X509 Certificate Extractor

Valve for extracting X.509 certificate attributes

Introduction

Use this valve to extract attributes from a X.509 v3 certificate.

This valve is a part of the item iteration API meaning that it operates on the current item set. For more information on item iteration, see Item.

Valve operates on current item set and extracted attributes will added as properties on the current item. If no item exist a new will be created using certificate subject as identifier.

The following attributes are extracted:

subject
issuer
serialNumber
notBefore
notAfter
subjectAltNames
publicKey
publicKeyAlgorithm
publicKeyFormat
publicKeyType (only RSA)
publicKeySize (only RSA)
crlDistributionPoints
ocspLocations
ocspIssuers
basicConstraints
sigAlgName
sigAlgOid
keyUsage
extKeyUsage

Item properties are prefixed (default "cert_") to avoid affection existing properties.

Certificate attributes with multiple values are added as multi valued item properties.

Certificate attributes that contain name-value pairs (like subjectAltNames) are added as multi-valued name-value string in format "name=value".

Configuration

Valve name: X509CertificateExtractor

Name Description Default value Mandatory Expanded

Name	Description	Default value	Mandatory	Expanded
`src`	X509 certificate in PEM format.
`prefix`	Item property name prefix.	`"cert_"`

src

X509 certificate in PEM format.

prefix

Item property name prefix.

"cert_"

{
  "name" : "X509CertificateExtractor,
  "config" : {
    "src" : "pem",
    "prefix" : "cert_"
  }
}

PreviousPKI NextX509 Certificate Validator