<?xml version="1.0"?> <interfaceDefinition> <node name="pki" owner="${vyos_conf_scripts_dir}/pki.py"> <properties> <help>VyOS PKI configuration</help> <priority>300</priority> </properties> <children> <tagNode name="ca"> <properties> <help>Certificate Authority</help> <constraint> #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> </properties> <children> #include <include/pki/cli-certificate-base64.xml.i> #include <include/generic-description.xml.i> <node name="private"> <properties> <help>CA private key in PEM format</help> </properties> <children> #include <include/pki/cli-private-key-base64.xml.i> #include <include/pki/password-protected.xml.i> </children> </node> <leafNode name="crl"> <properties> <help>Certificate revocation list in PEM format</help> <constraint> <validator name="base64"/> </constraint> <constraintErrorMessage>CRL is not base64-encoded</constraintErrorMessage> <multi/> </properties> </leafNode> #include <include/pki/cli-revoke.xml.i> </children> </tagNode> <tagNode name="certificate"> <properties> <help>Certificate</help> <constraint> #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> </properties> <children> #include <include/pki/cli-certificate-base64.xml.i> <node name="acme"> <properties> <help>Automatic Certificate Management Environment (ACME) request</help> </properties> <children> #include <include/url-http-https.xml.i> <leafNode name="url"> <defaultValue>https://acme-v02.api.letsencrypt.org/directory</defaultValue> </leafNode> <leafNode name="domain-name"> <properties> <help>Domain Name</help> <constraint> <validator name="fqdn"/> </constraint> <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_</constraintErrorMessage> <multi/> </properties> </leafNode> <leafNode name="email"> <properties> <help>Email address to associate with certificate</help> <constraint> #include <include/constraint/email.xml.i> </constraint> </properties> </leafNode> #include <include/listen-address-ipv4-single.xml.i> <leafNode name="rsa-key-size"> <properties> <help>Size of the RSA key</help> <completionHelp> <list>2048 3072 4096</list> </completionHelp> <valueHelp> <format>2048</format> <description>RSA key length 2048 bit</description> </valueHelp> <valueHelp> <format>3072</format> <description>RSA key length 3072 bit</description> </valueHelp> <valueHelp> <format>4096</format> <description>RSA key length 4096 bit</description> </valueHelp> <constraint> <regex>(2048|3072|4096)</regex> </constraint> </properties> <defaultValue>2048</defaultValue> </leafNode> </children> </node> #include <include/generic-description.xml.i> <node name="private"> <properties> <help>Certificate private key</help> </properties> <children> #include <include/pki/cli-private-key-base64.xml.i> #include <include/pki/password-protected.xml.i> </children> </node> #include <include/pki/cli-revoke.xml.i> </children> </tagNode> <tagNode name="dh"> <properties> <help>Diffie-Hellman parameters</help> <constraint> #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> </properties> <children> <leafNode name="parameters"> <properties> <help>DH parameters in PEM format</help> <constraint> <validator name="base64"/> </constraint> <constraintErrorMessage>DH parameters are not base64-encoded</constraintErrorMessage> </properties> </leafNode> </children> </tagNode> <tagNode name="key-pair"> <properties> <help>Public and private keys</help> </properties> <children> <node name="public"> <properties> <help>Public key</help> </properties> <children> #include <include/pki/cli-public-key-base64.xml.i> </children> </node> <node name="private"> <properties> <help>Private key</help> </properties> <children> #include <include/pki/cli-private-key-base64.xml.i> #include <include/pki/password-protected.xml.i> </children> </node> </children> </tagNode> <tagNode name="openssh"> <properties> <help>OpenSSH public and private keys</help> </properties> <children> <node name="public"> <properties> <help>Public key</help> </properties> <children> #include <include/pki/cli-public-key-base64.xml.i> <leafNode name="type"> <properties> <help>SSH public key type</help> <completionHelp> <list>ssh-rsa</list> </completionHelp> <valueHelp> <format>ssh-rsa</format> <description>Key pair based on RSA algorithm</description> </valueHelp> <constraint> <regex>(ssh-rsa)</regex> </constraint> </properties> </leafNode> </children> </node> <node name="private"> <properties> <help>Private key</help> </properties> <children> #include <include/pki/cli-private-key-base64.xml.i> #include <include/pki/password-protected.xml.i> </children> </node> </children> </tagNode> <tagNode name="openssh"> <properties> <help>OpenSSH public and private keys</help> </properties> <children> <node name="public"> <properties> <help>Public key</help> </properties> <children> #include <include/pki/cli-public-key-base64.xml.i> </children> </node> <node name="private"> <properties> <help>Private key</help> </properties> <children> #include <include/pki/cli-private-key-base64.xml.i> #include <include/pki/password-protected.xml.i> </children> </node> </children> </tagNode> <node name="openvpn"> <properties> <help>OpenVPN keys</help> </properties> <children> <tagNode name="shared-secret"> <properties> <help>OpenVPN shared secret key</help> </properties> <children> <leafNode name="key"> <properties> <help>OpenVPN shared secret key data</help> </properties> </leafNode> <leafNode name="version"> <properties> <help>OpenVPN shared secret key version</help> </properties> </leafNode> </children> </tagNode> </children> </node> <node name="x509"> <properties> <help>X509 Settings</help> </properties> <children> <node name="default"> <properties> <help>X509 Default Values</help> </properties> <children> <leafNode name="country"> <properties> <help>Default country</help> </properties> <defaultValue>GB</defaultValue> </leafNode> <leafNode name="state"> <properties> <help>Default state</help> </properties> <defaultValue>Some-State</defaultValue> </leafNode> <leafNode name="locality"> <properties> <help>Default locality</help> </properties> <defaultValue>Some-City</defaultValue> </leafNode> <leafNode name="organization"> <properties> <help>Default organization</help> </properties> <defaultValue>VyOS</defaultValue> </leafNode> </children> </node> </children> </node> </children> </node> </interfaceDefinition>