1description: > 2 Implement to create Certificate Signing Request(CSR). 3 4methods: 5 - name: GenerateCSR 6 description: > 7 This command is used to initiate a certificate signing request. 8 This command only returns the D-Bus path name for the new CSR object. 9 User need to listen on InterfacesAdded signal emitted by 10 /xyz/openbmc_project/Certs to retrieve the CSR string after 11 successful CSR creation. 12 13 Note: Following Parameters are mandatory or optional based on the 14 Redfish documentation. 15 16 Caller is responsible for the input parameter validation. 17 18 If the caller does not wish a field to be included in the 19 CSR Request, initialize the Parameter with blank for strings 20 and zero for integers. 21 22 parameters: 23 - name: AlternativeNames 24 type: array[string] 25 description: > 26 Additional hostnames of the component that is being secured. 27 - name: ChallengePassword 28 type: string 29 description: > 30 The challenge password to be applied to the certificate for 31 revocation requests. 32 - name: City 33 type: string 34 description: > 35 The city or locality of the organization making the request. 36 For Example Austin 37 This is a required parameter. 38 - name: CommonName 39 type: string 40 description: > 41 The fully qualified domain name of the component that is being 42 secured. 43 This is a required parameter. 44 - name: ContactPerson 45 type: string 46 description: > 47 The name of the user making the request. 48 - name: Country 49 type: string 50 description: > 51 The country of the organization making the request. 52 This is a required parameter. 53 - name: Email 54 type: string 55 description: > 56 The email address of the contact within the organization 57 making the request. 58 - name: GivenName 59 type: string 60 description: > 61 The given name of the user making the request. 62 - name: Initials 63 type: string 64 description: > 65 The initials of the user making the request. 66 - name: KeyBitLength 67 type: int64 68 description: > 69 The length of the key in bits, if needed based on the value 70 of the KeyPairAlgorithm parameter. 71 72 Refer https://www.openssl.org/docs/man1.0.2/man1/genpkey.html 73 - name: KeyCurveId 74 type: string 75 description: > 76 The curve ID to be used with the key, if needed based on the 77 value of the KeyPairAlgorithm parameter. 78 79 Refer https://www.openssl.org/docs/man1.0.2/man1/genpkey.html 80 - name: KeyPairAlgorithm 81 type: string 82 description: > 83 The type of key pair for use with signing algorithms. 84 85 Valid built-in algorithm names for private key generation are 86 RSA and EC. 87 - name: KeyUsage 88 type: array[string] 89 description: > 90 Key usage extensions define the purpose of the public key contained 91 in a certificate. 92 93 Valid Key usage extensions and its usage description. 94 95 ClientAuthentication: The public key is used for TLS WWW client 96 authentication. 97 CodeSigning: The public key is used for the signing of executable code. 98 CRLSigning: The public key is used for verifying signatures on 99 certificate revocation lists (CLRs). 100 DataEncipherment: The public key is used for directly enciphering 101 raw user data without the use of an intermediate 102 symmetric cipher. 103 DecipherOnly: The public key could be used for deciphering data 104 while performing key agreement. 105 DigitalSignature: The public key is used for verifying digital 106 signatures, other than signatures on certificates 107 and CRLs. 108 EmailProtection: The public key is used for email protection. 109 EncipherOnly: The public key could be used for enciphering data 110 while performing key agreement. 111 KeyCertSign: The public key is used for verifying signatures on 112 public key certificates. 113 KeyEncipherment: The public key is used for enciphering private or 114 secret keys. 115 NonRepudiation: The public key is used to verify digital signatures, 116 other than signatures on certificates and CRLs, 117 and used to provide a non- repudiation service that 118 protects against the signing entity falsely denying 119 some action. 120 OCSPSigning: The public key is used for signing OCSP responses. 121 ServerAuthentication: The public key is used for TLS WWW server 122 authentication. 123 Timestamping: The public key is used for binding the hash of an 124 object to a time. 125 - name: Organization 126 type: string 127 description: > 128 The legal name of the organization. This should not be abbreviated 129 and should include suffixes such as Inc, Corp, or LLC. 130 For example, IBM Corp. 131 This is a required parameter. 132 - name: OrganizationalUnit 133 type: string 134 description: > 135 The name of the unit or division of the organization making the 136 request. 137 This is a required parameter. 138 - name: State 139 type: string 140 description: > 141 The state or province where the organization is located. 142 This should not be abbreviated. For example, Texas. 143 This is a required parameter. 144 - name: Surname 145 type: string 146 description: > 147 The surname of the user making the request. 148 - name: UnstructuredName 149 type: string 150 description: > 151 The unstructured name of the subject. 152 returns: 153 - name: path 154 type: string 155 description: > 156 The object path of the D-Bus object to be watch for retrieving 157 the CSR string. 158 errors: 159 - xyz.openbmc_project.Common.Error.InternalFailure 160