Dtest_certificates_sub_menu.robot17 ${xpath_add_certificate_button} //button[contains(text(),"Add new certificate")]
36 [Documentation] Verify navigation to certificate page.
43 [Documentation] Verify existence of all sections in certificate page.
54 [Documentation] Verify existence of add certificate button.
80 [Documentation] Install CA certificate and verify the same via GUI.
85 # Install CA certificate via Redfish.
89 # Refresh GUI and verify CA certificate availability in GUI.
95 [Documentation] Install HTTPS certificate via Redfish and verify it in GUI.
98 # Replace HTTPS certificate.
103 # Verify certificate is available in GUI.
[all …]
/openbmc/phosphor-certificate-manager/dist/
H A Dmeson.build3 cert_manager_dir = get_option('datadir') / 'phosphor-certificate-manager'
7 service_files = ['phosphor-certificate-manager@.service']
20 '../phosphor-certificate-manager@.service',
21 'multi-user.target.wants/phosphor-certificate-manager@bmcweb.service',
31 '../phosphor-certificate-manager@.service',
32 'multi-user.target.wants/phosphor-certificate-manager@authority.service',
/openbmc/openbmc/meta-phosphor/recipes-phosphor/certificate/
H A Dphosphor-certificate-manager_git.bb3 HOMEPAGE = "https://github.com/openbmc/phosphor-certificate-manager"
22 SRC_URI = "git://github.com/openbmc/phosphor-certificate-manager;branch=master;protocol=https"
25 SYSTEMD_SERVICE:${PN} = "phosphor-certificate-manager@.service"
27 phosphor-certificate-manager@.service \
29 …${@bb.utils.contains('PACKAGECONFIG', 'authority-cert', 'phosphor-certificate-manager@authority.se…
30 …${@bb.utils.contains('PACKAGECONFIG', 'bmcweb', 'phosphor-certificate-manager@bmcweb.service', '',…
/openbmc/qemu/docs/system/
H A Dtls.rst20 with expected data present. Alternatively a certificate management
23 At a minimum it is necessary to setup a certificate authority, and issue
26 certificate.
30 certificate authority to create certificates. A self-signed CA is
56 To generate a self-signed certificate requires one core piece of
72 extension to indicate this certificate is for a CA, while
85 Each server (or host) needs to be issued with a key and certificate.
86 When connecting the certificate is sent to the client which validates it
87 against the CA certificate. The core pieces of information for a server
88 certificate are the hostnames and/or IP addresses that will be used by
[all …]
/openbmc/openbmc-test-automation/openpower/ext_interfaces/
H A Dtest_vmicert_management.robot3 Documentation VMI certificate exchange tests.
52 [Documentation] Get root certificate using different users.
57 # Request root certificate from admin user.
60 # Request root certificate from operator user.
63 # Request root certificate from ReadOnly user.
66 # Request root certificate from NoAccess user.
110 [Documentation] Get root certificate when vmi is off and verify.
120 # Request root certificate from operator user.
123 # Request root certificate from ReadOnly user.
126 # Request root certificate from NoAccess user.
[all …]
/openbmc/phosphor-user-manager/
H A Dmeson.build41 description: 'Path of LDAP server CA certificate.',
47 description: 'Path of LDAP client certificate.',
152 install_dir: get_option('datadir') / 'phosphor-certificate-manager',
160 # 'phosphor-certificate-manager@nslcd.service',
162 # pointing_to: systemd_system_unit_dir / 'phosphor-certificate-manager@.service',
169 'multi-user.target.wants/phosphor-certificate-manager@nslcd.service',
176 '../phosphor-certificate-manager@.service',
178 'multi-user.target.wants/phosphor-certificate-manager@nslcd.service',
/openbmc/openbmc/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/psa-adac/
H A D0001-PSA-revert-header-versions.patch6 Align ADAC certificate versions with versions in secure-debug-manager
7 [1] repository. The versions of the certificate and token are checked
9 if there is a mismatch between the sent certificate/token and expected
10 certificate/token versions.
26 * Current version numbers for certificate and token format.

12345678