Docs For Class CAApp

Description

X.509 Certificate management application

Provides a management interface for a Certificate Authority.

It has support for:

Generating certificates (storing the private key on the server)
Signing of user supplied certificate requests
Creating a unlimited number of certificate authorities (which may be nested)
Certificate revokation (CRLs) - _Only available_ which my crl patch (scheduled for php 5.3.0)

Infos:

Serial numbers are system wide identifiers for certificates (not per CA)
Pretty much of OpenSSLs behaviour is determined by the openssl.cnf configuration used

Located in /phpsatk/ca/app-local/org.eenterphace.sat.apps.ca/ca.app.php (line 46)

Method Summary

void createCert (Request $req)

void getCAs (FormEnumeration $enum)

void getCert (Request $req)

void getCRL (Request $req)

void listCAs (Request $req)

void listCerts (Request $req)

void regenerateCRL (Request $req)

void revokeCert (Request $req)

void signCSR_sign (Request $req)

void signCSR_upload (Request $req)

void viewCert (Request $req)

Methods

createCert (line 360)

Create and sign a certficate

This internally creates a CSR and signs it. The generated private key is stored in the database.

access: public
static:

void createCert (Request $req)

getCAs (line 53)

Gets a enumeration of all CAs

access: public
static:

void getCAs (FormEnumeration $enum)

FormEnumeration $enum: Enum to fill

getCert (line 425)

Fetch a certificate

in: (required)

'serial' (int) - Serial number of certificate to fetch

access: public
static:

void getCert (Request $req)

getCRL (line 227)

Gets the CRL

in: (required)

'serial' - Serial number of certificate authority to get CRL for

access: public
static:

void getCRL (Request $req)

listCAs (line 116)

List certificate authorities

access: public
static:

void listCAs (Request $req)

listCerts (line 70)

List issued certificates

access: public
static:

void listCerts (Request $req)

regenerateCRL (line 260)

Forces the regeneation of CRLs, issues new CRLs

Will regenerate CRLs (version 1 as well as version 2) for the given CA.

access: public
static:

void regenerateCRL (Request $req)

revokeCert (line 176)

Revoke a certificate

Self-signed certificates cannot be revoked, they will be only marked as revoked in the system.

in: (required)

'serial' - Serial number of certificate to revoke

access: public
static:

void revokeCert (Request $req)

signCSR_sign (line 314)

CSR signing step 2 - Sign CSR

access: public
static:

void signCSR_sign (Request $req)

signCSR_upload (line 284)

CSR signing stage 1 - Upload CSR and verify user info

access: public
static:

void signCSR_upload (Request $req)

viewCert (line 160)

View a certificate

in: (required)

'serial' - Serial number of certificate

access: public
static:

void viewCert (Request $req)