API endpoints

Warning	This feature is still under development. The API might still change. Do not use it in production.

Path	Method	Parameters	Return code	Mime	Input
`/ca/v2/admin/kraconnector`	`GET`	None	200	`application/json`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/admin/kraconnector { "host" : "pki.example.com", "port" : "8443", "transportCert" : "MIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==", "uri" : "/kra/agent/kra/connector", "timeout" : "30", "local" : "false", "enable" : "true" }
`/ca/v2/admin/kraconnector/add`	`POST`	None	204	`application/json`	KRA connector configuration in json with `host`, `port`, `transportCert` (the base64), `transportCertNickname`, `subsystemCert`, `uri`, `timeout`, `local` and `enable`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"host":"pki.example.com","port":"8443","transportCert":"MIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==","uri":"/kra/agent/kra/connector","timeout":"30","local":"false","enable":"true"}' https://$HOSTNAME:8443/ca/v2/admin/kraconnector/add
`/ca/v2/admin/kraconnector/addHost`	`POST`	host, port	204	No output	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST "https://$HOSTNAME:8443/ca/v2/admin/kraconnector/addHost?host=pki2.example.com&port=8443"
`/ca/v2/admin/kraconnector/remove`	`POST`	host, port	204	No output	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST "https://$HOSTNAME:8443/ca/v2/admin/kraconnector/remove?host=pki.example.com&port=8443"
`/ca/v2/agent/certrequests`	`GET`	pageSize, start, maxTime	200	`application/json`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ "https://$HOSTNAME:8443/ca/v2/agent/certrequests?pageSize=2" { "total" : 7, "entries" : [ { "requestID" : "0x58e47a524bff8fbc512465759b63f424", "requestType" : "enrollment", "requestStatus" : "complete", "creationTime" : 1730200079000, "modificationTime" : 1730200084000, "certId" : "0x86614664f6379c1c2d0a39d1e47d3fd0", "certRequestType" : "pkcs10", "operationResult" : "success" }, { "requestID" : "0x5f2533c00bb8934584decbf1aa9ab987", "requestType" : "enrollment", "requestStatus" : "complete", "creationTime" : 1730200087000, "modificationTime" : 1730200093000, "certId" : "0xf84f45cd025332f2b06d1ec58136be89", "certRequestType" : "pkcs10", "operationResult" : "success" } ] }
`/ca/v2/agent/certrequests/{id}`	`GET`	None	200	`application/json`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/agent/certrequests/0x5f2533c00bb8934584decbf1aa9ab987 { "nonce" : "-8579840105031817822", "requestId" : "0x5f2533c00bb8934584decbf1aa9ab987", "requestType" : "enrollment", "requestStatus" : "complete", "requestOwner" : "", "requestCreationTime" : "Tue Oct 29 11:08:07 UTC 2024", "requestModificationTime" : "Tue Oct 29 11:08:13 UTC 2024", "requestNotes" : "", "profileApprovedBy" : "system", "profileSetId" : "ocspCertSet", "profileIsVisible" : "true", "profileName" : "Manual OCSP Manager Signing Certificate Enrollment", "profileDescription" : "This certificate profile is for enrolling OCSP Manager certificates.", "ProfileID" : "caOCSPCert", "Renewal" : false, "Input" : [ { "ClassID" : "CertReqInput", "Name" : "Certificate Request Input", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Value" : "pkcs10" }, { "name" : "cert_request", "Value" : "-----BEGIN CERTIFICATE REQUEST-----\nMIIDkjCCAfoCAQAwTTEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEkMCIG\nA1UEAwwbQ0EgT0NTUCBTaWduaW5nIENlcnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A\nMIIBigKCAYEAsaCn1oUxVloC5G+Adi8rF40WEk10IL7NUEw9Bm6+704T7pKut9BDOH/8sCU+/bcw\nAHNKUpqKbpS55N7V0xYntfyiD8RxGVY4BxPWMPuhLcb5zRZXybKIvV2KpgOqQmS5+Sx0HrEyA6Xo\nFyB5E7fE/mqheA7V1RyL047m1T0ER/tkHWYldj0aLlYQKv8dmfzW52PRYF08ByVWzTXcByFyO3Tg\nwjN84ksKAfihBiALj92jgbxyOHD/utEFtz8XpjlqLMl7MVYhpeu/p5DbCTPk55OcKwQF6MbLMExl\nSrvF6JBKHLfLdbFY3OwbryP+f1Dc9UlFoDELZjlp+Z2klwlxympqTpsXztMzAQUfRqu5GjcL7v9s\nLmNahVoKfWuZWQEC5FUHyJk3DT/v0jax30QHq3CqoYUWZs/rolfpzInvqSMmDmxHz/nIdEwpmhvt\nAijuwG+Qm1PA4eHy2l3OhIGYWvYgA5oEq/BLZgvi3SOhNR3ctz98rlEI2j3MWy9dYBDhAgMBAAGg\nADANBgkqhkiG9w0BAQsFAAOCAYEAputw+T001caAwVTyZttOf5hmmiHnwqw1BFfoVA1Sy2W9xRrU\nTvCF2/eiSiRbLfsgpikgtOpRuON+m1SiYK/W3v+SkU1d9ewNQo1u2oNh1sjpzZjkLvfEvx4jjiDQ\nmA6GhhMzUiMvWPM9+d97c+1euF8mYvnyGJclutf2OVAhHdii8g5arR+gRGQHWXfziDkm3bFtgO0O\nMazHzehow81cArN27HfPzi2hPb447vekWdrDfW4O1VWp25hxTjef5LYQd8aKTIwYah+zaAqyZG6D\n7xYRxkOhb9d37nFL8qDWAZHyIcAZrkZ72APEqtMLaOewjzVrdbj/J5yncByk8SpW2E/XGy9NlDgi\nmuhMj8PuZXEItvaSpUG+o75b/o0i/CO+t+MgIQhE6dtZkEhRUpbuUN/+kILD++i4N1WB/owcOSuW\nSWER5L0gjpw8+UES4tV3qaS3zUSCZroyoUU430goxeHdk58CAoWrs9vqDdM/NkvjXrQJUmMmAL9f\nkpVhlMfw\n-----END CERTIFICATE REQUEST-----" } ] }, { "ClassID" : "SubmitterInfoInput", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ ] } ], "Output" : [ ], "ProfilePolicySet" : [ { "policies" : [ { "id" : "1", "def" : { "name" : "Subject Name Default", "text" : "This default populates a User-Supplied Certificate Subject Name to the request.", "attributes" : [ { "name" : "name", "Value" : "CN=CA OCSP Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Descriptor" : { "Syntax" : "string", "Description" : "Subject Name" } } ], "params" : [ ] }, "constraint" : { "name" : "Subject Name Constraint", "text" : "This constraint accepts the subject name that matches CN=.", "classId" : "SubjectNameConstraint", "constraints" : [ { "name" : "pattern", "descriptor" : { "Syntax" : "string", "Description" : "Subject Name Pattern" }, "value" : "CN=." } ] } }, { "id" : "2", "def" : { "name" : "Validity Default", "text" : "This default populates a Certificate Validity to the request. The default values are Range=720 in days", "attributes" : [ { "name" : "notBefore", "Value" : "2024-10-29 11:08:09", "Descriptor" : { "Syntax" : "string", "Description" : "Not Before" } }, { "name" : "notAfter", "Value" : "2026-10-19 11:08:09", "Descriptor" : { "Syntax" : "string", "Description" : "Not After" } } ], "params" : [ ] }, "constraint" : { "name" : "Validity Constraint", "text" : "This constraint rejects the validity that is not between 720 days.", "classId" : "ValidityConstraint", "constraints" : [ { "name" : "range", "descriptor" : { "Syntax" : "integer", "Description" : "Validity Range", "DefaultValue" : "365" }, "value" : "720" }, { "name" : "rangeUnit", "descriptor" : { "Syntax" : "string", "Description" : "Validity Range Unit: year, month, day (default), hour, minute", "DefaultValue" : "day" }, "value" : "" }, { "name" : "notBeforeGracePeriod", "descriptor" : { "Syntax" : "integer", "Description" : "Grace period for Not Before being set in the future (in seconds).", "DefaultValue" : "0" }, "value" : "" }, { "name" : "notBeforeCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not Before against current time", "DefaultValue" : "false" }, "value" : "false" }, { "name" : "notAfterCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not After against Not Before", "DefaultValue" : "false" }, "value" : "false" } ] } }, { "id" : "3", "def" : { "name" : "Key Default", "text" : "This default populates a User-Supplied Certificate Key to the request.", "attributes" : [ { "name" : "TYPE", "Value" : "RSA - 1.2.840.113549.1.1.1", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Type" } }, { "name" : "LEN", "Value" : "3072", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Length" } }, { "name" : "KEY", "Value" : "30:82:01:8A:02:82:01:81:00:B1:A0:A7:D6:85:31:56:\\n5A:02:E4:6F:80:76:2F:2B:17:8D:16:12:4D:74:20:BE:\\nCD:50:4C:3D:06:6E:BE:EF:4E:13:EE:92:AE:B7:D0:43:\\n38:7F:FC:B0:25:3E:FD:B7:30:00:73:4A:52:9A:8A:6E:\\n94:B9:E4:DE:D5:D3:16:27:B5:FC:A2:0F:C4:71:19:56:\\n38:07:13:D6:30:FB:A1:2D:C6:F9:CD:16:57:C9:B2:88:\\nBD:5D:8A:A6:03:AA:42:64:B9:F9:2C:74:1E:B1:32:03:\\nA5:E8:17:20:79:13:B7:C4:FE:6A:A1:78:0E:D5:D5:1C:\\n8B:D3:8E:E6:D5:3D:04:47:FB:64:1D:66:25:76:3D:1A:\\n2E:56:10:2A:FF:1D:99:FC:D6:E7:63:D1:60:5D:3C:07:\\n25:56:CD:35:DC:07:21:72:3B:74:E0:C2:33:7C:E2:4B:\\n0A:01:F8:A1:06:20:0B:8F:DD:A3:81:BC:72:38:70:FF:\\nBA:D1:05:B7:3F:17:A6:39:6A:2C:C9:7B:31:56:21:A5:\\nEB:BF:A7:90:DB:09:33:E4:E7:93:9C:2B:04:05:E8:C6:\\nCB:30:4C:65:4A:BB:C5:E8:90:4A:1C:B7:CB:75:B1:58:\\nDC:EC:1B:AF:23:FE:7F:50:DC:F5:49:45:A0:31:0B:66:\\n39:69:F9:9D:A4:97:09:71:CA:6A:6A:4E:9B:17:CE:D3:\\n33:01:05:1F:46:AB:B9:1A:37:0B:EE:FF:6C:2E:63:5A:\\n85:5A:0A:7D:6B:99:59:01:02:E4:55:07:C8:99:37:0D:\\n3F:EF:D2:36:B1:DF:44:07:AB:70:AA:A1:85:16:66:CF:\\nEB:A2:57:E9:CC:89:EF:A9:23:26:0E:6C:47:CF:F9:C8:\\n74:4C:29:9A:1B:ED:02:28:EE:C0:6F:90:9B:53:C0:E1:\\nE1:F2:DA:5D:CE:84:81:98:5A:F6:20:03:9A:04:AB:F0:\\n4B:66:0B:E2:DD:23:A1:35:1D:DC:B7:3F:7C:AE:51:08:\\nDA:3D:CC:5B:2F:5D:60:10:E1:02:03:01:00:01\\n", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key" } } ], "params" : [ ] }, "constraint" : { "name" : "Key Constraint", "text" : "This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521", "classId" : "KeyConstraint", "constraints" : [ { "name" : "keyType", "descriptor" : { "Syntax" : "choice", "Constraint" : "-,RSA,EC", "Description" : "Key Type", "DefaultValue" : "RSA" }, "value" : "-" }, { "name" : "keyParameters", "descriptor" : { "Syntax" : "string", "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.", "DefaultValue" : "" }, "value" : "1024,2048,3072,4096,nistp256,nistp384,nistp521" } ] } }, { "id" : "4", "def" : { "name" : "Authority Key Identifier Default", "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.", "attributes" : [ { "name" : "critical", "Value" : "false", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Criticality" } }, { "name" : "keyid", "Value" : "A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\\nC4:00:E1:25\\n", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key ID" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "NoConstraint", "constraints" : [ ] } }, { "id" : "5", "def" : { "name" : "AIA Extension Default", "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}", "attributes" : [ { "name" : "authInfoAccessCritical", "Value" : "false", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "authInfoAccessGeneralNames", "Value" : "Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://pki.example.com:8080/ca/ocsp\r\nEnable:true\r\n\r\n", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "NoConstraint", "constraints" : [ ] } }, { "id" : "6", "def" : { "name" : "Extended Key Usage Default", "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.9", "attributes" : [ { "name" : "exKeyUsageCritical", "Value" : "false", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "exKeyUsageOIDs", "Value" : "1.3.6.1.5.5.7.3.9", "Descriptor" : { "Syntax" : "string_list", "Description" : "Comma-Separated list of Object Identifiers" } } ], "params" : [ ] }, "constraint" : { "name" : "Extended Key Usage Extension", "text" : "This constraint accepts the Extended Key Usage extension, if present, only when Criticality=false, OIDs=1.3.6.1.5.5.7.3.9", "classId" : "ExtendedKeyUsageExtConstraint", "constraints" : [ { "name" : "exKeyUsageCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "exKeyUsageOIDs", "descriptor" : { "Syntax" : "string", "Description" : "Comma-Separated list of Object Identifiers" }, "value" : "1.3.6.1.5.5.7.3.9" } ] } }, { "id" : "8", "def" : { "name" : "OCSP No Check Extension", "text" : "This default populates an OCSP No Check Extension (1.3.6.1.5.5.7.48.1.5) to the request. The default values are Criticality=false", "attributes" : [ { "name" : "ocspNoCheckCritical", "Value" : "false", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts the extension only when Criticality=false, OID=1.3.6.1.5.5.7.48.1.5", "classId" : "ExtensionConstraint", "constraints" : [ { "name" : "extCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "extOID", "descriptor" : { "Syntax" : "string", "Description" : "Object Identifier" }, "value" : "1.3.6.1.5.5.7.48.1.5" } ] } }, { "id" : "9", "def" : { "name" : "Signing Alg", "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA", "attributes" : [ { "name" : "signingAlg", "Value" : "SHA256withRSA", "Descriptor" : { "Syntax" : "choice", "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "Description" : "Signing Algorithm" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "classId" : "SigningAlgConstraint", "constraints" : [ { "name" : "signingAlgsAllowed", "descriptor" : { "Syntax" : "string", "Description" : "Allowed Signing Algorithms", "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC" }, "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS" } ] } } ] } ], "Attributes" : { "Attribute" : [ ] } }
`/ca/v2/agent/certrequests/{id}/approve` `/ca/v2/agent/certrequests/{id}/assign` `/ca/v2/agent/certrequests/{id}/cancel` `/ca/v2/agent/certrequests/{id}/reject` `/ca/v2/agent/certrequests/{id}/validate` `/ca/v2/agent/certrequests/{id}/unassign` `/ca/v2/agent/certrequests/{id}/update`	`POST`	None	204	No output	Full cert request json obtained from `GET` operation
Example $ curl --cacert ./ca_signing.crt -b session_cookie --json '{"nonce":"698006587460251198","requestId":"0x563c6ef28a2aa590fb5df963043be30e","requestType":"enrollment","requestStatus":"pending","requestOwner":"","requestCreationTime":"Wed Oct 30 11:09:30 UTC 2024","requestModificationTime":"Wed Oct 30 11:09:30 UTC 2024","requestNotes":"","profileApprovedBy":"admin","profileSetId":"userCertSet","profileIsVisible":"false","profileName":"Manual User Dual-Use Certificate Enrollment","profileDescription":"This certificate profile is for enrolling user certificates.","profileRemoteHost":"172.18.0.3","profileRemoteAddr":"172.18.0.3","ProfileID":"caUserCert","Renewal":false,"Input":[{"ClassID":"KeyGenInput","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Value":"pkcs10"},{"name":"cert_request","Value":"-----BEGIN CERTIFICATE REQUEST-----\nMIICXjCCAUYCAQAwGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUA\r\nA4IBDwAwggEKAoIBAQCfuroXU/H8AxyI3pBKF7mYRoP+yL0Qucqg9fvnJdY7M/E3OIHg+2l5f2UX\r\nL+Q9ESDZ7EMGxmuORPvqwwNuHSKaW/kfurcdTFlQjVuoXwUwy86D/veAp317tDZZmcjU6DgWrx8M\r\nA5c46Ck8KOa5NOetPjpbCufTLaKmPDM6+Rsei+aY5FMksHh6W+a1djuz1yN0COc60/+pzR4MCzMZ\r\n1N8TYKmtfprectaK9Jj0ckkRZ9zAuAwxdNnfSkNIgu8btBX7+/9IqSi+s/TUTo8jDxXWZkEu+Pn+\r\nCVpuYFd2lvij7gCJ2fKuDy5yyh1HFJFFWqQZ+V+snylBeAwHgk3V9dJvAgMBAAGgADANBgkqhkiG\r\n9w0BAQsFAAOCAQEAfYpmNiENJOVycl9DODw3UEmLDEZl5vDplUaK4E47ITz6rbB/vSQzXB/KDDuU\r\nLq/aqfPhhXFDYaQ3BLlgrxYcuojiDMEkEwi6lU1OxPpEWcCrCSMx0NzsQMA3XSWziMwCc0kyodlQ\r\nRYOEDMWfWNplBA/6kdEb5Vce/UrbOdbquWgcIopYyJ9QdLJJbqvFN2JUwpibd7pJSyglWK/WHk8o\r\nov1jQIkYmSlznQwLQyeliBMMX4pFN3BAgEuo4hFlYeP5r1ig3xsdXmKbZgtGo1FEK7OBHAbfmMs0\r\nNdp2mLo5hvNSTTYl4aATsR9SfljuRtjhZtqPfsonzDAjO+wj5dOC7g==\r\n-----END CERTIFICATE REQUEST-----"}]},{"ClassID":"SubjectNameInput","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Value":"newUser"}]},{"ClassID":"SubmitterInfoInput","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[]}],"Output":[],"ProfilePolicySet":[{"policies":[{"id":"1","def":{"name":"Subject Name Default","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Value":"UID=newUser","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.","classId":"SubjectNameConstraint","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=."}]}},{"id":"10","def":{"name":"No Default","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"RenewGracePeriodConstraint","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Value":"2024-10-30 11:09:30","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Value":"2025-04-28 11:09:30","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"ValidityConstraint","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Value":"RSA - 1.2.840.113549.1.1.1","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Value":"2048","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Value":"30:82:01:0A:02:82:01:01:00:9F:BA:BA:17:53:F1:FC:\\n03:1C:88:DE:90:4A:17:B9:98:46:83:FE:C8:BD:10:B9:\\nCA:A0:F5:FB:E7:25:D6:3B:33:F1:37:38:81:E0:FB:69:\\n79:7F:65:17:2F:E4:3D:11:20:D9:EC:43:06:C6:6B:8E:\\n44:FB:EA:C3:03:6E:1D:22:9A:5B:F9:1F:BA:B7:1D:4C:\\n59:50:8D:5B:A8:5F:05:30:CB:CE:83:FE:F7:80:A7:7D:\\n7B:B4:36:59:99:C8:D4:E8:38:16:AF:1F:0C:03:97:38:\\nE8:29:3C:28:E6:B9:34:E7:AD:3E:3A:5B:0A:E7:D3:2D:\\nA2:A6:3C:33:3A:F9:1B:1E:8B:E6:98:E4:53:24:B0:78:\\n7A:5B:E6:B5:76:3B:B3:D7:23:74:08:E7:3A:D3:FF:A9:\\nCD:1E:0C:0B:33:19:D4:DF:13:60:A9:AD:7E:9A:DE:72:\\nD6:8A:F4:98:F4:72:49:11:67:DC:C0:B8:0C:31:74:D9:\\nDF:4A:43:48:82:EF:1B:B4:15:FB:FB:FF:48:A9:28:BE:\\nB3:F4:D4:4E:8F:23:0F:15:D6:66:41:2E:F8:F9:FE:09:\\n5A:6E:60:57:76:96:F8:A3:EE:00:89:D9:F2:AE:0F:2E:\\n72:CA:1D:47:14:91:45:5A:A4:19:F9:5F:AC:9F:29:41:\\n78:0C:07:82:4D:D5:F5:D2:6F:02:03:01:00:01\\n","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"KeyConstraint","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Value":"false","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Value":"A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\\nC4:00:E1:25\\n","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Value":"Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://pki.example.com:8080/ca/ocsp\r\nEnable:true\r\n\r\n","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Value":"false","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"KeyUsageExtConstraint","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Value":"SHA256withRSA","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"SigningAlgConstraint","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]}],"Attributes":{"Attribute":[]}}' \ https://$HOSTNAME:8443/ca/v2/agent/certrequests/0x563c6ef28a2aa590fb5df963043be30e/approve
`/ca/v2/agent/certs/{id}`	`GET`	None	200	`application/json`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee { "id" : "0x55092f4611ad2ede6c4064045d64bdee", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "UID=newUser", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEADCCAmigAwIBAgIQVQkvRhGtLt5sQGQEXWS97jANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQK\r\nDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRp\r\nZmljYXRlMB4XDTI0MTAzMDEwNTMyMVoXDTI1MDQyODEwNTMyMVowGTEXMBUGCgmSJomT8ixkAQEM\r\nB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwESmzBPELRnX6TZDwraEt\r\nLOCo/NVffA3KCPLqHpIedbUGUn58kegtiLCpv84Aq1kcKYGz7Uy4n94NmP4YUxd5HvbUfjI5vCPB\r\n+DsMGleB59sz8StQUQMjI8TtJKZIWx1hPmE9ji7SnNgLXDxf343Bvsny3CTt8/0cavD77+exEjWf\r\nM1Qqlsn/zlfMZRsO0+pzDIisQknsT+MWdJKH7qahfpsR7b+ibp1IjwbdmkLWVV2DpcP303+17VEg\r\nS5EJTuipbXujaAlQgbhZHqt1errA6gpbsf1JgI+rY2tJdLsHK9lk6QuZYkvowSv/wQUlSu8LkY9P\r\n9uQTPmyOO75FJmiHAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUp332LU7iaBRZZqOMreTzdsQA4SUw\r\nPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAv\r\nY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0G\r\nCSqGSIb3DQEBCwUAA4IBgQCi7tLsROR9JTKX/iUGRQqy0vjTuogW0CGj6XDqBdSif9PrCLUoffVc\r\nRubwCuBXk85atycRXnaSLv8wC1uW3X0IrsET+BPLHXTh6uJ5nFE7kfcNVPZziIAjoJc7znQEhiy2\r\nJMqvFSgM/DGu/yJvt5x9GwNJWZyyOdVAU2NTER+aVr0J4QIS5ZXkXwZAuqN9ezxfpWptWn0P6fvW\r\ntLgO/iRFFGKWohvFpGfB2F44eN+zPBQPrtL0sfUSpF+lzpCDTnOqRPCJagm+V3wd4KmzIuFpA1Nj\r\nE2KcqfusDDfLm1czbhTLhdLNVTs29lC5Y1ZlgXZbITtZ0LvW5E3dFPyq7EEv3RDZlRad0M9SmQpN\r\niB38h6a4NLdmsPDbD9SSbyg4XcdNojbEiGTHUGHWFatAnmiv/U3mpWyltbBEUjk5XPl8kiQX7Hw3\r\nnl5+nQ9RZsuJb9Ea/WQjy1Na8ml1EruoVPbmriLyaE6WfHkA/WVKxvDI/eXyNAWy9Z4qKqA2rYDV\r\nMFw=\r\n-----END CERTIFICATE-----\n", "PKCS7CertChain" : "MIIIsQYJKoZIhvcNAQcCoIIIojCCCJ4CAQExADALBgkqhkiG9w0BBwGgggiGMIIEADCCAmigAwIB\r\nAgIQVQkvRhGtLt5sQGQEXWS97jANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExFMRMw\r\nEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTI0\r\nMTAzMDEwNTMyMVoXDTI1MDQyODEwNTMyMVowGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEi\r\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwESmzBPELRnX6TZDwraEtLOCo/NVffA3KCPLq\r\nHpIedbUGUn58kegtiLCpv84Aq1kcKYGz7Uy4n94NmP4YUxd5HvbUfjI5vCPB+DsMGleB59sz8StQ\r\nUQMjI8TtJKZIWx1hPmE9ji7SnNgLXDxf343Bvsny3CTt8/0cavD77+exEjWfM1Qqlsn/zlfMZRsO\r\n0+pzDIisQknsT+MWdJKH7qahfpsR7b+ibp1IjwbdmkLWVV2DpcP303+17VEgS5EJTuipbXujaAlQ\r\ngbhZHqt1errA6gpbsf1JgI+rY2tJdLsHK9lk6QuZYkvowSv/wQUlSu8LkY9P9uQTPmyOO75FJmiH\r\nAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUp332LU7iaBRZZqOMreTzdsQA4SUwPwYIKwYBBQUHAQEE\r\nMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNV\r\nHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUA\r\nA4IBgQCi7tLsROR9JTKX/iUGRQqy0vjTuogW0CGj6XDqBdSif9PrCLUoffVcRubwCuBXk85atycR\r\nXnaSLv8wC1uW3X0IrsET+BPLHXTh6uJ5nFE7kfcNVPZziIAjoJc7znQEhiy2JMqvFSgM/DGu/yJv\r\nt5x9GwNJWZyyOdVAU2NTER+aVr0J4QIS5ZXkXwZAuqN9ezxfpWptWn0P6fvWtLgO/iRFFGKWohvF\r\npGfB2F44eN+zPBQPrtL0sfUSpF+lzpCDTnOqRPCJagm+V3wd4KmzIuFpA1NjE2KcqfusDDfLm1cz\r\nbhTLhdLNVTs29lC5Y1ZlgXZbITtZ0LvW5E3dFPyq7EEv3RDZlRad0M9SmQpNiB38h6a4NLdmsPDb\r\nD9SSbyg4XcdNojbEiGTHUGHWFatAnmiv/U3mpWyltbBEUjk5XPl8kiQX7Hw3nl5+nQ9RZsuJb9Ea\r\n/WQjy1Na8ml1EruoVPbmriLyaE6WfHkA/WVKxvDI/eXyNAWy9Z4qKqA2rYDVMFwwggR+MIIC5qAD\r\nAgECAhEAhmFGZPY3nBwtCjnR5H0/0DANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExF\r\nMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4X\r\nDTI0MTAyOTExMDgwMFoXDTQ0MTAyOTExMDgwMFowSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UE\r\nCwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTCCAaIwDQYJKoZI\r\nhvcNAQEBBQADggGPADCCAYoCggGBAMofTnE8azu6WaltnTqsOTSEtlHdRTk75sH1xZbYsMyhUagu\r\naIMyR4x1iva5Y620bDKb4lyLF5vJtWKDZvbN5gJW/N5P4u9CZ6UlQ5Tkm5rhvq5v4LN4Sq4hO8bD\r\nPyR6MZFnDbBpnj62e/AUhGVTb5eoG2K7hDUBp4hfYGKi/5G8NkZZlCADSbFytpXJQ86SumjiHbnZ\r\nQPMg9BTZgnMPouZA7SSS1hB/5TCgEeIJpWX8l7rZ+0WfknaoQ7zLz4zJncvsXXiKbEkdbyM8+KLi\r\n3wy5P321xDuwO4A4UcSwHvPOSu5sdLFRV88bsAJ0FLFRHgOdXm5Gl1mMv4oOz8cYRVcKRUScMRUi\r\n1uhkhIOIEhTWmvMz6FZ1mDmRzaPCA6Gc2S6IsUOjzZz5Cyd8wNyEC/zIc9FjPsVudN2YXOGn2T2a\r\nKl2jrNIdtKidxPmk80+3wzTDoqmoHe41DKTozfwPqOQeNvZvM+o/Nr6ibZw6tLt79Hy+CHleSazm\r\n87bJthu6kwIDAQABo2MwYTAdBgNVHQ4EFgQUp332LU7iaBRZZqOMreTzdsQA4SUwHwYDVR0jBBgw\r\nFoAUp332LU7iaBRZZqOMreTzdsQA4SUwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYw\r\nDQYJKoZIhvcNAQELBQADggGBAKgYiwcUiGqi0ugB96gRCuGrPbesKUU05Jv8bNExmG5eUiyaGEZi\r\n0IcD4XLLQ9pAwyDGgvZaBPZl8J+4JSRwGxf/ldQUFcFe9zwutMNOpJb0p1Y8uzNQ54eC+t7pUbuW\r\nHSE/P3Rvsxnx6eWtUqCM0gpN1BxqsgVedL2iyjXjncNNTd/bT7E/giRhE1r0fgmLSz/s8B129DXK\r\ndjhbLrkHYTmMlphtQ9qS38BqUa6GCDuOLwFsahgaHN/+XdRJF+Cb2LXQC2thTNqMCQq9yfWMHPZT\r\n1qujy19qSEUQxjqo5PtO8D8su0nuznjfgOI5zO3wBpVVAJgBjCpND9PKzMSc6ISIgBw9RYorQHTU\r\nPzArn/2VkQvm9+4X/KR/33GftcVfXk/+NFv2AePUG6PosQ3kKpUiA+7W8ivAhoHvwFKpOs2k4yK5\r\nwd7++6/ecHUNzKpKhItZt3UafldyzjzqwEBk/QjYjDEMBklth2p+QPM8lGIUWt6yD/Nzo56TDmgn\r\ndALCtTEA\r\n", "NotBefore" : "2024-10-30 10:53:21 +0000", "NotAfter" : "2025-04-28 10:53:21 +0000", "Status" : "VALID", "Nonce" : 3355442236351645821 }
`/ca/v2/agent/certs/{id}/revoke`	`POST`	None	200	`application/json`	Revoke requst json with `Rason`, `InvalidityDate`, `Comments`, `Encoded` and `Nonce`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"Reason":"Certificate_Hold","Nonce":7581228038945153660}' \ https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee/revoke { "requestID" : "0x887ffed7ad4c0ee94a07700c48895f03", "requestType" : "revocation", "requestStatus" : "complete", "creationTime" : 1730300307000, "modificationTime" : 1730300307000, "certId" : "0x55092f4611ad2ede6c4064045d64bdee", "operationResult" : "success" }
`/ca/v2/agent/certs/{id}/revoke-ca`	`POST`	None	200	`application/json`	Revoke requst json with `Rason`, `InvalidityDate`, `Comments`, `Encoded` and `Nonce`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"Reason":"Certificate_Hold","Nonce":5052187310204086075}' \ https://$HOSTNAME:8443/ca/v2/agent/certs/0x86614664f6379c1c2d0a39d1e47d3fd0/revoke-ca { "requestID" : "0xb28c9fe27d90a97b9ec85d7ad1b32992", "requestType" : "revocation", "requestStatus" : "complete", "creationTime" : 1730300625000, "modificationTime" : 1730300625000, "certId" : "0x86614664f6379c1c2d0a39d1e47d3fd0", "operationResult" : "success" }
`/ca/v2/agent/certs/{id}/unrevoke`	`POST`	None	200	`application/json`	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee/unrevoke { "requestID" : "0xdca57cea1f51ed123dc85dd889a595eb", "requestType" : "unrevocation", "requestStatus" : "complete", "creationTime" : 1730300449000, "modificationTime" : 1730300449000, "operationResult" : "success" }
`/ca/v2/authorities`	`GET`	id, parentID, dn, issuerDN	200	`application/json`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ "https://$HOSTNAME:8443/ca/v2/authorities?issuerDN=CN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE" {"isHostAuthority":true,"id":"9f75deb6-53b1-48cc-9028-9c899f9526b4","issuerDN":"CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","serial":178621631998145652837496363178029563856,"dn":"CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":true,"description":"Host authority","ready":true}]
`/ca/v2/authorities`	`POST`	None	201	`application/json`	Authority json with `parentID`, `dn`, `enabled` and `description`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"parentID":"9f75deb6-53b1-48cc-9028-9c899f9526b4","dn":"CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":true}' \ "https://$HOSTNAME:8443/ca/v2/authorities { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : true, "ready" : true }
`/ca/v2/authorities/{id}`	`GET`	None	200	`application/json`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : true, "ready" : true }
`/ca/v2/authorities/{id}`	`PUT`	None	200	`application/json`	Authority json with `parentID`, `dn`, `enabled` and `description`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"parentID":"9f75deb6-53b1-48cc-9028-9c899f9526b4","dn":"CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":false}' \ -X PUT https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : false, "ready" : true }
`/ca/v2/authorities/{id}`	`DELETE`	None	204
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X DELETE https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f
`/ca/v2/authorities/{id}/cert`	`GET`	None	200	`application/x-pem-file` or `application/pkix-cert`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -H 'Accpet;' -H 'Accept: application/x-pem-file' --output newCert.pem \ https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/cert
`/ca/v2/authorities/{id}/chain`	`GET`	None	200	`application/x-pem-file` or `application/pkcs7-mime`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -H 'Accpet;' -H 'Accept: papplication/x-pem-file' --output newChain.pem \ https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/chain
`/ca/v2/authorities/{id}/enable`	`POST`	None	200	`application/json`	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/enable { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : true, "ready" : true }
`/ca/v2/authorities/{id}/disable`	`POST`	None	200	`application/json`	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/disable { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : false, "ready" : true }
`/ca/v2/authorities/{id}/renew`	`POST`	None	204		No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/renew
`/ca/v2/certrequests`	`POST`	None	200	`application/json`	Cert enroll request in json with `ProfileID`, `ServerSideKeygenP12Passwd`, `Renewal`, `SerialNumber`, `RemoteHost`, `RemoteAddress`, `Input` (a list as difined by the profile), `Output` (a list as difined by the profile) and `Attributes`
Example $ curl --cacert ./ca_signing.crt \ --json '{"ProfileID":"caUserCert","Renewal":false,"RemoteHost":"","RemoteAddress":"","Input":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Value":"pkcs10","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Value":"-----BEGIN CERTIFICATE REQUEST-----\nMIICXjCCAUYCAQAwGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUA\r\nA4IBDwAwggEKAoIBAQDeu/zJSSDYzXcJsH7lZe8fKPV0CIWNAD0g5FpOdcqvcZMwXQsnVqCNdfby\r\nSwX6sGzKEHCXyYxaXHuLMpMJ5pHK1BzRCfjQAkPzWbCN5beg7L/l7Gi+52h0z9R/zTZkG355ja3r\r\nkyd9d0tah5XbPWsdp0BVtPOIK4t0d6F+WkEkC0pyCejtkqoBSf9F1CTHw3iOxhgKMxV+ebC/TM2l\r\n9AvnzAfF91Sf5KAd8hTAhHurgBkqxuzL16ERBbM0DFfie8RCiTVBvvS/6UmfEVH3dMHIuE5flXB+\r\nhMCrj8g7GfWIaA6WzwfkZrNgCjYoVHPivMg+akhMbQg6m0goB3zA/D/zAgMBAAGgADANBgkqhkiG\r\n9w0BAQsFAAOCAQEALi3+agIXworiPVF1qyAr3wLjffzu6RIDiLS9cVHHnnAj1AjEnKFDpwTYeuBk\r\nXaRzgyCHyCLyKSSN337PBUEnxOxNWNIJDCC8gpMcfCCnspos7N9M8dnROD60EUDVdUtfdE+g5JfG\r\nkwlQz3lbktFuQwznf3EUYPPvyMLSG1RITVJyEJ3tH0PZ5GFlDwi5Gw7DTzl7nAWwXZ5LeCa9b6d8\r\nwCbPAAHA2OCYck1PyLrFlAnmF5udsY4AY7b5YK5iIqysWikXYqexk/oE707XJhX+btDYx0W4qI8j\r\nhc50ZHgtobGXAgqNQvL2WOtmEJY2Fwpl+ejuGi6bamzTkXqh/Vi+XQ==\r\n-----END CERTIFICATE REQUEST-----\n","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Value":"newUser","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Value":"","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Value":"","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Value":"","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Value":"","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"Output":[],"Attributes":{"Attribute":[]}}' \ https://$HOSTNAME:8443/ca/v2/certrequests { "total" : 1, "entries" : [ { "requestID" : "0xd3e6013b9ae406efe9b8d45029faee9a", "requestType" : "enrollment", "requestStatus" : "pending", "creationTime" : 1730309766543, "modificationTime" : 1730309766566, "certRequestType" : "pkcs10", "operationResult" : "success" } ] }
`/ca/v2/certrequests/{id}`	`GET`	None	200	`application/json`
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/certrequests/0xd3e6013b9ae406efe9b8d45029faee9a { "requestID" : "0xd3e6013b9ae406efe9b8d45029faee9a", "requestType" : "enrollment", "requestStatus" : "pending", "creationTime" : 1730309766000, "modificationTime" : 1730309766000, "certRequestType" : "pkcs10", "operationResult" : "success" }
`/ca/v2/certrequests/profiles`	`GET`	size, start	200	`application/json`
Example $ curl --cacert ./ca_signing.crt \ "https://$HOSTNAME:8443/ca/v2/certrequests/profiles?size=2&start=4" { "total" : 26, "entries" : [ { "profileId" : "AdminCert", "profileName" : "Manual Administrator Certificate Enrollment", "profileDescription" : "This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.", "profileVisible" : true, "profileEnable" : true, "profileEnableBy" : "admin" }, { "profileId" : "ECAdminCert", "profileName" : "Manual Administrator Certificate Enrollment with ECC keys", "profileDescription" : "This certificate profile is for enrolling Administrator's certificates with ECC keys suitable for use by clients such as browsers.", "profileVisible" : true, "profileEnable" : true, "profileEnableBy" : "admin" } ] }
`/ca/v2/certrequests/profiles/{id}`	`GET`	None	200	`application/json`
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/certrequests/profiles/caUserCert { "ProfileID" : "caUserCert", "Renewal" : false, "RemoteHost" : "", "RemoteAddress" : "", "Input" : [ { "id" : "i1", "ClassID" : "keyGenInputImpl", "Name" : "Key Generation", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Value" : "", "Descriptor" : { "Syntax" : "keygen_request_type", "Description" : "Key Generation Request Type" } }, { "name" : "cert_request", "Value" : "", "Descriptor" : { "Syntax" : "keygen_request", "Description" : "Key Generation Request" } } ] }, { "id" : "i2", "ClassID" : "subjectNameInputImpl", "Name" : "Subject Name", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "sn_uid", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "UID" } }, { "name" : "sn_e", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Email" } }, { "name" : "sn_cn", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Common Name" } }, { "name" : "sn_ou3", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 3" } }, { "name" : "sn_ou2", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 2" } }, { "name" : "sn_ou1", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 1" } }, { "name" : "sn_ou", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit" } }, { "name" : "sn_o", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organization" } }, { "name" : "sn_c", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Country" } } ] }, { "id" : "i3", "ClassID" : "submitterInfoInputImpl", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "requestor_name", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Name" } }, { "name" : "requestor_email", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Email" } }, { "name" : "requestor_phone", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Phone" } } ] } ], "Output" : [ ], "Attributes" : { "Attribute" : [ ] } }
`/ca/v2/certs`	`GET`	size, start, maxTime	200	`application/json`
Example $ curl --cacert ./ca_signing.crt \ "https://$HOSTNAME:8443/ca/v2/certs?size=2&start=4" { "entries" : [ { "id" : "0xc99ff8f6549f903d8df28a4e5f5105f3", "SubjectDN" : "CN=CA Audit Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Status" : "VALID", "Type" : "X.509", "Version" : 2, "KeyAlgorithmOID" : "1.2.840.113549.1.1.1", "KeyLength" : 2048, "NotValidBefore" : 1730308885000, "NotValidAfter" : 1792516885000, "IssuedOn" : 1730308887000, "IssuedBy" : "system" }, { "id" : "0x6d5c045d3443ced273ab8d7955835db1", "SubjectDN" : "CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Status" : "VALID", "Type" : "X.509", "Version" : 2, "KeyAlgorithmOID" : "1.2.840.113549.1.1.1", "KeyLength" : 2048, "NotValidBefore" : 1730308904000, "NotValidAfter" : 1792516904000, "IssuedOn" : 1730308905000, "IssuedBy" : "system" } ] }
`/ca/v2/certs/{id}`	`GET`	None	200	`application/json`
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/certs/0x6d5c045d3443ced273ab8d7955835db1 { "id" : "0x6d5c045d3443ced273ab8d7955835db1", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIETjCCAragAwIBAgIQbVwEXTRDztJzq415VYNdsTANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQK\r\nDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRp\r\nZmljYXRlMB4XDTI0MTAzMDE3MjE0NFoXDTI2MTAyMDE3MjE0NFowZzEQMA4GA1UECgwHRVhBTVBM\r\nRTETMBEGA1UECwwKcGtpLXRvbWNhdDEiMCAGCSqGSIb3DQEJARYTY2FhZG1pbkBleGFtcGxlLmNv\r\nbTEaMBgGA1UEAwwRUEtJIEFkbWluaXN0cmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\r\nAoIBAQDE7ahO2KtW6w2KuVflOLfLO+oE+0EyP3XU73Ese7QVBsZwxOaSNodVrL1P1a0r2w22M1Zr\r\n7B6sI5MrrcBRAhNgcHVooFheQQilMuBV0s6HEEn0CO+94Do2cJxUmWLgifT5Rpgl474RALIC+kCI\r\nnQ09I9TLH8dIuL4ZxUrJ/aMfs94rGSiqpKYmpxVCwkYdtlnqby441IUaZbPPEIu1ooBk0otz37C4\r\nGSm0HguQAc0H55FsVNbjQmnf9ubuoDTub2i2GioBI+Wt+KyDF4SAISsqtgf/tTzPvWNuXk7PvUWe\r\nnHvBSqRJc9xLNlcjr9yDl2r8uIMAE8UT3Hvzmo5WAzNJAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAU\r\ndJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8v\r\ncGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI\r\nKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQAa58Edzk60RBge24P3rrU+xOwc\r\nbCHpl+922hT5LA+KJtwjupUbdONKJf251T4ZvPcQ+jXCCR7PFi0QmrMO9Naoi3o9qzQcDMr0dRWH\r\nhEvm8RQqdVVxkfDXp3sxqTkpPfu+qGQZ+w0laGIagNOjfc/g7ScV3SLDBwAsCuFMPjoTzyqWfeUR\r\nJ4rG/lD73qVzXd30U/mB5X0sx2B/koqumColuUO2GrD0EJsqK6ldFNLLdjgjqJkeJE43BzwBOAww\r\nBnswSwwjPEe6djwFfyQ2gTHWP4LteMha9w/eclMGuybnZFDjWgne+80cMMX1Rzh7CsUv+ub7LfS9\r\noTqj5KwXo133aorjZvrEZVahzU3OEeKBH4dIksOrW6aKp3gQSJEmYcFau7kh5+ZoJaj1snb1aXQe\r\npbi1LBXzOxnub8sMKTu5nTTKt/0mG2tgRSQeZ3k3j02g+WBGaTCpvxfJdH6rQxNaZia+BssWPrGE\r\nGXfjNyGoETEaHb930gItsmEqc8VKH5s=\r\n-----END CERTIFICATE-----\n", "PKCS7CertChain" : "MIII/gYJKoZIhvcNAQcCoIII7zCCCOsCAQExADALBgkqhkiG9w0BBwGgggjTMIIETjCCAragAwIB\r\nAgIQbVwEXTRDztJzq415VYNdsTANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExFMRMw\r\nEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTI0\r\nMTAzMDE3MjE0NFoXDTI2MTAyMDE3MjE0NFowZzEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwK\r\ncGtpLXRvbWNhdDEiMCAGCSqGSIb3DQEJARYTY2FhZG1pbkBleGFtcGxlLmNvbTEaMBgGA1UEAwwR\r\nUEtJIEFkbWluaXN0cmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE7ahO2KtW\r\n6w2KuVflOLfLO+oE+0EyP3XU73Ese7QVBsZwxOaSNodVrL1P1a0r2w22M1Zr7B6sI5MrrcBRAhNg\r\ncHVooFheQQilMuBV0s6HEEn0CO+94Do2cJxUmWLgifT5Rpgl474RALIC+kCInQ09I9TLH8dIuL4Z\r\nxUrJ/aMfs94rGSiqpKYmpxVCwkYdtlnqby441IUaZbPPEIu1ooBk0otz37C4GSm0HguQAc0H55Fs\r\nVNbjQmnf9ubuoDTub2i2GioBI+Wt+KyDF4SAISsqtgf/tTzPvWNuXk7PvUWenHvBSqRJc9xLNlcj\r\nr9yDl2r8uIMAE8UT3Hvzmo5WAzNJAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq\r\n3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUu\r\nY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG\r\nAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQAa58Edzk60RBge24P3rrU+xOwcbCHpl+922hT5LA+K\r\nJtwjupUbdONKJf251T4ZvPcQ+jXCCR7PFi0QmrMO9Naoi3o9qzQcDMr0dRWHhEvm8RQqdVVxkfDX\r\np3sxqTkpPfu+qGQZ+w0laGIagNOjfc/g7ScV3SLDBwAsCuFMPjoTzyqWfeURJ4rG/lD73qVzXd30\r\nU/mB5X0sx2B/koqumColuUO2GrD0EJsqK6ldFNLLdjgjqJkeJE43BzwBOAwwBnswSwwjPEe6djwF\r\nfyQ2gTHWP4LteMha9w/eclMGuybnZFDjWgne+80cMMX1Rzh7CsUv+ub7LfS9oTqj5KwXo133aorj\r\nZvrEZVahzU3OEeKBH4dIksOrW6aKp3gQSJEmYcFau7kh5+ZoJaj1snb1aXQepbi1LBXzOxnub8sM\r\nKTu5nTTKt/0mG2tgRSQeZ3k3j02g+WBGaTCpvxfJdH6rQxNaZia+BssWPrGEGXfjNyGoETEaHb93\r\n0gItsmEqc8VKH5swggR9MIIC5aADAgECAhAS28bqYgfeAGNdjqMHIBkOMA0GCSqGSIb3DQEBCwUA\r\nMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNp\r\nZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjQxMDMwMTcyMDQ5WhcNNDQxMDMwMTcyMDQ5WjBIMRAwDgYD\r\nVQQKDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENl\r\ncnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwQenLXRjT+lsBoONhHmq\r\npYzEvugiELRtQ1iK1bXTTrRsAcaRscUCeEGfV6K6gVc7ekifckamtxsnx3s5JAjCfUF5K88pGTWe\r\nsXt6u0fg0cIslQP9sDz6dM0P/vjCsnxIgW1eNpeUR61Gwi3nCPXvWZ2zeOKdQReSL+MLby468Ot3\r\nbdEnVwalN70KtQNsB3I9GaFyNOCRa6P6zxR/ETuVRZVkB9mWZxpTvdF6xNlk8UF0jbmsrda3BXth\r\n1X/uej8+qE0cPN3BBvvdpkmJe+DSKq43NsZgaa8sgeGs7RiitI/7TR/gPVU5LtEK+cb93SpzcC+w\r\nhC1O4+kI7TEAK7tZO2FDPQM0lFvBXc/qtEWEa1RqpZKXEwVKCr1xpE4T1aNKnoNJQADcSxITSioq\r\ngkYNmUngeVd0AHe3gcgLOC7cQiY3uJJypVIz9vpHPr7xwxZugEF+YwSJM4zszMTbruaqn7eC90k3\r\n7dcqo4hCGsIRLWIapRG5TTxO7OY2cwzRVNyfAgMBAAGjYzBhMB0GA1UdDgQWBBR0kVsdX96mNxFN\r\nCureUbkKcJKhCTAfBgNVHSMEGDAWgBR0kVsdX96mNxFNCureUbkKcJKhCTAPBgNVHRMBAf8EBTAD\r\nAQH/MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQsFAAOCAYEAJp2R8/AhtSggrO1ewP4G1XnP\r\ng360OJT6rBcQDVKAul929/ipTGxztD70NF4UqL5ofQua79OKUF/hGc1lALKMn2dkKWL9GVpIwu7V\r\nZLU7xIw+ebUVuPpaka4D73viliHyZjFaa9OmWylA6KAnJt1aWuJt2OfRgbW6eL7xymqkCGvFxOoH\r\n5tpFMHgS75pZ5duByYgh94TIK9xxO11BAprlyK8TXHdPCwsqiafrgATpU+zIez6PAN82h1YIAorN\r\n8/5T2iNdXmWDQ02lxKKOCiDFdeB0F3KcgQVmVrGWOzp9j3AhR1+nFaSscv5FIBsFgVtyg1qDmEgh\r\nRasv/xsJfvujZkuLtMhTXBZMMjmOvu8xAYYO5DbNwdjGSq1McUorTX2W7N4w3tIpgByxc6YkVPfK\r\naUCKJG5Sajkzx6mO5GUcbw7wSBdrqoseGXQB7AbNwRTljtSF8KGEDkFfSoGlYsZz4VkY58+7v3IT\r\ntk/wcGo2clVPiQGDduo1Nj+vDa5iTSoEMQA=\r\n", "NotBefore" : "2024-10-30 17:21:44 +0000", "NotAfter" : "2026-10-20 17:21:44 +0000", "Status" : "VALID" }
`/ca/v2/certs/search`	`POST`	size, start	200	`application/json`	Search request json with `issuerDN`, `serialNumberRangeInUse`, `serialTo`, `serialFrom`, `subjectInUse`, `eMail`, `commonName`, `userID`, `orgUnit`, `org`, `locality`, `state`, `country`, `matchExactly`, `status`, `revokedBy`, `revokedOnFrom`, `revokedOnTo`, `revocationReason`, `issuedBy`, `issuedOnFrom`, `issuedOnTo`, `validNotBeforeFrom`, `validNotBeforeTo`, `validNotAfterFrom`, `validNotAfterTo`, `validityOperation`, `validityCount`, `validityUnit`, `certTypeSubEmailCA`, `certTypeSubSSLCA`, `certTypeSecureEmail`, `certTypeSSLClient`, `certTypeSSLServer`, `revokedByInUse`, `revokedOnInUse`, `revocationReasonInUse`, `issuedByInUse`, `issuedOnInUse`, `validNotBeforeInUse`, `validNotAfterInUse`, `validityLengthInUse` and `certTypeInUse`
Example $ curl --cacert ./ca_signing.crt \ --json '{"commonName": "PKI Administrator", "subjectInUse": true}' \ https://$HOSTNAME:8443/ca/v2/certs/0x6d5c045d3443ced273ab8d7955835db1 { "entries" : [ { "id" : "0x6d5c045d3443ced273ab8d7955835db1", "SubjectDN" : "CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Status" : "VALID", "Type" : "X.509", "Version" : 2, "KeyAlgorithmOID" : "1.2.840.113549.1.1.1", "KeyLength" : 2048, "NotValidBefore" : 1730308904000, "NotValidAfter" : 1792516904000, "IssuedOn" : 1730308905000, "IssuedBy" : "system" } ] }
`/ca/v2/config/cert/signing`	`GET`	None	200	`application/json`
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/config/cert/signing { "id" : "0x86614664f6379c1c2d0a39d1e47d3fd0", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEfjCCAuagAwIBAgIRAIZhRmT2N5wcLQo50eR9P9AwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMjkxMTA4MDBaFw00NDEwMjkxMTA4MDBaMEgxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUw\r\nggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDKH05xPGs7ulmpbZ06rDk0hLZR3UU5O+bB\r\n9cWW2LDMoVGoLmiDMkeMdYr2uWOttGwym+JcixebybVig2b2zeYCVvzeT+LvQmelJUOU5Jua4b6u\r\nb+CzeEquITvGwz8kejGRZw2waZ4+tnvwFIRlU2+XqBtiu4Q1AaeIX2Biov+RvDZGWZQgA0mxcraV\r\nyUPOkrpo4h252UDzIPQU2YJzD6LmQO0kktYQf+UwoBHiCaVl/Je62ftFn5J2qEO8y8+MyZ3L7F14\r\nimxJHW8jPPii4t8MuT99tcQ7sDuAOFHEsB7zzkrubHSxUVfPG7ACdBSxUR4DnV5uRpdZjL+KDs/H\r\nGEVXCkVEnDEVItboZISDiBIU1przM+hWdZg5kc2jwgOhnNkuiLFDo82c+QsnfMDchAv8yHPRYz7F\r\nbnTdmFzhp9k9mipdo6zSHbSoncT5pPNPt8M0w6KpqB3uNQyk6M38D6jkHjb2bzPqPza+om2cOrS7\r\ne/R8vgh5Xkms5vO2ybYbupMCAwEAAaNjMGEwHQYDVR0OBBYEFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOElMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P\r\nAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQCoGIsHFIhqotLoAfeoEQrhqz23rClFNOSb/GzR\r\nMZhuXlIsmhhGYtCHA+Fyy0PaQMMgxoL2WgT2ZfCfuCUkcBsX/5XUFBXBXvc8LrTDTqSW9KdWPLsz\r\nUOeHgvre6VG7lh0hPz90b7MZ8enlrVKgjNIKTdQcarIFXnS9oso1453DTU3f20+xP4IkYRNa9H4J\r\ni0s/7PAddvQ1ynY4Wy65B2E5jJaYbUPakt/AalGuhgg7ji8BbGoYGhzf/l3USRfgm9i10AtrYUza\r\njAkKvcn1jBz2U9aro8tfakhFEMY6qOT7TvA/LLtJ7s5434DiOczt8AaVVQCYAYwqTQ/TyszEnOiE\r\niIAcPUWKK0B01D8wK5/9lZEL5vfuF/ykf99xn7XFX15P/jRb9gHj1Buj6LEN5CqVIgPu1vIrwIaB\r\n78BSqTrNpOMiucHe/vuv3nB1DcyqSoSLWbd1Gn5Xcs486sBAZP0I2IwxDAZJbYdqfkDzPJRiFFre\r\nsg/zc6Oekw5oJ3QCwrU=\r\n-----END CERTIFICATE-----\n", "PKCS7CertChain" : "MIIErQYJKoZIhvcNAQcCoIIEnjCCBJoCAQExADALBgkqhkiG9w0BBwGgggSCMIIEfjCCAuagAwIBAgIRAIZhRmT2N5wcLQo50eR9P9AwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMjkxMTA4MDBaFw00NDEwMjkxMTA4MDBaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDKH05xPGs7ulmpbZ06rDk0hLZR3UU5O+bB9cWW2LDMoVGoLmiDMkeMdYr2uWOttGwym+JcixebybVig2b2zeYCVvzeT+LvQmelJUOU5Jua4b6ub+CzeEquITvGwz8kejGRZw2waZ4+tnvwFIRlU2+XqBtiu4Q1AaeIX2Biov+RvDZGWZQgA0mxcraVyUPOkrpo4h252UDzIPQU2YJzD6LmQO0kktYQf+UwoBHiCaVl/Je62ftFn5J2qEO8y8+MyZ3L7F14imxJHW8jPPii4t8MuT99tcQ7sDuAOFHEsB7zzkrubHSxUVfPG7ACdBSxUR4DnV5uRpdZjL+KDs/HGEVXCkVEnDEVItboZISDiBIU1przM+hWdZg5kc2jwgOhnNkuiLFDo82c+QsnfMDchAv8yHPRYz7FbnTdmFzhp9k9mipdo6zSHbSoncT5pPNPt8M0w6KpqB3uNQyk6M38D6jkHjb2bzPqPza+om2cOrS7e/R8vgh5Xkms5vO2ybYbupMCAwEAAaNjMGEwHQYDVR0OBBYEFKd99i1O4mgUWWajjK3k83bEAOElMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOElMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQCoGIsHFIhqotLoAfeoEQrhqz23rClFNOSb/GzRMZhuXlIsmhhGYtCHA+Fyy0PaQMMgxoL2WgT2ZfCfuCUkcBsX/5XUFBXBXvc8LrTDTqSW9KdWPLszUOeHgvre6VG7lh0hPz90b7MZ8enlrVKgjNIKTdQcarIFXnS9oso1453DTU3f20+xP4IkYRNa9H4Ji0s/7PAddvQ1ynY4Wy65B2E5jJaYbUPakt/AalGuhgg7ji8BbGoYGhzf/l3USRfgm9i10AtrYUzajAkKvcn1jBz2U9aro8tfakhFEMY6qOT7TvA/LLtJ7s5434DiOczt8AaVVQCYAYwqTQ/TyszEnOiEiIAcPUWKK0B01D8wK5/9lZEL5vfuF/ykf99xn7XFX15P/jRb9gHj1Buj6LEN5CqVIgPu1vIrwIaB78BSqTrNpOMiucHe/vuv3nB1DcyqSoSLWbd1Gn5Xcs486sBAZP0I2IwxDAZJbYdqfkDzPJRiFFresg/zc6Oekw5oJ3QCwrUxAA==", "NotBefore" : "Tue Oct 29 11:08:00 UTC 2024", "NotAfter" : "Sat Oct 29 11:08:00 UTC 2044" }
`/ca/v2/config/cert/transport`	`GET`	None	200	`application/json`
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/config/cert/transport { "id" : "0x8f6afa7386fdd8efc6c3406ed1e6d8c8", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "CN=DRM Transport Certificate,OU=pki-tomcat,O=EXAMPLE", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNh\r\ndGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZX\r\nnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/\r\nLeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT5\r\n7dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVq\r\ntrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EI\r\nDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYB\r\nBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2Nz\r\ncDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGB\r\nAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPR\r\neYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCq\r\nUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzT\r\ntEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW\r\n+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP\r\n3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ9\r\n1eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==\r\n-----END CERTIFICATE-----\n", "PKCS7CertChain" : "MIII2QYJKoZIhvcNAQcCoIIIyjCCCMYCAQExADALBgkqhkiG9w0BBwGgggiuMIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63ATCCBH0wggLloAMCAQICEBLbxupiB94AY12OowcgGQ4wDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzIwNDlaFw00NDEwMzAxNzIwNDlaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDBB6ctdGNP6WwGg42EeaqljMS+6CIQtG1DWIrVtdNOtGwBxpGxxQJ4QZ9XorqBVzt6SJ9yRqa3GyfHezkkCMJ9QXkrzykZNZ6xe3q7R+DRwiyVA/2wPPp0zQ/++MKyfEiBbV42l5RHrUbCLecI9e9ZnbN44p1BF5Iv4wtvLjrw63dt0SdXBqU3vQq1A2wHcj0ZoXI04JFro/rPFH8RO5VFlWQH2ZZnGlO90XrE2WTxQXSNuayt1rcFe2HVf+56Pz6oTRw83cEG+92mSYl74NIqrjc2xmBpryyB4aztGKK0j/tNH+A9VTku0Qr5xv3dKnNwL7CELU7j6QjtMQAru1k7YUM9AzSUW8Fdz+q0RYRrVGqlkpcTBUoKvXGkThPVo0qeg0lAANxLEhNKKiqCRg2ZSeB5V3QAd7eByAs4LtxCJje4knKlUjP2+kc+vvHDFm6AQX5jBIkzjOzMxNuu5qqft4L3STft1yqjiEIawhEtYhqlEblNPE7s5jZzDNFU3J8CAwEAAaNjMGEwHQYDVR0OBBYEFHSRWx1f3qY3EU0K6t5RuQpwkqEJMB8GA1UdIwQYMBaAFHSRWx1f3qY3EU0K6t5RuQpwkqEJMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQAmnZHz8CG1KCCs7V7A/gbVec+DfrQ4lPqsFxANUoC6X3b3+KlMbHO0PvQ0XhSovmh9C5rv04pQX+EZzWUAsoyfZ2QpYv0ZWkjC7tVktTvEjD55tRW4+lqRrgPve+KWIfJmMVpr06ZbKUDooCcm3Vpa4m3Y59GBtbp4vvHKaqQIa8XE6gfm2kUweBLvmlnl24HJiCH3hMgr3HE7XUECmuXIrxNcd08LCyqJp+uABOlT7Mh7Po8A3zaHVggCis3z/lPaI11eZYNDTaXEoo4KIMV14HQXcpyBBWZWsZY7On2PcCFHX6cVpKxy/kUgGwWBW3KDWoOYSCFFqy//Gwl++6NmS4u0yFNcFkwyOY6+7zEBhg7kNs3B2MZKrUxxSitNfZbs3jDe0imAHLFzpiRU98ppQIokblJqOTPHqY7kZRxvDvBIF2uqix4ZdAHsBs3BFOWO1IXwoYQOQV9KgaVixnPhWRjnz7u/chO2T/BwajZyVU+JAYN26jU2P68NrmJNKgQxAA==", "NotBefore" : "Wed Oct 30 17:25:02 UTC 2024", "NotAfter" : "Tue Oct 20 17:25:02 UTC 2026" }
`/ca/v2/info`	`GET`	None	200	`application/json`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/info { "Attributes" : { "Attribute" : [ ] } }
`/ca/v2/installer/createRequestID`	`POST`	None	200	`application/json`	Certiricate setup request with `pin`, `tag` and `systemCert`
`/ca/v2/installer/createCerttID`	`POST`	None	200	`application/json`	Certiricate setup request with `pin`, `tag` and `systemCert`
`/ca/v2/profiles`	`GET`	size, start, visible, enable, enableBy	200	`application/json`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ "https://$HOSTNAME:8443/ca/v2/profiles?size=2&visible=true&enable=true&enableBy=admin" { "total" : 25, "entries" : [ { "profileURL" : "https://pki.example.com:8443/ca/v2/profiles/acmeServerCert", "profileId" : "acmeServerCert", "profileName" : "ACME Server Certificate Enrollment", "profileDescription" : "This certificate profile is for enrolling server certificates via ACME protocol.", "profileVisible" : true, "profileEnable" : true, "profileEnableBy" : "admin" }, { "profileURL" : "https://pki.example.com:8443/ca/v2/profiles/caServerKeygen_UserCert", "profileId" : "caServerKeygen_UserCert", "profileName" : "Manual User Dual-Use Certificate Enrollment using server-side Key generation", "profileDescription" : "This certificate profile is for enrolling user certificates using server-side Key generation.", "profileVisible" : true, "profileEnable" : true, "profileEnableBy" : "admin" } ] }
`/ca/v2/profiles`	`POST`	None	201	`application/json`	Profile in json format
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"id":"test","classId":"caEnrollImpl","name":"Manual User Dual-Use Certificate Enrollment","description":"This certificate profile is for enrolling user certificates.","enabled":true,"visible":false,"enabledBy":"admin","authzAcl":"","renewal":false,"inputs":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"outputs":[{"id":"o1","name":"Certificate Output","classId":"certOutputImpl","attributes":[{"name":"pretty_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Pretty Print"}},{"name":"b64_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Base-64 Encoded"}}]}],"policySets":{"userCertSet":[{"id":"1","def":{"name":"Subject Name Default","classId":"userSubjectNameDefaultImpl","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[{"name":"useSysEncoding","value":""}]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.","classId":"subjectNameConstraintImpl","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=."}]}},{"id":"10","def":{"name":"No Default","classId":"noDefaultImpl","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"renewGracePeriodConstraintImpl","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","classId":"validityDefaultImpl","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[{"name":"range","value":"180"},{"name":"rangeUnit","value":""},{"name":"startTime","value":"0"}]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"validityConstraintImpl","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","classId":"userKeyDefaultImpl","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"keyConstraintImpl","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","classId":"authorityKeyIdentifierExtDefaultImpl","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","classId":"authInfoAccessExtDefaultImpl","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"authInfoAccessCritical","value":"false"},{"name":"authInfoAccessNumADs","value":"1"},{"name":"authInfoAccessADMethod_0","value":"1.3.6.1.5.5.7.48.1"},{"name":"authInfoAccessADLocationType_0","value":"URIName"},{"name":"authInfoAccessADLocation_0","value":""},{"name":"authInfoAccessADEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","classId":"keyUsageExtDefaultImpl","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[{"name":"keyUsageCritical","value":"true"},{"name":"keyUsageDigitalSignature","value":"true"},{"name":"keyUsageNonRepudiation","value":"true"},{"name":"keyUsageKeyEncipherment","value":"true"},{"name":"keyUsageDataEncipherment","value":"false"},{"name":"keyUsageKeyAgreement","value":"false"},{"name":"keyUsageKeyCertSign","value":"false"},{"name":"keyUsageCrlSign","value":"false"},{"name":"keyUsageEncipherOnly","value":"false"},{"name":"keyUsageDecipherOnly","value":"false"}]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"keyUsageExtConstraintImpl","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","classId":"extendedKeyUsageExtDefaultImpl","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[{"name":"exKeyUsageCritical","value":"false"},{"name":"exKeyUsageOIDs","value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","classId":"subjectAltNameExtDefaultImpl","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"subjAltNameExtCritical","value":"false"},{"name":"subjAltNameNumGNs","value":"1"},{"name":"subjAltExtType_0","value":"RFC822Name"},{"name":"subjAltExtPattern_0","value":"$request.requestor_email$"},{"name":"subjAltExtGNEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","classId":"signingAlgDefaultImpl","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[{"name":"signingAlg","value":"-"}]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"signingAlgConstraintImpl","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]},"xmloutput":false}' \ https://$HOSTNAME:8443/ca/v2/profiles { "id" : "test", "classId" : "caEnrollImpl", "name" : "Manual User Dual-Use Certificate Enrollment", "description" : "This certificate profile is for enrolling user certificates.", "enabled" : false, "visible" : false, "authzAcl" : "", "renewal" : false, "inputs" : [ { "id" : "i1", "ClassID" : "keyGenInputImpl", "Name" : "Key Generation", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Descriptor" : { "Syntax" : "keygen_request_type", "Description" : "Key Generation Request Type" } }, { "name" : "cert_request", "Descriptor" : { "Syntax" : "keygen_request", "Description" : "Key Generation Request" } } ] }, { "id" : "i2", "ClassID" : "subjectNameInputImpl", "Name" : "Subject Name", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "sn_uid", "Descriptor" : { "Syntax" : "string", "Description" : "UID" } }, { "name" : "sn_e", "Descriptor" : { "Syntax" : "string", "Description" : "Email" } }, { "name" : "sn_cn", "Descriptor" : { "Syntax" : "string", "Description" : "Common Name" } }, { "name" : "sn_ou3", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 3" } }, { "name" : "sn_ou2", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 2" } }, { "name" : "sn_ou1", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 1" } }, { "name" : "sn_ou", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit" } }, { "name" : "sn_o", "Descriptor" : { "Syntax" : "string", "Description" : "Organization" } }, { "name" : "sn_c", "Descriptor" : { "Syntax" : "string", "Description" : "Country" } } ] }, { "id" : "i3", "ClassID" : "submitterInfoInputImpl", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "requestor_name", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Name" } }, { "name" : "requestor_email", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Email" } }, { "name" : "requestor_phone", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Phone" } } ] } ], "outputs" : [ { "id" : "o1", "name" : "Certificate Output", "classId" : "certOutputImpl", "attributes" : [ { "name" : "pretty_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Pretty Print" } }, { "name" : "b64_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Base-64 Encoded" } } ] } ], "policySets" : { "userCertSet" : [ { "id" : "1", "def" : { "name" : "Subject Name Default", "classId" : "userSubjectNameDefaultImpl", "text" : "This default populates a User-Supplied Certificate Subject Name to the request.", "attributes" : [ { "name" : "name", "Descriptor" : { "Syntax" : "string", "Description" : "Subject Name" } } ], "params" : [ { "name" : "useSysEncoding", "value" : "" } ] }, "constraint" : { "name" : "Subject Name Constraint", "text" : "This constraint accepts the subject name that matches UID=.", "classId" : "subjectNameConstraintImpl", "constraints" : [ { "name" : "pattern", "descriptor" : { "Syntax" : "string", "Description" : "Subject Name Pattern" }, "value" : "UID=." } ] } }, { "id" : "10", "def" : { "name" : "No Default", "classId" : "noDefaultImpl", "text" : "No Default", "attributes" : [ ], "params" : [ ] }, "constraint" : { "name" : "Renewal Grace Period Constraint", "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.", "classId" : "renewGracePeriodConstraintImpl", "constraints" : [ { "name" : "renewal.graceBefore", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period Before", "DefaultValue" : "30" }, "value" : "30" }, { "name" : "renewal.graceAfter", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period After", "DefaultValue" : "30" }, "value" : "30" } ] } }, { "id" : "2", "def" : { "name" : "Validity Default", "classId" : "validityDefaultImpl", "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days", "attributes" : [ { "name" : "notBefore", "Descriptor" : { "Syntax" : "string", "Description" : "Not Before" } }, { "name" : "notAfter", "Descriptor" : { "Syntax" : "string", "Description" : "Not After" } } ], "params" : [ { "name" : "range", "value" : "180" }, { "name" : "rangeUnit", "value" : "" }, { "name" : "startTime", "value" : "0" } ] }, "constraint" : { "name" : "Validity Constraint", "text" : "This constraint rejects the validity that is not between 365 days.", "classId" : "validityConstraintImpl", "constraints" : [ { "name" : "range", "descriptor" : { "Syntax" : "integer", "Description" : "Validity Range", "DefaultValue" : "365" }, "value" : "365" }, { "name" : "rangeUnit", "descriptor" : { "Syntax" : "string", "Description" : "Validity Range Unit: year, month, day (default), hour, minute", "DefaultValue" : "day" }, "value" : "" }, { "name" : "notBeforeGracePeriod", "descriptor" : { "Syntax" : "integer", "Description" : "Grace period for Not Before being set in the future (in seconds).", "DefaultValue" : "0" }, "value" : "" }, { "name" : "notBeforeCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not Before against current time", "DefaultValue" : "false" }, "value" : "false" }, { "name" : "notAfterCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not After against Not Before", "DefaultValue" : "false" }, "value" : "false" } ] } }, { "id" : "3", "def" : { "name" : "Key Default", "classId" : "userKeyDefaultImpl", "text" : "This default populates a User-Supplied Certificate Key to the request.", "attributes" : [ { "name" : "TYPE", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Type" } }, { "name" : "LEN", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Length" } }, { "name" : "KEY", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key" } } ], "params" : [ ] }, "constraint" : { "name" : "Key Constraint", "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096", "classId" : "keyConstraintImpl", "constraints" : [ { "name" : "keyType", "descriptor" : { "Syntax" : "choice", "Constraint" : "-,RSA,EC", "Description" : "Key Type", "DefaultValue" : "RSA" }, "value" : "RSA" }, { "name" : "keyParameters", "descriptor" : { "Syntax" : "string", "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.", "DefaultValue" : "" }, "value" : "1024,2048,3072,4096" } ] } }, { "id" : "4", "def" : { "name" : "Authority Key Identifier Default", "classId" : "authorityKeyIdentifierExtDefaultImpl", "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.", "attributes" : [ { "name" : "critical", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Criticality" } }, { "name" : "keyid", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key ID" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "5", "def" : { "name" : "AIA Extension Default", "classId" : "authInfoAccessExtDefaultImpl", "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}", "attributes" : [ { "name" : "authInfoAccessCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "authInfoAccessGeneralNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "authInfoAccessCritical", "value" : "false" }, { "name" : "authInfoAccessNumADs", "value" : "1" }, { "name" : "authInfoAccessADMethod_0", "value" : "1.3.6.1.5.5.7.48.1" }, { "name" : "authInfoAccessADLocationType_0", "value" : "URIName" }, { "name" : "authInfoAccessADLocation_0", "value" : "" }, { "name" : "authInfoAccessADEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "6", "def" : { "name" : "Key Usage Default", "classId" : "keyUsageExtDefaultImpl", "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "attributes" : [ { "name" : "keyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "keyUsageDigitalSignature", "Descriptor" : { "Syntax" : "boolean", "Description" : "Digital Signature", "DefaultValue" : "false" } }, { "name" : "keyUsageNonRepudiation", "Descriptor" : { "Syntax" : "boolean", "Description" : "Non-Repudiation", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageDataEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Data Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyAgreement", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Agreement", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyCertSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key CertSign", "DefaultValue" : "false" } }, { "name" : "keyUsageCrlSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "CRL Sign", "DefaultValue" : "false" } }, { "name" : "keyUsageEncipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Encipher Only", "DefaultValue" : "false" } }, { "name" : "keyUsageDecipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Decipher Only", "DefaultValue" : "false" } } ], "params" : [ { "name" : "keyUsageCritical", "value" : "true" }, { "name" : "keyUsageDigitalSignature", "value" : "true" }, { "name" : "keyUsageNonRepudiation", "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "value" : "true" }, { "name" : "keyUsageDataEncipherment", "value" : "false" }, { "name" : "keyUsageKeyAgreement", "value" : "false" }, { "name" : "keyUsageKeyCertSign", "value" : "false" }, { "name" : "keyUsageCrlSign", "value" : "false" }, { "name" : "keyUsageEncipherOnly", "value" : "false" }, { "name" : "keyUsageDecipherOnly", "value" : "false" } ] }, "constraint" : { "name" : "Key Usage Extension Constraint", "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "classId" : "keyUsageExtConstraintImpl", "constraints" : [ { "name" : "keyUsageCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDigitalSignature", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Digital Signature", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageNonRepudiation", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Non-Repudiation", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Encipherment", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDataEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Data Encipherment", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyAgreement", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Agreement", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyCertSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key CertSign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageCrlSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "CRL Sign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageEncipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Encipher Only", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageDecipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Decipher Only", "DefaultValue" : "-" }, "value" : "false" } ] } }, { "id" : "7", "def" : { "name" : "Extended Key Usage Extension Default", "classId" : "extendedKeyUsageExtDefaultImpl", "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4", "attributes" : [ { "name" : "exKeyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "exKeyUsageOIDs", "Descriptor" : { "Syntax" : "string_list", "Description" : "Comma-Separated list of Object Identifiers" } } ], "params" : [ { "name" : "exKeyUsageCritical", "value" : "false" }, { "name" : "exKeyUsageOIDs", "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "8", "def" : { "name" : "Subject Alt Name Constraint", "classId" : "subjectAltNameExtDefaultImpl", "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}", "attributes" : [ { "name" : "subjAltNameExtCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "subjAltNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "subjAltNameExtCritical", "value" : "false" }, { "name" : "subjAltNameNumGNs", "value" : "1" }, { "name" : "subjAltExtType_0", "value" : "RFC822Name" }, { "name" : "subjAltExtPattern_0", "value" : "$request.requestor_email$" }, { "name" : "subjAltExtGNEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "9", "def" : { "name" : "Signing Alg", "classId" : "signingAlgDefaultImpl", "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA", "attributes" : [ { "name" : "signingAlg", "Descriptor" : { "Syntax" : "choice", "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "Description" : "Signing Algorithm" } } ], "params" : [ { "name" : "signingAlg", "value" : "-" } ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "classId" : "signingAlgConstraintImpl", "constraints" : [ { "name" : "signingAlgsAllowed", "descriptor" : { "Syntax" : "string", "Description" : "Allowed Signing Algorithms", "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC" }, "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS" } ] } } ] }, "xmloutput" : false }
`/ca/v2/profiles/{id}`	`GET`	None	200	`application/json`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/profiles/caUserCert { "id" : "caUserCert", "classId" : "caEnrollImpl", "name" : "Manual User Dual-Use Certificate Enrollment", "description" : "This certificate profile is for enrolling user certificates.", "enabled" : true, "visible" : false, "enabledBy" : "admin", "authzAcl" : "", "renewal" : false, "inputs" : [ { "id" : "i1", "ClassID" : "keyGenInputImpl", "Name" : "Key Generation", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Descriptor" : { "Syntax" : "keygen_request_type", "Description" : "Key Generation Request Type" } }, { "name" : "cert_request", "Descriptor" : { "Syntax" : "keygen_request", "Description" : "Key Generation Request" } } ] }, { "id" : "i2", "ClassID" : "subjectNameInputImpl", "Name" : "Subject Name", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "sn_uid", "Descriptor" : { "Syntax" : "string", "Description" : "UID" } }, { "name" : "sn_e", "Descriptor" : { "Syntax" : "string", "Description" : "Email" } }, { "name" : "sn_cn", "Descriptor" : { "Syntax" : "string", "Description" : "Common Name" } }, { "name" : "sn_ou3", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 3" } }, { "name" : "sn_ou2", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 2" } }, { "name" : "sn_ou1", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 1" } }, { "name" : "sn_ou", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit" } }, { "name" : "sn_o", "Descriptor" : { "Syntax" : "string", "Description" : "Organization" } }, { "name" : "sn_c", "Descriptor" : { "Syntax" : "string", "Description" : "Country" } } ] }, { "id" : "i3", "ClassID" : "submitterInfoInputImpl", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "requestor_name", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Name" } }, { "name" : "requestor_email", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Email" } }, { "name" : "requestor_phone", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Phone" } } ] } ], "outputs" : [ { "id" : "o1", "name" : "Certificate Output", "classId" : "certOutputImpl", "attributes" : [ { "name" : "pretty_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Pretty Print" } }, { "name" : "b64_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Base-64 Encoded" } } ] } ], "policySets" : { "userCertSet" : [ { "id" : "1", "def" : { "name" : "Subject Name Default", "classId" : "userSubjectNameDefaultImpl", "text" : "This default populates a User-Supplied Certificate Subject Name to the request.", "attributes" : [ { "name" : "name", "Descriptor" : { "Syntax" : "string", "Description" : "Subject Name" } } ], "params" : [ { "name" : "useSysEncoding", "value" : "" } ] }, "constraint" : { "name" : "Subject Name Constraint", "text" : "This constraint accepts the subject name that matches UID=.", "classId" : "subjectNameConstraintImpl", "constraints" : [ { "name" : "pattern", "descriptor" : { "Syntax" : "string", "Description" : "Subject Name Pattern" }, "value" : "UID=." } ] } }, { "id" : "10", "def" : { "name" : "No Default", "classId" : "noDefaultImpl", "text" : "No Default", "attributes" : [ ], "params" : [ ] }, "constraint" : { "name" : "Renewal Grace Period Constraint", "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.", "classId" : "renewGracePeriodConstraintImpl", "constraints" : [ { "name" : "renewal.graceBefore", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period Before", "DefaultValue" : "30" }, "value" : "30" }, { "name" : "renewal.graceAfter", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period After", "DefaultValue" : "30" }, "value" : "30" } ] } }, { "id" : "2", "def" : { "name" : "Validity Default", "classId" : "validityDefaultImpl", "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days", "attributes" : [ { "name" : "notBefore", "Descriptor" : { "Syntax" : "string", "Description" : "Not Before" } }, { "name" : "notAfter", "Descriptor" : { "Syntax" : "string", "Description" : "Not After" } } ], "params" : [ { "name" : "range", "value" : "180" }, { "name" : "rangeUnit", "value" : "" }, { "name" : "startTime", "value" : "0" } ] }, "constraint" : { "name" : "Validity Constraint", "text" : "This constraint rejects the validity that is not between 365 days.", "classId" : "validityConstraintImpl", "constraints" : [ { "name" : "range", "descriptor" : { "Syntax" : "integer", "Description" : "Validity Range", "DefaultValue" : "365" }, "value" : "365" }, { "name" : "rangeUnit", "descriptor" : { "Syntax" : "string", "Description" : "Validity Range Unit: year, month, day (default), hour, minute", "DefaultValue" : "day" }, "value" : "" }, { "name" : "notBeforeGracePeriod", "descriptor" : { "Syntax" : "integer", "Description" : "Grace period for Not Before being set in the future (in seconds).", "DefaultValue" : "0" }, "value" : "" }, { "name" : "notBeforeCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not Before against current time", "DefaultValue" : "false" }, "value" : "false" }, { "name" : "notAfterCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not After against Not Before", "DefaultValue" : "false" }, "value" : "false" } ] } }, { "id" : "3", "def" : { "name" : "Key Default", "classId" : "userKeyDefaultImpl", "text" : "This default populates a User-Supplied Certificate Key to the request.", "attributes" : [ { "name" : "TYPE", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Type" } }, { "name" : "LEN", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Length" } }, { "name" : "KEY", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key" } } ], "params" : [ ] }, "constraint" : { "name" : "Key Constraint", "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096", "classId" : "keyConstraintImpl", "constraints" : [ { "name" : "keyType", "descriptor" : { "Syntax" : "choice", "Constraint" : "-,RSA,EC", "Description" : "Key Type", "DefaultValue" : "RSA" }, "value" : "RSA" }, { "name" : "keyParameters", "descriptor" : { "Syntax" : "string", "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.", "DefaultValue" : "" }, "value" : "1024,2048,3072,4096" } ] } }, { "id" : "4", "def" : { "name" : "Authority Key Identifier Default", "classId" : "authorityKeyIdentifierExtDefaultImpl", "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.", "attributes" : [ { "name" : "critical", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Criticality" } }, { "name" : "keyid", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key ID" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "5", "def" : { "name" : "AIA Extension Default", "classId" : "authInfoAccessExtDefaultImpl", "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}", "attributes" : [ { "name" : "authInfoAccessCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "authInfoAccessGeneralNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "authInfoAccessCritical", "value" : "false" }, { "name" : "authInfoAccessNumADs", "value" : "1" }, { "name" : "authInfoAccessADMethod_0", "value" : "1.3.6.1.5.5.7.48.1" }, { "name" : "authInfoAccessADLocationType_0", "value" : "URIName" }, { "name" : "authInfoAccessADLocation_0", "value" : "" }, { "name" : "authInfoAccessADEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "6", "def" : { "name" : "Key Usage Default", "classId" : "keyUsageExtDefaultImpl", "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "attributes" : [ { "name" : "keyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "keyUsageDigitalSignature", "Descriptor" : { "Syntax" : "boolean", "Description" : "Digital Signature", "DefaultValue" : "false" } }, { "name" : "keyUsageNonRepudiation", "Descriptor" : { "Syntax" : "boolean", "Description" : "Non-Repudiation", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageDataEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Data Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyAgreement", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Agreement", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyCertSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key CertSign", "DefaultValue" : "false" } }, { "name" : "keyUsageCrlSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "CRL Sign", "DefaultValue" : "false" } }, { "name" : "keyUsageEncipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Encipher Only", "DefaultValue" : "false" } }, { "name" : "keyUsageDecipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Decipher Only", "DefaultValue" : "false" } } ], "params" : [ { "name" : "keyUsageCritical", "value" : "true" }, { "name" : "keyUsageDigitalSignature", "value" : "true" }, { "name" : "keyUsageNonRepudiation", "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "value" : "true" }, { "name" : "keyUsageDataEncipherment", "value" : "false" }, { "name" : "keyUsageKeyAgreement", "value" : "false" }, { "name" : "keyUsageKeyCertSign", "value" : "false" }, { "name" : "keyUsageCrlSign", "value" : "false" }, { "name" : "keyUsageEncipherOnly", "value" : "false" }, { "name" : "keyUsageDecipherOnly", "value" : "false" } ] }, "constraint" : { "name" : "Key Usage Extension Constraint", "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "classId" : "keyUsageExtConstraintImpl", "constraints" : [ { "name" : "keyUsageCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDigitalSignature", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Digital Signature", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageNonRepudiation", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Non-Repudiation", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Encipherment", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDataEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Data Encipherment", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyAgreement", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Agreement", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyCertSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key CertSign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageCrlSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "CRL Sign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageEncipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Encipher Only", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageDecipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Decipher Only", "DefaultValue" : "-" }, "value" : "false" } ] } }, { "id" : "7", "def" : { "name" : "Extended Key Usage Extension Default", "classId" : "extendedKeyUsageExtDefaultImpl", "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4", "attributes" : [ { "name" : "exKeyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "exKeyUsageOIDs", "Descriptor" : { "Syntax" : "string_list", "Description" : "Comma-Separated list of Object Identifiers" } } ], "params" : [ { "name" : "exKeyUsageCritical", "value" : "false" }, { "name" : "exKeyUsageOIDs", "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "8", "def" : { "name" : "Subject Alt Name Constraint", "classId" : "subjectAltNameExtDefaultImpl", "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}", "attributes" : [ { "name" : "subjAltNameExtCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "subjAltNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "subjAltNameExtCritical", "value" : "false" }, { "name" : "subjAltNameNumGNs", "value" : "1" }, { "name" : "subjAltExtType_0", "value" : "RFC822Name" }, { "name" : "subjAltExtPattern_0", "value" : "$request.requestor_email$" }, { "name" : "subjAltExtGNEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "9", "def" : { "name" : "Signing Alg", "classId" : "signingAlgDefaultImpl", "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA", "attributes" : [ { "name" : "signingAlg", "Descriptor" : { "Syntax" : "choice", "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "Description" : "Signing Algorithm" } } ], "params" : [ { "name" : "signingAlg", "value" : "-" } ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "classId" : "signingAlgConstraintImpl", "constraints" : [ { "name" : "signingAlgsAllowed", "descriptor" : { "Syntax" : "string", "Description" : "Allowed Signing Algorithms", "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC" }, "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS" } ] } } ] }, "xmloutput" : false }
`/ca/v2/profiles/{id}`	`POST`	action (enable/disable)	204		No input exptected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST "https://$HOSTNAME:8443/ca/v2/profiles/caUserCert?action=disable"
`/ca/v2/profiles/{id}`	`PUT`	None	200	`application/json`	Profile in json foramt
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"id":"test","classId":"caEnrollImpl","name":"Manual User Dual-Use Certificate Enrollment","description":"This certificate profile is for enrolling user certificates.","enabled":true,"visible":true,"enabledBy":"admin","authzAcl":"","renewal":false,"inputs":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"outputs":[{"id":"o1","name":"Certificate Output","classId":"certOutputImpl","attributes":[{"name":"pretty_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Pretty Print"}},{"name":"b64_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Base-64 Encoded"}}]}],"policySets":{"userCertSet":[{"id":"1","def":{"name":"Subject Name Default","classId":"userSubjectNameDefaultImpl","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[{"name":"useSysEncoding","value":""}]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.","classId":"subjectNameConstraintImpl","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=."}]}},{"id":"10","def":{"name":"No Default","classId":"noDefaultImpl","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"renewGracePeriodConstraintImpl","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","classId":"validityDefaultImpl","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[{"name":"range","value":"180"},{"name":"rangeUnit","value":""},{"name":"startTime","value":"0"}]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"validityConstraintImpl","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","classId":"userKeyDefaultImpl","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"keyConstraintImpl","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","classId":"authorityKeyIdentifierExtDefaultImpl","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","classId":"authInfoAccessExtDefaultImpl","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"authInfoAccessCritical","value":"false"},{"name":"authInfoAccessNumADs","value":"1"},{"name":"authInfoAccessADMethod_0","value":"1.3.6.1.5.5.7.48.1"},{"name":"authInfoAccessADLocationType_0","value":"URIName"},{"name":"authInfoAccessADLocation_0","value":""},{"name":"authInfoAccessADEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","classId":"keyUsageExtDefaultImpl","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[{"name":"keyUsageCritical","value":"true"},{"name":"keyUsageDigitalSignature","value":"true"},{"name":"keyUsageNonRepudiation","value":"true"},{"name":"keyUsageKeyEncipherment","value":"true"},{"name":"keyUsageDataEncipherment","value":"false"},{"name":"keyUsageKeyAgreement","value":"false"},{"name":"keyUsageKeyCertSign","value":"false"},{"name":"keyUsageCrlSign","value":"false"},{"name":"keyUsageEncipherOnly","value":"false"},{"name":"keyUsageDecipherOnly","value":"false"}]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"keyUsageExtConstraintImpl","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","classId":"extendedKeyUsageExtDefaultImpl","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[{"name":"exKeyUsageCritical","value":"false"},{"name":"exKeyUsageOIDs","value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","classId":"subjectAltNameExtDefaultImpl","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"subjAltNameExtCritical","value":"false"},{"name":"subjAltNameNumGNs","value":"1"},{"name":"subjAltExtType_0","value":"RFC822Name"},{"name":"subjAltExtPattern_0","value":"$request.requestor_email$"},{"name":"subjAltExtGNEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","classId":"signingAlgDefaultImpl","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[{"name":"signingAlg","value":"-"}]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"signingAlgConstraintImpl","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]},"xmloutput":false}' \ -X Put https://$HOSTNAME:8443/ca/v2/profiles/test { "id" : "test", "classId" : "caEnrollImpl", "name" : "Manual User Dual-Use Certificate Enrollment", "description" : "This certificate profile is for enrolling user certificates.", "enabled" : false, "visible" : true, "authzAcl" : "", "renewal" : false, "inputs" : [ { "id" : "i1", "ClassID" : "keyGenInputImpl", "Name" : "Key Generation", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Descriptor" : { "Syntax" : "keygen_request_type", "Description" : "Key Generation Request Type" } }, { "name" : "cert_request", "Descriptor" : { "Syntax" : "keygen_request", "Description" : "Key Generation Request" } } ] }, { "id" : "i2", "ClassID" : "subjectNameInputImpl", "Name" : "Subject Name", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "sn_uid", "Descriptor" : { "Syntax" : "string", "Description" : "UID" } }, { "name" : "sn_e", "Descriptor" : { "Syntax" : "string", "Description" : "Email" } }, { "name" : "sn_cn", "Descriptor" : { "Syntax" : "string", "Description" : "Common Name" } }, { "name" : "sn_ou3", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 3" } }, { "name" : "sn_ou2", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 2" } }, { "name" : "sn_ou1", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 1" } }, { "name" : "sn_ou", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit" } }, { "name" : "sn_o", "Descriptor" : { "Syntax" : "string", "Description" : "Organization" } }, { "name" : "sn_c", "Descriptor" : { "Syntax" : "string", "Description" : "Country" } } ] }, { "id" : "i3", "ClassID" : "submitterInfoInputImpl", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "requestor_name", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Name" } }, { "name" : "requestor_email", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Email" } }, { "name" : "requestor_phone", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Phone" } } ] } ], "outputs" : [ { "id" : "o1", "name" : "Certificate Output", "classId" : "certOutputImpl", "attributes" : [ { "name" : "pretty_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Pretty Print" } }, { "name" : "b64_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Base-64 Encoded" } } ] } ], "policySets" : { "userCertSet" : [ { "id" : "1", "def" : { "name" : "Subject Name Default", "classId" : "userSubjectNameDefaultImpl", "text" : "This default populates a User-Supplied Certificate Subject Name to the request.", "attributes" : [ { "name" : "name", "Descriptor" : { "Syntax" : "string", "Description" : "Subject Name" } } ], "params" : [ { "name" : "useSysEncoding", "value" : "" } ] }, "constraint" : { "name" : "Subject Name Constraint", "text" : "This constraint accepts the subject name that matches UID=.", "classId" : "subjectNameConstraintImpl", "constraints" : [ { "name" : "pattern", "descriptor" : { "Syntax" : "string", "Description" : "Subject Name Pattern" }, "value" : "UID=." } ] } }, { "id" : "10", "def" : { "name" : "No Default", "classId" : "noDefaultImpl", "text" : "No Default", "attributes" : [ ], "params" : [ ] }, "constraint" : { "name" : "Renewal Grace Period Constraint", "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.", "classId" : "renewGracePeriodConstraintImpl", "constraints" : [ { "name" : "renewal.graceBefore", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period Before", "DefaultValue" : "30" }, "value" : "30" }, { "name" : "renewal.graceAfter", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period After", "DefaultValue" : "30" }, "value" : "30" } ] } }, { "id" : "2", "def" : { "name" : "Validity Default", "classId" : "validityDefaultImpl", "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days", "attributes" : [ { "name" : "notBefore", "Descriptor" : { "Syntax" : "string", "Description" : "Not Before" } }, { "name" : "notAfter", "Descriptor" : { "Syntax" : "string", "Description" : "Not After" } } ], "params" : [ { "name" : "range", "value" : "180" }, { "name" : "rangeUnit", "value" : "" }, { "name" : "startTime", "value" : "0" } ] }, "constraint" : { "name" : "Validity Constraint", "text" : "This constraint rejects the validity that is not between 365 days.", "classId" : "validityConstraintImpl", "constraints" : [ { "name" : "range", "descriptor" : { "Syntax" : "integer", "Description" : "Validity Range", "DefaultValue" : "365" }, "value" : "365" }, { "name" : "rangeUnit", "descriptor" : { "Syntax" : "string", "Description" : "Validity Range Unit: year, month, day (default), hour, minute", "DefaultValue" : "day" }, "value" : "" }, { "name" : "notBeforeGracePeriod", "descriptor" : { "Syntax" : "integer", "Description" : "Grace period for Not Before being set in the future (in seconds).", "DefaultValue" : "0" }, "value" : "" }, { "name" : "notBeforeCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not Before against current time", "DefaultValue" : "false" }, "value" : "false" }, { "name" : "notAfterCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not After against Not Before", "DefaultValue" : "false" }, "value" : "false" } ] } }, { "id" : "3", "def" : { "name" : "Key Default", "classId" : "userKeyDefaultImpl", "text" : "This default populates a User-Supplied Certificate Key to the request.", "attributes" : [ { "name" : "TYPE", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Type" } }, { "name" : "LEN", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Length" } }, { "name" : "KEY", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key" } } ], "params" : [ ] }, "constraint" : { "name" : "Key Constraint", "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096", "classId" : "keyConstraintImpl", "constraints" : [ { "name" : "keyType", "descriptor" : { "Syntax" : "choice", "Constraint" : "-,RSA,EC", "Description" : "Key Type", "DefaultValue" : "RSA" }, "value" : "RSA" }, { "name" : "keyParameters", "descriptor" : { "Syntax" : "string", "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.", "DefaultValue" : "" }, "value" : "1024,2048,3072,4096" } ] } }, { "id" : "4", "def" : { "name" : "Authority Key Identifier Default", "classId" : "authorityKeyIdentifierExtDefaultImpl", "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.", "attributes" : [ { "name" : "critical", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Criticality" } }, { "name" : "keyid", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key ID" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "5", "def" : { "name" : "AIA Extension Default", "classId" : "authInfoAccessExtDefaultImpl", "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}", "attributes" : [ { "name" : "authInfoAccessCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "authInfoAccessGeneralNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "authInfoAccessCritical", "value" : "false" }, { "name" : "authInfoAccessNumADs", "value" : "1" }, { "name" : "authInfoAccessADMethod_0", "value" : "1.3.6.1.5.5.7.48.1" }, { "name" : "authInfoAccessADLocationType_0", "value" : "URIName" }, { "name" : "authInfoAccessADLocation_0", "value" : "" }, { "name" : "authInfoAccessADEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "6", "def" : { "name" : "Key Usage Default", "classId" : "keyUsageExtDefaultImpl", "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "attributes" : [ { "name" : "keyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "keyUsageDigitalSignature", "Descriptor" : { "Syntax" : "boolean", "Description" : "Digital Signature", "DefaultValue" : "false" } }, { "name" : "keyUsageNonRepudiation", "Descriptor" : { "Syntax" : "boolean", "Description" : "Non-Repudiation", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageDataEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Data Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyAgreement", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Agreement", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyCertSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key CertSign", "DefaultValue" : "false" } }, { "name" : "keyUsageCrlSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "CRL Sign", "DefaultValue" : "false" } }, { "name" : "keyUsageEncipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Encipher Only", "DefaultValue" : "false" } }, { "name" : "keyUsageDecipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Decipher Only", "DefaultValue" : "false" } } ], "params" : [ { "name" : "keyUsageCritical", "value" : "true" }, { "name" : "keyUsageDigitalSignature", "value" : "true" }, { "name" : "keyUsageNonRepudiation", "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "value" : "true" }, { "name" : "keyUsageDataEncipherment", "value" : "false" }, { "name" : "keyUsageKeyAgreement", "value" : "false" }, { "name" : "keyUsageKeyCertSign", "value" : "false" }, { "name" : "keyUsageCrlSign", "value" : "false" }, { "name" : "keyUsageEncipherOnly", "value" : "false" }, { "name" : "keyUsageDecipherOnly", "value" : "false" } ] }, "constraint" : { "name" : "Key Usage Extension Constraint", "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "classId" : "keyUsageExtConstraintImpl", "constraints" : [ { "name" : "keyUsageCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDigitalSignature", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Digital Signature", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageNonRepudiation", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Non-Repudiation", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Encipherment", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDataEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Data Encipherment", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyAgreement", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Agreement", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyCertSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key CertSign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageCrlSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "CRL Sign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageEncipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Encipher Only", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageDecipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Decipher Only", "DefaultValue" : "-" }, "value" : "false" } ] } }, { "id" : "7", "def" : { "name" : "Extended Key Usage Extension Default", "classId" : "extendedKeyUsageExtDefaultImpl", "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4", "attributes" : [ { "name" : "exKeyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "exKeyUsageOIDs", "Descriptor" : { "Syntax" : "string_list", "Description" : "Comma-Separated list of Object Identifiers" } } ], "params" : [ { "name" : "exKeyUsageCritical", "value" : "false" }, { "name" : "exKeyUsageOIDs", "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "8", "def" : { "name" : "Subject Alt Name Constraint", "classId" : "subjectAltNameExtDefaultImpl", "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}", "attributes" : [ { "name" : "subjAltNameExtCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "subjAltNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "subjAltNameExtCritical", "value" : "false" }, { "name" : "subjAltNameNumGNs", "value" : "1" }, { "name" : "subjAltExtType_0", "value" : "RFC822Name" }, { "name" : "subjAltExtPattern_0", "value" : "$request.requestor_email$" }, { "name" : "subjAltExtGNEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "9", "def" : { "name" : "Signing Alg", "classId" : "signingAlgDefaultImpl", "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA", "attributes" : [ { "name" : "signingAlg", "Descriptor" : { "Syntax" : "choice", "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "Description" : "Signing Algorithm" } } ], "params" : [ { "name" : "signingAlg", "value" : "-" } ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "classId" : "signingAlgConstraintImpl", "constraints" : [ { "name" : "signingAlgsAllowed", "descriptor" : { "Syntax" : "string", "Description" : "Allowed Signing Algorithms", "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC" }, "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS" } ] } } ] }, "xmloutput" : false }
`/ca/v2/profiles/{id}`	`DELETE`	action (enable/disable)	204
Example $ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/profiles/test
`/ca/v2/profiles/raw`	`POST`	None	201	`application/octet-stream`	Profile file in the original `key=<value>` format
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --data-binary @- https://$HOSTNAME:8443/ca/v2/profiles/raw << EOF auth.class_id= classId=caEnrollImpl desc=This certificate profile is for enrolling user certificates. enable=true enableBy=caadmin input.i1.class_id=keyGenInputImpl input.i2.class_id=subjectNameInputImpl input.i3.class_id=submitterInfoInputImpl input.list=i1,i2,i3 name=Manual User Dual-Use Certificate Enrollment output.list=o1 output.o1.class_id=certOutputImpl policyset.list=userCertSet policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.1.default.params.name= policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.2.constraint.name=Validity Constraint policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.2.constraint.params.range=365 policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.2.default.name=Validity Default policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.3.constraint.params.keyType=RSA policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.8.constraint.class_id=noConstraintImpl policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 profileId=test visible=false EOF auth.class_id= classId=caEnrollImpl desc=This certificate profile is for enrolling user certificates. enable=false enableBy=caadmin input.i1.class_id=keyGenInputImpl input.i2.class_id=subjectNameInputImpl input.i3.class_id=submitterInfoInputImpl input.list=i1,i2,i3 name=Manual User Dual-Use Certificate Enrollment output.list=o1 output.o1.class_id=certOutputImpl policyset.list=userCertSet policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.1.default.params.name= policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.2.constraint.name=Validity Constraint policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.2.constraint.params.range=365 policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.2.default.name=Validity Default policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.3.constraint.params.keyType=RSA policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.8.constraint.class_id=noConstraintImpl policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltExtPattern_0=.requestor_email$ policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 profileId=test visible=false
`/ca/v2/profiles/{id}/raw`	`GET`	None	200	`application/octet-stream`
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/profiles/caUserCert auth.class_id= classId=caEnrollImpl desc=This certificate profile is for enrolling user certificates. enable=true enableBy=caadmin input.i1.class_id=keyGenInputImpl input.i2.class_id=subjectNameInputImpl input.i3.class_id=submitterInfoInputImpl input.list=i1,i2,i3 name=Manual User Dual-Use Certificate Enrollment output.list=o1 output.o1.class_id=certOutputImpl policyset.list=userCertSet policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.1.default.params.name= policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.2.constraint.name=Validity Constraint policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.2.constraint.params.range=365 policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.2.default.name=Validity Default policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.3.constraint.params.keyType=RSA policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.8.constraint.class_id=noConstraintImpl policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 profileId=caUserCert visible=false
`/ca/v2/profiles/{id}raw`	`PUT`	None	200	`application/octet-stream`	Profile file in the original `key=<value>` format
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --data-binary @- -X PUT https://$HOSTNAME:8443/ca/v2/profiles/test/raw << EOF auth.class_id= classId=caEnrollImpl desc=This certificate profile is for enrolling user certificates. enable=false enableBy=caadmin input.i1.class_id=keyGenInputImpl input.i2.class_id=subjectNameInputImpl input.i3.class_id=submitterInfoInputImpl input.list=i1,i2,i3 name=Manual User Dual-Use Certificate Enrollment output.list=o1 output.o1.class_id=certOutputImpl policyset.list=userCertSet policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.1.default.params.name= policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.2.constraint.name=Validity Constraint policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.2.constraint.params.range=365 policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.2.default.name=Validity Default policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.3.constraint.params.keyType=RSA policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.8.constraint.class_id=noConstraintImpl policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 profileId=test visible=false EOF policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.3.constraint.params.keyType=RSA input.i2.class_id=subjectNameInputImpl policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 output.o1.class_id=certOutputImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint output.list=o1 input.list=i1,i2,i3 policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.2.constraint.params.range=365 visible=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.2.default.name=Validity Default desc=This certificate profile is for enrolling user certificates. policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.9.default.params.signingAlg=- auth.class_id= policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.6.default.params.keyUsageCrlSign=false enable=false policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.9.constraint.name=No Constraint input.i1.class_id=keyGenInputImpl enableBy=caadmin policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.name=Validity Constraint input.i3.class_id=submitterInfoInputImpl policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.8.constraint.class_id=noConstraintImpl name=Manual User Dual-Use Certificate Enrollment policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.list=userCertSet policyset.userCertSet.8.default.params.subjAltExtPattern_0=.requestor_email$ policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.1.default.params.name= policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false

Note	endpoints requiring authentication can be accessed providing the session cookie retrieved in the login api (`/<app>/v2/account/login`) or the user credentials (user/password or certificates).

CA REST API v2 - dogtagpki/pki GitHub Wiki

API endpoints

⚠️ GitHub.com Fallback ⚠️

CA REST API v2 - dogtagpki/pki GitHub Wiki

API endpoints

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️