1description: > 2 Implement to provide certificate management features. 3 4 An OpenBMC implementation providing installed certificate management 5 functions. An implementation service should additionally implement 6 xyz.openbmc_project.Object.Delete to allow the deletion of individual 7 certificate objects. 8properties: 9 - name: CertificateString 10 type: string 11 description: > 12 The string for the certificate. 13 14 This is a X.509 public certificate in PEM format. PEM wiki - 15 https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail 16 17 An X.509 certificate contains a public key, validity, and an identity 18 (a hostname, or an organization, or an individual), and is either 19 signed by a certificate authority or self-signed. Refer 20 https://en.wikipedia.org/wiki/X.509 for details. 21 - name: KeyUsage 22 type: array[string] 23 description: > 24 Key usage extensions define the purpose of the public key contained in 25 a certificate. 26 27 Valid Key usage extensions and its usage description is based on 28 Redfish Resource and Schema Guide 2018.3 version. 29 https://www.dmtf.org/sites/default/files/standards/documents/DSP2046_2018.3.pdf 30 31 ClientAuthentication: The public key is used for TLS WWW client 32 authentication. 33 CodeSigning: The public key is used for the signing of executable 34 code. CRLSigning: The public key is used for verifying signatures on 35 certificate revocation lists (CLRs). 36 DataEncipherment: The public key is used for directly enciphering 37 raw user data without the use of an intermediate 38 symmetric cipher. 39 DecipherOnly: The public key could be used for deciphering data 40 while performing key agreement. 41 DigitalSignature: The public key is used for verifying digital 42 signatures, other than signatures on certificates 43 and CRLs. 44 EmailProtection: The public key is used for email protection. 45 EncipherOnly: The public key could be used for enciphering data 46 while performing key agreement. 47 KeyCertSign: The public key is used for verifying signatures on 48 public key certificates. 49 KeyEncipherment: The public key is used for enciphering private or 50 secret keys. 51 NonRepudiation: The public key is used to verify digital signatures, 52 other than signatures on certificates and CRLs, 53 and used to provide a non- repudiation service that 54 protects against the signing entity falsely denying 55 some action. 56 OCSPSigning: The public key is used for signing OCSP responses. 57 ServerAuthentication: The public key is used for TLS WWW server 58 authentication. 59 Timestamping: The public key is used for binding the hash of an 60 object to a time. 61 62 - name: Issuer 63 type: string 64 description: > 65 The issuer of the certificate. 66 67 Refer X.509 certificate wiki for the "Issuer" Key and value details. 68 69 Example: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA Here 70 C = country, O=organization, CN= common name. 71 72 - name: Subject 73 type: string 74 description: > 75 The subject of the certificate 76 77 Refer X.509 certificate wiki for the "Subject" Key and value details. 78 Refer https://en.wikipedia.org/wiki/X.509 79 80 Example: Subject: C=US, ST=New York, L=Armonk, 81 O=International Business Machines Corporation, 82 OU=research, CN=www.research.ibm.com 83 Here C=country, ST=state, L=locality, O=organization, CN= common name. 84 OU= organizational unit 85 86 - name: ValidNotAfter 87 type: uint64 88 description: > 89 The certificate expiry date and time, in epoch time, in milliseconds 90 - name: ValidNotBefore 91 type: uint64 92 description: > 93 The certificate validity start date and time, in epoch time, in 94 milliseconds. 95