CmpX509Cert Interfaces ¶ Constants KnownOIDs (GVL) X509CertKeyUsage (GVL) Enums RtsCertEncoding (Enum) RtsCertTrustLevel (Enum) RtsX509AltNameType (Enum) RtsX509CertCheckFlags (Enum) RtsX509CertFilterType (Enum) RtsX509VerifyFlags (Enum) Structs RtsOID (Struct) RtsX509AltName (Struct) RtsX509CertFilter (Struct) RtsX509CertInfo (Struct) RtsX509CertName (Struct) RtsX509ExKeyUsage (Struct) RtsX509NameEntry (Struct) Types RtsOIDStore (Union) RtsX509AltNameStore (Union) RtsX509CertFilterContent (Union)
KnownOIDs (GVL) ¶ Cannot be exportet until CDS-48228 is fixed {attribute ‘m4export’} InOut: Scope Name Type Initial Comment Constant RTS_OID_COUNTRY_NAME STRING ‘2.5.4.6’ OID used in certificate subject and issuer fields RTS_OID_ORGANIZATION_NAME STRING ‘2.5.4.10’ RTS_OID_ORGANIZATIONAL_UNIT_NAME STRING ‘2.5.4.11’ RTS_OID_COMMON_NAME STRING ‘2.5.4.3’ RTS_OID_LOCALITY_NAME STRING ‘2.5.4.7’ RTS_OID_STATE_OR_PROVINCE_NAME STRING ‘2.5.4.8’ RTS_OID_TITLE STRING ‘2.5.4.12’ RTS_OID_GIVEN_NAME STRING ‘2.5.4.42’ RTS_OID_INITIALS STRING ‘2.5.4.43’ RTS_OID_SUR_NAME STRING ‘2.5.4.4’ RTS_OID_DOMAIN_COMPONENT STRING ‘0.9.2342.19200300.100.1.25’ RTS_OID_RSA_EMAILADDR STRING ‘1.2.840.113549.1.9.1’ RTS_OID_STREET_ADDRESS STRING ‘2.5.4.9’ RTS_OID_RSA_UNSTRUCTNAME STRING ‘1.2.840.113549.1.9.2’ RTS_OID_RSA_UNSTRUCTADDR STRING ‘1.2.840.113549.1.9.8’ RTS_OID_DEVICE_SERIAL_NUMBER STRING ‘2.5.4.5’ RTS_OID_TLS_WEBSERVER_AUTHENTICATION STRING ‘1.3.6.1.5.5.7.3.1’ RTS_OID_TLS_WEBCLIENT_AUTHENTICATION STRING ‘1.3.6.1.5.5.7.3.2’
X509CertKeyUsage (GVL) ¶ Cannot be exported until CDS-48228 is fixed {attribute ‘m4export’} InOut: Scope Name Type Initial Constant RTS_KEY_USAGE_DIGITAL_SIGNATURE UDINT 16#1 RTS_KEY_USAGE_DIGITAL_SIGNATURE_STR STRING ‘Digital Signature’ RTS_KEY_USAGE_NON_REPUDIATION UDINT 16#2 RTS_KEY_USAGE_NON_REPUDIATION_STR STRING ‘Non Repudiation’ RTS_KEY_USAGE_ENCIPHERMENT UDINT 16#4 RTS_KEY_USAGE_ENCIPHERMENT_STR STRING ‘Key Encipherment’ RTS_KEY_USAGE_DATA_ENCIPHERMENT UDINT 16#8 RTS_KEY_USAGE_DATA_ENCIPHERMENT_STR STRING ‘Data Encipherment’ RTS_KEY_USAGE_KEY_AGREEMENT UDINT 16#10 RTS_KEY_USAGE_KEY_AGREEMENT_STR STRING ‘Key Agreement’ RTS_KEY_USAGE_CERTIFICATE_SIGN UDINT 16#20 RTS_KEY_USAGE_CERTIFICATE_SIGN_STR STRING ‘Certificate Sign’ RTS_KEY_USAGE_CRL_SIGN UDINT 16#40 RTS_KEY_USAGE_CRL_SIGN_STR STRING ‘CRL Sign’ RTS_KEY_USAGE_ENCIPHER_ONLY UDINT 16#80 RTS_KEY_USAGE_ENCIPHER_ONLY_STR STRING ‘Encipher Only’ RTS_KEY_USAGE_DECIPHER_ONLY UDINT 16#100 RTS_KEY_USAGE_DECIPHER_ONLY_STR STRING ‘Decipher Only’
Enums ¶ RtsCertEncoding (Enum) RtsCertTrustLevel (Enum) RtsX509AltNameType (Enum) RtsX509CertCheckFlags (Enum) RtsX509CertFilterType (Enum) RtsX509VerifyFlags (Enum)
RtsCertEncoding (ENUM) ¶ TYPE RtsCertEncoding : Attributes: qualified_only InOut: Name Initial ASN1 0 BASE64
RtsCertTrustLevel (ENUM) ¶ TYPE RtsCertTrustLevel : The trusted level has two main meanings: 1. In opend certificates it indicates if the certificate is trusted or not 2. If adding or searching certificates in the store it indicates where to add / search the certificate. Attributes: qualified_only InOut: Name Initial Comment Untrusted 1 This is the location for untrusted certificates. Trusted This is the location for trusted CA or self signed certificates. Own This is the location for certificates used by the PLC. The private key of these certificates is available. Quarantine This location contains certificates which could not be verified because of missing chains. Unknown This is the default for certificates which are not in one of the other stores. Usually this is set when parsing a certificate. Chain This location contains chain certificates. These certificates are not trusted but used to build up a chain up to one of the certificates placed in trusted. This is the only store which is local to each opened certificate store. Also adding certificates to this trust level is not persistent. The typical use case is to add chain-certificates received from the communication peer in case of an own protocol implementation. For TLS connection this is done automatically. Due this use-case, the capabilities of this store are somewhat limited. It is not possible to iterate or filter certificates on this store. Explicit removal of certificates is supported with X509CertStoreRemoveCert. The store is automatically clean up on X509CertStoreClose.
RtsX509AltNameType (ENUM) ¶ TYPE RtsX509AltNameType : Attributes: qualified_only InOut: Name Comment otherName Not supported Email Supported DnsName Supported X400Address Not supported directoryName Not supported ediPartyName Not supported URI Supported IpAddress Supported RegisterdID Supported
RtsX509CertCheckFlags (ENUM) ¶ TYPE RtsX509CertCheckFlags : Attributes: qualified_only InOut: Name Initial Comment FORCE_SUBJECT 16#1 Forces that the hostname / IP address is part OF certificate subject. Otherwhise part OF subject alternative name is accepted. DISABLE_WILDCARDS 16#2 Disable support FOR wildcard checking. * .example.com in a certificate is NOT accepted. Only FOR X509CertCheckHost. DISABLE_PARTIAL_WILDCARDS 16#4 Disable support FOR partial wildcard checking. ww*.example.com OR * ww.example.com. Only FOR X509CertCheckHost. ALLOW_MULTILABLE_WILDCARDS 16#8 Allow that wildcards replace multiple subdomains. * .example.com will accept www.SUB.example.com. Only FOR X509CertCheckHost. FORCE_SINGLE_SUBDOMAIN 16#10 Forces that .example.com will only accept a single subdomain e.f. SUB.example.com, but NOT www.SUB.example.com. Only FOR X509CertCheckHost.
RtsX509CertFilterType (ENUM) ¶ TYPE RtsX509CertFilterType : Attributes: qualified_only InOut: Name Initial TRUST_LEVEL 0 SUBJECT SUBJECT_MATCHALL CERT_DATEVALID CERT_KEYUSAGE CERT_EXKEYUSAGE CERT_THUMBPRINT
RtsX509VerifyFlags (ENUM) ¶ TYPE RtsX509VerifyFlags : Attributes: qualified_only InOut: Name Initial Comment EnableCRLCheck 16#1 Enables CRL checks for certificate validation.
