Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Replace Certificate Extended Operation Handler can be used to help remotely manage certificates in the Directory Server. The requester must have the permit-replace-certificate-request privilege.
The Replace Certificate Extended Operation Handler component inherits from the Extended Operation Handler
The following components have a direct aggregation relation from Replace Certificate Extended Operation Handlers:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| enabled | |
| allow-remotely-provided-certificates | |
| allowed-operation | |
| connection-criteria | |
| request-criteria |
| Description | A description for this Extended Operation Handler |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
allow-remotely-provided-certificates
| Description | Indicates whether clients should be allowed to directly provide a new listener or inter-server certificate chain in the extended request. If this is false, then the new certificate chain may only be read from a key store file contained on the server fileystem. If this is true, then the client may provide the contents of new key store file or the individual certificates (in PEM or DER format) in the extended request. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The types of replace certificate operations that clients will be allowed to request. |
| Default Value | replace-listener-certificate replace-inter-server-certificate purge-retired-listener-certificates purge-retired-inter-server-certificates |
| Allowed Values | replace-listener-certificate - Allow clients to replace a listener certificate used to secure communication over protocols like LDAP, HTTP, or JMX. replace-inter-server-certificate - Allow clients to replace the inter-server certificate used to strongly authenticate one server instance to another and to secure replication communication. purge-retired-listener-certificates - Allow clients to request that information about retired listener certificates be removed from the topology registry. purge-retired-inter-server-certificates - Allow clients to request that information about retired inter-server certificates be removed from the topology registry. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A set of criteria that client connections must satisfy before they will be allowed to request the associated extended operations. |
| Default Value | Client connections will not be required to match any criteria. |
| Allowed Values | The DN of any Connection Criteria. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A set of criteria that the extended requests must satisfy before they will be processed by the server. |
| Default Value | Requests will not be required to match any criteria. |
| Allowed Values | The DN of any Request Criteria. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Extended Operation Handlers:
dsconfig list-extended-operation-handlers
[--property {propertyName}] ...
To view the configuration for an existing Extended Operation Handler:
dsconfig get-extended-operation-handler-prop
--handler-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Extended Operation Handler:
dsconfig set-extended-operation-handler-prop
--handler-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Replace Certificate Extended Operation Handler:
dsconfig create-extended-operation-handler
--handler-name {name}
--type replace-certificate
--set enabled:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Extended Operation Handler:
dsconfig delete-extended-operation-handler
--handler-name {name}