1*b1b4d261SWilliam A. Kennington IIIdescription: > 2*b1b4d261SWilliam A. Kennington III Implement to provide certificate management features. 3*b1b4d261SWilliam A. Kennington III 4*b1b4d261SWilliam A. Kennington III An OpenBMC implementation providing installed certificate management 5*b1b4d261SWilliam A. Kennington III functions. An implementation service should additionally implement 6*b1b4d261SWilliam A. Kennington III xyz.openbmc_project.Object.Delete to allow the deletion of individual 7*b1b4d261SWilliam A. Kennington III certificate objects. 8*b1b4d261SWilliam A. Kennington IIIproperties: 9*b1b4d261SWilliam A. Kennington III - name: CertificateString 10*b1b4d261SWilliam A. Kennington III type: string 11*b1b4d261SWilliam A. Kennington III description: > 12*b1b4d261SWilliam A. Kennington III The string for the certificate. 13*b1b4d261SWilliam A. Kennington III 14*b1b4d261SWilliam A. Kennington III This is a X.509 public certificate in PEM format. 15*b1b4d261SWilliam A. Kennington III PEM wiki - https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail 16*b1b4d261SWilliam A. Kennington III 17*b1b4d261SWilliam A. Kennington III An X.509 certificate contains a public key, validity, and an 18*b1b4d261SWilliam A. Kennington III identity (a hostname, or an organization, or an individual), 19*b1b4d261SWilliam A. Kennington III and is either signed by a certificate authority or self-signed. 20*b1b4d261SWilliam A. Kennington III Refer https://en.wikipedia.org/wiki/X.509 for details. 21*b1b4d261SWilliam A. Kennington III - name: KeyUsage 22*b1b4d261SWilliam A. Kennington III type: array[string] 23*b1b4d261SWilliam A. Kennington III description: > 24*b1b4d261SWilliam A. Kennington III Key usage extensions define the purpose of the public key contained 25*b1b4d261SWilliam A. Kennington III in a certificate. 26*b1b4d261SWilliam A. Kennington III 27*b1b4d261SWilliam A. Kennington III Valid Key usage extensions and its usage description is based on 28*b1b4d261SWilliam A. Kennington III Redfish Resource and Schema Guide 2018.3 version. 29*b1b4d261SWilliam A. Kennington III https://www.dmtf.org/sites/default/files/standards/documents/DSP2046_2018.3.pdf 30*b1b4d261SWilliam A. Kennington III 31*b1b4d261SWilliam A. Kennington III ClientAuthentication: The public key is used for TLS WWW client 32*b1b4d261SWilliam A. Kennington III authentication. 33*b1b4d261SWilliam A. Kennington III CodeSigning: The public key is used for the signing of executable code. 34*b1b4d261SWilliam A. Kennington III CRLSigning: The public key is used for verifying signatures on 35*b1b4d261SWilliam A. Kennington III certificate revocation lists (CLRs). 36*b1b4d261SWilliam A. Kennington III DataEncipherment: The public key is used for directly enciphering 37*b1b4d261SWilliam A. Kennington III raw user data without the use of an intermediate 38*b1b4d261SWilliam A. Kennington III symmetric cipher. 39*b1b4d261SWilliam A. Kennington III DecipherOnly: The public key could be used for deciphering data 40*b1b4d261SWilliam A. Kennington III while performing key agreement. 41*b1b4d261SWilliam A. Kennington III DigitalSignature: The public key is used for verifying digital 42*b1b4d261SWilliam A. Kennington III signatures, other than signatures on certificates 43*b1b4d261SWilliam A. Kennington III and CRLs. 44*b1b4d261SWilliam A. Kennington III EmailProtection: The public key is used for email protection. 45*b1b4d261SWilliam A. Kennington III EncipherOnly: The public key could be used for enciphering data 46*b1b4d261SWilliam A. Kennington III while performing key agreement. 47*b1b4d261SWilliam A. Kennington III KeyCertSign: The public key is used for verifying signatures on 48*b1b4d261SWilliam A. Kennington III public key certificates. 49*b1b4d261SWilliam A. Kennington III KeyEncipherment: The public key is used for enciphering private or 50*b1b4d261SWilliam A. Kennington III secret keys. 51*b1b4d261SWilliam A. Kennington III NonRepudiation: The public key is used to verify digital signatures, 52*b1b4d261SWilliam A. Kennington III other than signatures on certificates and CRLs, 53*b1b4d261SWilliam A. Kennington III and used to provide a non- repudiation service that 54*b1b4d261SWilliam A. Kennington III protects against the signing entity falsely denying 55*b1b4d261SWilliam A. Kennington III some action. 56*b1b4d261SWilliam A. Kennington III OCSPSigning: The public key is used for signing OCSP responses. 57*b1b4d261SWilliam A. Kennington III ServerAuthentication: The public key is used for TLS WWW server 58*b1b4d261SWilliam A. Kennington III authentication. 59*b1b4d261SWilliam A. Kennington III Timestamping: The public key is used for binding the hash of an 60*b1b4d261SWilliam A. Kennington III object to a time. 61*b1b4d261SWilliam A. Kennington III 62*b1b4d261SWilliam A. Kennington III - name: Issuer 63*b1b4d261SWilliam A. Kennington III type: string 64*b1b4d261SWilliam A. Kennington III description: > 65*b1b4d261SWilliam A. Kennington III The issuer of the certificate. 66*b1b4d261SWilliam A. Kennington III 67*b1b4d261SWilliam A. Kennington III Refer X.509 certificate wiki for the "Issuer" Key and value details. 68*b1b4d261SWilliam A. Kennington III 69*b1b4d261SWilliam A. Kennington III Example: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA 70*b1b4d261SWilliam A. Kennington III Here C = country, O=organization, CN= common name. 71*b1b4d261SWilliam A. Kennington III 72*b1b4d261SWilliam A. Kennington III - name: Subject 73*b1b4d261SWilliam A. Kennington III type: string 74*b1b4d261SWilliam A. Kennington III description: > 75*b1b4d261SWilliam A. Kennington III The subject of the certificate 76*b1b4d261SWilliam A. Kennington III 77*b1b4d261SWilliam A. Kennington III Refer X.509 certificate wiki for the "Subject" Key and value details. 78*b1b4d261SWilliam A. Kennington III Refer https://en.wikipedia.org/wiki/X.509 79*b1b4d261SWilliam A. Kennington III 80*b1b4d261SWilliam A. Kennington III Example: Subject: C=US, ST=New York, L=Armonk, 81*b1b4d261SWilliam A. Kennington III O=International Business Machines Corporation, 82*b1b4d261SWilliam A. Kennington III OU=research, CN=www.research.ibm.com 83*b1b4d261SWilliam A. Kennington III Here C=country, ST=state, L=locality, O=organization, CN= common name. 84*b1b4d261SWilliam A. Kennington III OU= organizational unit 85*b1b4d261SWilliam A. Kennington III 86*b1b4d261SWilliam A. Kennington III - name: ValidNotAfter 87*b1b4d261SWilliam A. Kennington III type: uint64 88*b1b4d261SWilliam A. Kennington III description: > 89*b1b4d261SWilliam A. Kennington III The certificate expiry date and time, in epoch time, in milliseconds 90*b1b4d261SWilliam A. Kennington III - name: ValidNotBefore 91*b1b4d261SWilliam A. Kennington III type: uint64 92*b1b4d261SWilliam A. Kennington III description: > 93*b1b4d261SWilliam A. Kennington III The certificate validity start date and time, 94*b1b4d261SWilliam A. Kennington III in epoch time, in milliseconds. 95