| commit | 88064f0d61a8ff8f28cee73caa094f3325abb5ae | [log] [tgz] |
|---|---|---|
| author | Marri Devender Rao <devenrao@in.ibm.com> | Mon Aug 19 09:00:30 2019 -0500 |
| committer | Andrew Geissler <geissonator@yahoo.com> | Thu Aug 22 19:27:56 2019 +0000 |
| tree | 526608d7f10379035c94f77573fa23823b7231da | |
| parent | 577a5032c46f472d92fb7e12c4f2404b87880df5 [diff] |
For generate CSR set key usage based on certificate type
Redfish allows various values for setting the key usage in
generating CSR.
Modified to auto-set the key usage value based on the
certificate type set for generating the CSR.
Example for "Server" certifiacte set the key usage as
"ServerAuthentication" and "Client" certificate set the key
usage as "ClientAuthentication".
Setting default values so that user does not select unrelated
key usage value like "EmailProtection" for server certificate.
Certificate manager does not validate the key usage value rather
it is used for display purpose when listing the certificate
properties.
Tested:
python openbmctool.py -H $BMC -U aaa -P bbbb certificate generatecsr server
NJ w3.ibm.com US IBM IBM-UNIT NY EC 2048 prime256v1 cp abc.com an.com,bm.com gn
sn un in
Attempting login...
Generating CSR url=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/
GenerateCSR complete.
{
"CSRString": "-----BEGIN CERTIFICATE
REQUEST-----\n-----END CERTIFICATE REQUEST-----\n",
"CertificateCollection": {
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/"
}
}
User root has been logged out
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Change-Id: If5ab55f9d35b5e9f0c9e1d3e3dc2e75adf2fa6e9
The goal of this repository is to collect the two-minute hacks you write to automate interactions with OpenBMC systems.
It's highly likely the scripts don't meet your needs - they could be undocumented, dysfunctional or utterly broken. Please help us improve!
Then this repository aims to be the default destination for your otherwise un-homed scripts. As such we are setting the bar for submission pretty low, and we aim to make the process as easy as possible.
openbmc-events: Query error events on the target serveropenbmc-sensors: Query sensors on the target serveropenbmc-sfw: Manage host and BMC firmware images on the target serveropenbmctool: A general purpose tool for user interactions with OpenBMCpretty-journal: Convert journalctl's 'pretty' output to regular outputupload_and_update: Upload a tarball to TFTP server and update BMC with itnetboot: Painless netboot of BMC kernelsobmc-gerrit: Automagically add reviewers to changes pushed to Gerritreboot: Endlessly reboot OpenPOWER hoststracing: Enable and clean up kernel tracepoints remotelywitherspoon-debug: Deploy the debug tools tarball to Witherspoon BMCscla-signers: Check if a contributor has signed the OpenBMC CLAopenbmc-autobump.py: Update commit IDs in bitbake recipes to bring in new changesPlease use gerrit for all patches to this repository:
Do note that you will need to be party to the OpenBMC CLA before your contributions can be accepted. See Gerrit Setup and CLA for more information.
So long as your patches look sane with a cursory glance you can expect them to be applied. We may push back in the event that similar tools already exist or there are egregious issues.
We don't ask for much, but you need to give us at least a Signed-off-by, and put your work under the Apache 2.0 license. Licensing everything under Apache 2.0 will just hurt our heads less. Lets keep the lawyers off our backs. ^
^Any exceptions must be accompanied by a LICENSE file in the relevant subdirectory, and be compatible with Apache 2.0. You thought you would get away without any fine print?
There's no standard way to install the scripts housed in the here, so adding parts of the repository to your PATH might be a bit of a dice-roll. We may also move or remove scripts from time to time as part of housekeeping. It's probably best to copy things out if you need stability.