Re: [OpenXPKI-users] questions regarding customizing workflow certificate_search.yaml

Fri, 30 Jan 2026 00:39:32 -0800 

Hello Jan,

welcome to the OpenXPKI users list  :)
the RPC call runs the workflow and the cert_identifier is generated as a result of the SearchCertificate call. All the other items call a plugin helper to generate other items from the certidentifier, this is simply done by looking up the artefacts in the database or parsing the certificate. If you run "perldoc OpenXPKI::Template::Plugin::Certificate" in the system you can see the embed documentation of the module with the methods it exposes (you can also browse it in the github repo - the docs are part of the code file).
Its important to have the key defined in the workflow AND add it to the output section (this works as a filter to not expose any sensitive data). 

Oliver

On 1/29/26 14:15, Jan Uyttersprot via OpenXPKI-users wrote:

questions regarding customizing workflow certificatesearch

HI,



Version : OpenXPKI Community Edition v3.32.8
when using RPC to run the search certificate workflow I have the following action defined in the workflow/def/certificate_search.yaml : 


 get_certificate_data:
        class: OpenXPKI::Server::Workflow::Activity::Tools::SetContext
        param:
            _map_notbefore: "[% USE Certificate %][% Certificate.notbefore(context.cert_identifier) %]"             _map_notafter: "[% USE Certificate %][% Certificate.notafter(context.cert_identifier) %]"             _map_status: "[% USE Certificate %][% Certificate.status(context.cert_identifier) %]"             _map_pem: "[% USE Certificate %][% Certificate.pem(context.cert_identifier) %]"             _map_cn: "[% USE Certificate %][% Certificate.subject(context.cert_identifier) %]" 



in the client.d/service/rpc/public.yaml rpc config I have


SearchCertificate:
    workflow: certificate_search
    input:
      - common_name
    output:
      - notbefore
      - notafter
      - status
      - pem
      - cn
      - cert_identifier


all fields are displayed in the json data array fine.


Can someone please explain :
- why I dont need to map cert_identifier to return it, cert_identifier seems to be the only value that doesnt need to be mapped to work in output ?
- why I cannot do : _map_whatever: "[% USE Certificate %][% Certificate.cert_identifier(context.cert_identifier) %]" and let it output via the RPC call by adding '- whatever' in the output: list ?
- why I cannot do : _map_keyid: "[% USE Certificate %][% Certificate.subject_key_identifier(context.cert_identifier) %]"  and let it output via the RPC call by adding '- keyid' in the output: list ? 



just trying to make some sense of all this


thank you in advance

regards,

Jan



_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users


--
Protect your environment -  close windows and adopt a penguin!

_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to