CA Get Profile REST API - dogtagpki/pki GitHub Wiki
JSON
$ curl \
-k \
-s \
-H "Accept: application/json" \
--cookie cookies \
https://localhost.localdomain:8443/ca/rest/profiles/caUserCert | python -m json.tool
{
"id": "caUserCert",
"classId": "caEnrollImpl",
"name": "Manual User Dual-Use Certificate Enrollment",
"description": "This certificate profile is for enrolling user certificates.",
"enabled": true,
"visible": false,
"enabledBy": "admin",
"authzAcl": "",
"renewal": false,
"inputs": [
{
"id": "i1",
"ClassID": "keyGenInputImpl",
"Name": "Key Generation",
"ConfigAttribute": [],
"Attribute": [
{
"name": "cert_request_type",
"Descriptor": {
"Syntax": "keygen_request_type",
"Description": "Key Generation Request Type"
}
},
...
]
},
{
"id": "i2",
"ClassID": "subjectNameInputImpl",
"Name": "Subject Name",
"ConfigAttribute": [],
"Attribute": [
{
"name": "sn_uid",
"Descriptor": {
"Syntax": "string",
"Description": "UID"
}
},
...
]
},
{
"id": "i3",
"ClassID": "submitterInfoInputImpl",
"Name": "Requestor Information",
"ConfigAttribute": [],
"Attribute": [
{
"name": "requestor_name",
"Descriptor": {
"Syntax": "string",
"Description": "Requestor Name"
}
},
...
]
}
],
"outputs": [
{
"id": "o1",
"name": "Certificate Output",
"classId": "certOutputImpl",
"attributes": [
{
"name": "pretty_cert",
"Descriptor": {
"Syntax": "pretty_print",
"Description": "Certificate Pretty Print"
}
},
...
]
}
],
"policySets": {
"userCertSet": [
{
"id": "1",
"def": {
"name": "Subject Name Default",
"classId": "userSubjectNameDefaultImpl",
"text": "This default populates a User-Supplied Certificate Subject Name to the request.",
"attributes": [
{
"name": "name",
"Descriptor": {
"Syntax": "string",
"Description": "Subject Name"
}
}
],
"params": [
{
"name": "useSysEncoding",
"value": ""
}
]
},
"constraint": {
"name": "Subject Name Constraint",
"text": "This constraint accepts the subject name that matches UID=.*",
"classId": "subjectNameConstraintImpl",
"constraints": [
{
"name": "pattern",
"descriptor": {
"Syntax": "string",
"Description": "Subject Name Pattern"
},
"value": "UID=.*"
}
]
}
},
...
]
},
"xmloutput": false
}
Raw
$ curl \
-k \
-s \
--cookie cookies \
https://localhost.localdomain:8443/ca/rest/profiles/caUserCert/raw
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=true
enableBy=admin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=caUserCert
visible=false