forked from dogtagpki/pki
-
Notifications
You must be signed in to change notification settings - Fork 1
PKI REST API v2
Marco Fargetta edited this page Dec 12, 2024
·
18 revisions
This page describes the REST API v2 endpoints.
|
Warning
|
This feature is still under development. The API might still change. Do not use it in production. |
| Path | Method | Parameters | Return code | Mime | Input |
|---|---|---|---|---|---|
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/pki/v2/info
{
"Name" : "Dogtag Certificate System",
"Version" : "11.6.0",
"Attributes" : {
"Attribute" : [ ]
}
}
|
|||||
|
|
None |
200 |
|
|
Examplecurl --cacert ./ca_signing.crt https://$HOSTNAME:8443/pki/v2/apps
[{"id":"ca","name":"Certificate Authority","path":"/ca"}]
|
|||||
These endpoints are available in multiple subsystem application.
| Path | Method | Parameters | Return code | App | Mime | Input |
|---|---|---|---|---|---|---|
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt --cert ca_admin_cert.p12:Secret.123 \
--cert-type P12 -c session_cookie https://$HOSTNAME:8443/ca/v2/account/login
{
"id" : "caadmin",
"FullName" : "caadmin",
"Email" : "caadmin@example.com",
"Roles" : [ "Administrators", "Certificate Manager Agents", "Enterprise CA Administrators", "Enterprise KRA Administrators", "Enterprise OCSP Administrators", "Enterprise RA Administrators", "Enterprise TKS Administrators", "Enterprise TPS Administrators", "Security Domain Administrators" ],
"Attributes" : {
"Attribute" : [ ]
}
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
No output expected |
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/account/logout |
||||||
|
|
start, size, filter |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
"https://$HOSTNAME:8443/ca/v2/admin/groups?size=3&filter=Admin"
{
"total" : 8,
"entries" : [ {
"id" : "Administrators",
"GroupID" : "Administrators",
"Description" : "People who manage the Certificate System"
}, {
"id" : "Security Domain Administrators",
"GroupID" : "Security Domain Administrators",
"Description" : "People who are the Security Domain administrators"
}, {
"id" : "Enterprise CA Administrators",
"GroupID" : "Enterprise CA Administrators",
"Description" : "People who are the administrators for the security domain for CA"
} ]
}
|
||||||
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
|
A json of a single group with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"GroupID": "NewGroup", "Description":"This is a new group"}' \
https://$HOSTNAME:8443/ca/v2/admin/groups
{
"id" : "NewGroup",
"GroupID" : "NewGroup",
"Description" : "This is a new group"
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup
{
"id" : "NewGroup",
"GroupID" : "NewGroup",
"Description" : "This is a new group"
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
A group json with only the information to update |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"Description":"This is the new group"}' \
-X PATCH https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup
{
"id" : "NewGroup",
"GroupID" : "NewGroup",
"Description" : "This is the new group"
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie
-X DELETE https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup
|
||||||
|
|
start, size, filter |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/admin/groups/Administrators/members
{
"total" : 1,
"entries" : [ {
"id" : "caadmin",
"groupID" : "Administrators"
} ]
}
|
||||||
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
|
A json with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"id": "caadmin"}' \
https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members
{
"id" : "caadmin",
"groupID" : "NewGroup"
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members/caadmin
{
"id" : "caadmin",
"groupID" : "NewGroup"
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie
-X DELETE https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members/caadmin
|
||||||
|
|
start, size, filter |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/admin/users?size=3&filter=Admin"
{
"total" : 1,
"entries" : [ {
"id" : "caadmin",
"UserID" : "caadmin",
"FullName" : "caadmin"
} ]
}
|
||||||
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
|
A json for the user with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"UserID": "newUser", "FullName":"New User"}' \
https://$HOSTNAME:8443/ca/v2/admin/users
{
"id" : "newUser",
"UserID" : "newUser",
"FullName" : "New User"
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/admin/users/newUser
{
"id" : "newUser",
"UserID" : "newUser",
"FullName" : "New User"
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
A json with user information to update |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"FullName":"The New User"}' \
-X PATCH https://$HOSTNAME:8443/ca/v2/admin/users/newUser
{
"id" : "newUser",
"UserID" : "newUser",
"FullName" : "The New User"
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser
|
||||||
|
|
size, start |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs
{
"total" : 1,
"entries" : [ {
"Version" : 2,
"SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"SubjectDN" : "UID=newUser",
"id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser"
} ]
}
|
||||||
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
|
Json with certificate in pem format inside |
Example$ curl --cacert ./ca_signing.crt -b session_cookie
--json '{"Encoded":"-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n"}' \
https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs
{
"Version" : 2,
"SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"SubjectDN" : "UID=newUser",
"Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n",
"id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser"
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs/2%3B219636095195869852359558645775241978227%3BCN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE%3BUID%3DnewUser
{
"Version" : 2,
"SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"SubjectDN" : "UID=newUser",
"PrettyPrint" : " Certificate: \n Data: \n Version: v3\n Serial Number: 0xA53C5F8E01BAB930295A1C56134E2173\n Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Issuer: CN=CA Signing Certificate, OU=pki-tomcat, O=EXAMPLE\n Validity: \n Not Before: Wednesday, October 30, 2024, 9:40:40?AM Coordinated Universal Time Etc/UTC\n Not After: Monday, April 28, 2025, 9:40:40?AM Coordinated Universal Time Etc/UTC\n Subject: UID=newUser\n Subject Public Key Info: \n Algorithm: RSA - 1.2.840.113549.1.1.1\n Public Key: \n Exponent: 65537\n Public Key Modulus: (2048 bits) :\n BE:79:34:02:6D:DA:45:97:AF:74:FA:8B:B4:38:78:1A:\n 4B:A4:67:CF:52:AC:20:58:AB:3F:F2:5B:22:03:74:49:\n D3:1E:D2:54:77:22:70:6F:08:0B:90:AC:FD:1A:C1:37:\n 67:00:35:A8:B8:10:F0:2F:1E:3A:65:12:F0:33:46:9B:\n BF:98:4E:3C:0F:78:2F:87:9D:7C:5A:86:C8:AF:A8:37:\n AE:CA:B7:3A:9F:36:DA:C8:28:F8:05:69:3E:5C:CC:AA:\n 8B:CC:CF:8B:CE:04:5D:0E:5E:0B:7F:AA:0B:1E:59:12:\n 0C:96:F1:A9:E3:B6:34:97:FF:4F:72:2C:5C:56:44:2A:\n 21:1E:AE:CA:47:70:A9:E8:B2:65:3B:EE:F5:6C:7F:C5:\n 04:57:E8:E2:FF:A6:03:95:B0:8E:A7:59:F8:63:3D:6B:\n B3:65:AB:2B:EB:98:67:14:07:ED:AA:EC:B9:AE:0A:32:\n 82:A8:66:11:72:22:17:B3:2E:A9:60:B8:54:9F:17:DB:\n B7:0C:4B:67:19:86:CD:E8:DA:C2:B7:22:AA:D8:F8:D1:\n 4D:CD:99:D9:24:0C:9F:A7:8B:20:FB:0B:BE:70:E5:37:\n E1:99:9C:26:0D:2A:47:B3:BE:80:9A:03:C4:2C:1A:52:\n 92:2C:84:C1:DC:B2:6A:22:F9:DC:E8:CC:43:9B:83:FF\n Extensions: \n Identifier: Authority Key Identifier - 2.5.29.35\n Critical: no \n Key Identifier: \n A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\n C4:00:E1:25\n Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1\n Critical: no \n Access Description: \n Method #0: ocsp\n Location #0: URIName: http://pki.example.com:8080/ca/ocsp\n Identifier: Key Usage: - 2.5.29.15\n Critical: yes \n Key Usage: \n Digital Signature \n Non Repudiation \n Key Encipherment \n Identifier: Extended Key Usage: - 2.5.29.37\n Critical: no \n Extended Key Usage: \n clientAuth - 1.3.6.1.5.5.7.3.2\n emailProtection - 1.3.6.1.5.5.7.3.4\n Signature: \n Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Signature: \n 01:01:D9:79:88:6B:4D:81:68:7E:61:A5:3A:8A:F0:B3:\n 33:1D:9A:74:88:4F:00:E3:42:37:EE:F0:AD:52:87:98:\n 1E:24:E8:EB:62:8B:3B:3C:86:B7:B8:26:13:9D:E3:7F:\n 7B:F7:FF:B3:D7:D3:66:83:EB:13:27:10:2F:7A:C7:8E:\n 08:EE:42:B0:1A:91:0E:3C:C3:C2:B4:2C:A9:95:52:66:\n 95:73:04:BE:0C:2B:5C:80:7A:C1:33:DE:B9:61:5B:8F:\n 1B:0D:2F:C4:62:FE:02:12:43:7C:7E:3D:AD:B5:FF:D8:\n B0:2A:71:43:24:03:F5:5C:DA:80:D0:CD:BF:44:B3:A8:\n 76:D1:F1:29:68:15:6F:E5:E8:40:6D:65:94:E8:43:A4:\n 04:B3:75:FF:5D:95:29:8D:9E:40:54:93:6D:D9:8F:2E:\n 71:87:CD:C6:97:EC:D9:A0:97:EB:BC:8D:5C:EE:CA:C7:\n 53:62:98:07:09:0E:ED:A2:77:C4:EC:D3:50:4C:74:2D:\n F2:9E:B7:7C:10:DA:0C:C5:30:06:57:C8:0E:1D:CE:9A:\n 47:9F:02:87:D7:A6:F1:7B:63:55:FB:B3:2E:F0:7D:E4:\n AA:49:76:0F:0D:C6:38:03:77:7E:AF:B6:37:A9:FC:AE:\n A9:87:3D:FD:7C:FE:5F:38:53:BC:44:1F:8D:DF:E0:16:\n 26:63:07:6D:EE:D9:EB:75:02:11:83:E9:D9:90:22:15:\n 16:39:6F:8E:C8:3C:77:11:D0:7E:38:03:C5:A6:04:CA:\n F9:57:5A:52:BE:FA:CF:31:05:5D:A6:42:1A:79:14:86:\n C9:10:BA:38:3D:E3:DE:56:0A:CF:9E:40:B5:B3:9D:3C:\n B7:66:EC:FE:B2:CC:79:8E:06:CB:37:8E:91:8C:17:0A:\n 95:5C:86:48:4B:6E:0B:AB:91:C2:EC:06:6E:D4:1C:A7:\n B9:01:18:D7:87:B0:70:59:79:0E:5F:CD:47:65:B3:80:\n 7E:45:91:D9:58:FD:CE:4A:AA:5D:10:92:AA:F3:F8:21\n FingerPrint\n MD2:\n 08:B7:40:5F:0F:75:9B:7D:CE:6A:E6:02:04:0E:42:CE\n MD5:\n 70:FA:86:85:09:4C:A7:AC:C2:7E:16:12:FE:1C:23:6F\n SHA-1:\n CC:01:B7:F5:26:13:47:D9:A5:2C:05:6B:E0:94:16:7E:\n 62:CD:AB:4D\n SHA-256:\n 1A:00:A6:05:FB:14:33:B4:32:71:73:54:06:DA:52:BB:\n C9:3E:BA:24:CA:C2:4D:B2:9B:7F:A5:F7:F8:55:C0:45\n SHA-512:\n D6:C2:13:5B:5C:06:15:90:E9:78:73:C7:0C:EE:70:19:\n 31:79:1F:AB:43:57:B7:97:C8:D7:00:CA:F3:4A:DD:1B:\n 03:BE:50:10:A8:F6:4A:A0:F3:2E:28:AD:7B:7C:1F:E5:\n 70:ED:22:8E:21:DD:D9:E0:8A:7E:4C:47:D3:56:C5:49\n",
"Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n",
"id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser"
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs/2%3B219636095195869852359558645775241978227%3BCN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE%3BUID%3DnewUser
|
||||||
|
|
size, start, filter |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership
{
"total" : 1,
"entries" : [ {
"id" : "Auditors",
"userID" : "newUser"
} ]
}
|
||||||
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
in |
The group name to add the user |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--data 'Auditors' \
https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership
{
"id" : "Auditors",
"userID" : "newUser"
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership/Auditors
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/audit
{
"bufferSize" : 512,
"Status" : "Enabled",
"Signed" : false,
"Interval" : 5,
"Events" : {
"ACCESS_SESSION_ESTABLISH" : "enabled",
"ACCESS_SESSION_TERMINATED" : "enabled",
"ASYMKEY_GENERATION_REQUEST" : "disabled",
"ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
"AUDIT_LOG_DELETE" : "disabled",
"AUDIT_LOG_SHUTDOWN" : "disabled",
"AUDIT_LOG_SIGNING" : "enabled",
"AUDIT_LOG_STARTUP" : "enabled",
"AUTH" : "enabled",
"AUTHORITY_CONFIG" : "enabled",
"AUTHZ" : "enabled",
"CERT_PROFILE_APPROVAL" : "enabled",
"CERT_REQUEST_PROCESSED" : "enabled",
"CERT_SIGNING_INFO" : "enabled",
"CERT_STATUS_CHANGE_REQUEST" : "enabled",
"CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "enabled",
"CIMC_CERT_VERIFICATION" : "disabled",
"CLIENT_ACCESS_SESSION_ESTABLISH" : "enabled",
"CLIENT_ACCESS_SESSION_TERMINATED" : "enabled",
"CMC_ID_POP_LINK_WITNESS" : "disabled",
"CMC_PROOF_OF_IDENTIFICATION" : "disabled",
"CMC_REQUEST_RECEIVED" : "enabled",
"CMC_RESPONSE_SENT" : "enabled",
"CMC_SIGNED_REQUEST_SIG_VERIFY" : "enabled",
"CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "enabled",
"COMPUTE_RANDOM_DATA_REQUEST" : "disabled",
"COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled",
"COMPUTE_SESSION_KEY_REQUEST" : "disabled",
"COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled",
"CONFIG_ACL" : "enabled",
"CONFIG_AUTH" : "enabled",
"CONFIG_CERT_POLICY" : "disabled",
"CONFIG_CERT_PROFILE" : "enabled",
"CONFIG_CRL_PROFILE" : "enabled",
"CONFIG_DRM" : "disabled",
"CONFIG_ENCRYPTION" : "enabled",
"CONFIG_OCSP_PROFILE" : "disabled",
"CONFIG_ROLE" : "enabled",
"CONFIG_SERIAL_NUMBER" : "enabled",
"CONFIG_SIGNED_AUDIT" : "enabled",
"CONFIG_TOKEN_AUTHENTICATOR" : "disabled",
"CONFIG_TOKEN_CONNECTOR" : "disabled",
"CONFIG_TOKEN_GENERAL" : "disabled",
"CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled",
"CONFIG_TOKEN_PROFILE" : "disabled",
"CONFIG_TOKEN_RECORD" : "disabled",
"CONFIG_TRUSTED_PUBLIC_KEY" : "enabled",
"CRL_RETRIEVAL" : "disabled",
"CRL_SIGNING_INFO" : "enabled",
"CRL_VALIDATION" : "disabled",
"DELTA_CRL_GENERATION" : "enabled",
"DELTA_CRL_PUBLISHING" : "disabled",
"DIVERSIFY_KEY_REQUEST" : "disabled",
"DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled",
"ENCRYPT_DATA_REQUEST" : "disabled",
"ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled",
"FULL_CRL_GENERATION" : "enabled",
"FULL_CRL_PUBLISHING" : "disabled",
"INTER_BOUNDARY" : "disabled",
"KEY_GEN_ASYMMETRIC" : "enabled",
"KEY_RECOVERY_AGENT_LOGIN" : "disabled",
"KEY_RECOVERY_REQUEST" : "disabled",
"KEY_STATUS_CHANGE" : "disabled",
"LOG_PATH_CHANGE" : "enabled",
"NON_PROFILE_CERT_REQUEST" : "disabled",
"OCSP_ADD_CA_REQUEST" : "disabled",
"OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled",
"OCSP_GENERATION" : "enabled",
"OCSP_REMOVE_CA_REQUEST" : "disabled",
"OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled",
"OCSP_SIGNING_INFO" : "enabled",
"PROFILE_CERT_REQUEST" : "enabled",
"PROOF_OF_POSSESSION" : "enabled",
"RANDOM_GENERATION" : "enabled",
"ROLE_ASSUME" : "enabled",
"SCHEDULE_CRL_GENERATION" : "enabled",
"SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled",
"SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled",
"SECURITY_DATA_EXPORT_KEY" : "disabled",
"SECURITY_DATA_INFO" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled",
"SECURITY_DOMAIN_UPDATE" : "enabled",
"SELFTESTS_EXECUTION" : "enabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled",
"SERVER_SIDE_KEYGEN_REQUEST" : "enabled",
"SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "enabled",
"SYMKEY_GENERATION_REQUEST" : "disabled",
"SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
"TOKEN_APPLET_UPGRADE" : "disabled",
"TOKEN_AUTH" : "disabled",
"TOKEN_CERT_ENROLLMENT" : "disabled",
"TOKEN_CERT_RENEWAL" : "disabled",
"TOKEN_CERT_RETRIEVAL" : "disabled",
"TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled",
"TOKEN_FORMAT" : "disabled",
"TOKEN_KEY_CHANGEOVER" : "disabled",
"TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled",
"TOKEN_KEY_RECOVERY" : "disabled",
"TOKEN_KEY_SANITY_CHECK" : "disabled",
"TOKEN_OP_REQUEST" : "disabled",
"TOKEN_PIN_RESET" : "disabled",
"TOKEN_STATE_CHANGE" : "disabled"
}
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
A json with same format returned by |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json @audit.json -X PATCH \
https://$HOSTNAME:8443/ca/v2/audit
{
"bufferSize" : 512,
"Status" : "Enabled",
"Signed" : false,
"Interval" : 100,
"Events" : {
"ACCESS_SESSION_ESTABLISH" : "enabled",
"ACCESS_SESSION_TERMINATED" : "disabled",
"ASYMKEY_GENERATION_REQUEST" : "disabled",
"ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
"AUDIT_LOG_DELETE" : "disabled",
"AUDIT_LOG_SHUTDOWN" : "disabled",
"AUDIT_LOG_STARTUP" : "disabled",
"AUTH" : "disabled",
"AUTHORITY_CONFIG" : "disabled",
"AUTHZ" : "disabled",
"CERT_PROFILE_APPROVAL" : "disabled",
"CERT_REQUEST_PROCESSED" : "disabled",
"CERT_SIGNING_INFO" : "disabled",
"CERT_STATUS_CHANGE_REQUEST" : "disabled",
"CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "disabled",
"CIMC_CERT_VERIFICATION" : "disabled",
"CLIENT_ACCESS_SESSION_ESTABLISH" : "disabled",
"CLIENT_ACCESS_SESSION_TERMINATED" : "disabled",
"CMC_ID_POP_LINK_WITNESS" : "disabled",
"CMC_PROOF_OF_IDENTIFICATION" : "disabled",
"CMC_REQUEST_RECEIVED" : "disabled",
"CMC_RESPONSE_SENT" : "disabled",
"CMC_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
"CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
"COMPUTE_RANDOM_DATA_REQUEST" : "disabled",
"COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled",
"COMPUTE_SESSION_KEY_REQUEST" : "disabled",
"COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled",
"CONFIG_ACL" : "disabled",
"CONFIG_AUTH" : "disabled",
"CONFIG_CERT_POLICY" : "disabled",
"CONFIG_CERT_PROFILE" : "disabled",
"CONFIG_CRL_PROFILE" : "disabled",
"CONFIG_DRM" : "disabled",
"CONFIG_ENCRYPTION" : "disabled",
"CONFIG_OCSP_PROFILE" : "disabled",
"CONFIG_ROLE" : "disabled",
"CONFIG_SERIAL_NUMBER" : "disabled",
"CONFIG_SIGNED_AUDIT" : "disabled",
"CONFIG_TOKEN_AUTHENTICATOR" : "disabled",
"CONFIG_TOKEN_CONNECTOR" : "disabled",
"CONFIG_TOKEN_GENERAL" : "disabled",
"CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled",
"CONFIG_TOKEN_PROFILE" : "disabled",
"CONFIG_TOKEN_RECORD" : "disabled",
"CONFIG_TRUSTED_PUBLIC_KEY" : "disabled",
"CRL_RETRIEVAL" : "disabled",
"CRL_SIGNING_INFO" : "disabled",
"CRL_VALIDATION" : "disabled",
"DELTA_CRL_GENERATION" : "disabled",
"DELTA_CRL_PUBLISHING" : "disabled",
"DIVERSIFY_KEY_REQUEST" : "disabled",
"DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled",
"ENCRYPT_DATA_REQUEST" : "disabled",
"ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled",
"FULL_CRL_GENERATION" : "disabled",
"FULL_CRL_PUBLISHING" : "disabled",
"INTER_BOUNDARY" : "disabled",
"KEY_GEN_ASYMMETRIC" : "disabled",
"KEY_RECOVERY_AGENT_LOGIN" : "disabled",
"KEY_RECOVERY_REQUEST" : "disabled",
"KEY_STATUS_CHANGE" : "disabled",
"LOG_PATH_CHANGE" : "disabled",
"NON_PROFILE_CERT_REQUEST" : "disabled",
"OCSP_ADD_CA_REQUEST" : "disabled",
"OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled",
"OCSP_GENERATION" : "disabled",
"OCSP_REMOVE_CA_REQUEST" : "disabled",
"OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled",
"OCSP_SIGNING_INFO" : "disabled",
"PROFILE_CERT_REQUEST" : "disabled",
"PROOF_OF_POSSESSION" : "disabled",
"RANDOM_GENERATION" : "disabled",
"ROLE_ASSUME" : "disabled",
"SCHEDULE_CRL_GENERATION" : "disabled",
"SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled",
"SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled",
"SECURITY_DATA_EXPORT_KEY" : "disabled",
"SECURITY_DATA_INFO" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled",
"SECURITY_DOMAIN_UPDATE" : "disabled",
"SELFTESTS_EXECUTION" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled",
"SERVER_SIDE_KEYGEN_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "disabled",
"SYMKEY_GENERATION_REQUEST" : "disabled",
"SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
"TOKEN_APPLET_UPGRADE" : "disabled",
"TOKEN_AUTH" : "disabled",
"TOKEN_CERT_ENROLLMENT" : "disabled",
"TOKEN_CERT_RENEWAL" : "disabled",
"TOKEN_CERT_RETRIEVAL" : "disabled",
"TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled",
"TOKEN_FORMAT" : "disabled",
"TOKEN_KEY_CHANGEOVER" : "disabled",
"TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled",
"TOKEN_KEY_RECOVERY" : "disabled",
"TOKEN_KEY_SANITY_CHECK" : "disabled",
"TOKEN_OP_REQUEST" : "disabled",
"TOKEN_PIN_RESET" : "disabled",
"TOKEN_STATE_CHANGE" : "disabled"
}
}
|
||||||
|
|
action (enable/disable) |
200 |
ca, kra, ocsp, tks, tps |
|
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST "https://$HOSTNAME:8443/ca/v2/audit?action=enable"
{
"bufferSize" : 512,
"Status" : "Enabled",
"Signed" : false,
"Interval" : 100,
"Events" : {
"ACCESS_SESSION_ESTABLISH" : "enabled",
"ACCESS_SESSION_TERMINATED" : "disabled",
"ASYMKEY_GENERATION_REQUEST" : "disabled",
"ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
"AUDIT_LOG_DELETE" : "disabled",
"AUDIT_LOG_SHUTDOWN" : "disabled",
"AUDIT_LOG_STARTUP" : "disabled",
"AUTH" : "disabled",
"AUTHORITY_CONFIG" : "disabled",
"AUTHZ" : "disabled",
"CERT_PROFILE_APPROVAL" : "disabled",
"CERT_REQUEST_PROCESSED" : "disabled",
"CERT_SIGNING_INFO" : "disabled",
"CERT_STATUS_CHANGE_REQUEST" : "disabled",
"CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "disabled",
"CIMC_CERT_VERIFICATION" : "disabled",
"CLIENT_ACCESS_SESSION_ESTABLISH" : "disabled",
"CLIENT_ACCESS_SESSION_TERMINATED" : "disabled",
"CMC_ID_POP_LINK_WITNESS" : "disabled",
"CMC_PROOF_OF_IDENTIFICATION" : "disabled",
"CMC_REQUEST_RECEIVED" : "disabled",
"CMC_RESPONSE_SENT" : "disabled",
"CMC_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
"CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
"COMPUTE_RANDOM_DATA_REQUEST" : "disabled",
"COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled",
"COMPUTE_SESSION_KEY_REQUEST" : "disabled",
"COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled",
"CONFIG_ACL" : "disabled",
"CONFIG_AUTH" : "disabled",
"CONFIG_CERT_POLICY" : "disabled",
"CONFIG_CERT_PROFILE" : "disabled",
"CONFIG_CRL_PROFILE" : "disabled",
"CONFIG_DRM" : "disabled",
"CONFIG_ENCRYPTION" : "disabled",
"CONFIG_OCSP_PROFILE" : "disabled",
"CONFIG_ROLE" : "disabled",
"CONFIG_SERIAL_NUMBER" : "disabled",
"CONFIG_SIGNED_AUDIT" : "disabled",
"CONFIG_TOKEN_AUTHENTICATOR" : "disabled",
"CONFIG_TOKEN_CONNECTOR" : "disabled",
"CONFIG_TOKEN_GENERAL" : "disabled",
"CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled",
"CONFIG_TOKEN_PROFILE" : "disabled",
"CONFIG_TOKEN_RECORD" : "disabled",
"CONFIG_TRUSTED_PUBLIC_KEY" : "disabled",
"CRL_RETRIEVAL" : "disabled",
"CRL_SIGNING_INFO" : "disabled",
"CRL_VALIDATION" : "disabled",
"DELTA_CRL_GENERATION" : "disabled",
"DELTA_CRL_PUBLISHING" : "disabled",
"DIVERSIFY_KEY_REQUEST" : "disabled",
"DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled",
"ENCRYPT_DATA_REQUEST" : "disabled",
"ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled",
"FULL_CRL_GENERATION" : "disabled",
"FULL_CRL_PUBLISHING" : "disabled",
"INTER_BOUNDARY" : "disabled",
"KEY_GEN_ASYMMETRIC" : "disabled",
"KEY_RECOVERY_AGENT_LOGIN" : "disabled",
"KEY_RECOVERY_REQUEST" : "disabled",
"KEY_STATUS_CHANGE" : "disabled",
"LOG_PATH_CHANGE" : "disabled",
"NON_PROFILE_CERT_REQUEST" : "disabled",
"OCSP_ADD_CA_REQUEST" : "disabled",
"OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled",
"OCSP_GENERATION" : "disabled",
"OCSP_REMOVE_CA_REQUEST" : "disabled",
"OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled",
"OCSP_SIGNING_INFO" : "disabled",
"PROFILE_CERT_REQUEST" : "disabled",
"PROOF_OF_POSSESSION" : "disabled",
"RANDOM_GENERATION" : "disabled",
"ROLE_ASSUME" : "disabled",
"SCHEDULE_CRL_GENERATION" : "disabled",
"SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled",
"SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled",
"SECURITY_DATA_EXPORT_KEY" : "disabled",
"SECURITY_DATA_INFO" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled",
"SECURITY_DOMAIN_UPDATE" : "disabled",
"SELFTESTS_EXECUTION" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled",
"SERVER_SIDE_KEYGEN_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "disabled",
"SYMKEY_GENERATION_REQUEST" : "disabled",
"SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
"TOKEN_APPLET_UPGRADE" : "disabled",
"TOKEN_AUTH" : "disabled",
"TOKEN_CERT_ENROLLMENT" : "disabled",
"TOKEN_CERT_RENEWAL" : "disabled",
"TOKEN_CERT_RETRIEVAL" : "disabled",
"TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled",
"TOKEN_FORMAT" : "disabled",
"TOKEN_KEY_CHANGEOVER" : "disabled",
"TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled",
"TOKEN_KEY_RECOVERY" : "disabled",
"TOKEN_KEY_SANITY_CHECK" : "disabled",
"TOKEN_OP_REQUEST" : "disabled",
"TOKEN_PIN_RESET" : "disabled",
"TOKEN_STATE_CHANGE" : "disabled"
}
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/audit/files
{
"total" : 1,
"entries" : [ {
"name" : "ca_audit",
"size" : 77606
} ]
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/audit/files/ca_audit
0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=CERT_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:C4:00:E1:25] certificate signing info
0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=CRL_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:C4:00:E1:25] CRL signing info
0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=OCSP_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=AB:AF:55:C8:C0:97:C8:B6:AA:47:0D:D0:66:C6:15:E1:B1:EF:EF:77] OCSP signing info
0.main - [29/Oct/2024:11:09:29 UTC] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Success] self tests execution (see selftests.log for details)
0.https-jsse-jss-nio-8443-exec-1 - [29/Oct/2024:11:09:31 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-2 - [29/Oct/2024:11:09:31 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-3 - [29/Oct/2024:11:09:32 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-3 - [29/Oct/2024:11:09:32 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertReceived: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-5 - [29/Oct/2024:11:45:53 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Failure][Info=serverAlertSent: UNEXPECTED_MESSAGE] access session establish failure
0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertReceived: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
|
||||||
|
|
None |
200 |
ca |
||
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/ca/v2/config/features
[{"id":"authority","description":"Lightweight CAs","version":"1.0","enabled":true}]
|
||||||
|
|
None |
200 |
ca |
|
|
Example$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/config/features/authority
{
"id" : "authority",
"description" : "Lightweight CAs",
"version" : "1.0",
"enabled" : true
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/jobs
{
"entries" : [ {
"id" : "certRenewalNotifier",
"enabled" : false,
"cron" : "0 3 * * 1-5",
"pluginName" : "RenewalNotificationJob",
"parameters" : { }
}, {
"id" : "pruning",
"enabled" : false,
"pluginName" : "PruningJob",
"parameters" : { }
}, {
"id" : "publishCerts",
"enabled" : false,
"cron" : "0 0 * * 2",
"pluginName" : "PublishCertsJob",
"parameters" : { }
}, {
"id" : "requestInQueueNotifier",
"enabled" : false,
"cron" : "0 0 * * 0",
"pluginName" : "RequestInQueueJob",
"parameters" : { }
}, {
"id" : "serialNumberUpdate",
"enabled" : false,
"pluginName" : "SerialNumberUpdateJob",
"parameters" : { }
}, {
"id" : "unpublishExpiredCerts",
"enabled" : false,
"cron" : "0 0 * * 6",
"pluginName" : "UnpublishExpiredJob",
"parameters" : { }
} ]
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/jobs/serialNumberUpdate
{
"id" : "serialNumberUpdate",
"enabled" : false,
"pluginName" : "SerialNumberUpdateJob",
"parameters" : { }
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
No output |
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/jobs/serialNumberUpdate/start
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/ca/v2/securityDomain/domainInfo
{
"subsystemArray" : [ {
"hosts" : {
"CA pki.example.com 8443" : {
"id" : "CA pki.example.com 8443",
"Hostname" : "pki.example.com",
"Port" : "8080",
"SecurePort" : "8443",
"SecureEEClientAuthPort" : "8443",
"SecureAgentPort" : "8443",
"SecureAdminPort" : "8443",
"Clone" : "FALSE",
"SubsystemName" : "CA pki.example.com 8443",
"DomainManager" : "TRUE"
}
},
"hostArray" : [ {
"id" : "CA pki.example.com 8443",
"Hostname" : "pki.example.com",
"Port" : "8080",
"SecurePort" : "8443",
"SecureEEClientAuthPort" : "8443",
"SecureAgentPort" : "8443",
"SecureAdminPort" : "8443",
"Clone" : "FALSE",
"SubsystemName" : "CA pki.example.com 8443",
"DomainManager" : "TRUE"
} ],
"id" : "CA"
} ],
"id" : "EXAMPLE",
"subsystems" : {
"CA" : {
"hosts" : {
"CA pki.example.com 8443" : {
"id" : "CA pki.example.com 8443",
"Hostname" : "pki.example.com",
"Port" : "8080",
"SecurePort" : "8443",
"SecureEEClientAuthPort" : "8443",
"SecureAgentPort" : "8443",
"SecureAdminPort" : "8443",
"Clone" : "FALSE",
"SubsystemName" : "CA pki.example.com 8443",
"DomainManager" : "TRUE"
}
},
"hostArray" : [ {
"id" : "CA pki.example.com 8443",
"Hostname" : "pki.example.com",
"Port" : "8080",
"SecurePort" : "8443",
"SecureEEClientAuthPort" : "8443",
"SecureAgentPort" : "8443",
"SecureAdminPort" : "8443",
"Clone" : "FALSE",
"SubsystemName" : "CA pki.example.com 8443",
"DomainManager" : "TRUE"
} ],
"id" : "CA"
}
}
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/ca/v2/securityDomain/hosts
[{"id":"CA pki.example.com 8443","Hostname":"pki.example.com","Port":"8080","SecurePort":"8443","SecureEEClientAuthPort":"8443","SecureAgentPort":"8443","SecureAdminPort":"8443","Clone":"FALSE","SubsystemName":"CA pki.example.com 8443","DomainManager":"TRUE"}]
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
|
Security domain host json with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"id":"CA pki2.example.com 8443","Hostname":"pki2.example.com","Port":"8080","SecurePort":"8443","SecureEEClientAuthPort":"8443","SecureAgentPort":"8443","SecureAdminPort":"8443","Clone":"TRUE","SubsystemName":"CA pki2.example.com 8443","DomainManager":"FALSE"}' \
-X PUT https://$HOSTNAME:8443/ca/v2/securityDomain/hosts
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/ca/v2/securityDomain/hosts/CA%20pki.example.com%208443
{
"id" : "CA pki.example.com 8443",
"Hostname" : "pki.example.com",
"Port" : "8080",
"SecurePort" : "8443",
"SecureEEClientAuthPort" : "8443",
"SecureAgentPort" : "8443",
"SecureAdminPort" : "8443",
"Clone" : "FALSE",
"SubsystemName" : "CA pki.example.com 8443",
"DomainManager" : "TRUE"
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X DELETE https://$HOSTNAME:8443/ca/v2/securityDomain/hosts/CA%20pki.example.com%208443
|
||||||
|
|
hostname, subsystem |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
"https://$HOSTNAME:8443/ca/v2/securityDomain/installToken?hostname=pki.example.com&subsystem=CA"
{
"token" : "4984326538499940852"
}
|
||||||
|
|
start, size, filter |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
"https://$HOSTNAME:8443/ca/v2/selftests?start=2"
{
"total" : 3,
"entries" : [ {
"id" : "SystemCertsVerification",
"enabledAtStartup" : true,
"criticalAtStartup" : true,
"enabledOnDemand" : true,
"criticalOnDemand" : true
} ]
}
|
||||||
|
|
action (run) |
204 |
ca, kra, ocsp, tks, tps |
No output |
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST "https://$HOSTNAME:8443/ca/v2/selftests?action=run"
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/selftests/CAValidity
{
"id" : "CAValidity",
"enabledAtStartup" : false,
"enabledOnDemand" : true,
"criticalOnDemand" : true
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST https://$HOSTNAME:8443/ca/v2/selftests/run
{
"entries" : [ {
"id" : "CAPresence",
"status" : "PASSED"
}, {
"id" : "SystemCertsVerification",
"status" : "PASSED"
}, {
"id" : "CAValidity",
"status" : "PASSED"
} ]
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST https://$HOSTNAME:8443/ca/v2/selftests/CAPresence/run
{
"id" : "CAPresence",
"status" : "PASSED"
}
|
||||||
| Path | Method | Parameters | Return code | Mime | Input |
|---|---|---|---|---|---|
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/admin/kraconnector
{
"host" : "pki.example.com",
"port" : "8443",
"transportCert" : "MIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==",
"uri" : "/kra/agent/kra/connector",
"timeout" : "30",
"local" : "false",
"enable" : "true"
}
|
|||||
|
|
None |
204 |
|
KRA connector configuration in json with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"host":"pki.example.com","port":"8443","transportCert":"MIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==","uri":"/kra/agent/kra/connector","timeout":"30","local":"false","enable":"true"}' https://$HOSTNAME:8443/ca/v2/admin/kraconnector/add
|
|||||
|
|
host, port |
204 |
No output |
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST "https://$HOSTNAME:8443/ca/v2/admin/kraconnector/addHost?host=pki2.example.com&port=8443"
|
|||||
|
|
host, port |
204 |
No output |
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST "https://$HOSTNAME:8443/ca/v2/admin/kraconnector/remove?host=pki.example.com&port=8443"
|
|||||
|
|
pageSize, start, maxTime |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
"https://$HOSTNAME:8443/ca/v2/agent/certrequests?pageSize=2"
{
"total" : 7,
"entries" : [ {
"requestID" : "0x58e47a524bff8fbc512465759b63f424",
"requestType" : "enrollment",
"requestStatus" : "complete",
"creationTime" : 1730200079000,
"modificationTime" : 1730200084000,
"certId" : "0x86614664f6379c1c2d0a39d1e47d3fd0",
"certRequestType" : "pkcs10",
"operationResult" : "success"
}, {
"requestID" : "0x5f2533c00bb8934584decbf1aa9ab987",
"requestType" : "enrollment",
"requestStatus" : "complete",
"creationTime" : 1730200087000,
"modificationTime" : 1730200093000,
"certId" : "0xf84f45cd025332f2b06d1ec58136be89",
"certRequestType" : "pkcs10",
"operationResult" : "success"
} ]
}
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/agent/certrequests/0x5f2533c00bb8934584decbf1aa9ab987
{
"nonce" : "-8579840105031817822",
"requestId" : "0x5f2533c00bb8934584decbf1aa9ab987",
"requestType" : "enrollment",
"requestStatus" : "complete",
"requestOwner" : "",
"requestCreationTime" : "Tue Oct 29 11:08:07 UTC 2024",
"requestModificationTime" : "Tue Oct 29 11:08:13 UTC 2024",
"requestNotes" : "",
"profileApprovedBy" : "system",
"profileSetId" : "ocspCertSet",
"profileIsVisible" : "true",
"profileName" : "Manual OCSP Manager Signing Certificate Enrollment",
"profileDescription" : "This certificate profile is for enrolling OCSP Manager certificates.",
"ProfileID" : "caOCSPCert",
"Renewal" : false,
"Input" : [ {
"ClassID" : "CertReqInput",
"Name" : "Certificate Request Input",
"ConfigAttribute" : [ ],
"Attribute" : [ {
"name" : "cert_request_type",
"Value" : "pkcs10"
}, {
"name" : "cert_request",
"Value" : "-----BEGIN CERTIFICATE REQUEST-----\nMIIDkjCCAfoCAQAwTTEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEkMCIG\nA1UEAwwbQ0EgT0NTUCBTaWduaW5nIENlcnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A\nMIIBigKCAYEAsaCn1oUxVloC5G+Adi8rF40WEk10IL7NUEw9Bm6+704T7pKut9BDOH/8sCU+/bcw\nAHNKUpqKbpS55N7V0xYntfyiD8RxGVY4BxPWMPuhLcb5zRZXybKIvV2KpgOqQmS5+Sx0HrEyA6Xo\nFyB5E7fE/mqheA7V1RyL047m1T0ER/tkHWYldj0aLlYQKv8dmfzW52PRYF08ByVWzTXcByFyO3Tg\nwjN84ksKAfihBiALj92jgbxyOHD/utEFtz8XpjlqLMl7MVYhpeu/p5DbCTPk55OcKwQF6MbLMExl\nSrvF6JBKHLfLdbFY3OwbryP+f1Dc9UlFoDELZjlp+Z2klwlxympqTpsXztMzAQUfRqu5GjcL7v9s\nLmNahVoKfWuZWQEC5FUHyJk3DT/v0jax30QHq3CqoYUWZs/rolfpzInvqSMmDmxHz/nIdEwpmhvt\nAijuwG+Qm1PA4eHy2l3OhIGYWvYgA5oEq/BLZgvi3SOhNR3ctz98rlEI2j3MWy9dYBDhAgMBAAGg\nADANBgkqhkiG9w0BAQsFAAOCAYEAputw+T001caAwVTyZttOf5hmmiHnwqw1BFfoVA1Sy2W9xRrU\nTvCF2/eiSiRbLfsgpikgtOpRuON+m1SiYK/W3v+SkU1d9ewNQo1u2oNh1sjpzZjkLvfEvx4jjiDQ\nmA6GhhMzUiMvWPM9+d97c+1euF8mYvnyGJclutf2OVAhHdii8g5arR+gRGQHWXfziDkm3bFtgO0O\nMazHzehow81cArN27HfPzi2hPb447vekWdrDfW4O1VWp25hxTjef5LYQd8aKTIwYah+zaAqyZG6D\n7xYRxkOhb9d37nFL8qDWAZHyIcAZrkZ72APEqtMLaOewjzVrdbj/J5yncByk8SpW2E/XGy9NlDgi\nmuhMj8PuZXEItvaSpUG+o75b/o0i/CO+t+MgIQhE6dtZkEhRUpbuUN/+kILD++i4N1WB/owcOSuW\nSWER5L0gjpw8+UES4tV3qaS3zUSCZroyoUU430goxeHdk58CAoWrs9vqDdM/NkvjXrQJUmMmAL9f\nkpVhlMfw\n-----END CERTIFICATE REQUEST-----"
} ]
}, {
"ClassID" : "SubmitterInfoInput",
"Name" : "Requestor Information",
"ConfigAttribute" : [ ],
"Attribute" : [ ]
} ],
"Output" : [ ],
"ProfilePolicySet" : [ {
"policies" : [ {
"id" : "1",
"def" : {
"name" : "Subject Name Default",
"text" : "This default populates a User-Supplied Certificate Subject Name to the request.",
"attributes" : [ {
"name" : "name",
"Value" : "CN=CA OCSP Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Subject Name"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "Subject Name Constraint",
"text" : "This constraint accepts the subject name that matches CN=.*",
"classId" : "SubjectNameConstraint",
"constraints" : [ {
"name" : "pattern",
"descriptor" : {
"Syntax" : "string",
"Description" : "Subject Name Pattern"
},
"value" : "CN=.*"
} ]
}
}, {
"id" : "2",
"def" : {
"name" : "Validity Default",
"text" : "This default populates a Certificate Validity to the request. The default values are Range=720 in days",
"attributes" : [ {
"name" : "notBefore",
"Value" : "2024-10-29 11:08:09",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Not Before"
}
}, {
"name" : "notAfter",
"Value" : "2026-10-19 11:08:09",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Not After"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "Validity Constraint",
"text" : "This constraint rejects the validity that is not between 720 days.",
"classId" : "ValidityConstraint",
"constraints" : [ {
"name" : "range",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Validity Range",
"DefaultValue" : "365"
},
"value" : "720"
}, {
"name" : "rangeUnit",
"descriptor" : {
"Syntax" : "string",
"Description" : "Validity Range Unit: year, month, day (default), hour, minute",
"DefaultValue" : "day"
},
"value" : ""
}, {
"name" : "notBeforeGracePeriod",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Grace period for Not Before being set in the future (in seconds).",
"DefaultValue" : "0"
},
"value" : ""
}, {
"name" : "notBeforeCheck",
"descriptor" : {
"Syntax" : "boolean",
"Description" : "Check Not Before against current time",
"DefaultValue" : "false"
},
"value" : "false"
}, {
"name" : "notAfterCheck",
"descriptor" : {
"Syntax" : "boolean",
"Description" : "Check Not After against Not Before",
"DefaultValue" : "false"
},
"value" : "false"
} ]
}
}, {
"id" : "3",
"def" : {
"name" : "Key Default",
"text" : "This default populates a User-Supplied Certificate Key to the request.",
"attributes" : [ {
"name" : "TYPE",
"Value" : "RSA - 1.2.840.113549.1.1.1",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key Type"
}
}, {
"name" : "LEN",
"Value" : "3072",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key Length"
}
}, {
"name" : "KEY",
"Value" : "30:82:01:8A:02:82:01:81:00:B1:A0:A7:D6:85:31:56:\\n5A:02:E4:6F:80:76:2F:2B:17:8D:16:12:4D:74:20:BE:\\nCD:50:4C:3D:06:6E:BE:EF:4E:13:EE:92:AE:B7:D0:43:\\n38:7F:FC:B0:25:3E:FD:B7:30:00:73:4A:52:9A:8A:6E:\\n94:B9:E4:DE:D5:D3:16:27:B5:FC:A2:0F:C4:71:19:56:\\n38:07:13:D6:30:FB:A1:2D:C6:F9:CD:16:57:C9:B2:88:\\nBD:5D:8A:A6:03:AA:42:64:B9:F9:2C:74:1E:B1:32:03:\\nA5:E8:17:20:79:13:B7:C4:FE:6A:A1:78:0E:D5:D5:1C:\\n8B:D3:8E:E6:D5:3D:04:47:FB:64:1D:66:25:76:3D:1A:\\n2E:56:10:2A:FF:1D:99:FC:D6:E7:63:D1:60:5D:3C:07:\\n25:56:CD:35:DC:07:21:72:3B:74:E0:C2:33:7C:E2:4B:\\n0A:01:F8:A1:06:20:0B:8F:DD:A3:81:BC:72:38:70:FF:\\nBA:D1:05:B7:3F:17:A6:39:6A:2C:C9:7B:31:56:21:A5:\\nEB:BF:A7:90:DB:09:33:E4:E7:93:9C:2B:04:05:E8:C6:\\nCB:30:4C:65:4A:BB:C5:E8:90:4A:1C:B7:CB:75:B1:58:\\nDC:EC:1B:AF:23:FE:7F:50:DC:F5:49:45:A0:31:0B:66:\\n39:69:F9:9D:A4:97:09:71:CA:6A:6A:4E:9B:17:CE:D3:\\n33:01:05:1F:46:AB:B9:1A:37:0B:EE:FF:6C:2E:63:5A:\\n85:5A:0A:7D:6B:99:59:01:02:E4:55:07:C8:99:37:0D:\\n3F:EF:D2:36:B1:DF:44:07:AB:70:AA:A1:85:16:66:CF:\\nEB:A2:57:E9:CC:89:EF:A9:23:26:0E:6C:47:CF:F9:C8:\\n74:4C:29:9A:1B:ED:02:28:EE:C0:6F:90:9B:53:C0:E1:\\nE1:F2:DA:5D:CE:84:81:98:5A:F6:20:03:9A:04:AB:F0:\\n4B:66:0B:E2:DD:23:A1:35:1D:DC:B7:3F:7C:AE:51:08:\\nDA:3D:CC:5B:2F:5D:60:10:E1:02:03:01:00:01\\n",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "Key Constraint",
"text" : "This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521",
"classId" : "KeyConstraint",
"constraints" : [ {
"name" : "keyType",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "-,RSA,EC",
"Description" : "Key Type",
"DefaultValue" : "RSA"
},
"value" : "-"
}, {
"name" : "keyParameters",
"descriptor" : {
"Syntax" : "string",
"Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.",
"DefaultValue" : ""
},
"value" : "1024,2048,3072,4096,nistp256,nistp384,nistp521"
} ]
}
}, {
"id" : "4",
"def" : {
"name" : "Authority Key Identifier Default",
"text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.",
"attributes" : [ {
"name" : "critical",
"Value" : "false",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Criticality"
}
}, {
"name" : "keyid",
"Value" : "A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\\nC4:00:E1:25\\n",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key ID"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "NoConstraint",
"constraints" : [ ]
}
}, {
"id" : "5",
"def" : {
"name" : "AIA Extension Default",
"text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}",
"attributes" : [ {
"name" : "authInfoAccessCritical",
"Value" : "false",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "authInfoAccessGeneralNames",
"Value" : "Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://pki.example.com:8080/ca/ocsp\r\nEnable:true\r\n\r\n",
"Descriptor" : {
"Syntax" : "string_list",
"Description" : "General Names"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "NoConstraint",
"constraints" : [ ]
}
}, {
"id" : "6",
"def" : {
"name" : "Extended Key Usage Default",
"text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.9",
"attributes" : [ {
"name" : "exKeyUsageCritical",
"Value" : "false",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "exKeyUsageOIDs",
"Value" : "1.3.6.1.5.5.7.3.9",
"Descriptor" : {
"Syntax" : "string_list",
"Description" : "Comma-Separated list of Object Identifiers"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "Extended Key Usage Extension",
"text" : "This constraint accepts the Extended Key Usage extension, if present, only when Criticality=false, OIDs=1.3.6.1.5.5.7.3.9",
"classId" : "ExtendedKeyUsageExtConstraint",
"constraints" : [ {
"name" : "exKeyUsageCritical",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Criticality",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "exKeyUsageOIDs",
"descriptor" : {
"Syntax" : "string",
"Description" : "Comma-Separated list of Object Identifiers"
},
"value" : "1.3.6.1.5.5.7.3.9"
} ]
}
}, {
"id" : "8",
"def" : {
"name" : "OCSP No Check Extension",
"text" : "This default populates an OCSP No Check Extension (1.3.6.1.5.5.7.48.1.5) to the request. The default values are Criticality=false",
"attributes" : [ {
"name" : "ocspNoCheckCritical",
"Value" : "false",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "This constraint accepts the extension only when Criticality=false, OID=1.3.6.1.5.5.7.48.1.5",
"classId" : "ExtensionConstraint",
"constraints" : [ {
"name" : "extCritical",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Criticality",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "extOID",
"descriptor" : {
"Syntax" : "string",
"Description" : "Object Identifier"
},
"value" : "1.3.6.1.5.5.7.48.1.5"
} ]
}
}, {
"id" : "9",
"def" : {
"name" : "Signing Alg",
"text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA",
"attributes" : [ {
"name" : "signingAlg",
"Value" : "SHA256withRSA",
"Descriptor" : {
"Syntax" : "choice",
"Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
"Description" : "Signing Algorithm"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
"classId" : "SigningAlgConstraint",
"constraints" : [ {
"name" : "signingAlgsAllowed",
"descriptor" : {
"Syntax" : "string",
"Description" : "Allowed Signing Algorithms",
"DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"
},
"value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"
} ]
}
} ]
} ],
"Attributes" : {
"Attribute" : [ ]
}
}
|
|||||
|
|
None |
204 |
No output |
Full cert request json obtained from |
Example$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"nonce":"698006587460251198","requestId":"0x563c6ef28a2aa590fb5df963043be30e","requestType":"enrollment","requestStatus":"pending","requestOwner":"","requestCreationTime":"Wed Oct 30 11:09:30 UTC 2024","requestModificationTime":"Wed Oct 30 11:09:30 UTC 2024","requestNotes":"","profileApprovedBy":"admin","profileSetId":"userCertSet","profileIsVisible":"false","profileName":"Manual User Dual-Use Certificate Enrollment","profileDescription":"This certificate profile is for enrolling user certificates.","profileRemoteHost":"172.18.0.3","profileRemoteAddr":"172.18.0.3","ProfileID":"caUserCert","Renewal":false,"Input":[{"ClassID":"KeyGenInput","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Value":"pkcs10"},{"name":"cert_request","Value":"-----BEGIN CERTIFICATE REQUEST-----\nMIICXjCCAUYCAQAwGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUA\r\nA4IBDwAwggEKAoIBAQCfuroXU/H8AxyI3pBKF7mYRoP+yL0Qucqg9fvnJdY7M/E3OIHg+2l5f2UX\r\nL+Q9ESDZ7EMGxmuORPvqwwNuHSKaW/kfurcdTFlQjVuoXwUwy86D/veAp317tDZZmcjU6DgWrx8M\r\nA5c46Ck8KOa5NOetPjpbCufTLaKmPDM6+Rsei+aY5FMksHh6W+a1djuz1yN0COc60/+pzR4MCzMZ\r\n1N8TYKmtfprectaK9Jj0ckkRZ9zAuAwxdNnfSkNIgu8btBX7+/9IqSi+s/TUTo8jDxXWZkEu+Pn+\r\nCVpuYFd2lvij7gCJ2fKuDy5yyh1HFJFFWqQZ+V+snylBeAwHgk3V9dJvAgMBAAGgADANBgkqhkiG\r\n9w0BAQsFAAOCAQEAfYpmNiENJOVycl9DODw3UEmLDEZl5vDplUaK4E47ITz6rbB/vSQzXB/KDDuU\r\nLq/aqfPhhXFDYaQ3BLlgrxYcuojiDMEkEwi6lU1OxPpEWcCrCSMx0NzsQMA3XSWziMwCc0kyodlQ\r\nRYOEDMWfWNplBA/6kdEb5Vce/UrbOdbquWgcIopYyJ9QdLJJbqvFN2JUwpibd7pJSyglWK/WHk8o\r\nov1jQIkYmSlznQwLQyeliBMMX4pFN3BAgEuo4hFlYeP5r1ig3xsdXmKbZgtGo1FEK7OBHAbfmMs0\r\nNdp2mLo5hvNSTTYl4aATsR9SfljuRtjhZtqPfsonzDAjO+wj5dOC7g==\r\n-----END CERTIFICATE REQUEST-----"}]},{"ClassID":"SubjectNameInput","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Value":"newUser"}]},{"ClassID":"SubmitterInfoInput","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[]}],"Output":[],"ProfilePolicySet":[{"policies":[{"id":"1","def":{"name":"Subject Name Default","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Value":"UID=newUser","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"SubjectNameConstraint","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"RenewGracePeriodConstraint","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Value":"2024-10-30 11:09:30","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Value":"2025-04-28 11:09:30","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"ValidityConstraint","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Value":"RSA - 1.2.840.113549.1.1.1","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Value":"2048","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Value":"30:82:01:0A:02:82:01:01:00:9F:BA:BA:17:53:F1:FC:\\n03:1C:88:DE:90:4A:17:B9:98:46:83:FE:C8:BD:10:B9:\\nCA:A0:F5:FB:E7:25:D6:3B:33:F1:37:38:81:E0:FB:69:\\n79:7F:65:17:2F:E4:3D:11:20:D9:EC:43:06:C6:6B:8E:\\n44:FB:EA:C3:03:6E:1D:22:9A:5B:F9:1F:BA:B7:1D:4C:\\n59:50:8D:5B:A8:5F:05:30:CB:CE:83:FE:F7:80:A7:7D:\\n7B:B4:36:59:99:C8:D4:E8:38:16:AF:1F:0C:03:97:38:\\nE8:29:3C:28:E6:B9:34:E7:AD:3E:3A:5B:0A:E7:D3:2D:\\nA2:A6:3C:33:3A:F9:1B:1E:8B:E6:98:E4:53:24:B0:78:\\n7A:5B:E6:B5:76:3B:B3:D7:23:74:08:E7:3A:D3:FF:A9:\\nCD:1E:0C:0B:33:19:D4:DF:13:60:A9:AD:7E:9A:DE:72:\\nD6:8A:F4:98:F4:72:49:11:67:DC:C0:B8:0C:31:74:D9:\\nDF:4A:43:48:82:EF:1B:B4:15:FB:FB:FF:48:A9:28:BE:\\nB3:F4:D4:4E:8F:23:0F:15:D6:66:41:2E:F8:F9:FE:09:\\n5A:6E:60:57:76:96:F8:A3:EE:00:89:D9:F2:AE:0F:2E:\\n72:CA:1D:47:14:91:45:5A:A4:19:F9:5F:AC:9F:29:41:\\n78:0C:07:82:4D:D5:F5:D2:6F:02:03:01:00:01\\n","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"KeyConstraint","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Value":"false","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Value":"A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\\nC4:00:E1:25\\n","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Value":"Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://pki.example.com:8080/ca/ocsp\r\nEnable:true\r\n\r\n","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Value":"false","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"KeyUsageExtConstraint","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Value":"SHA256withRSA","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"SigningAlgConstraint","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]}],"Attributes":{"Attribute":[]}}' \
https://$HOSTNAME:8443/ca/v2/agent/certrequests/0x563c6ef28a2aa590fb5df963043be30e/approve
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee
{
"id" : "0x55092f4611ad2ede6c4064045d64bdee",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"SubjectDN" : "UID=newUser",
"Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEADCCAmigAwIBAgIQVQkvRhGtLt5sQGQEXWS97jANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQK\r\nDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRp\r\nZmljYXRlMB4XDTI0MTAzMDEwNTMyMVoXDTI1MDQyODEwNTMyMVowGTEXMBUGCgmSJomT8ixkAQEM\r\nB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwESmzBPELRnX6TZDwraEt\r\nLOCo/NVffA3KCPLqHpIedbUGUn58kegtiLCpv84Aq1kcKYGz7Uy4n94NmP4YUxd5HvbUfjI5vCPB\r\n+DsMGleB59sz8StQUQMjI8TtJKZIWx1hPmE9ji7SnNgLXDxf343Bvsny3CTt8/0cavD77+exEjWf\r\nM1Qqlsn/zlfMZRsO0+pzDIisQknsT+MWdJKH7qahfpsR7b+ibp1IjwbdmkLWVV2DpcP303+17VEg\r\nS5EJTuipbXujaAlQgbhZHqt1errA6gpbsf1JgI+rY2tJdLsHK9lk6QuZYkvowSv/wQUlSu8LkY9P\r\n9uQTPmyOO75FJmiHAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUp332LU7iaBRZZqOMreTzdsQA4SUw\r\nPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAv\r\nY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0G\r\nCSqGSIb3DQEBCwUAA4IBgQCi7tLsROR9JTKX/iUGRQqy0vjTuogW0CGj6XDqBdSif9PrCLUoffVc\r\nRubwCuBXk85atycRXnaSLv8wC1uW3X0IrsET+BPLHXTh6uJ5nFE7kfcNVPZziIAjoJc7znQEhiy2\r\nJMqvFSgM/DGu/yJvt5x9GwNJWZyyOdVAU2NTER+aVr0J4QIS5ZXkXwZAuqN9ezxfpWptWn0P6fvW\r\ntLgO/iRFFGKWohvFpGfB2F44eN+zPBQPrtL0sfUSpF+lzpCDTnOqRPCJagm+V3wd4KmzIuFpA1Nj\r\nE2KcqfusDDfLm1czbhTLhdLNVTs29lC5Y1ZlgXZbITtZ0LvW5E3dFPyq7EEv3RDZlRad0M9SmQpN\r\niB38h6a4NLdmsPDbD9SSbyg4XcdNojbEiGTHUGHWFatAnmiv/U3mpWyltbBEUjk5XPl8kiQX7Hw3\r\nnl5+nQ9RZsuJb9Ea/WQjy1Na8ml1EruoVPbmriLyaE6WfHkA/WVKxvDI/eXyNAWy9Z4qKqA2rYDV\r\nMFw=\r\n-----END CERTIFICATE-----\n",
"PKCS7CertChain" : "MIIIsQYJKoZIhvcNAQcCoIIIojCCCJ4CAQExADALBgkqhkiG9w0BBwGgggiGMIIEADCCAmigAwIB\r\nAgIQVQkvRhGtLt5sQGQEXWS97jANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExFMRMw\r\nEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTI0\r\nMTAzMDEwNTMyMVoXDTI1MDQyODEwNTMyMVowGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEi\r\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwESmzBPELRnX6TZDwraEtLOCo/NVffA3KCPLq\r\nHpIedbUGUn58kegtiLCpv84Aq1kcKYGz7Uy4n94NmP4YUxd5HvbUfjI5vCPB+DsMGleB59sz8StQ\r\nUQMjI8TtJKZIWx1hPmE9ji7SnNgLXDxf343Bvsny3CTt8/0cavD77+exEjWfM1Qqlsn/zlfMZRsO\r\n0+pzDIisQknsT+MWdJKH7qahfpsR7b+ibp1IjwbdmkLWVV2DpcP303+17VEgS5EJTuipbXujaAlQ\r\ngbhZHqt1errA6gpbsf1JgI+rY2tJdLsHK9lk6QuZYkvowSv/wQUlSu8LkY9P9uQTPmyOO75FJmiH\r\nAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUp332LU7iaBRZZqOMreTzdsQA4SUwPwYIKwYBBQUHAQEE\r\nMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNV\r\nHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUA\r\nA4IBgQCi7tLsROR9JTKX/iUGRQqy0vjTuogW0CGj6XDqBdSif9PrCLUoffVcRubwCuBXk85atycR\r\nXnaSLv8wC1uW3X0IrsET+BPLHXTh6uJ5nFE7kfcNVPZziIAjoJc7znQEhiy2JMqvFSgM/DGu/yJv\r\nt5x9GwNJWZyyOdVAU2NTER+aVr0J4QIS5ZXkXwZAuqN9ezxfpWptWn0P6fvWtLgO/iRFFGKWohvF\r\npGfB2F44eN+zPBQPrtL0sfUSpF+lzpCDTnOqRPCJagm+V3wd4KmzIuFpA1NjE2KcqfusDDfLm1cz\r\nbhTLhdLNVTs29lC5Y1ZlgXZbITtZ0LvW5E3dFPyq7EEv3RDZlRad0M9SmQpNiB38h6a4NLdmsPDb\r\nD9SSbyg4XcdNojbEiGTHUGHWFatAnmiv/U3mpWyltbBEUjk5XPl8kiQX7Hw3nl5+nQ9RZsuJb9Ea\r\n/WQjy1Na8ml1EruoVPbmriLyaE6WfHkA/WVKxvDI/eXyNAWy9Z4qKqA2rYDVMFwwggR+MIIC5qAD\r\nAgECAhEAhmFGZPY3nBwtCjnR5H0/0DANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExF\r\nMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4X\r\nDTI0MTAyOTExMDgwMFoXDTQ0MTAyOTExMDgwMFowSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UE\r\nCwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTCCAaIwDQYJKoZI\r\nhvcNAQEBBQADggGPADCCAYoCggGBAMofTnE8azu6WaltnTqsOTSEtlHdRTk75sH1xZbYsMyhUagu\r\naIMyR4x1iva5Y620bDKb4lyLF5vJtWKDZvbN5gJW/N5P4u9CZ6UlQ5Tkm5rhvq5v4LN4Sq4hO8bD\r\nPyR6MZFnDbBpnj62e/AUhGVTb5eoG2K7hDUBp4hfYGKi/5G8NkZZlCADSbFytpXJQ86SumjiHbnZ\r\nQPMg9BTZgnMPouZA7SSS1hB/5TCgEeIJpWX8l7rZ+0WfknaoQ7zLz4zJncvsXXiKbEkdbyM8+KLi\r\n3wy5P321xDuwO4A4UcSwHvPOSu5sdLFRV88bsAJ0FLFRHgOdXm5Gl1mMv4oOz8cYRVcKRUScMRUi\r\n1uhkhIOIEhTWmvMz6FZ1mDmRzaPCA6Gc2S6IsUOjzZz5Cyd8wNyEC/zIc9FjPsVudN2YXOGn2T2a\r\nKl2jrNIdtKidxPmk80+3wzTDoqmoHe41DKTozfwPqOQeNvZvM+o/Nr6ibZw6tLt79Hy+CHleSazm\r\n87bJthu6kwIDAQABo2MwYTAdBgNVHQ4EFgQUp332LU7iaBRZZqOMreTzdsQA4SUwHwYDVR0jBBgw\r\nFoAUp332LU7iaBRZZqOMreTzdsQA4SUwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYw\r\nDQYJKoZIhvcNAQELBQADggGBAKgYiwcUiGqi0ugB96gRCuGrPbesKUU05Jv8bNExmG5eUiyaGEZi\r\n0IcD4XLLQ9pAwyDGgvZaBPZl8J+4JSRwGxf/ldQUFcFe9zwutMNOpJb0p1Y8uzNQ54eC+t7pUbuW\r\nHSE/P3Rvsxnx6eWtUqCM0gpN1BxqsgVedL2iyjXjncNNTd/bT7E/giRhE1r0fgmLSz/s8B129DXK\r\ndjhbLrkHYTmMlphtQ9qS38BqUa6GCDuOLwFsahgaHN/+XdRJF+Cb2LXQC2thTNqMCQq9yfWMHPZT\r\n1qujy19qSEUQxjqo5PtO8D8su0nuznjfgOI5zO3wBpVVAJgBjCpND9PKzMSc6ISIgBw9RYorQHTU\r\nPzArn/2VkQvm9+4X/KR/33GftcVfXk/+NFv2AePUG6PosQ3kKpUiA+7W8ivAhoHvwFKpOs2k4yK5\r\nwd7++6/ecHUNzKpKhItZt3UafldyzjzqwEBk/QjYjDEMBklth2p+QPM8lGIUWt6yD/Nzo56TDmgn\r\ndALCtTEA\r\n",
"NotBefore" : "2024-10-30 10:53:21 +0000",
"NotAfter" : "2025-04-28 10:53:21 +0000",
"Status" : "VALID",
"Nonce" : 3355442236351645821
}
|
|||||
|
|
None |
200 |
|
Revoke requst json with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"Reason":"Certificate_Hold","Nonce":7581228038945153660}' \
https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee/revoke
{
"requestID" : "0x887ffed7ad4c0ee94a07700c48895f03",
"requestType" : "revocation",
"requestStatus" : "complete",
"creationTime" : 1730300307000,
"modificationTime" : 1730300307000,
"certId" : "0x55092f4611ad2ede6c4064045d64bdee",
"operationResult" : "success"
}
|
|||||
|
|
None |
200 |
|
Revoke requst json with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"Reason":"Certificate_Hold","Nonce":5052187310204086075}' \
https://$HOSTNAME:8443/ca/v2/agent/certs/0x86614664f6379c1c2d0a39d1e47d3fd0/revoke-ca
{
"requestID" : "0xb28c9fe27d90a97b9ec85d7ad1b32992",
"requestType" : "revocation",
"requestStatus" : "complete",
"creationTime" : 1730300625000,
"modificationTime" : 1730300625000,
"certId" : "0x86614664f6379c1c2d0a39d1e47d3fd0",
"operationResult" : "success"
}
|
|||||
|
|
None |
200 |
|
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee/unrevoke
{
"requestID" : "0xdca57cea1f51ed123dc85dd889a595eb",
"requestType" : "unrevocation",
"requestStatus" : "complete",
"creationTime" : 1730300449000,
"modificationTime" : 1730300449000,
"operationResult" : "success"
}
|
|||||
|
|
id, parentID, dn, issuerDN |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
"https://$HOSTNAME:8443/ca/v2/authorities?issuerDN=CN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE"
{"isHostAuthority":true,"id":"9f75deb6-53b1-48cc-9028-9c899f9526b4","issuerDN":"CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","serial":178621631998145652837496363178029563856,"dn":"CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":true,"description":"Host authority","ready":true}]
|
|||||
|
|
None |
201 |
|
Authority json with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"parentID":"9f75deb6-53b1-48cc-9028-9c899f9526b4","dn":"CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":true}' \
"https://$HOSTNAME:8443/ca/v2/authorities
{
"isHostAuthority" : false,
"id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
"parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
"issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"serial" : 64174415881410080865433595357504971990,
"dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"enabled" : true,
"ready" : true
}
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f
{
"isHostAuthority" : false,
"id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
"parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
"issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"serial" : 64174415881410080865433595357504971990,
"dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"enabled" : true,
"ready" : true
}
|
|||||
|
|
None |
200 |
|
Authority json with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"parentID":"9f75deb6-53b1-48cc-9028-9c899f9526b4","dn":"CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":false}' \
-X PUT https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f
{
"isHostAuthority" : false,
"id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
"parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
"issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"serial" : 64174415881410080865433595357504971990,
"dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"enabled" : false,
"ready" : true
}
|
|||||
|
|
None |
204 |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie \ -X DELETE https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f |
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-H 'Accpet;' -H 'Accept: application/x-pem-file' --output newCert.pem \
https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/cert
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-H 'Accpet;' -H 'Accept: papplication/x-pem-file' --output newChain.pem \
https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/chain
|
|||||
|
|
None |
200 |
|
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/enable
{
"isHostAuthority" : false,
"id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
"parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
"issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"serial" : 64174415881410080865433595357504971990,
"dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"enabled" : true,
"ready" : true
}
|
|||||
|
|
None |
200 |
|
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/disable
{
"isHostAuthority" : false,
"id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
"parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
"issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"serial" : 64174415881410080865433595357504971990,
"dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"enabled" : false,
"ready" : true
}
|
|||||
|
|
None |
204 |
No input expected |
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/renew |
|||||
|
|
None |
200 |
|
Cert enroll request in json with |
Example$ curl --cacert ./ca_signing.crt \
--json '{"ProfileID":"caUserCert","Renewal":false,"RemoteHost":"","RemoteAddress":"","Input":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Value":"pkcs10","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Value":"-----BEGIN CERTIFICATE REQUEST-----\nMIICXjCCAUYCAQAwGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUA\r\nA4IBDwAwggEKAoIBAQDeu/zJSSDYzXcJsH7lZe8fKPV0CIWNAD0g5FpOdcqvcZMwXQsnVqCNdfby\r\nSwX6sGzKEHCXyYxaXHuLMpMJ5pHK1BzRCfjQAkPzWbCN5beg7L/l7Gi+52h0z9R/zTZkG355ja3r\r\nkyd9d0tah5XbPWsdp0BVtPOIK4t0d6F+WkEkC0pyCejtkqoBSf9F1CTHw3iOxhgKMxV+ebC/TM2l\r\n9AvnzAfF91Sf5KAd8hTAhHurgBkqxuzL16ERBbM0DFfie8RCiTVBvvS/6UmfEVH3dMHIuE5flXB+\r\nhMCrj8g7GfWIaA6WzwfkZrNgCjYoVHPivMg+akhMbQg6m0goB3zA/D/zAgMBAAGgADANBgkqhkiG\r\n9w0BAQsFAAOCAQEALi3+agIXworiPVF1qyAr3wLjffzu6RIDiLS9cVHHnnAj1AjEnKFDpwTYeuBk\r\nXaRzgyCHyCLyKSSN337PBUEnxOxNWNIJDCC8gpMcfCCnspos7N9M8dnROD60EUDVdUtfdE+g5JfG\r\nkwlQz3lbktFuQwznf3EUYPPvyMLSG1RITVJyEJ3tH0PZ5GFlDwi5Gw7DTzl7nAWwXZ5LeCa9b6d8\r\nwCbPAAHA2OCYck1PyLrFlAnmF5udsY4AY7b5YK5iIqysWikXYqexk/oE707XJhX+btDYx0W4qI8j\r\nhc50ZHgtobGXAgqNQvL2WOtmEJY2Fwpl+ejuGi6bamzTkXqh/Vi+XQ==\r\n-----END CERTIFICATE REQUEST-----\n","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Value":"newUser","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Value":"","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Value":"","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Value":"","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Value":"","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"Output":[],"Attributes":{"Attribute":[]}}' \
https://$HOSTNAME:8443/ca/v2/certrequests
{
"total" : 1,
"entries" : [ {
"requestID" : "0xd3e6013b9ae406efe9b8d45029faee9a",
"requestType" : "enrollment",
"requestStatus" : "pending",
"creationTime" : 1730309766543,
"modificationTime" : 1730309766566,
"certRequestType" : "pkcs10",
"operationResult" : "success"
} ]
}
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/ca/v2/certrequests/0xd3e6013b9ae406efe9b8d45029faee9a
{
"requestID" : "0xd3e6013b9ae406efe9b8d45029faee9a",
"requestType" : "enrollment",
"requestStatus" : "pending",
"creationTime" : 1730309766000,
"modificationTime" : 1730309766000,
"certRequestType" : "pkcs10",
"operationResult" : "success"
}
|
|||||
|
|
size, start |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt \
"https://$HOSTNAME:8443/ca/v2/certrequests/profiles?size=2&start=4"
{
"total" : 26,
"entries" : [ {
"profileId" : "AdminCert",
"profileName" : "Manual Administrator Certificate Enrollment",
"profileDescription" : "This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.",
"profileVisible" : true,
"profileEnable" : true,
"profileEnableBy" : "admin"
}, {
"profileId" : "ECAdminCert",
"profileName" : "Manual Administrator Certificate Enrollment with ECC keys",
"profileDescription" : "This certificate profile is for enrolling Administrator's certificates with ECC keys suitable for use by clients such as browsers.",
"profileVisible" : true,
"profileEnable" : true,
"profileEnableBy" : "admin"
} ]
}
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/ca/v2/certrequests/profiles/caUserCert
{
"ProfileID" : "caUserCert",
"Renewal" : false,
"RemoteHost" : "",
"RemoteAddress" : "",
"Input" : [ {
"id" : "i1",
"ClassID" : "keyGenInputImpl",
"Name" : "Key Generation",
"ConfigAttribute" : [ ],
"Attribute" : [ {
"name" : "cert_request_type",
"Value" : "",
"Descriptor" : {
"Syntax" : "keygen_request_type",
"Description" : "Key Generation Request Type"
}
}, {
"name" : "cert_request",
"Value" : "",
"Descriptor" : {
"Syntax" : "keygen_request",
"Description" : "Key Generation Request"
}
} ]
}, {
"id" : "i2",
"ClassID" : "subjectNameInputImpl",
"Name" : "Subject Name",
"ConfigAttribute" : [ ],
"Attribute" : [ {
"name" : "sn_uid",
"Value" : "",
"Descriptor" : {
"Syntax" : "string",
"Description" : "UID"
}
}, {
"name" : "sn_e",
"Value" : "",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Email"
}
}, {
"name" : "sn_cn",
"Value" : "",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Common Name"
}
}, {
"name" : "sn_ou3",
"Value" : "",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit 3"
}
}, {
"name" : "sn_ou2",
"Value" : "",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit 2"
}
}, {
"name" : "sn_ou1",
"Value" : "",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit 1"
}
}, {
"name" : "sn_ou",
"Value" : "",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit"
}
}, {
"name" : "sn_o",
"Value" : "",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organization"
}
}, {
"name" : "sn_c",
"Value" : "",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Country"
}
} ]
}, {
"id" : "i3",
"ClassID" : "submitterInfoInputImpl",
"Name" : "Requestor Information",
"ConfigAttribute" : [ ],
"Attribute" : [ {
"name" : "requestor_name",
"Value" : "",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Requestor Name"
}
}, {
"name" : "requestor_email",
"Value" : "",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Requestor Email"
}
}, {
"name" : "requestor_phone",
"Value" : "",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Requestor Phone"
}
} ]
} ],
"Output" : [ ],
"Attributes" : {
"Attribute" : [ ]
}
}
|
|||||
|
|
size, start, maxTime |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt \
"https://$HOSTNAME:8443/ca/v2/certs?size=2&start=4"
{
"entries" : [ {
"id" : "0xc99ff8f6549f903d8df28a4e5f5105f3",
"SubjectDN" : "CN=CA Audit Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"Status" : "VALID",
"Type" : "X.509",
"Version" : 2,
"KeyAlgorithmOID" : "1.2.840.113549.1.1.1",
"KeyLength" : 2048,
"NotValidBefore" : 1730308885000,
"NotValidAfter" : 1792516885000,
"IssuedOn" : 1730308887000,
"IssuedBy" : "system"
}, {
"id" : "0x6d5c045d3443ced273ab8d7955835db1",
"SubjectDN" : "CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"Status" : "VALID",
"Type" : "X.509",
"Version" : 2,
"KeyAlgorithmOID" : "1.2.840.113549.1.1.1",
"KeyLength" : 2048,
"NotValidBefore" : 1730308904000,
"NotValidAfter" : 1792516904000,
"IssuedOn" : 1730308905000,
"IssuedBy" : "system"
} ]
}
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/ca/v2/certs/0x6d5c045d3443ced273ab8d7955835db1
{
"id" : "0x6d5c045d3443ced273ab8d7955835db1",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"SubjectDN" : "CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE",
"Encoded" : "-----BEGIN CERTIFICATE-----\nMIIETjCCAragAwIBAgIQbVwEXTRDztJzq415VYNdsTANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQK\r\nDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRp\r\nZmljYXRlMB4XDTI0MTAzMDE3MjE0NFoXDTI2MTAyMDE3MjE0NFowZzEQMA4GA1UECgwHRVhBTVBM\r\nRTETMBEGA1UECwwKcGtpLXRvbWNhdDEiMCAGCSqGSIb3DQEJARYTY2FhZG1pbkBleGFtcGxlLmNv\r\nbTEaMBgGA1UEAwwRUEtJIEFkbWluaXN0cmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\r\nAoIBAQDE7ahO2KtW6w2KuVflOLfLO+oE+0EyP3XU73Ese7QVBsZwxOaSNodVrL1P1a0r2w22M1Zr\r\n7B6sI5MrrcBRAhNgcHVooFheQQilMuBV0s6HEEn0CO+94Do2cJxUmWLgifT5Rpgl474RALIC+kCI\r\nnQ09I9TLH8dIuL4ZxUrJ/aMfs94rGSiqpKYmpxVCwkYdtlnqby441IUaZbPPEIu1ooBk0otz37C4\r\nGSm0HguQAc0H55FsVNbjQmnf9ubuoDTub2i2GioBI+Wt+KyDF4SAISsqtgf/tTzPvWNuXk7PvUWe\r\nnHvBSqRJc9xLNlcjr9yDl2r8uIMAE8UT3Hvzmo5WAzNJAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAU\r\ndJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8v\r\ncGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI\r\nKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQAa58Edzk60RBge24P3rrU+xOwc\r\nbCHpl+922hT5LA+KJtwjupUbdONKJf251T4ZvPcQ+jXCCR7PFi0QmrMO9Naoi3o9qzQcDMr0dRWH\r\nhEvm8RQqdVVxkfDXp3sxqTkpPfu+qGQZ+w0laGIagNOjfc/g7ScV3SLDBwAsCuFMPjoTzyqWfeUR\r\nJ4rG/lD73qVzXd30U/mB5X0sx2B/koqumColuUO2GrD0EJsqK6ldFNLLdjgjqJkeJE43BzwBOAww\r\nBnswSwwjPEe6djwFfyQ2gTHWP4LteMha9w/eclMGuybnZFDjWgne+80cMMX1Rzh7CsUv+ub7LfS9\r\noTqj5KwXo133aorjZvrEZVahzU3OEeKBH4dIksOrW6aKp3gQSJEmYcFau7kh5+ZoJaj1snb1aXQe\r\npbi1LBXzOxnub8sMKTu5nTTKt/0mG2tgRSQeZ3k3j02g+WBGaTCpvxfJdH6rQxNaZia+BssWPrGE\r\nGXfjNyGoETEaHb930gItsmEqc8VKH5s=\r\n-----END CERTIFICATE-----\n",
"PKCS7CertChain" : "MIII/gYJKoZIhvcNAQcCoIII7zCCCOsCAQExADALBgkqhkiG9w0BBwGgggjTMIIETjCCAragAwIB\r\nAgIQbVwEXTRDztJzq415VYNdsTANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExFMRMw\r\nEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTI0\r\nMTAzMDE3MjE0NFoXDTI2MTAyMDE3MjE0NFowZzEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwK\r\ncGtpLXRvbWNhdDEiMCAGCSqGSIb3DQEJARYTY2FhZG1pbkBleGFtcGxlLmNvbTEaMBgGA1UEAwwR\r\nUEtJIEFkbWluaXN0cmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE7ahO2KtW\r\n6w2KuVflOLfLO+oE+0EyP3XU73Ese7QVBsZwxOaSNodVrL1P1a0r2w22M1Zr7B6sI5MrrcBRAhNg\r\ncHVooFheQQilMuBV0s6HEEn0CO+94Do2cJxUmWLgifT5Rpgl474RALIC+kCInQ09I9TLH8dIuL4Z\r\nxUrJ/aMfs94rGSiqpKYmpxVCwkYdtlnqby441IUaZbPPEIu1ooBk0otz37C4GSm0HguQAc0H55Fs\r\nVNbjQmnf9ubuoDTub2i2GioBI+Wt+KyDF4SAISsqtgf/tTzPvWNuXk7PvUWenHvBSqRJc9xLNlcj\r\nr9yDl2r8uIMAE8UT3Hvzmo5WAzNJAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq\r\n3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUu\r\nY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG\r\nAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQAa58Edzk60RBge24P3rrU+xOwcbCHpl+922hT5LA+K\r\nJtwjupUbdONKJf251T4ZvPcQ+jXCCR7PFi0QmrMO9Naoi3o9qzQcDMr0dRWHhEvm8RQqdVVxkfDX\r\np3sxqTkpPfu+qGQZ+w0laGIagNOjfc/g7ScV3SLDBwAsCuFMPjoTzyqWfeURJ4rG/lD73qVzXd30\r\nU/mB5X0sx2B/koqumColuUO2GrD0EJsqK6ldFNLLdjgjqJkeJE43BzwBOAwwBnswSwwjPEe6djwF\r\nfyQ2gTHWP4LteMha9w/eclMGuybnZFDjWgne+80cMMX1Rzh7CsUv+ub7LfS9oTqj5KwXo133aorj\r\nZvrEZVahzU3OEeKBH4dIksOrW6aKp3gQSJEmYcFau7kh5+ZoJaj1snb1aXQepbi1LBXzOxnub8sM\r\nKTu5nTTKt/0mG2tgRSQeZ3k3j02g+WBGaTCpvxfJdH6rQxNaZia+BssWPrGEGXfjNyGoETEaHb93\r\n0gItsmEqc8VKH5swggR9MIIC5aADAgECAhAS28bqYgfeAGNdjqMHIBkOMA0GCSqGSIb3DQEBCwUA\r\nMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNp\r\nZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjQxMDMwMTcyMDQ5WhcNNDQxMDMwMTcyMDQ5WjBIMRAwDgYD\r\nVQQKDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENl\r\ncnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwQenLXRjT+lsBoONhHmq\r\npYzEvugiELRtQ1iK1bXTTrRsAcaRscUCeEGfV6K6gVc7ekifckamtxsnx3s5JAjCfUF5K88pGTWe\r\nsXt6u0fg0cIslQP9sDz6dM0P/vjCsnxIgW1eNpeUR61Gwi3nCPXvWZ2zeOKdQReSL+MLby468Ot3\r\nbdEnVwalN70KtQNsB3I9GaFyNOCRa6P6zxR/ETuVRZVkB9mWZxpTvdF6xNlk8UF0jbmsrda3BXth\r\n1X/uej8+qE0cPN3BBvvdpkmJe+DSKq43NsZgaa8sgeGs7RiitI/7TR/gPVU5LtEK+cb93SpzcC+w\r\nhC1O4+kI7TEAK7tZO2FDPQM0lFvBXc/qtEWEa1RqpZKXEwVKCr1xpE4T1aNKnoNJQADcSxITSioq\r\ngkYNmUngeVd0AHe3gcgLOC7cQiY3uJJypVIz9vpHPr7xwxZugEF+YwSJM4zszMTbruaqn7eC90k3\r\n7dcqo4hCGsIRLWIapRG5TTxO7OY2cwzRVNyfAgMBAAGjYzBhMB0GA1UdDgQWBBR0kVsdX96mNxFN\r\nCureUbkKcJKhCTAfBgNVHSMEGDAWgBR0kVsdX96mNxFNCureUbkKcJKhCTAPBgNVHRMBAf8EBTAD\r\nAQH/MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQsFAAOCAYEAJp2R8/AhtSggrO1ewP4G1XnP\r\ng360OJT6rBcQDVKAul929/ipTGxztD70NF4UqL5ofQua79OKUF/hGc1lALKMn2dkKWL9GVpIwu7V\r\nZLU7xIw+ebUVuPpaka4D73viliHyZjFaa9OmWylA6KAnJt1aWuJt2OfRgbW6eL7xymqkCGvFxOoH\r\n5tpFMHgS75pZ5duByYgh94TIK9xxO11BAprlyK8TXHdPCwsqiafrgATpU+zIez6PAN82h1YIAorN\r\n8/5T2iNdXmWDQ02lxKKOCiDFdeB0F3KcgQVmVrGWOzp9j3AhR1+nFaSscv5FIBsFgVtyg1qDmEgh\r\nRasv/xsJfvujZkuLtMhTXBZMMjmOvu8xAYYO5DbNwdjGSq1McUorTX2W7N4w3tIpgByxc6YkVPfK\r\naUCKJG5Sajkzx6mO5GUcbw7wSBdrqoseGXQB7AbNwRTljtSF8KGEDkFfSoGlYsZz4VkY58+7v3IT\r\ntk/wcGo2clVPiQGDduo1Nj+vDa5iTSoEMQA=\r\n",
"NotBefore" : "2024-10-30 17:21:44 +0000",
"NotAfter" : "2026-10-20 17:21:44 +0000",
"Status" : "VALID"
}
|
|||||
|
|
size, start |
200 |
|
Search request json with |
Example$ curl --cacert ./ca_signing.crt \
--json '{"commonName": "PKI Administrator", "subjectInUse": true}' \
https://$HOSTNAME:8443/ca/v2/certs/0x6d5c045d3443ced273ab8d7955835db1
{
"entries" : [ {
"id" : "0x6d5c045d3443ced273ab8d7955835db1",
"SubjectDN" : "CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"Status" : "VALID",
"Type" : "X.509",
"Version" : 2,
"KeyAlgorithmOID" : "1.2.840.113549.1.1.1",
"KeyLength" : 2048,
"NotValidBefore" : 1730308904000,
"NotValidAfter" : 1792516904000,
"IssuedOn" : 1730308905000,
"IssuedBy" : "system"
} ]
}
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/ca/v2/config/cert/signing
{
"id" : "0x86614664f6379c1c2d0a39d1e47d3fd0",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"SubjectDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEfjCCAuagAwIBAgIRAIZhRmT2N5wcLQo50eR9P9AwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMjkxMTA4MDBaFw00NDEwMjkxMTA4MDBaMEgxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUw\r\nggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDKH05xPGs7ulmpbZ06rDk0hLZR3UU5O+bB\r\n9cWW2LDMoVGoLmiDMkeMdYr2uWOttGwym+JcixebybVig2b2zeYCVvzeT+LvQmelJUOU5Jua4b6u\r\nb+CzeEquITvGwz8kejGRZw2waZ4+tnvwFIRlU2+XqBtiu4Q1AaeIX2Biov+RvDZGWZQgA0mxcraV\r\nyUPOkrpo4h252UDzIPQU2YJzD6LmQO0kktYQf+UwoBHiCaVl/Je62ftFn5J2qEO8y8+MyZ3L7F14\r\nimxJHW8jPPii4t8MuT99tcQ7sDuAOFHEsB7zzkrubHSxUVfPG7ACdBSxUR4DnV5uRpdZjL+KDs/H\r\nGEVXCkVEnDEVItboZISDiBIU1przM+hWdZg5kc2jwgOhnNkuiLFDo82c+QsnfMDchAv8yHPRYz7F\r\nbnTdmFzhp9k9mipdo6zSHbSoncT5pPNPt8M0w6KpqB3uNQyk6M38D6jkHjb2bzPqPza+om2cOrS7\r\ne/R8vgh5Xkms5vO2ybYbupMCAwEAAaNjMGEwHQYDVR0OBBYEFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOElMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P\r\nAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQCoGIsHFIhqotLoAfeoEQrhqz23rClFNOSb/GzR\r\nMZhuXlIsmhhGYtCHA+Fyy0PaQMMgxoL2WgT2ZfCfuCUkcBsX/5XUFBXBXvc8LrTDTqSW9KdWPLsz\r\nUOeHgvre6VG7lh0hPz90b7MZ8enlrVKgjNIKTdQcarIFXnS9oso1453DTU3f20+xP4IkYRNa9H4J\r\ni0s/7PAddvQ1ynY4Wy65B2E5jJaYbUPakt/AalGuhgg7ji8BbGoYGhzf/l3USRfgm9i10AtrYUza\r\njAkKvcn1jBz2U9aro8tfakhFEMY6qOT7TvA/LLtJ7s5434DiOczt8AaVVQCYAYwqTQ/TyszEnOiE\r\niIAcPUWKK0B01D8wK5/9lZEL5vfuF/ykf99xn7XFX15P/jRb9gHj1Buj6LEN5CqVIgPu1vIrwIaB\r\n78BSqTrNpOMiucHe/vuv3nB1DcyqSoSLWbd1Gn5Xcs486sBAZP0I2IwxDAZJbYdqfkDzPJRiFFre\r\nsg/zc6Oekw5oJ3QCwrU=\r\n-----END CERTIFICATE-----\n",
"PKCS7CertChain" : "MIIErQYJKoZIhvcNAQcCoIIEnjCCBJoCAQExADALBgkqhkiG9w0BBwGgggSCMIIEfjCCAuagAwIBAgIRAIZhRmT2N5wcLQo50eR9P9AwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMjkxMTA4MDBaFw00NDEwMjkxMTA4MDBaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDKH05xPGs7ulmpbZ06rDk0hLZR3UU5O+bB9cWW2LDMoVGoLmiDMkeMdYr2uWOttGwym+JcixebybVig2b2zeYCVvzeT+LvQmelJUOU5Jua4b6ub+CzeEquITvGwz8kejGRZw2waZ4+tnvwFIRlU2+XqBtiu4Q1AaeIX2Biov+RvDZGWZQgA0mxcraVyUPOkrpo4h252UDzIPQU2YJzD6LmQO0kktYQf+UwoBHiCaVl/Je62ftFn5J2qEO8y8+MyZ3L7F14imxJHW8jPPii4t8MuT99tcQ7sDuAOFHEsB7zzkrubHSxUVfPG7ACdBSxUR4DnV5uRpdZjL+KDs/HGEVXCkVEnDEVItboZISDiBIU1przM+hWdZg5kc2jwgOhnNkuiLFDo82c+QsnfMDchAv8yHPRYz7FbnTdmFzhp9k9mipdo6zSHbSoncT5pPNPt8M0w6KpqB3uNQyk6M38D6jkHjb2bzPqPza+om2cOrS7e/R8vgh5Xkms5vO2ybYbupMCAwEAAaNjMGEwHQYDVR0OBBYEFKd99i1O4mgUWWajjK3k83bEAOElMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOElMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQCoGIsHFIhqotLoAfeoEQrhqz23rClFNOSb/GzRMZhuXlIsmhhGYtCHA+Fyy0PaQMMgxoL2WgT2ZfCfuCUkcBsX/5XUFBXBXvc8LrTDTqSW9KdWPLszUOeHgvre6VG7lh0hPz90b7MZ8enlrVKgjNIKTdQcarIFXnS9oso1453DTU3f20+xP4IkYRNa9H4Ji0s/7PAddvQ1ynY4Wy65B2E5jJaYbUPakt/AalGuhgg7ji8BbGoYGhzf/l3USRfgm9i10AtrYUzajAkKvcn1jBz2U9aro8tfakhFEMY6qOT7TvA/LLtJ7s5434DiOczt8AaVVQCYAYwqTQ/TyszEnOiEiIAcPUWKK0B01D8wK5/9lZEL5vfuF/ykf99xn7XFX15P/jRb9gHj1Buj6LEN5CqVIgPu1vIrwIaB78BSqTrNpOMiucHe/vuv3nB1DcyqSoSLWbd1Gn5Xcs486sBAZP0I2IwxDAZJbYdqfkDzPJRiFFresg/zc6Oekw5oJ3QCwrUxAA==",
"NotBefore" : "Tue Oct 29 11:08:00 UTC 2024",
"NotAfter" : "Sat Oct 29 11:08:00 UTC 2044"
}
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/ca/v2/config/cert/transport
{
"id" : "0x8f6afa7386fdd8efc6c3406ed1e6d8c8",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"SubjectDN" : "CN=DRM Transport Certificate,OU=pki-tomcat,O=EXAMPLE",
"Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNh\r\ndGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZX\r\nnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/\r\nLeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT5\r\n7dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVq\r\ntrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EI\r\nDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYB\r\nBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2Nz\r\ncDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGB\r\nAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPR\r\neYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCq\r\nUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzT\r\ntEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW\r\n+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP\r\n3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ9\r\n1eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==\r\n-----END CERTIFICATE-----\n",
"PKCS7CertChain" : "MIII2QYJKoZIhvcNAQcCoIIIyjCCCMYCAQExADALBgkqhkiG9w0BBwGgggiuMIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63ATCCBH0wggLloAMCAQICEBLbxupiB94AY12OowcgGQ4wDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzIwNDlaFw00NDEwMzAxNzIwNDlaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDBB6ctdGNP6WwGg42EeaqljMS+6CIQtG1DWIrVtdNOtGwBxpGxxQJ4QZ9XorqBVzt6SJ9yRqa3GyfHezkkCMJ9QXkrzykZNZ6xe3q7R+DRwiyVA/2wPPp0zQ/++MKyfEiBbV42l5RHrUbCLecI9e9ZnbN44p1BF5Iv4wtvLjrw63dt0SdXBqU3vQq1A2wHcj0ZoXI04JFro/rPFH8RO5VFlWQH2ZZnGlO90XrE2WTxQXSNuayt1rcFe2HVf+56Pz6oTRw83cEG+92mSYl74NIqrjc2xmBpryyB4aztGKK0j/tNH+A9VTku0Qr5xv3dKnNwL7CELU7j6QjtMQAru1k7YUM9AzSUW8Fdz+q0RYRrVGqlkpcTBUoKvXGkThPVo0qeg0lAANxLEhNKKiqCRg2ZSeB5V3QAd7eByAs4LtxCJje4knKlUjP2+kc+vvHDFm6AQX5jBIkzjOzMxNuu5qqft4L3STft1yqjiEIawhEtYhqlEblNPE7s5jZzDNFU3J8CAwEAAaNjMGEwHQYDVR0OBBYEFHSRWx1f3qY3EU0K6t5RuQpwkqEJMB8GA1UdIwQYMBaAFHSRWx1f3qY3EU0K6t5RuQpwkqEJMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQAmnZHz8CG1KCCs7V7A/gbVec+DfrQ4lPqsFxANUoC6X3b3+KlMbHO0PvQ0XhSovmh9C5rv04pQX+EZzWUAsoyfZ2QpYv0ZWkjC7tVktTvEjD55tRW4+lqRrgPve+KWIfJmMVpr06ZbKUDooCcm3Vpa4m3Y59GBtbp4vvHKaqQIa8XE6gfm2kUweBLvmlnl24HJiCH3hMgr3HE7XUECmuXIrxNcd08LCyqJp+uABOlT7Mh7Po8A3zaHVggCis3z/lPaI11eZYNDTaXEoo4KIMV14HQXcpyBBWZWsZY7On2PcCFHX6cVpKxy/kUgGwWBW3KDWoOYSCFFqy//Gwl++6NmS4u0yFNcFkwyOY6+7zEBhg7kNs3B2MZKrUxxSitNfZbs3jDe0imAHLFzpiRU98ppQIokblJqOTPHqY7kZRxvDvBIF2uqix4ZdAHsBs3BFOWO1IXwoYQOQV9KgaVixnPhWRjnz7u/chO2T/BwajZyVU+JAYN26jU2P68NrmJNKgQxAA==",
"NotBefore" : "Wed Oct 30 17:25:02 UTC 2024",
"NotAfter" : "Tue Oct 20 17:25:02 UTC 2026"
}
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/info
{
"Attributes" : {
"Attribute" : [ ]
}
}
|
|||||
|
|
None |
200 |
|
Certiricate setup request with |
|
|
None |
200 |
|
Certiricate setup request with |
|
|
size, start, visible, enable, enableBy |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
"https://$HOSTNAME:8443/ca/v2/profiles?size=2&visible=true&enable=true&enableBy=admin"
{
"total" : 25,
"entries" : [ {
"profileURL" : "https://pki.example.com:8443/ca/v2/profiles/acmeServerCert",
"profileId" : "acmeServerCert",
"profileName" : "ACME Server Certificate Enrollment",
"profileDescription" : "This certificate profile is for enrolling server certificates via ACME protocol.",
"profileVisible" : true,
"profileEnable" : true,
"profileEnableBy" : "admin"
}, {
"profileURL" : "https://pki.example.com:8443/ca/v2/profiles/caServerKeygen_UserCert",
"profileId" : "caServerKeygen_UserCert",
"profileName" : "Manual User Dual-Use Certificate Enrollment using server-side Key generation",
"profileDescription" : "This certificate profile is for enrolling user certificates using server-side Key generation.",
"profileVisible" : true,
"profileEnable" : true,
"profileEnableBy" : "admin"
} ]
}
|
|||||
|
|
None |
201 |
|
Profile in json format |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"id":"test","classId":"caEnrollImpl","name":"Manual User Dual-Use Certificate Enrollment","description":"This certificate profile is for enrolling user certificates.","enabled":true,"visible":false,"enabledBy":"admin","authzAcl":"","renewal":false,"inputs":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"outputs":[{"id":"o1","name":"Certificate Output","classId":"certOutputImpl","attributes":[{"name":"pretty_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Pretty Print"}},{"name":"b64_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Base-64 Encoded"}}]}],"policySets":{"userCertSet":[{"id":"1","def":{"name":"Subject Name Default","classId":"userSubjectNameDefaultImpl","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[{"name":"useSysEncoding","value":""}]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"subjectNameConstraintImpl","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","classId":"noDefaultImpl","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"renewGracePeriodConstraintImpl","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","classId":"validityDefaultImpl","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[{"name":"range","value":"180"},{"name":"rangeUnit","value":""},{"name":"startTime","value":"0"}]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"validityConstraintImpl","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","classId":"userKeyDefaultImpl","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"keyConstraintImpl","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","classId":"authorityKeyIdentifierExtDefaultImpl","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","classId":"authInfoAccessExtDefaultImpl","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"authInfoAccessCritical","value":"false"},{"name":"authInfoAccessNumADs","value":"1"},{"name":"authInfoAccessADMethod_0","value":"1.3.6.1.5.5.7.48.1"},{"name":"authInfoAccessADLocationType_0","value":"URIName"},{"name":"authInfoAccessADLocation_0","value":""},{"name":"authInfoAccessADEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","classId":"keyUsageExtDefaultImpl","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[{"name":"keyUsageCritical","value":"true"},{"name":"keyUsageDigitalSignature","value":"true"},{"name":"keyUsageNonRepudiation","value":"true"},{"name":"keyUsageKeyEncipherment","value":"true"},{"name":"keyUsageDataEncipherment","value":"false"},{"name":"keyUsageKeyAgreement","value":"false"},{"name":"keyUsageKeyCertSign","value":"false"},{"name":"keyUsageCrlSign","value":"false"},{"name":"keyUsageEncipherOnly","value":"false"},{"name":"keyUsageDecipherOnly","value":"false"}]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"keyUsageExtConstraintImpl","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","classId":"extendedKeyUsageExtDefaultImpl","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[{"name":"exKeyUsageCritical","value":"false"},{"name":"exKeyUsageOIDs","value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","classId":"subjectAltNameExtDefaultImpl","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"subjAltNameExtCritical","value":"false"},{"name":"subjAltNameNumGNs","value":"1"},{"name":"subjAltExtType_0","value":"RFC822Name"},{"name":"subjAltExtPattern_0","value":"$request.requestor_email$"},{"name":"subjAltExtGNEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","classId":"signingAlgDefaultImpl","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[{"name":"signingAlg","value":"-"}]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"signingAlgConstraintImpl","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]},"xmloutput":false}' \
https://$HOSTNAME:8443/ca/v2/profiles
{
"id" : "test",
"classId" : "caEnrollImpl",
"name" : "Manual User Dual-Use Certificate Enrollment",
"description" : "This certificate profile is for enrolling user certificates.",
"enabled" : false,
"visible" : false,
"authzAcl" : "",
"renewal" : false,
"inputs" : [ {
"id" : "i1",
"ClassID" : "keyGenInputImpl",
"Name" : "Key Generation",
"ConfigAttribute" : [ ],
"Attribute" : [ {
"name" : "cert_request_type",
"Descriptor" : {
"Syntax" : "keygen_request_type",
"Description" : "Key Generation Request Type"
}
}, {
"name" : "cert_request",
"Descriptor" : {
"Syntax" : "keygen_request",
"Description" : "Key Generation Request"
}
} ]
}, {
"id" : "i2",
"ClassID" : "subjectNameInputImpl",
"Name" : "Subject Name",
"ConfigAttribute" : [ ],
"Attribute" : [ {
"name" : "sn_uid",
"Descriptor" : {
"Syntax" : "string",
"Description" : "UID"
}
}, {
"name" : "sn_e",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Email"
}
}, {
"name" : "sn_cn",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Common Name"
}
}, {
"name" : "sn_ou3",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit 3"
}
}, {
"name" : "sn_ou2",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit 2"
}
}, {
"name" : "sn_ou1",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit 1"
}
}, {
"name" : "sn_ou",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit"
}
}, {
"name" : "sn_o",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organization"
}
}, {
"name" : "sn_c",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Country"
}
} ]
}, {
"id" : "i3",
"ClassID" : "submitterInfoInputImpl",
"Name" : "Requestor Information",
"ConfigAttribute" : [ ],
"Attribute" : [ {
"name" : "requestor_name",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Requestor Name"
}
}, {
"name" : "requestor_email",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Requestor Email"
}
}, {
"name" : "requestor_phone",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Requestor Phone"
}
} ]
} ],
"outputs" : [ {
"id" : "o1",
"name" : "Certificate Output",
"classId" : "certOutputImpl",
"attributes" : [ {
"name" : "pretty_cert",
"Descriptor" : {
"Syntax" : "pretty_print",
"Description" : "Certificate Pretty Print"
}
}, {
"name" : "b64_cert",
"Descriptor" : {
"Syntax" : "pretty_print",
"Description" : "Certificate Base-64 Encoded"
}
} ]
} ],
"policySets" : {
"userCertSet" : [ {
"id" : "1",
"def" : {
"name" : "Subject Name Default",
"classId" : "userSubjectNameDefaultImpl",
"text" : "This default populates a User-Supplied Certificate Subject Name to the request.",
"attributes" : [ {
"name" : "name",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Subject Name"
}
} ],
"params" : [ {
"name" : "useSysEncoding",
"value" : ""
} ]
},
"constraint" : {
"name" : "Subject Name Constraint",
"text" : "This constraint accepts the subject name that matches UID=.*",
"classId" : "subjectNameConstraintImpl",
"constraints" : [ {
"name" : "pattern",
"descriptor" : {
"Syntax" : "string",
"Description" : "Subject Name Pattern"
},
"value" : "UID=.*"
} ]
}
}, {
"id" : "10",
"def" : {
"name" : "No Default",
"classId" : "noDefaultImpl",
"text" : "No Default",
"attributes" : [ ],
"params" : [ ]
},
"constraint" : {
"name" : "Renewal Grace Period Constraint",
"text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.",
"classId" : "renewGracePeriodConstraintImpl",
"constraints" : [ {
"name" : "renewal.graceBefore",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Renewal Grace Period Before",
"DefaultValue" : "30"
},
"value" : "30"
}, {
"name" : "renewal.graceAfter",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Renewal Grace Period After",
"DefaultValue" : "30"
},
"value" : "30"
} ]
}
}, {
"id" : "2",
"def" : {
"name" : "Validity Default",
"classId" : "validityDefaultImpl",
"text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days",
"attributes" : [ {
"name" : "notBefore",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Not Before"
}
}, {
"name" : "notAfter",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Not After"
}
} ],
"params" : [ {
"name" : "range",
"value" : "180"
}, {
"name" : "rangeUnit",
"value" : ""
}, {
"name" : "startTime",
"value" : "0"
} ]
},
"constraint" : {
"name" : "Validity Constraint",
"text" : "This constraint rejects the validity that is not between 365 days.",
"classId" : "validityConstraintImpl",
"constraints" : [ {
"name" : "range",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Validity Range",
"DefaultValue" : "365"
},
"value" : "365"
}, {
"name" : "rangeUnit",
"descriptor" : {
"Syntax" : "string",
"Description" : "Validity Range Unit: year, month, day (default), hour, minute",
"DefaultValue" : "day"
},
"value" : ""
}, {
"name" : "notBeforeGracePeriod",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Grace period for Not Before being set in the future (in seconds).",
"DefaultValue" : "0"
},
"value" : ""
}, {
"name" : "notBeforeCheck",
"descriptor" : {
"Syntax" : "boolean",
"Description" : "Check Not Before against current time",
"DefaultValue" : "false"
},
"value" : "false"
}, {
"name" : "notAfterCheck",
"descriptor" : {
"Syntax" : "boolean",
"Description" : "Check Not After against Not Before",
"DefaultValue" : "false"
},
"value" : "false"
} ]
}
}, {
"id" : "3",
"def" : {
"name" : "Key Default",
"classId" : "userKeyDefaultImpl",
"text" : "This default populates a User-Supplied Certificate Key to the request.",
"attributes" : [ {
"name" : "TYPE",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key Type"
}
}, {
"name" : "LEN",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key Length"
}
}, {
"name" : "KEY",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "Key Constraint",
"text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096",
"classId" : "keyConstraintImpl",
"constraints" : [ {
"name" : "keyType",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "-,RSA,EC",
"Description" : "Key Type",
"DefaultValue" : "RSA"
},
"value" : "RSA"
}, {
"name" : "keyParameters",
"descriptor" : {
"Syntax" : "string",
"Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.",
"DefaultValue" : ""
},
"value" : "1024,2048,3072,4096"
} ]
}
}, {
"id" : "4",
"def" : {
"name" : "Authority Key Identifier Default",
"classId" : "authorityKeyIdentifierExtDefaultImpl",
"text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.",
"attributes" : [ {
"name" : "critical",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Criticality"
}
}, {
"name" : "keyid",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key ID"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "noConstraintImpl",
"constraints" : [ ]
}
}, {
"id" : "5",
"def" : {
"name" : "AIA Extension Default",
"classId" : "authInfoAccessExtDefaultImpl",
"text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}",
"attributes" : [ {
"name" : "authInfoAccessCritical",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "authInfoAccessGeneralNames",
"Descriptor" : {
"Syntax" : "string_list",
"Description" : "General Names"
}
} ],
"params" : [ {
"name" : "authInfoAccessCritical",
"value" : "false"
}, {
"name" : "authInfoAccessNumADs",
"value" : "1"
}, {
"name" : "authInfoAccessADMethod_0",
"value" : "1.3.6.1.5.5.7.48.1"
}, {
"name" : "authInfoAccessADLocationType_0",
"value" : "URIName"
}, {
"name" : "authInfoAccessADLocation_0",
"value" : ""
}, {
"name" : "authInfoAccessADEnable_0",
"value" : "true"
} ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "noConstraintImpl",
"constraints" : [ ]
}
}, {
"id" : "6",
"def" : {
"name" : "Key Usage Default",
"classId" : "keyUsageExtDefaultImpl",
"text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
"attributes" : [ {
"name" : "keyUsageCritical",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageDigitalSignature",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Digital Signature",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageNonRepudiation",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Non-Repudiation",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageKeyEncipherment",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Key Encipherment",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageDataEncipherment",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Data Encipherment",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageKeyAgreement",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Key Agreement",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageKeyCertSign",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Key CertSign",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageCrlSign",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "CRL Sign",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageEncipherOnly",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Encipher Only",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageDecipherOnly",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Decipher Only",
"DefaultValue" : "false"
}
} ],
"params" : [ {
"name" : "keyUsageCritical",
"value" : "true"
}, {
"name" : "keyUsageDigitalSignature",
"value" : "true"
}, {
"name" : "keyUsageNonRepudiation",
"value" : "true"
}, {
"name" : "keyUsageKeyEncipherment",
"value" : "true"
}, {
"name" : "keyUsageDataEncipherment",
"value" : "false"
}, {
"name" : "keyUsageKeyAgreement",
"value" : "false"
}, {
"name" : "keyUsageKeyCertSign",
"value" : "false"
}, {
"name" : "keyUsageCrlSign",
"value" : "false"
}, {
"name" : "keyUsageEncipherOnly",
"value" : "false"
}, {
"name" : "keyUsageDecipherOnly",
"value" : "false"
} ]
},
"constraint" : {
"name" : "Key Usage Extension Constraint",
"text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
"classId" : "keyUsageExtConstraintImpl",
"constraints" : [ {
"name" : "keyUsageCritical",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Criticality",
"DefaultValue" : "-"
},
"value" : "true"
}, {
"name" : "keyUsageDigitalSignature",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Digital Signature",
"DefaultValue" : "-"
},
"value" : "true"
}, {
"name" : "keyUsageNonRepudiation",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Non-Repudiation",
"DefaultValue" : "-"
},
"value" : "true"
}, {
"name" : "keyUsageKeyEncipherment",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Key Encipherment",
"DefaultValue" : "-"
},
"value" : "true"
}, {
"name" : "keyUsageDataEncipherment",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Data Encipherment",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageKeyAgreement",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Key Agreement",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageKeyCertSign",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Key CertSign",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageCrlSign",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "CRL Sign",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageEncipherOnly",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Encipher Only",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageDecipherOnly",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Decipher Only",
"DefaultValue" : "-"
},
"value" : "false"
} ]
}
}, {
"id" : "7",
"def" : {
"name" : "Extended Key Usage Extension Default",
"classId" : "extendedKeyUsageExtDefaultImpl",
"text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4",
"attributes" : [ {
"name" : "exKeyUsageCritical",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "exKeyUsageOIDs",
"Descriptor" : {
"Syntax" : "string_list",
"Description" : "Comma-Separated list of Object Identifiers"
}
} ],
"params" : [ {
"name" : "exKeyUsageCritical",
"value" : "false"
}, {
"name" : "exKeyUsageOIDs",
"value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
} ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "noConstraintImpl",
"constraints" : [ ]
}
}, {
"id" : "8",
"def" : {
"name" : "Subject Alt Name Constraint",
"classId" : "subjectAltNameExtDefaultImpl",
"text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}",
"attributes" : [ {
"name" : "subjAltNameExtCritical",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "subjAltNames",
"Descriptor" : {
"Syntax" : "string_list",
"Description" : "General Names"
}
} ],
"params" : [ {
"name" : "subjAltNameExtCritical",
"value" : "false"
}, {
"name" : "subjAltNameNumGNs",
"value" : "1"
}, {
"name" : "subjAltExtType_0",
"value" : "RFC822Name"
}, {
"name" : "subjAltExtPattern_0",
"value" : "$request.requestor_email$"
}, {
"name" : "subjAltExtGNEnable_0",
"value" : "true"
} ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "noConstraintImpl",
"constraints" : [ ]
}
}, {
"id" : "9",
"def" : {
"name" : "Signing Alg",
"classId" : "signingAlgDefaultImpl",
"text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA",
"attributes" : [ {
"name" : "signingAlg",
"Descriptor" : {
"Syntax" : "choice",
"Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
"Description" : "Signing Algorithm"
}
} ],
"params" : [ {
"name" : "signingAlg",
"value" : "-"
} ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
"classId" : "signingAlgConstraintImpl",
"constraints" : [ {
"name" : "signingAlgsAllowed",
"descriptor" : {
"Syntax" : "string",
"Description" : "Allowed Signing Algorithms",
"DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"
},
"value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"
} ]
}
} ]
},
"xmloutput" : false
}
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/profiles/caUserCert
{
"id" : "caUserCert",
"classId" : "caEnrollImpl",
"name" : "Manual User Dual-Use Certificate Enrollment",
"description" : "This certificate profile is for enrolling user certificates.",
"enabled" : true,
"visible" : false,
"enabledBy" : "admin",
"authzAcl" : "",
"renewal" : false,
"inputs" : [ {
"id" : "i1",
"ClassID" : "keyGenInputImpl",
"Name" : "Key Generation",
"ConfigAttribute" : [ ],
"Attribute" : [ {
"name" : "cert_request_type",
"Descriptor" : {
"Syntax" : "keygen_request_type",
"Description" : "Key Generation Request Type"
}
}, {
"name" : "cert_request",
"Descriptor" : {
"Syntax" : "keygen_request",
"Description" : "Key Generation Request"
}
} ]
}, {
"id" : "i2",
"ClassID" : "subjectNameInputImpl",
"Name" : "Subject Name",
"ConfigAttribute" : [ ],
"Attribute" : [ {
"name" : "sn_uid",
"Descriptor" : {
"Syntax" : "string",
"Description" : "UID"
}
}, {
"name" : "sn_e",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Email"
}
}, {
"name" : "sn_cn",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Common Name"
}
}, {
"name" : "sn_ou3",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit 3"
}
}, {
"name" : "sn_ou2",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit 2"
}
}, {
"name" : "sn_ou1",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit 1"
}
}, {
"name" : "sn_ou",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit"
}
}, {
"name" : "sn_o",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organization"
}
}, {
"name" : "sn_c",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Country"
}
} ]
}, {
"id" : "i3",
"ClassID" : "submitterInfoInputImpl",
"Name" : "Requestor Information",
"ConfigAttribute" : [ ],
"Attribute" : [ {
"name" : "requestor_name",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Requestor Name"
}
}, {
"name" : "requestor_email",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Requestor Email"
}
}, {
"name" : "requestor_phone",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Requestor Phone"
}
} ]
} ],
"outputs" : [ {
"id" : "o1",
"name" : "Certificate Output",
"classId" : "certOutputImpl",
"attributes" : [ {
"name" : "pretty_cert",
"Descriptor" : {
"Syntax" : "pretty_print",
"Description" : "Certificate Pretty Print"
}
}, {
"name" : "b64_cert",
"Descriptor" : {
"Syntax" : "pretty_print",
"Description" : "Certificate Base-64 Encoded"
}
} ]
} ],
"policySets" : {
"userCertSet" : [ {
"id" : "1",
"def" : {
"name" : "Subject Name Default",
"classId" : "userSubjectNameDefaultImpl",
"text" : "This default populates a User-Supplied Certificate Subject Name to the request.",
"attributes" : [ {
"name" : "name",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Subject Name"
}
} ],
"params" : [ {
"name" : "useSysEncoding",
"value" : ""
} ]
},
"constraint" : {
"name" : "Subject Name Constraint",
"text" : "This constraint accepts the subject name that matches UID=.*",
"classId" : "subjectNameConstraintImpl",
"constraints" : [ {
"name" : "pattern",
"descriptor" : {
"Syntax" : "string",
"Description" : "Subject Name Pattern"
},
"value" : "UID=.*"
} ]
}
}, {
"id" : "10",
"def" : {
"name" : "No Default",
"classId" : "noDefaultImpl",
"text" : "No Default",
"attributes" : [ ],
"params" : [ ]
},
"constraint" : {
"name" : "Renewal Grace Period Constraint",
"text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.",
"classId" : "renewGracePeriodConstraintImpl",
"constraints" : [ {
"name" : "renewal.graceBefore",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Renewal Grace Period Before",
"DefaultValue" : "30"
},
"value" : "30"
}, {
"name" : "renewal.graceAfter",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Renewal Grace Period After",
"DefaultValue" : "30"
},
"value" : "30"
} ]
}
}, {
"id" : "2",
"def" : {
"name" : "Validity Default",
"classId" : "validityDefaultImpl",
"text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days",
"attributes" : [ {
"name" : "notBefore",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Not Before"
}
}, {
"name" : "notAfter",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Not After"
}
} ],
"params" : [ {
"name" : "range",
"value" : "180"
}, {
"name" : "rangeUnit",
"value" : ""
}, {
"name" : "startTime",
"value" : "0"
} ]
},
"constraint" : {
"name" : "Validity Constraint",
"text" : "This constraint rejects the validity that is not between 365 days.",
"classId" : "validityConstraintImpl",
"constraints" : [ {
"name" : "range",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Validity Range",
"DefaultValue" : "365"
},
"value" : "365"
}, {
"name" : "rangeUnit",
"descriptor" : {
"Syntax" : "string",
"Description" : "Validity Range Unit: year, month, day (default), hour, minute",
"DefaultValue" : "day"
},
"value" : ""
}, {
"name" : "notBeforeGracePeriod",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Grace period for Not Before being set in the future (in seconds).",
"DefaultValue" : "0"
},
"value" : ""
}, {
"name" : "notBeforeCheck",
"descriptor" : {
"Syntax" : "boolean",
"Description" : "Check Not Before against current time",
"DefaultValue" : "false"
},
"value" : "false"
}, {
"name" : "notAfterCheck",
"descriptor" : {
"Syntax" : "boolean",
"Description" : "Check Not After against Not Before",
"DefaultValue" : "false"
},
"value" : "false"
} ]
}
}, {
"id" : "3",
"def" : {
"name" : "Key Default",
"classId" : "userKeyDefaultImpl",
"text" : "This default populates a User-Supplied Certificate Key to the request.",
"attributes" : [ {
"name" : "TYPE",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key Type"
}
}, {
"name" : "LEN",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key Length"
}
}, {
"name" : "KEY",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "Key Constraint",
"text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096",
"classId" : "keyConstraintImpl",
"constraints" : [ {
"name" : "keyType",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "-,RSA,EC",
"Description" : "Key Type",
"DefaultValue" : "RSA"
},
"value" : "RSA"
}, {
"name" : "keyParameters",
"descriptor" : {
"Syntax" : "string",
"Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.",
"DefaultValue" : ""
},
"value" : "1024,2048,3072,4096"
} ]
}
}, {
"id" : "4",
"def" : {
"name" : "Authority Key Identifier Default",
"classId" : "authorityKeyIdentifierExtDefaultImpl",
"text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.",
"attributes" : [ {
"name" : "critical",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Criticality"
}
}, {
"name" : "keyid",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key ID"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "noConstraintImpl",
"constraints" : [ ]
}
}, {
"id" : "5",
"def" : {
"name" : "AIA Extension Default",
"classId" : "authInfoAccessExtDefaultImpl",
"text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}",
"attributes" : [ {
"name" : "authInfoAccessCritical",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "authInfoAccessGeneralNames",
"Descriptor" : {
"Syntax" : "string_list",
"Description" : "General Names"
}
} ],
"params" : [ {
"name" : "authInfoAccessCritical",
"value" : "false"
}, {
"name" : "authInfoAccessNumADs",
"value" : "1"
}, {
"name" : "authInfoAccessADMethod_0",
"value" : "1.3.6.1.5.5.7.48.1"
}, {
"name" : "authInfoAccessADLocationType_0",
"value" : "URIName"
}, {
"name" : "authInfoAccessADLocation_0",
"value" : ""
}, {
"name" : "authInfoAccessADEnable_0",
"value" : "true"
} ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "noConstraintImpl",
"constraints" : [ ]
}
}, {
"id" : "6",
"def" : {
"name" : "Key Usage Default",
"classId" : "keyUsageExtDefaultImpl",
"text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
"attributes" : [ {
"name" : "keyUsageCritical",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageDigitalSignature",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Digital Signature",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageNonRepudiation",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Non-Repudiation",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageKeyEncipherment",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Key Encipherment",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageDataEncipherment",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Data Encipherment",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageKeyAgreement",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Key Agreement",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageKeyCertSign",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Key CertSign",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageCrlSign",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "CRL Sign",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageEncipherOnly",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Encipher Only",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageDecipherOnly",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Decipher Only",
"DefaultValue" : "false"
}
} ],
"params" : [ {
"name" : "keyUsageCritical",
"value" : "true"
}, {
"name" : "keyUsageDigitalSignature",
"value" : "true"
}, {
"name" : "keyUsageNonRepudiation",
"value" : "true"
}, {
"name" : "keyUsageKeyEncipherment",
"value" : "true"
}, {
"name" : "keyUsageDataEncipherment",
"value" : "false"
}, {
"name" : "keyUsageKeyAgreement",
"value" : "false"
}, {
"name" : "keyUsageKeyCertSign",
"value" : "false"
}, {
"name" : "keyUsageCrlSign",
"value" : "false"
}, {
"name" : "keyUsageEncipherOnly",
"value" : "false"
}, {
"name" : "keyUsageDecipherOnly",
"value" : "false"
} ]
},
"constraint" : {
"name" : "Key Usage Extension Constraint",
"text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
"classId" : "keyUsageExtConstraintImpl",
"constraints" : [ {
"name" : "keyUsageCritical",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Criticality",
"DefaultValue" : "-"
},
"value" : "true"
}, {
"name" : "keyUsageDigitalSignature",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Digital Signature",
"DefaultValue" : "-"
},
"value" : "true"
}, {
"name" : "keyUsageNonRepudiation",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Non-Repudiation",
"DefaultValue" : "-"
},
"value" : "true"
}, {
"name" : "keyUsageKeyEncipherment",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Key Encipherment",
"DefaultValue" : "-"
},
"value" : "true"
}, {
"name" : "keyUsageDataEncipherment",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Data Encipherment",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageKeyAgreement",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Key Agreement",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageKeyCertSign",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Key CertSign",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageCrlSign",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "CRL Sign",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageEncipherOnly",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Encipher Only",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageDecipherOnly",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Decipher Only",
"DefaultValue" : "-"
},
"value" : "false"
} ]
}
}, {
"id" : "7",
"def" : {
"name" : "Extended Key Usage Extension Default",
"classId" : "extendedKeyUsageExtDefaultImpl",
"text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4",
"attributes" : [ {
"name" : "exKeyUsageCritical",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "exKeyUsageOIDs",
"Descriptor" : {
"Syntax" : "string_list",
"Description" : "Comma-Separated list of Object Identifiers"
}
} ],
"params" : [ {
"name" : "exKeyUsageCritical",
"value" : "false"
}, {
"name" : "exKeyUsageOIDs",
"value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
} ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "noConstraintImpl",
"constraints" : [ ]
}
}, {
"id" : "8",
"def" : {
"name" : "Subject Alt Name Constraint",
"classId" : "subjectAltNameExtDefaultImpl",
"text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}",
"attributes" : [ {
"name" : "subjAltNameExtCritical",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "subjAltNames",
"Descriptor" : {
"Syntax" : "string_list",
"Description" : "General Names"
}
} ],
"params" : [ {
"name" : "subjAltNameExtCritical",
"value" : "false"
}, {
"name" : "subjAltNameNumGNs",
"value" : "1"
}, {
"name" : "subjAltExtType_0",
"value" : "RFC822Name"
}, {
"name" : "subjAltExtPattern_0",
"value" : "$request.requestor_email$"
}, {
"name" : "subjAltExtGNEnable_0",
"value" : "true"
} ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "noConstraintImpl",
"constraints" : [ ]
}
}, {
"id" : "9",
"def" : {
"name" : "Signing Alg",
"classId" : "signingAlgDefaultImpl",
"text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA",
"attributes" : [ {
"name" : "signingAlg",
"Descriptor" : {
"Syntax" : "choice",
"Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
"Description" : "Signing Algorithm"
}
} ],
"params" : [ {
"name" : "signingAlg",
"value" : "-"
} ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
"classId" : "signingAlgConstraintImpl",
"constraints" : [ {
"name" : "signingAlgsAllowed",
"descriptor" : {
"Syntax" : "string",
"Description" : "Allowed Signing Algorithms",
"DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"
},
"value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"
} ]
}
} ]
},
"xmloutput" : false
}
|
|||||
|
|
action (enable/disable) |
204 |
No input exptected |
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST "https://$HOSTNAME:8443/ca/v2/profiles/caUserCert?action=disable"
|
|||||
|
|
None |
200 |
|
Profile in json foramt |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"id":"test","classId":"caEnrollImpl","name":"Manual User Dual-Use Certificate Enrollment","description":"This certificate profile is for enrolling user certificates.","enabled":true,"visible":true,"enabledBy":"admin","authzAcl":"","renewal":false,"inputs":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"outputs":[{"id":"o1","name":"Certificate Output","classId":"certOutputImpl","attributes":[{"name":"pretty_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Pretty Print"}},{"name":"b64_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Base-64 Encoded"}}]}],"policySets":{"userCertSet":[{"id":"1","def":{"name":"Subject Name Default","classId":"userSubjectNameDefaultImpl","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[{"name":"useSysEncoding","value":""}]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"subjectNameConstraintImpl","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","classId":"noDefaultImpl","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"renewGracePeriodConstraintImpl","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","classId":"validityDefaultImpl","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[{"name":"range","value":"180"},{"name":"rangeUnit","value":""},{"name":"startTime","value":"0"}]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"validityConstraintImpl","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","classId":"userKeyDefaultImpl","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"keyConstraintImpl","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","classId":"authorityKeyIdentifierExtDefaultImpl","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","classId":"authInfoAccessExtDefaultImpl","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"authInfoAccessCritical","value":"false"},{"name":"authInfoAccessNumADs","value":"1"},{"name":"authInfoAccessADMethod_0","value":"1.3.6.1.5.5.7.48.1"},{"name":"authInfoAccessADLocationType_0","value":"URIName"},{"name":"authInfoAccessADLocation_0","value":""},{"name":"authInfoAccessADEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","classId":"keyUsageExtDefaultImpl","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[{"name":"keyUsageCritical","value":"true"},{"name":"keyUsageDigitalSignature","value":"true"},{"name":"keyUsageNonRepudiation","value":"true"},{"name":"keyUsageKeyEncipherment","value":"true"},{"name":"keyUsageDataEncipherment","value":"false"},{"name":"keyUsageKeyAgreement","value":"false"},{"name":"keyUsageKeyCertSign","value":"false"},{"name":"keyUsageCrlSign","value":"false"},{"name":"keyUsageEncipherOnly","value":"false"},{"name":"keyUsageDecipherOnly","value":"false"}]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"keyUsageExtConstraintImpl","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","classId":"extendedKeyUsageExtDefaultImpl","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[{"name":"exKeyUsageCritical","value":"false"},{"name":"exKeyUsageOIDs","value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","classId":"subjectAltNameExtDefaultImpl","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"subjAltNameExtCritical","value":"false"},{"name":"subjAltNameNumGNs","value":"1"},{"name":"subjAltExtType_0","value":"RFC822Name"},{"name":"subjAltExtPattern_0","value":"$request.requestor_email$"},{"name":"subjAltExtGNEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","classId":"signingAlgDefaultImpl","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[{"name":"signingAlg","value":"-"}]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"signingAlgConstraintImpl","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]},"xmloutput":false}' \
-X Put https://$HOSTNAME:8443/ca/v2/profiles/test
{
"id" : "test",
"classId" : "caEnrollImpl",
"name" : "Manual User Dual-Use Certificate Enrollment",
"description" : "This certificate profile is for enrolling user certificates.",
"enabled" : false,
"visible" : true,
"authzAcl" : "",
"renewal" : false,
"inputs" : [ {
"id" : "i1",
"ClassID" : "keyGenInputImpl",
"Name" : "Key Generation",
"ConfigAttribute" : [ ],
"Attribute" : [ {
"name" : "cert_request_type",
"Descriptor" : {
"Syntax" : "keygen_request_type",
"Description" : "Key Generation Request Type"
}
}, {
"name" : "cert_request",
"Descriptor" : {
"Syntax" : "keygen_request",
"Description" : "Key Generation Request"
}
} ]
}, {
"id" : "i2",
"ClassID" : "subjectNameInputImpl",
"Name" : "Subject Name",
"ConfigAttribute" : [ ],
"Attribute" : [ {
"name" : "sn_uid",
"Descriptor" : {
"Syntax" : "string",
"Description" : "UID"
}
}, {
"name" : "sn_e",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Email"
}
}, {
"name" : "sn_cn",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Common Name"
}
}, {
"name" : "sn_ou3",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit 3"
}
}, {
"name" : "sn_ou2",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit 2"
}
}, {
"name" : "sn_ou1",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit 1"
}
}, {
"name" : "sn_ou",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organizational Unit"
}
}, {
"name" : "sn_o",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Organization"
}
}, {
"name" : "sn_c",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Country"
}
} ]
}, {
"id" : "i3",
"ClassID" : "submitterInfoInputImpl",
"Name" : "Requestor Information",
"ConfigAttribute" : [ ],
"Attribute" : [ {
"name" : "requestor_name",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Requestor Name"
}
}, {
"name" : "requestor_email",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Requestor Email"
}
}, {
"name" : "requestor_phone",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Requestor Phone"
}
} ]
} ],
"outputs" : [ {
"id" : "o1",
"name" : "Certificate Output",
"classId" : "certOutputImpl",
"attributes" : [ {
"name" : "pretty_cert",
"Descriptor" : {
"Syntax" : "pretty_print",
"Description" : "Certificate Pretty Print"
}
}, {
"name" : "b64_cert",
"Descriptor" : {
"Syntax" : "pretty_print",
"Description" : "Certificate Base-64 Encoded"
}
} ]
} ],
"policySets" : {
"userCertSet" : [ {
"id" : "1",
"def" : {
"name" : "Subject Name Default",
"classId" : "userSubjectNameDefaultImpl",
"text" : "This default populates a User-Supplied Certificate Subject Name to the request.",
"attributes" : [ {
"name" : "name",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Subject Name"
}
} ],
"params" : [ {
"name" : "useSysEncoding",
"value" : ""
} ]
},
"constraint" : {
"name" : "Subject Name Constraint",
"text" : "This constraint accepts the subject name that matches UID=.*",
"classId" : "subjectNameConstraintImpl",
"constraints" : [ {
"name" : "pattern",
"descriptor" : {
"Syntax" : "string",
"Description" : "Subject Name Pattern"
},
"value" : "UID=.*"
} ]
}
}, {
"id" : "10",
"def" : {
"name" : "No Default",
"classId" : "noDefaultImpl",
"text" : "No Default",
"attributes" : [ ],
"params" : [ ]
},
"constraint" : {
"name" : "Renewal Grace Period Constraint",
"text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.",
"classId" : "renewGracePeriodConstraintImpl",
"constraints" : [ {
"name" : "renewal.graceBefore",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Renewal Grace Period Before",
"DefaultValue" : "30"
},
"value" : "30"
}, {
"name" : "renewal.graceAfter",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Renewal Grace Period After",
"DefaultValue" : "30"
},
"value" : "30"
} ]
}
}, {
"id" : "2",
"def" : {
"name" : "Validity Default",
"classId" : "validityDefaultImpl",
"text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days",
"attributes" : [ {
"name" : "notBefore",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Not Before"
}
}, {
"name" : "notAfter",
"Descriptor" : {
"Syntax" : "string",
"Description" : "Not After"
}
} ],
"params" : [ {
"name" : "range",
"value" : "180"
}, {
"name" : "rangeUnit",
"value" : ""
}, {
"name" : "startTime",
"value" : "0"
} ]
},
"constraint" : {
"name" : "Validity Constraint",
"text" : "This constraint rejects the validity that is not between 365 days.",
"classId" : "validityConstraintImpl",
"constraints" : [ {
"name" : "range",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Validity Range",
"DefaultValue" : "365"
},
"value" : "365"
}, {
"name" : "rangeUnit",
"descriptor" : {
"Syntax" : "string",
"Description" : "Validity Range Unit: year, month, day (default), hour, minute",
"DefaultValue" : "day"
},
"value" : ""
}, {
"name" : "notBeforeGracePeriod",
"descriptor" : {
"Syntax" : "integer",
"Description" : "Grace period for Not Before being set in the future (in seconds).",
"DefaultValue" : "0"
},
"value" : ""
}, {
"name" : "notBeforeCheck",
"descriptor" : {
"Syntax" : "boolean",
"Description" : "Check Not Before against current time",
"DefaultValue" : "false"
},
"value" : "false"
}, {
"name" : "notAfterCheck",
"descriptor" : {
"Syntax" : "boolean",
"Description" : "Check Not After against Not Before",
"DefaultValue" : "false"
},
"value" : "false"
} ]
}
}, {
"id" : "3",
"def" : {
"name" : "Key Default",
"classId" : "userKeyDefaultImpl",
"text" : "This default populates a User-Supplied Certificate Key to the request.",
"attributes" : [ {
"name" : "TYPE",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key Type"
}
}, {
"name" : "LEN",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key Length"
}
}, {
"name" : "KEY",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "Key Constraint",
"text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096",
"classId" : "keyConstraintImpl",
"constraints" : [ {
"name" : "keyType",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "-,RSA,EC",
"Description" : "Key Type",
"DefaultValue" : "RSA"
},
"value" : "RSA"
}, {
"name" : "keyParameters",
"descriptor" : {
"Syntax" : "string",
"Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.",
"DefaultValue" : ""
},
"value" : "1024,2048,3072,4096"
} ]
}
}, {
"id" : "4",
"def" : {
"name" : "Authority Key Identifier Default",
"classId" : "authorityKeyIdentifierExtDefaultImpl",
"text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.",
"attributes" : [ {
"name" : "critical",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Criticality"
}
}, {
"name" : "keyid",
"Descriptor" : {
"Syntax" : "string",
"Constraint" : "readonly",
"Description" : "Key ID"
}
} ],
"params" : [ ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "noConstraintImpl",
"constraints" : [ ]
}
}, {
"id" : "5",
"def" : {
"name" : "AIA Extension Default",
"classId" : "authInfoAccessExtDefaultImpl",
"text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}",
"attributes" : [ {
"name" : "authInfoAccessCritical",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "authInfoAccessGeneralNames",
"Descriptor" : {
"Syntax" : "string_list",
"Description" : "General Names"
}
} ],
"params" : [ {
"name" : "authInfoAccessCritical",
"value" : "false"
}, {
"name" : "authInfoAccessNumADs",
"value" : "1"
}, {
"name" : "authInfoAccessADMethod_0",
"value" : "1.3.6.1.5.5.7.48.1"
}, {
"name" : "authInfoAccessADLocationType_0",
"value" : "URIName"
}, {
"name" : "authInfoAccessADLocation_0",
"value" : ""
}, {
"name" : "authInfoAccessADEnable_0",
"value" : "true"
} ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "noConstraintImpl",
"constraints" : [ ]
}
}, {
"id" : "6",
"def" : {
"name" : "Key Usage Default",
"classId" : "keyUsageExtDefaultImpl",
"text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
"attributes" : [ {
"name" : "keyUsageCritical",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageDigitalSignature",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Digital Signature",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageNonRepudiation",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Non-Repudiation",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageKeyEncipherment",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Key Encipherment",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageDataEncipherment",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Data Encipherment",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageKeyAgreement",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Key Agreement",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageKeyCertSign",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Key CertSign",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageCrlSign",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "CRL Sign",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageEncipherOnly",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Encipher Only",
"DefaultValue" : "false"
}
}, {
"name" : "keyUsageDecipherOnly",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Decipher Only",
"DefaultValue" : "false"
}
} ],
"params" : [ {
"name" : "keyUsageCritical",
"value" : "true"
}, {
"name" : "keyUsageDigitalSignature",
"value" : "true"
}, {
"name" : "keyUsageNonRepudiation",
"value" : "true"
}, {
"name" : "keyUsageKeyEncipherment",
"value" : "true"
}, {
"name" : "keyUsageDataEncipherment",
"value" : "false"
}, {
"name" : "keyUsageKeyAgreement",
"value" : "false"
}, {
"name" : "keyUsageKeyCertSign",
"value" : "false"
}, {
"name" : "keyUsageCrlSign",
"value" : "false"
}, {
"name" : "keyUsageEncipherOnly",
"value" : "false"
}, {
"name" : "keyUsageDecipherOnly",
"value" : "false"
} ]
},
"constraint" : {
"name" : "Key Usage Extension Constraint",
"text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
"classId" : "keyUsageExtConstraintImpl",
"constraints" : [ {
"name" : "keyUsageCritical",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Criticality",
"DefaultValue" : "-"
},
"value" : "true"
}, {
"name" : "keyUsageDigitalSignature",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Digital Signature",
"DefaultValue" : "-"
},
"value" : "true"
}, {
"name" : "keyUsageNonRepudiation",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Non-Repudiation",
"DefaultValue" : "-"
},
"value" : "true"
}, {
"name" : "keyUsageKeyEncipherment",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Key Encipherment",
"DefaultValue" : "-"
},
"value" : "true"
}, {
"name" : "keyUsageDataEncipherment",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Data Encipherment",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageKeyAgreement",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Key Agreement",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageKeyCertSign",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Key CertSign",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageCrlSign",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "CRL Sign",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageEncipherOnly",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Encipher Only",
"DefaultValue" : "-"
},
"value" : "false"
}, {
"name" : "keyUsageDecipherOnly",
"descriptor" : {
"Syntax" : "choice",
"Constraint" : "true,false,-",
"Description" : "Decipher Only",
"DefaultValue" : "-"
},
"value" : "false"
} ]
}
}, {
"id" : "7",
"def" : {
"name" : "Extended Key Usage Extension Default",
"classId" : "extendedKeyUsageExtDefaultImpl",
"text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4",
"attributes" : [ {
"name" : "exKeyUsageCritical",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "exKeyUsageOIDs",
"Descriptor" : {
"Syntax" : "string_list",
"Description" : "Comma-Separated list of Object Identifiers"
}
} ],
"params" : [ {
"name" : "exKeyUsageCritical",
"value" : "false"
}, {
"name" : "exKeyUsageOIDs",
"value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
} ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "noConstraintImpl",
"constraints" : [ ]
}
}, {
"id" : "8",
"def" : {
"name" : "Subject Alt Name Constraint",
"classId" : "subjectAltNameExtDefaultImpl",
"text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}",
"attributes" : [ {
"name" : "subjAltNameExtCritical",
"Descriptor" : {
"Syntax" : "boolean",
"Description" : "Criticality",
"DefaultValue" : "false"
}
}, {
"name" : "subjAltNames",
"Descriptor" : {
"Syntax" : "string_list",
"Description" : "General Names"
}
} ],
"params" : [ {
"name" : "subjAltNameExtCritical",
"value" : "false"
}, {
"name" : "subjAltNameNumGNs",
"value" : "1"
}, {
"name" : "subjAltExtType_0",
"value" : "RFC822Name"
}, {
"name" : "subjAltExtPattern_0",
"value" : "$request.requestor_email$"
}, {
"name" : "subjAltExtGNEnable_0",
"value" : "true"
} ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "No Constraint",
"classId" : "noConstraintImpl",
"constraints" : [ ]
}
}, {
"id" : "9",
"def" : {
"name" : "Signing Alg",
"classId" : "signingAlgDefaultImpl",
"text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA",
"attributes" : [ {
"name" : "signingAlg",
"Descriptor" : {
"Syntax" : "choice",
"Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
"Description" : "Signing Algorithm"
}
} ],
"params" : [ {
"name" : "signingAlg",
"value" : "-"
} ]
},
"constraint" : {
"name" : "No Constraint",
"text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
"classId" : "signingAlgConstraintImpl",
"constraints" : [ {
"name" : "signingAlgsAllowed",
"descriptor" : {
"Syntax" : "string",
"Description" : "Allowed Signing Algorithms",
"DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"
},
"value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"
} ]
}
} ]
},
"xmloutput" : false
}
|
|||||
|
|
action (enable/disable) |
204 |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/profiles/test |
|||||
|
|
None |
201 |
|
Profile file in the original |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--data-binary @- https://$HOSTNAME:8443/ca/v2/profiles/raw << EOF
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=true
enableBy=caadmin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=test
visible=false
EOF
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=false
enableBy=caadmin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=test
visible=false
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/profiles/caUserCert
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=true
enableBy=caadmin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=caUserCert
visible=false
|
|||||
|
|
None |
200 |
|
Profile file in the original |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--data-binary @- -X PUT https://$HOSTNAME:8443/ca/v2/profiles/test/raw << EOF
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=false
enableBy=caadmin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=test
visible=false
EOF
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.3.constraint.params.keyType=RSA
input.i2.class_id=subjectNameInputImpl
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
output.o1.class_id=certOutputImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
output.list=o1
input.list=i1,i2,i3
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.2.constraint.params.range=365
visible=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.2.default.name=Validity Default
desc=This certificate profile is for enrolling user certificates.
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.9.default.params.signingAlg=-
auth.class_id=
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
enable=false
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.9.constraint.name=No Constraint
input.i1.class_id=keyGenInputImpl
enableBy=caadmin
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.name=Validity Constraint
input.i3.class_id=submitterInfoInputImpl
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
name=Manual User Dual-Use Certificate Enrollment
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.list=userCertSet
policyset.userCertSet.8.default.params.subjAltExtPattern_0=.requestor_email$
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
|
|||||
| Path | Method | Parameters | Return code | Mime | Input |
|---|---|---|---|---|---|
|
|
start, pageSize, maxTime, maxResults, status, clientKeyID, realm, owner |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
"https://$HOSTNAME:8443/kra/v2/agent/keys?start=4"
{
"total" : 6,
"entries" : [ {
"keyId" : "0x0118d9072617d551c0a7b6975441b2a5",
"keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/0x0118d9072617d551c0a7b6975441b2a5",
"clientKeyID" : "tmyNewkey",
"status" : "active",
"algorithm" : "AES",
"size" : 256,
"ownerName" : "kraadmin"
}, {
"keyId" : "0x00b452e2c8ac1308afa8c3001d80dfead4",
"keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/0x00b452e2c8ac1308afa8c3001d80dfead4",
"clientKeyID" : "myNewkey",
"status" : "active",
"algorithm" : "AES",
"size" : 256,
"ownerName" : "kraadmin"
} ]
}
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/kra/v2/agent/keys/0x00b452e2c8ac1308afa8c3001d80dfead4
{
"keyId" : "0x00b452e2c8ac1308afa8c3001d80dfead4",
"keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/0x00b452e2c8ac1308afa8c3001d80dfead4",
"clientKeyID" : "myNewkey",
"status" : "active",
"algorithm" : "AES",
"size" : 256,
"ownerName" : "kraadmin"
}
|
|||||
|
|
status (active/inactive) |
204 |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST "https://$HOSTNAME:8443/kra/v2/agent/keys/0x00b452e2c8ac1308afa8c3001d80dfead4?status=inactive"
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/kra/v2/agent/keys/active/myNewKey
{
"keyId" : "0x00b452e2c8ac1308afa8c3001d80dfead4",
"keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/0x00b452e2c8ac1308afa8c3001d80dfead4",
"clientKeyID" : "myNewkey",
"status" : "active",
"algorithm" : "AES",
"size" : 256,
"ownerName" : "kraadmin"
}
|
|||||
|
|
status (active/inactive) |
200 |
|
Json with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"ClassName":"com.netscape.certsrv.key.KeyRecoveryRequest","Attributes":{"Attribute":[{"name":"keyId","value":"239691407307142073417724771513900460756"},{"name":"transWrappedSessionKey","value":"PwTuAVVhNd2Ob2vKwJD6Ou+C/1SdmR2VnbsD3ExsSctfZ15rmkJMcyEdcJkj9ONcSgI8uAYJYKvRxlNXdLqhPwyVJ32x3plt53bVSU+j8+KtD4k4xlafJScrMsEQUzFbjAIU0QX0jaynRV+l5YCjOiL59LLEGIxLwOklZXFHq/Llr8RjXR9rV5zRySZhv1ev1oQMlDCNsnAy/H/hDNBIQ80KZErgMCLjN1NrJFyP9MHHhOCd0rsjmOFn9Va3KPGTLqI24EmG2vWqMy9BHbvc7z2DK8iNiwrr8eiHN6pvCGx5jnE1zyrzg3gABTy2CTz1dbwPIRn/QUhbZydQ3i7Cfg=="},{"name":"payloadEncryptionOID","value":"{2 16 840 1 101 3 4 1 2}"},{"name":"payloadWrappingName","value":"AES KeyWrap/Padding"}]}}' \
https://$HOSTNAME:8443/kra/v2/agent/keys/retrieve
{
"wrappedPrivateData" : "+1F2dUIf8ycaggtzcOQ/sCfgFmOTO4g3y3dj8A5wSsGMhbtrzhqpPjynmWqOUpKV",
"algorithm" : "AES",
"size" : 256,
"wrapAlgorithm" : "AES KeyWrap/Padding",
"type" : "symmetricKey"
}
|
|||||
|
|
start, pageSize, maxTime, requestState, requestType, clientKeyID, realm |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/kra/v2/agent/keyrequests
{
"total" : 1,
"entries" : [ {
"requestID" : "0x8ebdd92d23f6d91c343ca85b06c5eec1",
"requestType" : "enrollment",
"requestStatus" : "complete",
"requestURL" : "https://pki.example.com:8443/kra/v2/agent/keyrequests/189736124367002838297682016085746249409",
"creationTime" : 1733938273000,
"modificationTime" : 1733938273000,
"keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/248971174072089259484547109134225303881",
"keyId" : "0x00bb4e1a9c0a05467927255f184ccee949",
"requestId" : "0x8ebdd92d23f6d91c343ca85b06c5eec1"
} ]
}
|
|||||
|
|
None |
201 |
|
Json with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"ClassName":"com.netscape.certsrv.key.SymKeyGenerationRequest","Attributes":{"Attribute":[{"name":"clientKeyID","value":"myNewkey"},{"name":"keyAlgorithm","value":"AES"},{"name":"keySize","value":"256"},{"name":"keyUsage","value":"sign"},{"name":"transWrappedSessionKey","value":null}]}}' \
https://$HOSTNAME:8443/kra/v2/agent/keyrequests
{
"requestInfo" : {
"requestID" : "0xe44da0d2163087a51b7481f2c5c91458",
"requestType" : "symkeyGenRequest",
"requestStatus" : "complete",
"requestURL" : "https://pki.example.com:8443/kra/v2/agent/keyrequests/303467051727386052232820986458237637720",
"creationTime" : 1733998928353,
"modificationTime" : 1733998928378,
"keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/239691407307142073417724771513900460756",
"keyId" : "0x00b452e2c8ac1308afa8c3001d80dfead4",
"requestId" : "0xe44da0d2163087a51b7481f2c5c91458"
},
"requestId" : "0xe44da0d2163087a51b7481f2c5c91458",
"keyId" : "0x00b452e2c8ac1308afa8c3001d80dfead4"
}
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/kra/v2/agent/keyrequests/0x8ebdd92d23f6d91c343ca85b06c5eec1
{
"requestID" : "0x8ebdd92d23f6d91c343ca85b06c5eec1",
"requestType" : "enrollment",
"requestStatus" : "complete",
"requestURL" : "https://pki.example.com:8443/kra/v2/agent/keyrequests/189736124367002838297682016085746249409",
"creationTime" : 1733938273000,
"modificationTime" : 1733938273000,
"keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/248971174072089259484547109134225303881",
"keyId" : "0x00bb4e1a9c0a05467927255f184ccee949",
"requestId" : "0x8ebdd92d23f6d91c343ca85b06c5eec1"
}
|
|||||
|
|
None |
204 |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST https://$HOSTNAME:8443//kra/v2/agent/keyrequests/0xe44da0d2163087a51b7481f2c5c91458/cancel
|
|||||
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/kra/v2/config/cert/transport
{
"id" : "0xc47ee26f8d009e3fae9d6a04e408a292",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"SubjectDN" : "CN=DRM Transport Certificate,OU=pki-tomcat,O=EXAMPLE",
"Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEKTCCApGgAwIBAgIRAMR+4m+NAJ4/rp1qBOQIopIwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEyMTExNjI1MDRaFw0yNjEyMDExNjI1MDRaMEsxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNh\r\ndGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBcEPRNztwl3cICBX8kHyGBKMWtdi8\r\nD5EifXjcigG0eVUR5Q8xWcFR/MPZtdFV29IMaJeXKKwVDsVGSNIoiLCWVHX25kd9KR9IMBi84d9g\r\nXG82QJzVXVSXYO3MIdLt9xZvqnd6JUyPhAf+4Nd+WtkdaWKcP/liFvcQSer/YOYYFkPEtpHoWwbI\r\neSi/QpUn7GE3ps9rQsuLbJ4AGEs6IEq3vcgVUSkD9b5X81OZSaoCrsKYWLA9uMKzDekQM0bAekg0\r\n7d+TQU3AXbkbeud7PEq3DTCOMbO1AIv76bpSs/bIzk6oXDmY62PTv96SRcuejU2G8wbv4dn9HsBO\r\nAesa1MmHAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUKIiB6HcrOiycB72H/cbbl+sg5sswPwYIKwYB\r\nBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2Nz\r\ncDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGB\r\nAE7IRYeL5LYbuBJvNV0kdnY5+uNSLUgavqX9g+bK+S3MtmFbKl4kjGrDHKT5b+zUw41OQMtgT/rB\r\nN1NH9mFkNAhoj12tCuJ97D2bbVnPXjwTxFw/KzNRxY/BeN78MD71eOOirayS3Am8gWuWlv6TzSMo\r\nfbMxp/qN+UOO4Wjsv83vaPWiQBa9v5rori68998WyYUsQ/uYFN8Pk123jmmj0DY7pq46dM5jqkwo\r\nLgcCBWd9ql9MzDgLBJD+rGZe3uY9y7U0CXAu+nHWdBoNN/qVnvdrvVvQe3P3OUUu/TTXnI5R4CJC\r\nh/k/nnPMGnA1zUUv3YhE+2ENTSAFnKpbWFr9uEpxh+q3/QGBFJtdwzPaHlgu+bm14ecVrIm5EFw1\r\ndpFGqyc4riwPH1ZQCoYDIxBH6MZWedZY9ktUgIOWvaesZcs2PLUFKd8ax0WK+A9+IpNVtooYYpr/\r\neUSktEd6CS53Yhu+D8ibSbpuaqhgLgKAGr+AOrUg1DNCPleakzteLNEkjw==\r\n-----END CERTIFICATE-----\n",
"PKCS7CertChain" : "MIII2QYJKoZIhvcNAQcCoIIIyjCCCMYCAQExADALBgkqhkiG9w0BBwGgggiuMIIEKTCCApGgAwIBAgIRAMR+4m+NAJ4/rp1qBOQIopIwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEyMTExNjI1MDRaFw0yNjEyMDExNjI1MDRaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBcEPRNztwl3cICBX8kHyGBKMWtdi8D5EifXjcigG0eVUR5Q8xWcFR/MPZtdFV29IMaJeXKKwVDsVGSNIoiLCWVHX25kd9KR9IMBi84d9gXG82QJzVXVSXYO3MIdLt9xZvqnd6JUyPhAf+4Nd+WtkdaWKcP/liFvcQSer/YOYYFkPEtpHoWwbIeSi/QpUn7GE3ps9rQsuLbJ4AGEs6IEq3vcgVUSkD9b5X81OZSaoCrsKYWLA9uMKzDekQM0bAekg07d+TQU3AXbkbeud7PEq3DTCOMbO1AIv76bpSs/bIzk6oXDmY62PTv96SRcuejU2G8wbv4dn9HsBOAesa1MmHAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUKIiB6HcrOiycB72H/cbbl+sg5sswPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAE7IRYeL5LYbuBJvNV0kdnY5+uNSLUgavqX9g+bK+S3MtmFbKl4kjGrDHKT5b+zUw41OQMtgT/rBN1NH9mFkNAhoj12tCuJ97D2bbVnPXjwTxFw/KzNRxY/BeN78MD71eOOirayS3Am8gWuWlv6TzSMofbMxp/qN+UOO4Wjsv83vaPWiQBa9v5rori68998WyYUsQ/uYFN8Pk123jmmj0DY7pq46dM5jqkwoLgcCBWd9ql9MzDgLBJD+rGZe3uY9y7U0CXAu+nHWdBoNN/qVnvdrvVvQe3P3OUUu/TTXnI5R4CJCh/k/nnPMGnA1zUUv3YhE+2ENTSAFnKpbWFr9uEpxh+q3/QGBFJtdwzPaHlgu+bm14ecVrIm5EFw1dpFGqyc4riwPH1ZQCoYDIxBH6MZWedZY9ktUgIOWvaesZcs2PLUFKd8ax0WK+A9+IpNVtooYYpr/eUSktEd6CS53Yhu+D8ibSbpuaqhgLgKAGr+AOrUg1DNCPleakzteLNEkjzCCBH0wggLloAMCAQICEAN+L2Vyy5oai5nrLsjBa/4wDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEyMTExNTQwNTRaFw00NDEyMTExNTQwNTRaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDGG58wmBgl/tI0RnLdh19Od2PiTThvUQ0xZMJj5/qi5eRVKQjVVrGjKxKXFYPnIWLoouGE+iUTyES/ctH4Z9dYXZ3Zkq4EOpFEJ0H3fieomKI3TBaagjS2qwqWc7V73aoAm7OFMqR9hsyI4OGAvBqaDmGUdzyt8w8+JQZtilwPAlus8GRGej1gNOs3piOlz8EEfg00dnS5Ab7J4tkc2ujEpMZJM1n/tjKTQiP29SCj2e6EOEo2jwL5ZAI140ogb+KKZq7kcm0G0s4KFiuuVe+ymagVNaHMzoSqq4KncHpjmm/x8gGUcCRD9cptDy2svMSuRiJMlN0ciLLHuv8jYTmL2y7eYyBsES2I1w5gnuyb6f8AnQlqBShM/DNkhRYmBHCuz4kgZlvhBaENrQAW2BuegoB41XAxclYkVnJiO6CFZ/1qDoKmKlK9OcTU6fq3ukFrixmocC18EJXxECgujibC+9zSXZ1n6TwkU5hnnb1LOSFmBKackSF8rNvWpPSsT50CAwEAAaNjMGEwHQYDVR0OBBYEFCiIgeh3KzosnAe9h/3G25frIObLMB8GA1UdIwQYMBaAFCiIgeh3KzosnAe9h/3G25frIObLMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQAW0O9NOUZhiM3aXkfcScFfNOiZvrOmb0tfsKLn4jOeSix9kBmg7dc30MATAa9oTB3I8YMhBoqiL8lOM7rOugPicVWFHjgu6XqtTZNc7A+51PEec/gVPIpvODvFMv5IUnZ4UGME+HbxdFNi5P+jleH+i2Aqi6mr8SlWQxWgMGmfTHH1EpArk+4GuO1RiHBd+7DQJ7zfGNiYkl8uihBUlZHVIrcnno6Wekhc1NMxCapz3gSdKDj91rUYcb0Urj1SDXEblRsmeEdp4eJFs+TdOMNkK52Tt1ZirSuKemM4nh6rE7gDfLlHSrpDbynfBEevjERejkWk7aS8Y0tiANet+xJSAJ6x34bC5+J6zzpRgesjZT4NfaDZrcuUc3SOPDlqf2jxcbBHyCjIdTFYS7VnOw3cnvQtcRLqGeiqxTnxc9HWmKhQ108PtlD9uCOS5S2AuHdr5e0B8/zJy6Yk45DLOzqJNHquPjN7ad18yi/ivhnIxCuqWPsS1PpRuJ/OBBgEDxwxAA==",
"NotBefore" : "Wed Dec 11 16:25:04 UTC 2024",
"NotAfter" : "Tue Dec 01 16:25:04 UTC 2026"
}
|
|||||
|
Note
|
endpoints requiring authentication can be accessed providing the session cookie retrieved in the login api (/<app>/v2/account/login) or the user credentials (user/password or certificates).
|