{% if certificate.lease %} {% include "views/lease.html" %} {% endif %} Signed {% if certificate.signer %} by {{ certificate.signer }}{% endif %}, expires .
{% if session.authority.tagging %} {% include "views/attributes.html" %}
{% endif %}To fetch certificate:
wget http://{{ session.authority.hostname }}/api/signed/{{ certificate.common_name }}/
curl http://{{ session.authority.hostname }}/api/signed/{{ certificate.common_name }}/ \
| openssl x509 -text -noout
To perform online certificate status request{% if "0.0.0.0/0" not in session.authorization.ocsp_subnets %} from whitelisted {{ session.authorization.ocsp_subnets }} subnets{% endif %}:
curl http://{{ session.authority.hostname }}/api/certificate > session.pem
openssl ocsp -issuer session.pem -CAfile session.pem \
-url {{ certificate.responder_url }} \
-serial 0x{{ certificate.serial }}
{% else %}
Querying OCSP responder disabled for this certificate, see /etc/certidude/profile.conf how to enable if that's desired
{% endif %} {% endif %}To fetch script:
curl --cert-status https://{{ session.authority.hostname }}:8443/api/signed/{{ certificate.common_name }}/script/ \
--cacert /etc/certidude/authority/{{ session.authority.hostname }}/ca_cert.pem \
--key /etc/certidude/authority/{{ session.authority.hostname }}/host_key.pem \
--cert /etc/certidude/authority/{{ session.authority.hostname }}/host_cert.pem
Common name | {{ certificate.common_name }} |
---|---|
Organizational unit | {% if certificate.organizational_unit %}{{ certificate.organizational_unit }}{% else %}-{% endif %} |
Serial number | {{ certificate.serial | serial }} |
Signed | {{ certificate.signed | datetime }}{% if certificate.signer %} by {{ certificate.signer }}{% endif %} |
Expires | {{ certificate.expires | datetime }} |
Lease | {{ certificate.lease.inner_address }} at {{ certificate.lease.last_seen | datetime }} from {{ certificate.lease.outer_address }} |
SHA256 | {{ certificate.sha256sum }} |
Key usage | {{ certificate.key_usage | join(", ") | replace("_", " ") }} |
Extended key usage | {{ certificate.extended_key_usage | join(", ") | replace("_", " ") }} |