Home
last modified time | relevance | path

Searched refs:certificates (Results 1 – 25 of 149) sorted by relevance

123456

/openbmc/openbmc/poky/meta/recipes-support/ca-certificates/
H A Dca-certificates_20241223.bb1 SUMMARY = "Common CA certificates"
2 DESCRIPTION = "This package includes PEM files of CA certificates to allow \
5 HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
18 SRC_URI = "${DEBIAN_MIRROR}/main/c/ca-certificates/${BPN}_${PV}.tar.xz \
19 file://0002-update-ca-certificates-use-SYSROOT.patch \
20 file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
22 file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
25 S = "${WORKDIR}/ca-certificates"
29 'CERTSDIR=${datadir}/ca-certificates' \
38 install -d ${D}${datadir}/ca-certificates \
[all …]
/openbmc/openbmc/poky/meta/recipes-support/ca-certificates/ca-certificates/
H A D0002-update-ca-certificates-use-SYSROOT.patch4 Subject: [PATCH] update-ca-certificates: use $SYSROOT
10 sbin/update-ca-certificates | 14 +++++++-------
13 diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
15 --- a/sbin/update-ca-certificates
16 +++ b/sbin/update-ca-certificates
21 -CERTSCONF=/etc/ca-certificates.conf
22 -CERTSDIR=/usr/share/ca-certificates
23 -LOCALCERTSDIR=/usr/local/share/ca-certificates
24 +CERTSCONF=$SYSROOT/etc/ca-certificates.conf
25 +CERTSDIR=$SYSROOT/usr/share/ca-certificates
[all …]
H A D0003-update-ca-certificates-use-relative-symlinks-from-ET.patch4 Subject: [PATCH] update-ca-certificates: use relative symlinks from
10 update-ca-certificates symlinks (trusted) certificates
12 update-ca-certificates can call hook scripts installed
13 into /etc/ca-certificates/update.d. Those scripts are
18 When running update-ca-certificates during image build
24 (or more) certificates as the target in $CERTSDIR and
31 will be trying to actually read the host's certificates
36 certificates.
44 sbin/update-ca-certificates | 6 ++++--
47 diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
[all …]
H A D0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch4 Subject: [PATCH] ca-certificates: remove Debianism in run-parts invocation
6 ca-certificates is a package from Debian, but some host distros such as Fedora
12 | Running hooks in [...]/rootfs/etc/ca-certificates/update.d...
13 | [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found
14 | [...]/usr/sbin/update-ca-certificates: line 230: Not a directory: --: command not found
21 sbin/update-ca-certificates | 4 +---
24 diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
26 --- a/sbin/update-ca-certificates
27 +++ b/sbin/update-ca-certificates
H A Ddefault-sysroot.patch4 Subject: [PATCH] ca-certificates: add recipe (version 20130610)
8 update-ca-certificates: find SYSROOT relative to its own location
12 sbin/update-ca-certificates | 33 +++++++++++++++++++++++++++++++++
15 diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
17 --- a/sbin/update-ca-certificates
18 +++ b/sbin/update-ca-certificates
51 + if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then
H A D0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch5 certificates."
22 @@ -138,7 +138,6 @@ ca-certificates (20211004) unstable; urgency=low
26 - * mozilla/certdata2pem.py: print a warning for expired certificates.
42 Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
/openbmc/docs/designs/management-console/
H A DAuthorities_List_Management.md9 There are use cases where a system has multiple root certificates installed to
14 multiple root certificates:
21 certificates
28 1. Bulk Installation: given a PEM file with multiple root certificates, it
31 2. Bulk Replacement: given a PEM file with multiple root certificates, it will
32 firstly delete all current root certificates and redo the installation
42 certificates in the list
55 corresponding object in DBus, dump individual certificates into PEM files in the
62 For other types of certificates (server & client), the service throws a NOT
81 certificates.
[all …]
/openbmc/webui-vue/src/views/SecurityAndAccess/Certificates/
H A DCertificates.vue6 <!-- Expired certificates banner -->
19 <!-- Expiring certificates banner -->
38 data-test-id="certificates-button-generateCsr"
173 certificates() {
174 return this.$store.getters['certificates/allCertificates'];
177 return this.certificates.map((certificate) => {
196 return this.$store.getters['certificates/availableUploadTypes'];
202 return this.certificates.reduce((acc, val) => {
211 return this.certificates.reduce((acc, val) => {
223 this.$store.dispatch('certificates/getCertificates').finally(() => {
[all …]
/openbmc/docs/designs/
H A Dcertificate-revocation-list.md14 A certificate revocation list (CRL) is a list of digital certificates that have
17 install CRLs to the Redfish server, so that clients with revoked certificates
26 there are three types of certificates supported: client, server, and
31 consumer of these certificates; it uses certificates in its TLS handshake.
35 Google doesn't plan on using Redfish interfaces to manage certificates and CRLs.
48 authority/server/client certificates, that is, via file path or directory
83 it not only refreshes authority and server certificates, but also CRLs. Example
101 Manual integration tests: install CRLs and verify clients' revoked certificates
H A Dredfish-spdm-attestation.md55 2. Identity information, e.g., device identity certificates.
76 certificates.
154 up a connection with the SPDM-capable endpoints to get certificates and
193 6. Exchange SPDM messages to get device certificates.
202 which allows users to install or replace server/client certificates. However,
203 the existing certificates manager is designed for managing server/client
204 certificates for HTTPS/LDAP services. It's not suitable for device certificates.
211 Device certificates have different requirements:
213 - Device certificate manager manages several certificates for a group of
214 devices, for example, four GPUs would have four certificates.
[all …]
H A Dredfish-tls-user-authentication.md21 SSL certificates provides validity periods, ability to revoke access from CA
101 CA's certificates for user authentication are kept at
104 certificate stored there. New certificates can be uploaded by *POST*ing new
119 unnecessarily for processing invalid certificates.
234 User certificate does not have to be signed by the exact CAs whose certificates
260 stored CA certificates, so it does not guarantee automated measures against
261 situations where certificates have been revoked, and user/admin has not yet
262 updated certificates on BMC.
273 2. Validity period tests - to confirm that certificates that are not-yet-valid
275 certificates themselves, as well as modifying time on BMC itself
[all …]
/openbmc/qemu/docs/system/devices/
H A Dccid.rst51 Using ccid-card-emulated with certificates stored in files
53 You must create the CA and card certificates. This is a one time process.
54 We use NSS certificates::
64 Note: you must have exactly three certificates.
66 You can use the emulated card type with the certificates backend::
68 …qemu -usb -device usb-ccid -device ccid-card-emulated,backend=certificates,db=sql:$PWD,cert1=id-ce…
70 To use the certificates in the guest, export the CA certificate::
84 certificate database early on), and then show you all three certificates
110 Using ccid-card-passthru with client side certificates
169 cards) compliant card and uses NSS to retrieve certificates and do
[all …]
/openbmc/webui-vue/src/store/modules/SecurityAndAccess/
H A DCertificatesStore.js24 setCertificates(state, certificates) { argument
25 state.allCertificates = certificates;
79 const certificates = responses.map(({ data }) => {
103 !certificates
108 commit('setCertificates', certificates);
/openbmc/openbmc/poky/meta/recipes-core/meta/
H A Dbuildtools-tarball.bb28 nativesdk-ca-certificates \
76 if [ -e "${SDK_OUTPUT}${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt" ]; then
77 …echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$scri…
78 …echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
79 …echo 'export REQUESTS_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$…
80 …echo 'export CURL_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$scri…
/openbmc/qemu/docs/system/
H A Dtls.rst7 session data encryption, along with x509 certificates for simple client
9 certificates suitable for usage with QEMU, and applies to the VNC
13 At a high level, QEMU requires certificates and private keys to be
14 provided in PEM format. Aside from the core fields, the certificates
19 used to easily generate certificates and keys in the required format
24 certificates to each server. If using x509 certificates for
30 certificate authority to create certificates. A self-signed CA is
39 The recommendation is for the server to keep its certificates in either
50 chain of the certificates issued with it is lost.
78 certificates.
[all …]
H A Dvnc-security.rst54 With x509 certificates
58 of TLS for encryption of the session, and x509 certificates for
59 authentication. The use of x509 certificates is strongly recommended,
79 With x509 certificates and client verification
97 With x509 certificates, client verification and passwords
135 With x509 certificates and SASL authentication
140 and x509 certificates. This provides securely encrypted data stream,
/openbmc/phosphor-certificate-manager/
H A Dmeson.options7 description: 'Authority certificates limit',
39 description: 'Allow expired certificates',
H A Dconfig.h.in19 /* The maximum number of Authority certificates the service allows. */
25 /* Whether to allow expired certificates. */
/openbmc/docs/security/
H A DTLS-configuration.md1 # How to configure the server TLS certificates for authentication
14 certificates signed by a CA that can be used to authenticate user requests to an
35 If you already have certificates you can skip to
37 [Verify certificates](#Verify-certificates) and check if they meet the above
42 To generate certificates with required parameters some modification must be made
97 `myext-server.cnf` for the client and server certificates respectively. Without
198 ### Verify certificates
200 To verify the signing request and both certificates you can use following
214 - Validity in both certificates,
225 Below are fragments of generated certificates that you can compare with.
[all …]
/openbmc/phosphor-webui/app/access-control/controllers/
H A Dcertificate-controller.js18 $scope.certificates = [];
33 $scope.certificates = [];
53 $scope.certificates.sort(function(a, b) {
110 $scope.certificates.push(certificate);
/openbmc/openbmc-test-automation/gui/test/access_control/
H A Dtest_obmc_gui_certificate.robot15 ${xpath_select_certificate_management} //a[@href='#/access-control/ssl-certificates']
46 Wait Until Page Contains SSL certificates
/openbmc/qemu/docs/specs/
H A Dspdm.rst47 $ make copy_sample_key # Build certificates, required for SPDM authentication.
49 It is worth noting that the certificates should be in compliance with
58 and then manually regenerate some certificates with:
74 You can use SPDM-Utils instead as it will generate the correct certificates
/openbmc/linux/certs/
H A DKconfig61 containing trusted X.509 certificates to be included in the default
115 bool "Provide system-wide ring of revocation certificates"
119 If set, this allows revocation certificates to be stored in the
124 string "X.509 certificates to be preloaded into the system blacklist keyring"
128 containing X.509 certificates to be included in the default blacklist
/openbmc/phosphor-dbus-interfaces/yaml/xyz/openbmc_project/Certs/
H A DREADME.md8 server and client certificates. The REST interface allows to update the
24 the certificate application handling Certificate Authority certificates.
29 "certificates specific d-bus objects" installed in the system. This d-bus
33 new certificate is uploaded or change in the existing certificates.
37 certificate after successful delete (regards only server type certificates)
191 for installing certificates in the system.
242 - During boot up certificate objects created for the existing certificates.
255 and can be done on individual certificates, for example:
/openbmc/u-boot/doc/imx/habv4/
H A Dintroduction_habv4.txt66 certificates.
146 The first step is to generate the private keys and public keys certificates.
165 Do you want the SRK certificates to have the CA flag set? (y/n)?: y
188 and their respective X.509v3 public key certificates under crts/ directory.
200 generating the SRK certificates.
211 Do you want the SRK certificates to have the CA flag set? (y/n)?: n
232 from the SRK public key certificates created in one of the steps above.

123456