PKI CA Review Certificate Request REST API - dogtagpki/pki GitHub Wiki
-
Path:
/ca/rest/agent/certrequests/{id} -
Method:
GET -
Authentication: client certificate
-
Query Parameters:
-
id: dec/hex request ID
-
-
Content: None
JSON
$ curl \
-k \
-s \
-H "Accept: application/json" \
--user caadmin:Secret.123 \
https://localhost.localdomain:8443/ca/rest/agent/certrequests/2 | python -m json.tool
{
"nonce": "1848741545571711687",
"requestId": "2",
"requestType": "enrollment",
"requestStatus": "complete",
"requestCreationTime": "Tue Jun 08 09:21:02 BST 2021",
"requestModificationTime": "Tue Jun 08 09:21:02 BST 2021",
"profileApprovedBy": "system",
"profileSetId": "ocspCertSet",
"profileIsVisible": "true",
"profileName": "Manual OCSP Manager Signing Certificate Enrollment",
"profileDescription": "This certificate profile is for enrolling OCSP Manager certificates.",
"Attributes": {
"Attribute": []
},
"ProfileID": "caOCSPCert",
"Renewal": false,
"Input": [
{
"id": null,
"ClassID": "CertReqInput",
"Name": "Certificate Request Input",
"Text": null,
"Attribute": [
{
"name": "cert_request_type",
"Value": "pkcs10",
"Descriptor": null
},
{
"name": "cert_request",
"Value": "-----BEGIN CERTIFICATE REQUEST-----\nMIICkjCCAXoCAQAwTTEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEkMCIG\nA1UEAwwbQ0EgT0NTUCBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\nMIIBCgKCAQEAt6EZtIIusgnocf5UwOGm8z2INRwi611A2kJCDJYFrgjgpFqjgVqR+VH14TH9LN1v\n8RTgEbCoJ9/yKGJlWluKu3hvvm5fM9DZeYpPSRjE0IasjNU8ZEDBwZtYtSnL8kq/rEDHBcS1WaxB\nJB03w8IL+WpwR5tWREGbNVeSgBvvKXrupLX5j2S89THuiWbTUVjib+vLBNonxacZBi9+hCUVtAB4\nG4gPBgMH57BKGVryRsRh7jiChdJZe/ZIs3K7iqTn8cL84kdfCRlDmIUZyUDjmjD70LRbhYklOK1q\nLC6e81wW3R6+rFelzZmt58IfcRko7VxTpHclbDWpBnVRzqVVXwIDAQABoAAwDQYJKoZIhvcNAQEL\nBQADggEBAAp78CbUDQ8Gyy622QS/talNO75BAHi3OsjXnRtyHxYdP8ffmbQsRIG0OFnrlqDRAZg2\nGZq6IEFypek4S3A/VUi7drKgyR9/AqD1bN6mn47kik7N8A1K+7y+OJYB/YWqG5u19v4rzPlk2JjB\nsP+7GvcOg/8hipVojZvZRAI/XXIQjMu3ImCLbVfDJIuY37dtMKdEb4+nek2g8y1pDVbPk+HgvfIL\n4wGA19rYb3okCU6g3UkxamFDs1+Avoaa/soVWd2zAHR19WaqlqNwqBCq9+Hl2j4iRugsD3XLyTEH\npZsSpHjiSvSEK/4ZU4Yv14mg+LwUWIiLAbGmeFGb3zujoe0=\n-----END CERTIFICATE REQUEST-----",
"Descriptor": null
}
],
"ConfigAttribute": []
},
{
"id": null,
"ClassID": "SubmitterInfoInput",
"Name": "Requestor Information",
"Text": null,
"Attribute": [],
"ConfigAttribute": []
}
],
"ProfilePolicySet": [
{
"policies": [
{
"id": null,
"def": {
"classId": null,
"id": "Subject Name Default",
"description": "This default populates a User-Supplied Certificate Subject Name to the request.",
"policyAttribute": [
{
"name": "name",
"Value": "CN=CA OCSP Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Subject Name",
"DefaultValue": null
}
}
],
"params": []
},
"constraint": {
"classId": "SubjectNameConstraint",
"id": "Subject Name Constraint",
"description": "This constraint accepts the subject name that matches CN=.*",
"constraint": [
{
"descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Subject Name Pattern",
"DefaultValue": null
},
"value": "CN=.*",
"id": "pattern"
}
]
}
},
{
"id": null,
"def": {
"classId": null,
"id": "Validity Default",
"description": "This default populates a Certificate Validity to the request. The default values are Range=720 in days",
"policyAttribute": [
{
"name": "notBefore",
"Value": "2021-06-08 09:21:02",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Not Before",
"DefaultValue": null
}
},
{
"name": "notAfter",
"Value": "2023-05-29 09:21:02",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Not After",
"DefaultValue": null
}
}
],
"params": []
},
"constraint": {
"classId": "ValidityConstraint",
"id": "Validity Constraint",
"description": "This constraint rejects the validity that is not between 720 days.",
"constraint": [
{
"descriptor": {
"Syntax": "integer",
"Constraint": null,
"Description": "Validity Range",
"DefaultValue": "365"
},
"value": "720",
"id": "range"
},
{
"descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Validity Range Unit: year, month, day (default), hour, minute",
"DefaultValue": "day"
},
"value": "",
"id": "rangeUnit"
},
{
"descriptor": {
"Syntax": "integer",
"Constraint": null,
"Description": "Grace period for Not Before being set in the future (in seconds).",
"DefaultValue": "0"
},
"value": "",
"id": "notBeforeGracePeriod"
},
{
"descriptor": {
"Syntax": "boolean",
"Constraint": null,
"Description": "Check Not Before against current time",
"DefaultValue": "false"
},
"value": "false",
"id": "notBeforeCheck"
},
{
"descriptor": {
"Syntax": "boolean",
"Constraint": null,
"Description": "Check Not After against Not Before",
"DefaultValue": "false"
},
"value": "false",
"id": "notAfterCheck"
}
]
}
},
{
"id": null,
"def": {
"classId": null,
"id": "Key Default",
"description": "This default populates a User-Supplied Certificate Key to the request.",
"policyAttribute": [
{
"name": "TYPE",
"Value": "RSA - 1.2.840.113549.1.1.1",
"Descriptor": {
"Syntax": "string",
"Constraint": "readonly",
"Description": "Key Type",
"DefaultValue": null
}
},
{
"name": "LEN",
"Value": "2048",
"Descriptor": {
"Syntax": "string",
"Constraint": "readonly",
"Description": "Key Length",
"DefaultValue": null
}
},
{
"name": "KEY",
"Value": "30:82:01:0A:02:82:01:01:00:B7:A1:19:B4:82:2E:B2:\\n09:E8:71:FE:54:C0:E1:A6:F3:3D:88:35:1C:22:EB:5D:\\n40:DA:42:42:0C:96:05:AE:08:E0:A4:5A:A3:81:5A:91:\\nF9:51:F5:E1:31:FD:2C:DD:6F:F1:14:E0:11:B0:A8:27:\\nDF:F2:28:62:65:5A:5B:8A:BB:78:6F:BE:6E:5F:33:D0:\\nD9:79:8A:4F:49:18:C4:D0:86:AC:8C:D5:3C:64:40:C1:\\nC1:9B:58:B5:29:CB:F2:4A:BF:AC:40:C7:05:C4:B5:59:\\nAC:41:24:1D:37:C3:C2:0B:F9:6A:70:47:9B:56:44:41:\\n9B:35:57:92:80:1B:EF:29:7A:EE:A4:B5:F9:8F:64:BC:\\nF5:31:EE:89:66:D3:51:58:E2:6F:EB:CB:04:DA:27:C5:\\nA7:19:06:2F:7E:84:25:15:B4:00:78:1B:88:0F:06:03:\\n07:E7:B0:4A:19:5A:F2:46:C4:61:EE:38:82:85:D2:59:\\n7B:F6:48:B3:72:BB:8A:A4:E7:F1:C2:FC:E2:47:5F:09:\\n19:43:98:85:19:C9:40:E3:9A:30:FB:D0:B4:5B:85:89:\\n25:38:AD:6A:2C:2E:9E:F3:5C:16:DD:1E:BE:AC:57:A5:\\nCD:99:AD:E7:C2:1F:71:19:28:ED:5C:53:A4:77:25:6C:\\n35:A9:06:75:51:CE:A5:55:5F:02:03:01:00:01\\n",
"Descriptor": {
"Syntax": "string",
"Constraint": "readonly",
"Description": "Key",
"DefaultValue": null
}
}
],
"params": []
},
"constraint": {
"classId": "KeyConstraint",
"id": "Key Constraint",
"description": "This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521",
"constraint": [
{
"descriptor": {
"Syntax": "choice",
"Constraint": "-,RSA,EC",
"Description": "Key Type",
"DefaultValue": "RSA"
},
"value": "-",
"id": "keyType"
},
{
"descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.",
"DefaultValue": ""
},
"value": "1024,2048,3072,4096,nistp256,nistp384,nistp521",
"id": "keyParameters"
}
]
}
},
{
"id": null,
"def": {
"classId": null,
"id": "Authority Key Identifier Default",
"description": "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.",
"policyAttribute": [
{
"name": "critical",
"Value": "false",
"Descriptor": {
"Syntax": "string",
"Constraint": "readonly",
"Description": "Criticality",
"DefaultValue": null
}
},
{
"name": "keyid",
"Value": "69:77:28:72:1E:0B:32:81:9F:33:07:B4:45:A5:FA:25:\\nB5:F5:88:E3\\n",
"Descriptor": {
"Syntax": "string",
"Constraint": "readonly",
"Description": "Key ID",
"DefaultValue": null
}
}
],
"params": []
},
"constraint": {
"classId": "NoConstraint",
"id": "No Constraint",
"description": "No Constraint",
"constraint": []
}
},
{
"id": null,
"def": {
"classId": null,
"id": "AIA Extension Default",
"description": "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}",
"policyAttribute": [
{
"name": "authInfoAccessCritical",
"Value": "false",
"Descriptor": {
"Syntax": "boolean",
"Constraint": null,
"Description": "Criticality",
"DefaultValue": "false"
}
},
{
"name": "authInfoAccessGeneralNames",
"Value": "Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://localhost.localdomain:8080/ca/ocsp\r\nEnable:true\r\n\r\n",
"Descriptor": {
"Syntax": "string_list",
"Constraint": null,
"Description": "General Names",
"DefaultValue": null
}
}
],
"params": []
},
"constraint": {
"classId": "NoConstraint",
"id": "No Constraint",
"description": "No Constraint",
"constraint": []
}
},
{
"id": null,
"def": {
"classId": null,
"id": "Extended Key Usage Default",
"description": "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.9",
"policyAttribute": [
{
"name": "exKeyUsageCritical",
"Value": "false",
"Descriptor": {
"Syntax": "boolean",
"Constraint": null,
"Description": "Criticality",
"DefaultValue": "false"
}
},
{
"name": "exKeyUsageOIDs",
"Value": "1.3.6.1.5.5.7.3.9",
"Descriptor": {
"Syntax": "string_list",
"Constraint": null,
"Description": "Comma-Separated list of Object Identifiers",
"DefaultValue": null
}
}
],
"params": []
},
"constraint": {
"classId": "ExtendedKeyUsageExtConstraint",
"id": "Extended Key Usage Extension",
"description": "This constraint accepts the Extended Key Usage extension, if present, only when Criticality=false, OIDs=1.3.6.1.5.5.7.3.9",
"constraint": [
{
"descriptor": {
"Syntax": "choice",
"Constraint": "true,false,-",
"Description": "Criticality",
"DefaultValue": "-"
},
"value": "false",
"id": "exKeyUsageCritical"
},
{
"descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Comma-Separated list of Object Identifiers",
"DefaultValue": null
},
"value": "1.3.6.1.5.5.7.3.9",
"id": "exKeyUsageOIDs"
}
]
}
},
{
"id": null,
"def": {
"classId": null,
"id": "OCSP No Check Extension",
"description": "This default populates an OCSP No Check Extension (1.3.6.1.5.5.7.48.1.5) to the request. The default values are Criticality=false",
"policyAttribute": [
{
"name": "ocspNoCheckCritical",
"Value": "false",
"Descriptor": {
"Syntax": "boolean",
"Constraint": null,
"Description": "Criticality",
"DefaultValue": "false"
}
}
],
"params": []
},
"constraint": {
"classId": "ExtensionConstraint",
"id": "No Constraint",
"description": "This constraint accepts the extension only when Criticality=false, OID=1.3.6.1.5.5.7.48.1.5",
"constraint": [
{
"descriptor": {
"Syntax": "choice",
"Constraint": "true,false,-",
"Description": "Criticality",
"DefaultValue": "-"
},
"value": "false",
"id": "extCritical"
},
{
"descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Object Identifier",
"DefaultValue": null
},
"value": "1.3.6.1.5.5.7.48.1.5",
"id": "extOID"
}
]
}
},
{
"id": null,
"def": {
"classId": null,
"id": "Signing Alg",
"description": "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA",
"policyAttribute": [
{
"name": "signingAlg",
"Value": "SHA256withRSA",
"Descriptor": {
"Syntax": "choice",
"Constraint": "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
"Description": "Signing Algorithm",
"DefaultValue": null
}
}
],
"params": []
},
"constraint": {
"classId": "SigningAlgConstraint",
"id": "No Constraint",
"description": "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
"constraint": [
{
"descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Allowed Signing Algorithms",
"DefaultValue": "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"
},
"value": "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
"id": "signingAlgsAllowed"
}
]
}
}
]
}
]
}
XML
$ curl \
-k \
-s \
-H "Accept: application/xml" \
--user caadmin:Secret.123 \
https://localhost.localdomain:8443/ca/rest/agent/certrequests/20 | xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<certReviewResponse>
<Attributes/>
<ProfileID>caUserCert</ProfileID>
<Renewal>false</Renewal>
<Input>
<ClassID>KeyGenInput</ClassID>
<Name>Key Generation</Name>
<Attribute name="cert_request_type">
<Value>pkcs10</Value>
</Attribute>
<Attribute name="cert_request">
<Value>-----BEGIN CERTIFICATE REQUEST-----
MIICXzCCAUcCAQAwGjEYMBYGCgmSJomT8ixkAQETCHRlc3R1c2VyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA8VfCbrwYhBqds9Q1GvE/KQioT+WgeIt6vyKkBIJKFfAWgoiAy8oKMVIc
j8ajwqtmV5/e/kv1ahzf1gIq5ARYVDvjm0gOyqz//0YPL4X6K9euMcV3rDU+y73/v0Z8CSPaF0RC
sYox1B/VVukgxpWfRL0m1Vjtp9qRR9wBcSV4Io5rCTCXgTkVTNuuQwXuilkvcfKOi19NhqiEeTtj
f3UyXl1cECUM/Zk4kNj/CCOf4UVNh4BhDygu7nGrN0BUaBOurbMgq65BWn11olDuwaoHzklmJ8gO
SwL7pwQhe3Yn4zXO5nqi2T85sGlItzDj78dUgEaJlhX9n7jCTlABdtfvzQIDAQABoAAwDQYJKoZI
hvcNAQELBQADggEBAE1GBhjNVBYF3oOLsq9NMnklxkTIWTVjby+Kkrapnp39csWlt6V+NVSI6cvW
pRDES7WlV2f0gBQiH/qtRz9GPR/hisLkpX1bvGgTW/oi5nah5L3o0W2KRHk7Di4nLnDXteSSAPnI
Ja80li+bgNGqhkCOn4dnej9CeuKCRpNfx6dW4TWktE3Z8FuuNKzB2Qji8XOT2KZyNHlOLgY13tX/
1EpsBDbUP7GvkXqj3ZR62jOOUhHcmlgyABiN3I7NyOMJrrSe3uTLmMtAbGdFxC27azXMOeNl57DV
osikU4aC15xi78BUrYnnpHGxTjueZgrmjyYA2ihcy6tLsWVpp1OHMmQ=
-----END CERTIFICATE REQUEST-----</Value>
</Attribute>
</Input>
<Input>
<ClassID>SubjectNameInput</ClassID>
<Name>Subject Name</Name>
<Attribute name="sn_uid">
<Value>testuser</Value>
</Attribute>
</Input>
<Input>
<ClassID>SubmitterInfoInput</ClassID>
<Name>Requestor Information</Name>
</Input>
<ProfilePolicySet>
<policies>
<def id="Subject Name Default">
<description>This default populates a User-Supplied Certificate Subject Name to the request.</description>
<policyAttribute name="name">
<Value>UID=testuser</Value>
<Descriptor>
<Syntax>string</Syntax>
<Description>Subject Name</Description>
</Descriptor>
</policyAttribute>
</def>
<constraint id="Subject Name Constraint">
<description>This constraint accepts the subject name that matches UID=.*</description>
<classId>SubjectNameConstraint</classId>
<constraint id="pattern">
<descriptor>
<Syntax>string</Syntax>
<Description>Subject Name Pattern</Description>
</descriptor>
<value>UID=.*</value>
</constraint>
</constraint>
</policies>
<policies>
<def id="No Default">
<description>No Default</description>
</def>
<constraint id="Renewal Grace Period Constraint">
<description>This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.</description>
<classId>RenewGracePeriodConstraint</classId>
<constraint id="renewal.graceBefore">
<descriptor>
<Syntax>integer</Syntax>
<Description>Renewal Grace Period Before</Description>
<DefaultValue>30</DefaultValue>
</descriptor>
<value>30</value>
</constraint>
<constraint id="renewal.graceAfter">
<descriptor>
<Syntax>integer</Syntax>
<Description>Renewal Grace Period After</Description>
<DefaultValue>30</DefaultValue>
</descriptor>
<value>30</value>
</constraint>
</constraint>
</policies>
<policies>
<def id="Validity Default">
<description>This default populates a Certificate Validity to the request. The default values are Range=180 in days</description>
<policyAttribute name="notBefore">
<Value>2021-08-23 22:21:49</Value>
<Descriptor>
<Syntax>string</Syntax>
<Description>Not Before</Description>
</Descriptor>
</policyAttribute>
<policyAttribute name="notAfter">
<Value>2022-02-19 22:21:49</Value>
<Descriptor>
<Syntax>string</Syntax>
<Description>Not After</Description>
</Descriptor>
</policyAttribute>
</def>
<constraint id="Validity Constraint">
<description>This constraint rejects the validity that is not between 365 days.</description>
<classId>ValidityConstraint</classId>
<constraint id="range">
<descriptor>
<Syntax>integer</Syntax>
<Description>Validity Range</Description>
<DefaultValue>365</DefaultValue>
</descriptor>
<value>365</value>
</constraint>
<constraint id="rangeUnit">
<descriptor>
<Syntax>string</Syntax>
<Description>Validity Range Unit: year, month, day (default), hour, minute</Description>
<DefaultValue>day</DefaultValue>
</descriptor>
<value/>
</constraint>
<constraint id="notBeforeGracePeriod">
<descriptor>
<Syntax>integer</Syntax>
<Description>Grace period for Not Before being set in the future (in seconds).</Description>
<DefaultValue>0</DefaultValue>
</descriptor>
<value/>
</constraint>
<constraint id="notBeforeCheck">
<descriptor>
<Syntax>boolean</Syntax>
<Description>Check Not Before against current time</Description>
<DefaultValue>false</DefaultValue>
</descriptor>
<value>false</value>
</constraint>
<constraint id="notAfterCheck">
<descriptor>
<Syntax>boolean</Syntax>
<Description>Check Not After against Not Before</Description>
<DefaultValue>false</DefaultValue>
</descriptor>
<value>false</value>
</constraint>
</constraint>
</policies>
<policies>
<def id="Key Default">
<description>This default populates a User-Supplied Certificate Key to the request.</description>
<policyAttribute name="TYPE">
<Value>RSA - 1.2.840.113549.1.1.1</Value>
<Descriptor>
<Syntax>string</Syntax>
<Constraint>readonly</Constraint>
<Description>Key Type</Description>
</Descriptor>
</policyAttribute>
<policyAttribute name="LEN">
<Value>2048</Value>
<Descriptor>
<Syntax>string</Syntax>
<Constraint>readonly</Constraint>
<Description>Key Length</Description>
</Descriptor>
</policyAttribute>
<policyAttribute name="KEY">
<Value>30:82:01:0A:02:82:01:01:00:F1:57:C2:6E:BC:18:84:\n1A:9D:B3:D4:35:1A:F1:3F:29:08:A8:4F:E5:A0:78:8B:\n7A:BF:22:A4:04:82:4A:15:F0:16:82:88:80:CB:CA:0A:\n31:52:1C:8F:C6:A3:C2:AB:66:57:9F:DE:FE:4B:F5:6A:\n1C:DF:D6:02:2A:E4:04:58:54:3B:E3:9B:48:0E:CA:AC:\nFF:FF:46:0F:2F:85:FA:2B:D7:AE:31:C5:77:AC:35:3E:\nCB:BD:FF:BF:46:7C:09:23:DA:17:44:42:B1:8A:31:D4:\n1F:D5:56:E9:20:C6:95:9F:44:BD:26:D5:58:ED:A7:DA:\n91:47:DC:01:71:25:78:22:8E:6B:09:30:97:81:39:15:\n4C:DB:AE:43:05:EE:8A:59:2F:71:F2:8E:8B:5F:4D:86:\nA8:84:79:3B:63:7F:75:32:5E:5D:5C:10:25:0C:FD:99:\n38:90:D8:FF:08:23:9F:E1:45:4D:87:80:61:0F:28:2E:\nEE:71:AB:37:40:54:68:13:AE:AD:B3:20:AB:AE:41:5A:\n7D:75:A2:50:EE:C1:AA:07:CE:49:66:27:C8:0E:4B:02:\nFB:A7:04:21:7B:76:27:E3:35:CE:E6:7A:A2:D9:3F:39:\nB0:69:48:B7:30:E3:EF:C7:54:80:46:89:96:15:FD:9F:\nB8:C2:4E:50:01:76:D7:EF:CD:02:03:01:00:01\n</Value>
<Descriptor>
<Syntax>string</Syntax>
<Constraint>readonly</Constraint>
<Description>Key</Description>
</Descriptor>
</policyAttribute>
</def>
<constraint id="Key Constraint">
<description>This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096</description>
<classId>KeyConstraint</classId>
<constraint id="keyType">
<descriptor>
<Syntax>choice</Syntax>
<Constraint>-,RSA,EC</Constraint>
<Description>Key Type</Description>
<DefaultValue>RSA</DefaultValue>
</descriptor>
<value>RSA</value>
</constraint>
<constraint id="keyParameters">
<descriptor>
<Syntax>string</Syntax>
<Description>Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.</Description>
<DefaultValue/>
</descriptor>
<value>1024,2048,3072,4096</value>
</constraint>
</constraint>
</policies>
<policies>
<def id="Authority Key Identifier Default">
<description>This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.</description>
<policyAttribute name="critical">
<Value>false</Value>
<Descriptor>
<Syntax>string</Syntax>
<Constraint>readonly</Constraint>
<Description>Criticality</Description>
</Descriptor>
</policyAttribute>
<policyAttribute name="keyid">
<Value>2B:A7:3C:0B:0C:66:5F:68:CE:A4:66:A8:34:D4:1C:89:\n5C:58:64:44\n</Value>
<Descriptor>
<Syntax>string</Syntax>
<Constraint>readonly</Constraint>
<Description>Key ID</Description>
</Descriptor>
</policyAttribute>
</def>
<constraint id="No Constraint">
<description>No Constraint</description>
<classId>NoConstraint</classId>
</constraint>
</policies>
<policies>
<def id="AIA Extension Default">
<description>This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}</description>
<policyAttribute name="authInfoAccessCritical">
<Value>false</Value>
<Descriptor>
<Syntax>boolean</Syntax>
<Description>Criticality</Description>
<DefaultValue>false</DefaultValue>
</Descriptor>
</policyAttribute>
<policyAttribute name="authInfoAccessGeneralNames">
<Value>Record #0
Method:1.3.6.1.5.5.7.48.1
Location Type:URIName
Location:http://localhost.localdomain:8080/ca/ocsp
Enable:true
</Value>
<Descriptor>
<Syntax>string_list</Syntax>
<Description>General Names</Description>
</Descriptor>
</policyAttribute>
</def>
<constraint id="No Constraint">
<description>No Constraint</description>
<classId>NoConstraint</classId>
</constraint>
</policies>
<policies>
<def id="Key Usage Default">
<description>This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false</description>
<policyAttribute name="keyUsageCritical">
<Value>true</Value>
<Descriptor>
<Syntax>boolean</Syntax>
<Description>Criticality</Description>
<DefaultValue>false</DefaultValue>
</Descriptor>
</policyAttribute>
<policyAttribute name="keyUsageDigitalSignature">
<Value>true</Value>
<Descriptor>
<Syntax>boolean</Syntax>
<Description>Digital Signature</Description>
<DefaultValue>false</DefaultValue>
</Descriptor>
</policyAttribute>
<policyAttribute name="keyUsageNonRepudiation">
<Value>true</Value>
<Descriptor>
<Syntax>boolean</Syntax>
<Description>Non-Repudiation</Description>
<DefaultValue>false</DefaultValue>
</Descriptor>
</policyAttribute>
<policyAttribute name="keyUsageKeyEncipherment">
<Value>true</Value>
<Descriptor>
<Syntax>boolean</Syntax>
<Description>Key Encipherment</Description>
<DefaultValue>false</DefaultValue>
</Descriptor>
</policyAttribute>
<policyAttribute name="keyUsageDataEncipherment">
<Value>false</Value>
<Descriptor>
<Syntax>boolean</Syntax>
<Description>Data Encipherment</Description>
<DefaultValue>false</DefaultValue>
</Descriptor>
</policyAttribute>
<policyAttribute name="keyUsageKeyAgreement">
<Value>false</Value>
<Descriptor>
<Syntax>boolean</Syntax>
<Description>Key Agreement</Description>
<DefaultValue>false</DefaultValue>
</Descriptor>
</policyAttribute>
<policyAttribute name="keyUsageKeyCertSign">
<Value>false</Value>
<Descriptor>
<Syntax>boolean</Syntax>
<Description>Key CertSign</Description>
<DefaultValue>false</DefaultValue>
</Descriptor>
</policyAttribute>
<policyAttribute name="keyUsageCrlSign">
<Value>false</Value>
<Descriptor>
<Syntax>boolean</Syntax>
<Description>CRL Sign</Description>
<DefaultValue>false</DefaultValue>
</Descriptor>
</policyAttribute>
<policyAttribute name="keyUsageEncipherOnly">
<Value>false</Value>
<Descriptor>
<Syntax>boolean</Syntax>
<Description>Encipher Only</Description>
<DefaultValue>false</DefaultValue>
</Descriptor>
</policyAttribute>
<policyAttribute name="keyUsageDecipherOnly">
<Value>false</Value>
<Descriptor>
<Syntax>boolean</Syntax>
<Description>Decipher Only</Description>
<DefaultValue>false</DefaultValue>
</Descriptor>
</policyAttribute>
</def>
<constraint id="Key Usage Extension Constraint">
<description>This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false</description>
<classId>KeyUsageExtConstraint</classId>
<constraint id="keyUsageCritical">
<descriptor>
<Syntax>choice</Syntax>
<Constraint>true,false,-</Constraint>
<Description>Criticality</Description>
<DefaultValue>-</DefaultValue>
</descriptor>
<value>true</value>
</constraint>
<constraint id="keyUsageDigitalSignature">
<descriptor>
<Syntax>choice</Syntax>
<Constraint>true,false,-</Constraint>
<Description>Digital Signature</Description>
<DefaultValue>-</DefaultValue>
</descriptor>
<value>true</value>
</constraint>
<constraint id="keyUsageNonRepudiation">
<descriptor>
<Syntax>choice</Syntax>
<Constraint>true,false,-</Constraint>
<Description>Non-Repudiation</Description>
<DefaultValue>-</DefaultValue>
</descriptor>
<value>true</value>
</constraint>
<constraint id="keyUsageKeyEncipherment">
<descriptor>
<Syntax>choice</Syntax>
<Constraint>true,false,-</Constraint>
<Description>Key Encipherment</Description>
<DefaultValue>-</DefaultValue>
</descriptor>
<value>true</value>
</constraint>
<constraint id="keyUsageDataEncipherment">
<descriptor>
<Syntax>choice</Syntax>
<Constraint>true,false,-</Constraint>
<Description>Data Encipherment</Description>
<DefaultValue>-</DefaultValue>
</descriptor>
<value>false</value>
</constraint>
<constraint id="keyUsageKeyAgreement">
<descriptor>
<Syntax>choice</Syntax>
<Constraint>true,false,-</Constraint>
<Description>Key Agreement</Description>
<DefaultValue>-</DefaultValue>
</descriptor>
<value>false</value>
</constraint>
<constraint id="keyUsageKeyCertSign">
<descriptor>
<Syntax>choice</Syntax>
<Constraint>true,false,-</Constraint>
<Description>Key CertSign</Description>
<DefaultValue>-</DefaultValue>
</descriptor>
<value>false</value>
</constraint>
<constraint id="keyUsageCrlSign">
<descriptor>
<Syntax>choice</Syntax>
<Constraint>true,false,-</Constraint>
<Description>CRL Sign</Description>
<DefaultValue>-</DefaultValue>
</descriptor>
<value>false</value>
</constraint>
<constraint id="keyUsageEncipherOnly">
<descriptor>
<Syntax>choice</Syntax>
<Constraint>true,false,-</Constraint>
<Description>Encipher Only</Description>
<DefaultValue>-</DefaultValue>
</descriptor>
<value>false</value>
</constraint>
<constraint id="keyUsageDecipherOnly">
<descriptor>
<Syntax>choice</Syntax>
<Constraint>true,false,-</Constraint>
<Description>Decipher Only</Description>
<DefaultValue>-</DefaultValue>
</descriptor>
<value>false</value>
</constraint>
</constraint>
</policies>
<policies>
<def id="Extended Key Usage Extension Default">
<description>This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4</description>
<policyAttribute name="exKeyUsageCritical">
<Value>false</Value>
<Descriptor>
<Syntax>boolean</Syntax>
<Description>Criticality</Description>
<DefaultValue>false</DefaultValue>
</Descriptor>
</policyAttribute>
<policyAttribute name="exKeyUsageOIDs">
<Value>1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4</Value>
<Descriptor>
<Syntax>string_list</Syntax>
<Description>Comma-Separated list of Object Identifiers</Description>
</Descriptor>
</policyAttribute>
</def>
<constraint id="No Constraint">
<description>No Constraint</description>
<classId>NoConstraint</classId>
</constraint>
</policies>
<policies>
<def id="Subject Alt Name Constraint">
<description>This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}</description>
<policyAttribute name="subjAltNameExtCritical">
<Descriptor>
<Syntax>boolean</Syntax>
<Description>Criticality</Description>
<DefaultValue>false</DefaultValue>
</Descriptor>
</policyAttribute>
<policyAttribute name="subjAltNames">
<Descriptor>
<Syntax>string_list</Syntax>
<Description>General Names</Description>
</Descriptor>
</policyAttribute>
</def>
<constraint id="No Constraint">
<description>No Constraint</description>
<classId>NoConstraint</classId>
</constraint>
</policies>
<policies>
<def id="Signing Alg">
<description>This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA</description>
<policyAttribute name="signingAlg">
<Value>SHA256withRSA</Value>
<Descriptor>
<Syntax>choice</Syntax>
<Constraint>SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS</Constraint>
<Description>Signing Algorithm</Description>
</Descriptor>
</policyAttribute>
</def>
<constraint id="No Constraint">
<description>This constraint accepts only the Signing Algorithms of SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS</description>
<classId>SigningAlgConstraint</classId>
<constraint id="signingAlgsAllowed">
<descriptor>
<Syntax>string</Syntax>
<Description>Allowed Signing Algorithms</Description>
<DefaultValue>SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC</DefaultValue>
</descriptor>
<value>SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS</value>
</constraint>
</constraint>
</policies>
</ProfilePolicySet>
<nonce>-6869883827433549091</nonce>
<requestId>20</requestId>
<requestType>enrollment</requestType>
<requestStatus>pending</requestStatus>
<requestOwner/>
<requestCreationTime>Mon Aug 23 22:21:49 CDT 2021</requestCreationTime>
<requestModificationTime>Mon Aug 23 22:21:49 CDT 2021</requestModificationTime>
<requestNotes/>
<profileApprovedBy>admin</profileApprovedBy>
<profileSetId>userCertSet</profileSetId>
<profileIsVisible>true</profileIsVisible>
<profileName>Manual User Dual-Use Certificate Enrollment</profileName>
<profileDescription>This certificate profile is for enrolling user certificates.</profileDescription>
<profileRemoteHost>127.0.0.1</profileRemoteHost>
<profileRemoteAddr>127.0.0.1</profileRemoteAddr>
</certReviewResponse>