Schema for :ref:`server-plugins-generators-cfg-ssl-certificates`
``sslformat.xml``
An **SSLCAFormatGroupType** is a tag used to provide logic.
Child entries of an SSLCAFormatGroupType tag only apply to
machines that match the condition specified -- either
membership in a group, or a matching client name.
:xml:attribute:`SSLCAFormatGroupType:negate` can be set to negate
the sense of the match.
The name of the client or group to match on. Child entries
will only apply to this client or group (unless
:xml:attribute:`SSLCAFormatGroupType:negate` is set).
Negate the sense of the match, so that child entries only
apply to a client if it is not a member of the given group
or does not have the given name.
Available cert formats
Available ker formats
Format of the cert in the generated format. Currently only ``pem``
and ``der`` is supported.
Format of the key in the generated format. Currently only ``pem``
and ``der`` is supported.
The full path to the cert entry to use for this format.
This is the *client* path; e.g., for a cert defined at
``/var/lib/bcfg2/SSLCA/etc/pki/tls/private/foo.pem/sslcert.xml``,
**cert** should be ``/etc/pki/tls/private/foo.pem``. This
if required if the cert is used in the format.
The full path to the key entry to use for this certificate.
This is the *client* path; e.g., for a key defined at
``/var/lib/bcfg2/SSLCA/etc/pki/tls/private/foo.key/sslkey.xml``,
**key** should be ``/etc/pki/tls/private/foo.key``. This is
only required if the key is used in the format and **cert**
is not a SSLCA generated cert.
Top-level tag for describing an SSLCA generated cert format.