REST API v2

Overview

This page describes the REST API v2 endpoints.

Warning

This feature is still under development. The API might still change. Do not use it in production.

General endpoints

Path	Method	Parameters	Return code	Mime	Input
/pki/v2/info	GET	None	200	application/json
Example $ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/pki/v2/info { "Name" : "Dogtag Certificate System", "Version" : "11.6.0", "Attributes" : { "Attribute" : [ ] } }
/pki/v2/apps	GET	None	200	application/json
Example curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/pki/v2/apps [{"id":"ca","name":"Certificate Authority","path":"/ca"}]

Shared endpoints

These endpoints are available in multiple subsystem application.

Path	Method	Parameters	Return code	App	Mime	Input
/<app>/v2/account/login	GET	None	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt --cert ca_admin_cert.p12:Secret.123 \ --cert-type P12 -c session_cookie https://$HOSTNAME:8443/ca/v2/account/login { "id" : "caadmin", "FullName" : "caadmin", "Email" : "[email protected]", "Roles" : [ "Administrators", "Certificate Manager Agents", "Enterprise CA Administrators", "Enterprise KRA Administrators", "Enterprise OCSP Administrators", "Enterprise RA Administrators", "Enterprise TKS Administrators", "Enterprise TPS Administrators", "Security Domain Administrators" ], "Attributes" : { "Attribute" : [ ] } }
/<app>/v2/account/logout	GET	None	204	ca, kra, ocsp, tks, tps	No output expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/account/logout
/<app>/v2/admin/groups	GET	start, size, filter	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ "https://$HOSTNAME:8443/ca/v2/admin/groups?size=3&filter=Admin" { "total" : 8, "entries" : [ { "id" : "Administrators", "GroupID" : "Administrators", "Description" : "People who manage the Certificate System" }, { "id" : "Security Domain Administrators", "GroupID" : "Security Domain Administrators", "Description" : "People who are the Security Domain administrators" }, { "id" : "Enterprise CA Administrators", "GroupID" : "Enterprise CA Administrators", "Description" : "People who are the administrators for the security domain for CA" } ] }
/<app>/v2/admin/groups	POST	None	201	ca, kra, ocsp, tks, tps	application/json	A json of a single group with GroupID and Description
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"GroupID": "NewGroup", "Description":"This is a new group"}' \ https://$HOSTNAME:8443/ca/v2/admin/groups { "id" : "NewGroup", "GroupID" : "NewGroup", "Description" : "This is a new group" }
/<app>/v2/admin/groups/{id}	GET	None	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup { "id" : "NewGroup", "GroupID" : "NewGroup", "Description" : "This is a new group" }
/<app>/v2/admin/groups/{id}	PATCH	None	200	ca, kra, ocsp, tks, tps	application/json	A group json with only the information to update
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"Description":"This is the new group"}' \ -X PATCH https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup { "id" : "NewGroup", "GroupID" : "NewGroup", "Description" : "This is the new group" }
/<app>/v2/admin/groups/{id}	DELETE	None	204	ca, kra, ocsp, tks, tps
Example $ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup
/<app>/v2/admin/groups/{id}/members	GET	start, size, filter	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/admin/groups/Administrators/members { "total" : 1, "entries" : [ { "id" : "caadmin", "groupID" : "Administrators" } ] }
/<app>/v2/admin/groups/{id}/members	POST	None	201	ca, kra, ocsp, tks, tps	application/json	A json with id of the new member
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"id": "caadmin"}' \ https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members { "id" : "caadmin", "groupID" : "NewGroup" }
/<app>/v2/admin/groups/{groupId}/members{memberId}	GET	None	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members/caadmin { "id" : "caadmin", "groupID" : "NewGroup" }
/<app>/v2/admin/groups/{groupId}/members{memberId}	DELETE	None	204	ca, kra, ocsp, tks, tps
Example $ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members/caadmin
/<app>/v2/admin/users	GET	start, size, filter	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/admin/users?size=3&filter=Admin" { "total" : 1, "entries" : [ { "id" : "caadmin", "UserID" : "caadmin", "FullName" : "caadmin" } ] }
/<app>/v2/admin/users	POST	None	201	ca, kra, ocsp, tks, tps	application/json	A json for the user with UserID, FullName, Email, password, phone, type and state
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"UserID": "newUser", "FullName":"New User"}' \ https://$HOSTNAME:8443/ca/v2/admin/users { "id" : "newUser", "UserID" : "newUser", "FullName" : "New User" }
/<app>/v2/admin/users/{id}	GET	None	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/admin/users/newUser { "id" : "newUser", "UserID" : "newUser", "FullName" : "New User" }
/<app>/v2/admin/users/{id}	PATCH	None	200	ca, kra, ocsp, tks, tps	application/json	A json with user information to update
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"FullName":"The New User"}' \ -X PATCH https://$HOSTNAME:8443/ca/v2/admin/users/newUser { "id" : "newUser", "UserID" : "newUser", "FullName" : "The New User" }
/<app>/v2/admin/users/{id}	DELETE	None	204	ca, kra, ocsp, tks, tps
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser
/<app>/v2/admin/users/{id}/certs	GET	size, start	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs { "total" : 1, "entries" : [ { "Version" : 2, "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "UID=newUser", "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser" } ] }
/<app>/v2/admin/users/{id}/certs	POST	None	201	ca, kra, ocsp, tks, tps	application/json	Json with certificate in pem format inside Encoded field
Example $ curl --cacert ./ca_signing.crt -b session_cookie --json '{"Encoded":"-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n"}' \ https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs { "Version" : 2, "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "UID=newUser", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n", "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser" }
/<app>/v2/admin/users/{userId}/certs/{certId}	GET	None	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs/2%3B219636095195869852359558645775241978227%3BCN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE%3BUID%3DnewUser { "Version" : 2, "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "UID=newUser", "PrettyPrint" : " Certificate: \n Data: \n Version: v3\n Serial Number: 0xA53C5F8E01BAB930295A1C56134E2173\n Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Issuer: CN=CA Signing Certificate, OU=pki-tomcat, O=EXAMPLE\n Validity: \n Not Before: Wednesday, October 30, 2024, 9:40:40?AM Coordinated Universal Time Etc/UTC\n Not After: Monday, April 28, 2025, 9:40:40?AM Coordinated Universal Time Etc/UTC\n Subject: UID=newUser\n Subject Public Key Info: \n Algorithm: RSA - 1.2.840.113549.1.1.1\n Public Key: \n Exponent: 65537\n Public Key Modulus: (2048 bits) :\n BE:79:34:02:6D:DA:45:97:AF:74:FA:8B:B4:38:78:1A:\n 4B:A4:67:CF:52:AC:20:58:AB:3F:F2:5B:22:03:74:49:\n D3:1E:D2:54:77:22:70:6F:08:0B:90:AC:FD:1A:C1:37:\n 67:00:35:A8:B8:10:F0:2F:1E:3A:65:12:F0:33:46:9B:\n BF:98:4E:3C:0F:78:2F:87:9D:7C:5A:86:C8:AF:A8:37:\n AE:CA:B7:3A:9F:36:DA:C8:28:F8:05:69:3E:5C:CC:AA:\n 8B:CC:CF:8B:CE:04:5D:0E:5E:0B:7F:AA:0B:1E:59:12:\n 0C:96:F1:A9:E3:B6:34:97:FF:4F:72:2C:5C:56:44:2A:\n 21:1E:AE:CA:47:70:A9:E8:B2:65:3B:EE:F5:6C:7F:C5:\n 04:57:E8:E2:FF:A6:03:95:B0:8E:A7:59:F8:63:3D:6B:\n B3:65:AB:2B:EB:98:67:14:07:ED:AA:EC:B9:AE:0A:32:\n 82:A8:66:11:72:22:17:B3:2E:A9:60:B8:54:9F:17:DB:\n B7:0C:4B:67:19:86:CD:E8:DA:C2:B7:22:AA:D8:F8:D1:\n 4D:CD:99:D9:24:0C:9F:A7:8B:20:FB:0B:BE:70:E5:37:\n E1:99:9C:26:0D:2A:47:B3:BE:80:9A:03:C4:2C:1A:52:\n 92:2C:84:C1:DC:B2:6A:22:F9:DC:E8:CC:43:9B:83:FF\n Extensions: \n Identifier: Authority Key Identifier - 2.5.29.35\n Critical: no \n Key Identifier: \n A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\n C4:00:E1:25\n Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1\n Critical: no \n Access Description: \n Method #0: ocsp\n Location #0: URIName: http://pki.example.com:8080/ca/ocsp\n Identifier: Key Usage: - 2.5.29.15\n Critical: yes \n Key Usage: \n Digital Signature \n Non Repudiation \n Key Encipherment \n Identifier: Extended Key Usage: - 2.5.29.37\n Critical: no \n Extended Key Usage: \n clientAuth - 1.3.6.1.5.5.7.3.2\n emailProtection - 1.3.6.1.5.5.7.3.4\n Signature: \n Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Signature: \n 01:01:D9:79:88:6B:4D:81:68:7E:61:A5:3A:8A:F0:B3:\n 33:1D:9A:74:88:4F:00:E3:42:37:EE:F0:AD:52:87:98:\n 1E:24:E8:EB:62:8B:3B:3C:86:B7:B8:26:13:9D:E3:7F:\n 7B:F7:FF:B3:D7:D3:66:83:EB:13:27:10:2F:7A:C7:8E:\n 08:EE:42:B0:1A:91:0E:3C:C3:C2:B4:2C:A9:95:52:66:\n 95:73:04:BE:0C:2B:5C:80:7A:C1:33:DE:B9:61:5B:8F:\n 1B:0D:2F:C4:62:FE:02:12:43:7C:7E:3D:AD:B5:FF:D8:\n B0:2A:71:43:24:03:F5:5C:DA:80:D0:CD:BF:44:B3:A8:\n 76:D1:F1:29:68:15:6F:E5:E8:40:6D:65:94:E8:43:A4:\n 04:B3:75:FF:5D:95:29:8D:9E:40:54:93:6D:D9:8F:2E:\n 71:87:CD:C6:97:EC:D9:A0:97:EB:BC:8D:5C:EE:CA:C7:\n 53:62:98:07:09:0E:ED:A2:77:C4:EC:D3:50:4C:74:2D:\n F2:9E:B7:7C:10:DA:0C:C5:30:06:57:C8:0E:1D:CE:9A:\n 47:9F:02:87:D7:A6:F1:7B:63:55:FB:B3:2E:F0:7D:E4:\n AA:49:76:0F:0D:C6:38:03:77:7E:AF:B6:37:A9:FC:AE:\n A9:87:3D:FD:7C:FE:5F:38:53:BC:44:1F:8D:DF:E0:16:\n 26:63:07:6D:EE:D9:EB:75:02:11:83:E9:D9:90:22:15:\n 16:39:6F:8E:C8:3C:77:11:D0:7E:38:03:C5:A6:04:CA:\n F9:57:5A:52:BE:FA:CF:31:05:5D:A6:42:1A:79:14:86:\n C9:10:BA:38:3D:E3:DE:56:0A:CF:9E:40:B5:B3:9D:3C:\n B7:66:EC:FE:B2:CC:79:8E:06:CB:37:8E:91:8C:17:0A:\n 95:5C:86:48:4B:6E:0B:AB:91:C2:EC:06:6E:D4:1C:A7:\n B9:01:18:D7:87:B0:70:59:79:0E:5F:CD:47:65:B3:80:\n 7E:45:91:D9:58:FD:CE:4A:AA:5D:10:92:AA:F3:F8:21\n FingerPrint\n MD2:\n 08:B7:40:5F:0F:75:9B:7D:CE:6A:E6:02:04:0E:42:CE\n MD5:\n 70:FA:86:85:09:4C:A7:AC:C2:7E:16:12:FE:1C:23:6F\n SHA-1:\n CC:01:B7:F5:26:13:47:D9:A5:2C:05:6B:E0:94:16:7E:\n 62:CD:AB:4D\n SHA-256:\n 1A:00:A6:05:FB:14:33:B4:32:71:73:54:06:DA:52:BB:\n C9:3E:BA:24:CA:C2:4D:B2:9B:7F:A5:F7:F8:55:C0:45\n SHA-512:\n D6:C2:13:5B:5C:06:15:90:E9:78:73:C7:0C:EE:70:19:\n 31:79:1F:AB:43:57:B7:97:C8:D7:00:CA:F3:4A:DD:1B:\n 03:BE:50:10:A8:F6:4A:A0:F3:2E:28:AD:7B:7C:1F:E5:\n 70:ED:22:8E:21:DD:D9:E0:8A:7E:4C:47:D3:56:C5:49\n", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n", "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser" }
/<app>/v2/admin/users/{userId}/certs/{certId}	DELETE	None	204	ca, kra, ocsp, tks, tps
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs/2%3B219636095195869852359558645775241978227%3BCN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE%3BUID%3DnewUser
/<app>/v2/admin/users/{id}/membership	GET	size, start, filter	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership { "total" : 1, "entries" : [ { "id" : "Auditors", "userID" : "newUser" } ] }
/<app>/v2/admin/users/{id}/membership	POST	None	201	ca, kra, ocsp, tks, tps	in application/x-www-form-urlencoded, out application/json	The group name to add the user
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --data 'Auditors' \ https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership { "id" : "Auditors", "userID" : "newUser" }
/<app>/v2/admin/users/{userId}/membership/{groupId}	DELETE	None	204	ca, kra, ocsp, tks, tps
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership/Auditors
/<app>/v2/audit	GET	None	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/audit { "bufferSize" : 512, "Status" : "Enabled", "Signed" : false, "Interval" : 5, "Events" : { "ACCESS_SESSION_ESTABLISH" : "enabled", "ACCESS_SESSION_TERMINATED" : "enabled", "ASYMKEY_GENERATION_REQUEST" : "disabled", "ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled", "AUDIT_LOG_DELETE" : "disabled", "AUDIT_LOG_SHUTDOWN" : "disabled", "AUDIT_LOG_SIGNING" : "enabled", "AUDIT_LOG_STARTUP" : "enabled", "AUTH" : "enabled", "AUTHORITY_CONFIG" : "enabled", "AUTHZ" : "enabled", "CERT_PROFILE_APPROVAL" : "enabled", "CERT_REQUEST_PROCESSED" : "enabled", "CERT_SIGNING_INFO" : "enabled", "CERT_STATUS_CHANGE_REQUEST" : "enabled", "CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "enabled", "CIMC_CERT_VERIFICATION" : "disabled", "CLIENT_ACCESS_SESSION_ESTABLISH" : "enabled", "CLIENT_ACCESS_SESSION_TERMINATED" : "enabled", "CMC_ID_POP_LINK_WITNESS" : "disabled", "CMC_PROOF_OF_IDENTIFICATION" : "disabled", "CMC_REQUEST_RECEIVED" : "enabled", "CMC_RESPONSE_SENT" : "enabled", "CMC_SIGNED_REQUEST_SIG_VERIFY" : "enabled", "CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "enabled", "COMPUTE_RANDOM_DATA_REQUEST" : "disabled", "COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled", "COMPUTE_SESSION_KEY_REQUEST" : "disabled", "COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled", "CONFIG_ACL" : "enabled", "CONFIG_AUTH" : "enabled", "CONFIG_CERT_POLICY" : "disabled", "CONFIG_CERT_PROFILE" : "enabled", "CONFIG_CRL_PROFILE" : "enabled", "CONFIG_DRM" : "disabled", "CONFIG_ENCRYPTION" : "enabled", "CONFIG_OCSP_PROFILE" : "disabled", "CONFIG_ROLE" : "enabled", "CONFIG_SERIAL_NUMBER" : "enabled", "CONFIG_SIGNED_AUDIT" : "enabled", "CONFIG_TOKEN_AUTHENTICATOR" : "disabled", "CONFIG_TOKEN_CONNECTOR" : "disabled", "CONFIG_TOKEN_GENERAL" : "disabled", "CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled", "CONFIG_TOKEN_PROFILE" : "disabled", "CONFIG_TOKEN_RECORD" : "disabled", "CONFIG_TRUSTED_PUBLIC_KEY" : "enabled", "CRL_RETRIEVAL" : "disabled", "CRL_SIGNING_INFO" : "enabled", "CRL_VALIDATION" : "disabled", "DELTA_CRL_GENERATION" : "enabled", "DELTA_CRL_PUBLISHING" : "disabled", "DIVERSIFY_KEY_REQUEST" : "disabled", "DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled", "ENCRYPT_DATA_REQUEST" : "disabled", "ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled", "FULL_CRL_GENERATION" : "enabled", "FULL_CRL_PUBLISHING" : "disabled", "INTER_BOUNDARY" : "disabled", "KEY_GEN_ASYMMETRIC" : "enabled", "KEY_RECOVERY_AGENT_LOGIN" : "disabled", "KEY_RECOVERY_REQUEST" : "disabled", "KEY_STATUS_CHANGE" : "disabled", "LOG_PATH_CHANGE" : "enabled", "NON_PROFILE_CERT_REQUEST" : "disabled", "OCSP_ADD_CA_REQUEST" : "disabled", "OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled", "OCSP_GENERATION" : "enabled", "OCSP_REMOVE_CA_REQUEST" : "disabled", "OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled", "OCSP_SIGNING_INFO" : "enabled", "PROFILE_CERT_REQUEST" : "enabled", "PROOF_OF_POSSESSION" : "enabled", "RANDOM_GENERATION" : "enabled", "ROLE_ASSUME" : "enabled", "SCHEDULE_CRL_GENERATION" : "enabled", "SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled", "SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled", "SECURITY_DATA_EXPORT_KEY" : "disabled", "SECURITY_DATA_INFO" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled", "SECURITY_DOMAIN_UPDATE" : "enabled", "SELFTESTS_EXECUTION" : "enabled", "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled", "SERVER_SIDE_KEYGEN_REQUEST" : "enabled", "SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "enabled", "SYMKEY_GENERATION_REQUEST" : "disabled", "SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled", "TOKEN_APPLET_UPGRADE" : "disabled", "TOKEN_AUTH" : "disabled", "TOKEN_CERT_ENROLLMENT" : "disabled", "TOKEN_CERT_RENEWAL" : "disabled", "TOKEN_CERT_RETRIEVAL" : "disabled", "TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled", "TOKEN_FORMAT" : "disabled", "TOKEN_KEY_CHANGEOVER" : "disabled", "TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled", "TOKEN_KEY_RECOVERY" : "disabled", "TOKEN_KEY_SANITY_CHECK" : "disabled", "TOKEN_OP_REQUEST" : "disabled", "TOKEN_PIN_RESET" : "disabled", "TOKEN_STATE_CHANGE" : "disabled" } }
/<app>/v2/audit	PATCH	None	200	ca, kra, ocsp, tks, tps	application/json	A json with same format returned by GET operation. The list in Events has to match but avalues can be different
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json @audit.json -X PATCH \ https://$HOSTNAME:8443/ca/v2/audit { "bufferSize" : 512, "Status" : "Enabled", "Signed" : false, "Interval" : 100, "Events" : { "ACCESS_SESSION_ESTABLISH" : "enabled", "ACCESS_SESSION_TERMINATED" : "disabled", "ASYMKEY_GENERATION_REQUEST" : "disabled", "ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled", "AUDIT_LOG_DELETE" : "disabled", "AUDIT_LOG_SHUTDOWN" : "disabled", "AUDIT_LOG_STARTUP" : "disabled", "AUTH" : "disabled", "AUTHORITY_CONFIG" : "disabled", "AUTHZ" : "disabled", "CERT_PROFILE_APPROVAL" : "disabled", "CERT_REQUEST_PROCESSED" : "disabled", "CERT_SIGNING_INFO" : "disabled", "CERT_STATUS_CHANGE_REQUEST" : "disabled", "CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "disabled", "CIMC_CERT_VERIFICATION" : "disabled", "CLIENT_ACCESS_SESSION_ESTABLISH" : "disabled", "CLIENT_ACCESS_SESSION_TERMINATED" : "disabled", "CMC_ID_POP_LINK_WITNESS" : "disabled", "CMC_PROOF_OF_IDENTIFICATION" : "disabled", "CMC_REQUEST_RECEIVED" : "disabled", "CMC_RESPONSE_SENT" : "disabled", "CMC_SIGNED_REQUEST_SIG_VERIFY" : "disabled", "CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "disabled", "COMPUTE_RANDOM_DATA_REQUEST" : "disabled", "COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled", "COMPUTE_SESSION_KEY_REQUEST" : "disabled", "COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled", "CONFIG_ACL" : "disabled", "CONFIG_AUTH" : "disabled", "CONFIG_CERT_POLICY" : "disabled", "CONFIG_CERT_PROFILE" : "disabled", "CONFIG_CRL_PROFILE" : "disabled", "CONFIG_DRM" : "disabled", "CONFIG_ENCRYPTION" : "disabled", "CONFIG_OCSP_PROFILE" : "disabled", "CONFIG_ROLE" : "disabled", "CONFIG_SERIAL_NUMBER" : "disabled", "CONFIG_SIGNED_AUDIT" : "disabled", "CONFIG_TOKEN_AUTHENTICATOR" : "disabled", "CONFIG_TOKEN_CONNECTOR" : "disabled", "CONFIG_TOKEN_GENERAL" : "disabled", "CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled", "CONFIG_TOKEN_PROFILE" : "disabled", "CONFIG_TOKEN_RECORD" : "disabled", "CONFIG_TRUSTED_PUBLIC_KEY" : "disabled", "CRL_RETRIEVAL" : "disabled", "CRL_SIGNING_INFO" : "disabled", "CRL_VALIDATION" : "disabled", "DELTA_CRL_GENERATION" : "disabled", "DELTA_CRL_PUBLISHING" : "disabled", "DIVERSIFY_KEY_REQUEST" : "disabled", "DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled", "ENCRYPT_DATA_REQUEST" : "disabled", "ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled", "FULL_CRL_GENERATION" : "disabled", "FULL_CRL_PUBLISHING" : "disabled", "INTER_BOUNDARY" : "disabled", "KEY_GEN_ASYMMETRIC" : "disabled", "KEY_RECOVERY_AGENT_LOGIN" : "disabled", "KEY_RECOVERY_REQUEST" : "disabled", "KEY_STATUS_CHANGE" : "disabled", "LOG_PATH_CHANGE" : "disabled", "NON_PROFILE_CERT_REQUEST" : "disabled", "OCSP_ADD_CA_REQUEST" : "disabled", "OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled", "OCSP_GENERATION" : "disabled", "OCSP_REMOVE_CA_REQUEST" : "disabled", "OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled", "OCSP_SIGNING_INFO" : "disabled", "PROFILE_CERT_REQUEST" : "disabled", "PROOF_OF_POSSESSION" : "disabled", "RANDOM_GENERATION" : "disabled", "ROLE_ASSUME" : "disabled", "SCHEDULE_CRL_GENERATION" : "disabled", "SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled", "SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled", "SECURITY_DATA_EXPORT_KEY" : "disabled", "SECURITY_DATA_INFO" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled", "SECURITY_DOMAIN_UPDATE" : "disabled", "SELFTESTS_EXECUTION" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled", "SERVER_SIDE_KEYGEN_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "disabled", "SYMKEY_GENERATION_REQUEST" : "disabled", "SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled", "TOKEN_APPLET_UPGRADE" : "disabled", "TOKEN_AUTH" : "disabled", "TOKEN_CERT_ENROLLMENT" : "disabled", "TOKEN_CERT_RENEWAL" : "disabled", "TOKEN_CERT_RETRIEVAL" : "disabled", "TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled", "TOKEN_FORMAT" : "disabled", "TOKEN_KEY_CHANGEOVER" : "disabled", "TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled", "TOKEN_KEY_RECOVERY" : "disabled", "TOKEN_KEY_SANITY_CHECK" : "disabled", "TOKEN_OP_REQUEST" : "disabled", "TOKEN_PIN_RESET" : "disabled", "TOKEN_STATE_CHANGE" : "disabled" } }
/<app>/v2/audit	POST	action (enable/disable)	200	ca, kra, ocsp, tks, tps	application/json	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST "https://$HOSTNAME:8443/ca/v2/audit?action=enable" { "bufferSize" : 512, "Status" : "Enabled", "Signed" : false, "Interval" : 100, "Events" : { "ACCESS_SESSION_ESTABLISH" : "enabled", "ACCESS_SESSION_TERMINATED" : "disabled", "ASYMKEY_GENERATION_REQUEST" : "disabled", "ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled", "AUDIT_LOG_DELETE" : "disabled", "AUDIT_LOG_SHUTDOWN" : "disabled", "AUDIT_LOG_STARTUP" : "disabled", "AUTH" : "disabled", "AUTHORITY_CONFIG" : "disabled", "AUTHZ" : "disabled", "CERT_PROFILE_APPROVAL" : "disabled", "CERT_REQUEST_PROCESSED" : "disabled", "CERT_SIGNING_INFO" : "disabled", "CERT_STATUS_CHANGE_REQUEST" : "disabled", "CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "disabled", "CIMC_CERT_VERIFICATION" : "disabled", "CLIENT_ACCESS_SESSION_ESTABLISH" : "disabled", "CLIENT_ACCESS_SESSION_TERMINATED" : "disabled", "CMC_ID_POP_LINK_WITNESS" : "disabled", "CMC_PROOF_OF_IDENTIFICATION" : "disabled", "CMC_REQUEST_RECEIVED" : "disabled", "CMC_RESPONSE_SENT" : "disabled", "CMC_SIGNED_REQUEST_SIG_VERIFY" : "disabled", "CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "disabled", "COMPUTE_RANDOM_DATA_REQUEST" : "disabled", "COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled", "COMPUTE_SESSION_KEY_REQUEST" : "disabled", "COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled", "CONFIG_ACL" : "disabled", "CONFIG_AUTH" : "disabled", "CONFIG_CERT_POLICY" : "disabled", "CONFIG_CERT_PROFILE" : "disabled", "CONFIG_CRL_PROFILE" : "disabled", "CONFIG_DRM" : "disabled", "CONFIG_ENCRYPTION" : "disabled", "CONFIG_OCSP_PROFILE" : "disabled", "CONFIG_ROLE" : "disabled", "CONFIG_SERIAL_NUMBER" : "disabled", "CONFIG_SIGNED_AUDIT" : "disabled", "CONFIG_TOKEN_AUTHENTICATOR" : "disabled", "CONFIG_TOKEN_CONNECTOR" : "disabled", "CONFIG_TOKEN_GENERAL" : "disabled", "CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled", "CONFIG_TOKEN_PROFILE" : "disabled", "CONFIG_TOKEN_RECORD" : "disabled", "CONFIG_TRUSTED_PUBLIC_KEY" : "disabled", "CRL_RETRIEVAL" : "disabled", "CRL_SIGNING_INFO" : "disabled", "CRL_VALIDATION" : "disabled", "DELTA_CRL_GENERATION" : "disabled", "DELTA_CRL_PUBLISHING" : "disabled", "DIVERSIFY_KEY_REQUEST" : "disabled", "DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled", "ENCRYPT_DATA_REQUEST" : "disabled", "ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled", "FULL_CRL_GENERATION" : "disabled", "FULL_CRL_PUBLISHING" : "disabled", "INTER_BOUNDARY" : "disabled", "KEY_GEN_ASYMMETRIC" : "disabled", "KEY_RECOVERY_AGENT_LOGIN" : "disabled", "KEY_RECOVERY_REQUEST" : "disabled", "KEY_STATUS_CHANGE" : "disabled", "LOG_PATH_CHANGE" : "disabled", "NON_PROFILE_CERT_REQUEST" : "disabled", "OCSP_ADD_CA_REQUEST" : "disabled", "OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled", "OCSP_GENERATION" : "disabled", "OCSP_REMOVE_CA_REQUEST" : "disabled", "OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled", "OCSP_SIGNING_INFO" : "disabled", "PROFILE_CERT_REQUEST" : "disabled", "PROOF_OF_POSSESSION" : "disabled", "RANDOM_GENERATION" : "disabled", "ROLE_ASSUME" : "disabled", "SCHEDULE_CRL_GENERATION" : "disabled", "SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled", "SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled", "SECURITY_DATA_EXPORT_KEY" : "disabled", "SECURITY_DATA_INFO" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled", "SECURITY_DOMAIN_UPDATE" : "disabled", "SELFTESTS_EXECUTION" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled", "SERVER_SIDE_KEYGEN_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "disabled", "SYMKEY_GENERATION_REQUEST" : "disabled", "SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled", "TOKEN_APPLET_UPGRADE" : "disabled", "TOKEN_AUTH" : "disabled", "TOKEN_CERT_ENROLLMENT" : "disabled", "TOKEN_CERT_RENEWAL" : "disabled", "TOKEN_CERT_RETRIEVAL" : "disabled", "TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled", "TOKEN_FORMAT" : "disabled", "TOKEN_KEY_CHANGEOVER" : "disabled", "TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled", "TOKEN_KEY_RECOVERY" : "disabled", "TOKEN_KEY_SANITY_CHECK" : "disabled", "TOKEN_OP_REQUEST" : "disabled", "TOKEN_PIN_RESET" : "disabled", "TOKEN_STATE_CHANGE" : "disabled" } }
/<app>/v2/audit/files	GET	None	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/audit/files { "total" : 1, "entries" : [ { "name" : "ca_audit", "size" : 77606 } ] }
/<app>/v2/audit/files/{id}	GET	None	200	ca, kra, ocsp, tks, tps	application/octet-stream
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/audit/files/ca_audit 0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=CERT_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:C4:00:E1:25] certificate signing info 0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=CRL_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:C4:00:E1:25] CRL signing info 0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=OCSP_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=AB:AF:55:C8:C0:97:C8:B6:AA:47:0D:D0:66:C6:15:E1:B1:EF:EF:77] OCSP signing info 0.main - [29/Oct/2024:11:09:29 UTC] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Success] self tests execution (see selftests.log for details) 0.https-jsse-jss-nio-8443-exec-1 - [29/Oct/2024:11:09:31 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success 0.https-jsse-jss-nio-8443-exec-2 - [29/Oct/2024:11:09:31 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated 0.https-jsse-jss-nio-8443-exec-3 - [29/Oct/2024:11:09:32 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success 0.https-jsse-jss-nio-8443-exec-3 - [29/Oct/2024:11:09:32 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated 0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success 0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertReceived: CLOSE_NOTIFY] access session terminated 0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated 0.https-jsse-jss-nio-8443-exec-5 - [29/Oct/2024:11:45:53 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Failure][Info=serverAlertSent: UNEXPECTED_MESSAGE] access session establish failure 0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success 0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertReceived: CLOSE_NOTIFY] access session terminated 0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
/<app>/v2/config/features	GET	None	200	ca
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/config/features [{"id":"authority","description":"Lightweight CAs","version":"1.0","enabled":true}]
/<app>/v2/config/features/{id}	GET	None	200	ca	application/json
Example $ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/config/features/authority { "id" : "authority", "description" : "Lightweight CAs", "version" : "1.0", "enabled" : true }
/<app>/v2/jobs	GET	None	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/jobs { "entries" : [ { "id" : "certRenewalNotifier", "enabled" : false, "cron" : "0 3 * * 1-5", "pluginName" : "RenewalNotificationJob", "parameters" : { } }, { "id" : "pruning", "enabled" : false, "pluginName" : "PruningJob", "parameters" : { } }, { "id" : "publishCerts", "enabled" : false, "cron" : "0 0 * * 2", "pluginName" : "PublishCertsJob", "parameters" : { } }, { "id" : "requestInQueueNotifier", "enabled" : false, "cron" : "0 0 * * 0", "pluginName" : "RequestInQueueJob", "parameters" : { } }, { "id" : "serialNumberUpdate", "enabled" : false, "pluginName" : "SerialNumberUpdateJob", "parameters" : { } }, { "id" : "unpublishExpiredCerts", "enabled" : false, "cron" : "0 0 * * 6", "pluginName" : "UnpublishExpiredJob", "parameters" : { } } ] }
/<app>/v2/jobs/{id}	GET	None	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/jobs/serialNumberUpdate { "id" : "serialNumberUpdate", "enabled" : false, "pluginName" : "SerialNumberUpdateJob", "parameters" : { } }
/<app>/v2/jobs/{id}/start	POST	None	200	ca, kra, ocsp, tks, tps	No output	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/jobs/serialNumberUpdate/start
/<app>/v2/securityDomain/domainInfo	GET	None	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/securityDomain/domainInfo { "subsystemArray" : [ { "hosts" : { "CA pki.example.com 8443" : { "id" : "CA pki.example.com 8443", "Hostname" : "pki.example.com", "Port" : "8080", "SecurePort" : "8443", "SecureEEClientAuthPort" : "8443", "SecureAgentPort" : "8443", "SecureAdminPort" : "8443", "Clone" : "FALSE", "SubsystemName" : "CA pki.example.com 8443", "DomainManager" : "TRUE" } }, "hostArray" : [ { "id" : "CA pki.example.com 8443", "Hostname" : "pki.example.com", "Port" : "8080", "SecurePort" : "8443", "SecureEEClientAuthPort" : "8443", "SecureAgentPort" : "8443", "SecureAdminPort" : "8443", "Clone" : "FALSE", "SubsystemName" : "CA pki.example.com 8443", "DomainManager" : "TRUE" } ], "id" : "CA" } ], "id" : "EXAMPLE", "subsystems" : { "CA" : { "hosts" : { "CA pki.example.com 8443" : { "id" : "CA pki.example.com 8443", "Hostname" : "pki.example.com", "Port" : "8080", "SecurePort" : "8443", "SecureEEClientAuthPort" : "8443", "SecureAgentPort" : "8443", "SecureAdminPort" : "8443", "Clone" : "FALSE", "SubsystemName" : "CA pki.example.com 8443", "DomainManager" : "TRUE" } }, "hostArray" : [ { "id" : "CA pki.example.com 8443", "Hostname" : "pki.example.com", "Port" : "8080", "SecurePort" : "8443", "SecureEEClientAuthPort" : "8443", "SecureAgentPort" : "8443", "SecureAdminPort" : "8443", "Clone" : "FALSE", "SubsystemName" : "CA pki.example.com 8443", "DomainManager" : "TRUE" } ], "id" : "CA" } } }
/<app>/v2/securityDomain/hosts	GET	None	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/securityDomain/hosts [{"id":"CA pki.example.com 8443","Hostname":"pki.example.com","Port":"8080","SecurePort":"8443","SecureEEClientAuthPort":"8443","SecureAgentPort":"8443","SecureAdminPort":"8443","Clone":"FALSE","SubsystemName":"CA pki.example.com 8443","DomainManager":"TRUE"}]
/<app>/v2/securityDomain/hosts	PUT	None	204	ca, kra, ocsp, tks, tps	application/json	Security domain host json with Hostname, Port, SecurePort, SecureEEClientAuthPort, SecureAgentPort, SecureAdminPort, Clone, SubsystemName and DomainManager
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"id":"CA pki2.example.com 8443","Hostname":"pki2.example.com","Port":"8080","SecurePort":"8443","SecureEEClientAuthPort":"8443","SecureAgentPort":"8443","SecureAdminPort":"8443","Clone":"TRUE","SubsystemName":"CA pki2.example.com 8443","DomainManager":"FALSE"}' \ -X PUT https://$HOSTNAME:8443/ca/v2/securityDomain/hosts
/<app>/v2/securityDomain/hosts/{ID}	GET	None	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/securityDomain/hosts/CA%20pki.example.com%208443 { "id" : "CA pki.example.com 8443", "Hostname" : "pki.example.com", "Port" : "8080", "SecurePort" : "8443", "SecureEEClientAuthPort" : "8443", "SecureAgentPort" : "8443", "SecureAdminPort" : "8443", "Clone" : "FALSE", "SubsystemName" : "CA pki.example.com 8443", "DomainManager" : "TRUE" }
/<app>/v2/securityDomain/hosts/{ID}	DELETE	None	204	ca, kra, ocsp, tks, tps
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X DELETE https://$HOSTNAME:8443/ca/v2/securityDomain/hosts/CA%20pki.example.com%208443
/<app>/v2/securityDomain/installToken	GET	hostname, subsystem	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ "https://$HOSTNAME:8443/ca/v2/securityDomain/installToken?hostname=pki.example.com&subsystem=CA" { "token" : "4984326538499940852" }
/<app>/v2/selftests	GET	start, size, filter	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ "https://$HOSTNAME:8443/ca/v2/selftests?start=2" { "total" : 3, "entries" : [ { "id" : "SystemCertsVerification", "enabledAtStartup" : true, "criticalAtStartup" : true, "enabledOnDemand" : true, "criticalOnDemand" : true } ] }
/<app>/v2/selftests	POST	action (run)	204	ca, kra, ocsp, tks, tps	No output	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST "https://$HOSTNAME:8443/ca/v2/selftests?action=run"
/<app>/v2/selftests/{id}	GET	None	200	ca, kra, ocsp, tks, tps	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/selftests/CAValidity { "id" : "CAValidity", "enabledAtStartup" : false, "enabledOnDemand" : true, "criticalOnDemand" : true }
/<app>/v2/selftests/run	POST	None	200	ca, kra, ocsp, tks, tps	application/json	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST https://$HOSTNAME:8443/ca/v2/selftests/run { "entries" : [ { "id" : "CAPresence", "status" : "PASSED" }, { "id" : "SystemCertsVerification", "status" : "PASSED" }, { "id" : "CAValidity", "status" : "PASSED" } ] }
/<app>/v2/selftests/{id}/run	POST	None	200	ca, kra, ocsp, tks, tps	application/json	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST https://$HOSTNAME:8443/ca/v2/selftests/CAPresence/run { "id" : "CAPresence", "status" : "PASSED" }

CA endpoints

• CA REST API v2

Path	Method	Parameters	Return code	Mime	Input
/ca/v2/admin/kraconnector	GET	None	200	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/admin/kraconnector { "host" : "pki.example.com", "port" : "8443", "transportCert" : "MIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==", "uri" : "/kra/agent/kra/connector", "timeout" : "30", "local" : "false", "enable" : "true" }
/ca/v2/admin/kraconnector/add	POST	None	204	application/json	KRA connector configuration in json with host, port, transportCert (the base64), transportCertNickname, subsystemCert, uri, timeout, local and enable
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"host":"pki.example.com","port":"8443","transportCert":"MIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==","uri":"/kra/agent/kra/connector","timeout":"30","local":"false","enable":"true"}' https://$HOSTNAME:8443/ca/v2/admin/kraconnector/add
/ca/v2/admin/kraconnector/addHost	POST	host, port	204	No output	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST "https://$HOSTNAME:8443/ca/v2/admin/kraconnector/addHost?host=pki2.example.com&port=8443"
/ca/v2/admin/kraconnector/remove	POST	host, port	204	No output	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST "https://$HOSTNAME:8443/ca/v2/admin/kraconnector/remove?host=pki.example.com&port=8443"
/ca/v2/agent/certrequests	GET	pageSize, start, maxTime	200	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ "https://$HOSTNAME:8443/ca/v2/agent/certrequests?pageSize=2" { "total" : 7, "entries" : [ { "requestID" : "0x58e47a524bff8fbc512465759b63f424", "requestType" : "enrollment", "requestStatus" : "complete", "creationTime" : 1730200079000, "modificationTime" : 1730200084000, "certId" : "0x86614664f6379c1c2d0a39d1e47d3fd0", "certRequestType" : "pkcs10", "operationResult" : "success" }, { "requestID" : "0x5f2533c00bb8934584decbf1aa9ab987", "requestType" : "enrollment", "requestStatus" : "complete", "creationTime" : 1730200087000, "modificationTime" : 1730200093000, "certId" : "0xf84f45cd025332f2b06d1ec58136be89", "certRequestType" : "pkcs10", "operationResult" : "success" } ] }
/ca/v2/agent/certrequests/{id}	GET	None	200	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/agent/certrequests/0x5f2533c00bb8934584decbf1aa9ab987 { "nonce" : "-8579840105031817822", "requestId" : "0x5f2533c00bb8934584decbf1aa9ab987", "requestType" : "enrollment", "requestStatus" : "complete", "requestOwner" : "", "requestCreationTime" : "Tue Oct 29 11:08:07 UTC 2024", "requestModificationTime" : "Tue Oct 29 11:08:13 UTC 2024", "requestNotes" : "", "profileApprovedBy" : "system", "profileSetId" : "ocspCertSet", "profileIsVisible" : "true", "profileName" : "Manual OCSP Manager Signing Certificate Enrollment", "profileDescription" : "This certificate profile is for enrolling OCSP Manager certificates.", "ProfileID" : "caOCSPCert", "Renewal" : false, "Input" : [ { "ClassID" : "CertReqInput", "Name" : "Certificate Request Input", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Value" : "pkcs10" }, { "name" : "cert_request", "Value" : "-----BEGIN CERTIFICATE REQUEST-----\nMIIDkjCCAfoCAQAwTTEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEkMCIG\nA1UEAwwbQ0EgT0NTUCBTaWduaW5nIENlcnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A\nMIIBigKCAYEAsaCn1oUxVloC5G+Adi8rF40WEk10IL7NUEw9Bm6+704T7pKut9BDOH/8sCU+/bcw\nAHNKUpqKbpS55N7V0xYntfyiD8RxGVY4BxPWMPuhLcb5zRZXybKIvV2KpgOqQmS5+Sx0HrEyA6Xo\nFyB5E7fE/mqheA7V1RyL047m1T0ER/tkHWYldj0aLlYQKv8dmfzW52PRYF08ByVWzTXcByFyO3Tg\nwjN84ksKAfihBiALj92jgbxyOHD/utEFtz8XpjlqLMl7MVYhpeu/p5DbCTPk55OcKwQF6MbLMExl\nSrvF6JBKHLfLdbFY3OwbryP+f1Dc9UlFoDELZjlp+Z2klwlxympqTpsXztMzAQUfRqu5GjcL7v9s\nLmNahVoKfWuZWQEC5FUHyJk3DT/v0jax30QHq3CqoYUWZs/rolfpzInvqSMmDmxHz/nIdEwpmhvt\nAijuwG+Qm1PA4eHy2l3OhIGYWvYgA5oEq/BLZgvi3SOhNR3ctz98rlEI2j3MWy9dYBDhAgMBAAGg\nADANBgkqhkiG9w0BAQsFAAOCAYEAputw+T001caAwVTyZttOf5hmmiHnwqw1BFfoVA1Sy2W9xRrU\nTvCF2/eiSiRbLfsgpikgtOpRuON+m1SiYK/W3v+SkU1d9ewNQo1u2oNh1sjpzZjkLvfEvx4jjiDQ\nmA6GhhMzUiMvWPM9+d97c+1euF8mYvnyGJclutf2OVAhHdii8g5arR+gRGQHWXfziDkm3bFtgO0O\nMazHzehow81cArN27HfPzi2hPb447vekWdrDfW4O1VWp25hxTjef5LYQd8aKTIwYah+zaAqyZG6D\n7xYRxkOhb9d37nFL8qDWAZHyIcAZrkZ72APEqtMLaOewjzVrdbj/J5yncByk8SpW2E/XGy9NlDgi\nmuhMj8PuZXEItvaSpUG+o75b/o0i/CO+t+MgIQhE6dtZkEhRUpbuUN/+kILD++i4N1WB/owcOSuW\nSWER5L0gjpw8+UES4tV3qaS3zUSCZroyoUU430goxeHdk58CAoWrs9vqDdM/NkvjXrQJUmMmAL9f\nkpVhlMfw\n-----END CERTIFICATE REQUEST-----" } ] }, { "ClassID" : "SubmitterInfoInput", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ ] } ], "Output" : [ ], "ProfilePolicySet" : [ { "policies" : [ { "id" : "1", "def" : { "name" : "Subject Name Default", "text" : "This default populates a User-Supplied Certificate Subject Name to the request.", "attributes" : [ { "name" : "name", "Value" : "CN=CA OCSP Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Descriptor" : { "Syntax" : "string", "Description" : "Subject Name" } } ], "params" : [ ] }, "constraint" : { "name" : "Subject Name Constraint", "text" : "This constraint accepts the subject name that matches CN=.*", "classId" : "SubjectNameConstraint", "constraints" : [ { "name" : "pattern", "descriptor" : { "Syntax" : "string", "Description" : "Subject Name Pattern" }, "value" : "CN=.*" } ] } }, { "id" : "2", "def" : { "name" : "Validity Default", "text" : "This default populates a Certificate Validity to the request. The default values are Range=720 in days", "attributes" : [ { "name" : "notBefore", "Value" : "2024-10-29 11:08:09", "Descriptor" : { "Syntax" : "string", "Description" : "Not Before" } }, { "name" : "notAfter", "Value" : "2026-10-19 11:08:09", "Descriptor" : { "Syntax" : "string", "Description" : "Not After" } } ], "params" : [ ] }, "constraint" : { "name" : "Validity Constraint", "text" : "This constraint rejects the validity that is not between 720 days.", "classId" : "ValidityConstraint", "constraints" : [ { "name" : "range", "descriptor" : { "Syntax" : "integer", "Description" : "Validity Range", "DefaultValue" : "365" }, "value" : "720" }, { "name" : "rangeUnit", "descriptor" : { "Syntax" : "string", "Description" : "Validity Range Unit: year, month, day (default), hour, minute", "DefaultValue" : "day" }, "value" : "" }, { "name" : "notBeforeGracePeriod", "descriptor" : { "Syntax" : "integer", "Description" : "Grace period for Not Before being set in the future (in seconds).", "DefaultValue" : "0" }, "value" : "" }, { "name" : "notBeforeCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not Before against current time", "DefaultValue" : "false" }, "value" : "false" }, { "name" : "notAfterCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not After against Not Before", "DefaultValue" : "false" }, "value" : "false" } ] } }, { "id" : "3", "def" : { "name" : "Key Default", "text" : "This default populates a User-Supplied Certificate Key to the request.", "attributes" : [ { "name" : "TYPE", "Value" : "RSA - 1.2.840.113549.1.1.1", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Type" } }, { "name" : "LEN", "Value" : "3072", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Length" } }, { "name" : "KEY", "Value" : "30:82:01:8A:02:82:01:81:00:B1:A0:A7:D6:85:31:56:\\n5A:02:E4:6F:80:76:2F:2B:17:8D:16:12:4D:74:20:BE:\\nCD:50:4C:3D:06:6E:BE:EF:4E:13:EE:92:AE:B7:D0:43:\\n38:7F:FC:B0:25:3E:FD:B7:30:00:73:4A:52:9A:8A:6E:\\n94:B9:E4:DE:D5:D3:16:27:B5:FC:A2:0F:C4:71:19:56:\\n38:07:13:D6:30:FB:A1:2D:C6:F9:CD:16:57:C9:B2:88:\\nBD:5D:8A:A6:03:AA:42:64:B9:F9:2C:74:1E:B1:32:03:\\nA5:E8:17:20:79:13:B7:C4:FE:6A:A1:78:0E:D5:D5:1C:\\n8B:D3:8E:E6:D5:3D:04:47:FB:64:1D:66:25:76:3D:1A:\\n2E:56:10:2A:FF:1D:99:FC:D6:E7:63:D1:60:5D:3C:07:\\n25:56:CD:35:DC:07:21:72:3B:74:E0:C2:33:7C:E2:4B:\\n0A:01:F8:A1:06:20:0B:8F:DD:A3:81:BC:72:38:70:FF:\\nBA:D1:05:B7:3F:17:A6:39:6A:2C:C9:7B:31:56:21:A5:\\nEB:BF:A7:90:DB:09:33:E4:E7:93:9C:2B:04:05:E8:C6:\\nCB:30:4C:65:4A:BB:C5:E8:90:4A:1C:B7:CB:75:B1:58:\\nDC:EC:1B:AF:23:FE:7F:50:DC:F5:49:45:A0:31:0B:66:\\n39:69:F9:9D:A4:97:09:71:CA:6A:6A:4E:9B:17:CE:D3:\\n33:01:05:1F:46:AB:B9:1A:37:0B:EE:FF:6C:2E:63:5A:\\n85:5A:0A:7D:6B:99:59:01:02:E4:55:07:C8:99:37:0D:\\n3F:EF:D2:36:B1:DF:44:07:AB:70:AA:A1:85:16:66:CF:\\nEB:A2:57:E9:CC:89:EF:A9:23:26:0E:6C:47:CF:F9:C8:\\n74:4C:29:9A:1B:ED:02:28:EE:C0:6F:90:9B:53:C0:E1:\\nE1:F2:DA:5D:CE:84:81:98:5A:F6:20:03:9A:04:AB:F0:\\n4B:66:0B:E2:DD:23:A1:35:1D:DC:B7:3F:7C:AE:51:08:\\nDA:3D:CC:5B:2F:5D:60:10:E1:02:03:01:00:01\\n", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key" } } ], "params" : [ ] }, "constraint" : { "name" : "Key Constraint", "text" : "This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521", "classId" : "KeyConstraint", "constraints" : [ { "name" : "keyType", "descriptor" : { "Syntax" : "choice", "Constraint" : "-,RSA,EC", "Description" : "Key Type", "DefaultValue" : "RSA" }, "value" : "-" }, { "name" : "keyParameters", "descriptor" : { "Syntax" : "string", "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.", "DefaultValue" : "" }, "value" : "1024,2048,3072,4096,nistp256,nistp384,nistp521" } ] } }, { "id" : "4", "def" : { "name" : "Authority Key Identifier Default", "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.", "attributes" : [ { "name" : "critical", "Value" : "false", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Criticality" } }, { "name" : "keyid", "Value" : "A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\\nC4:00:E1:25\\n", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key ID" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "NoConstraint", "constraints" : [ ] } }, { "id" : "5", "def" : { "name" : "AIA Extension Default", "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}", "attributes" : [ { "name" : "authInfoAccessCritical", "Value" : "false", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "authInfoAccessGeneralNames", "Value" : "Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://pki.example.com:8080/ca/ocsp\r\nEnable:true\r\n\r\n", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "NoConstraint", "constraints" : [ ] } }, { "id" : "6", "def" : { "name" : "Extended Key Usage Default", "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.9", "attributes" : [ { "name" : "exKeyUsageCritical", "Value" : "false", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "exKeyUsageOIDs", "Value" : "1.3.6.1.5.5.7.3.9", "Descriptor" : { "Syntax" : "string_list", "Description" : "Comma-Separated list of Object Identifiers" } } ], "params" : [ ] }, "constraint" : { "name" : "Extended Key Usage Extension", "text" : "This constraint accepts the Extended Key Usage extension, if present, only when Criticality=false, OIDs=1.3.6.1.5.5.7.3.9", "classId" : "ExtendedKeyUsageExtConstraint", "constraints" : [ { "name" : "exKeyUsageCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "exKeyUsageOIDs", "descriptor" : { "Syntax" : "string", "Description" : "Comma-Separated list of Object Identifiers" }, "value" : "1.3.6.1.5.5.7.3.9" } ] } }, { "id" : "8", "def" : { "name" : "OCSP No Check Extension", "text" : "This default populates an OCSP No Check Extension (1.3.6.1.5.5.7.48.1.5) to the request. The default values are Criticality=false", "attributes" : [ { "name" : "ocspNoCheckCritical", "Value" : "false", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts the extension only when Criticality=false, OID=1.3.6.1.5.5.7.48.1.5", "classId" : "ExtensionConstraint", "constraints" : [ { "name" : "extCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "extOID", "descriptor" : { "Syntax" : "string", "Description" : "Object Identifier" }, "value" : "1.3.6.1.5.5.7.48.1.5" } ] } }, { "id" : "9", "def" : { "name" : "Signing Alg", "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA", "attributes" : [ { "name" : "signingAlg", "Value" : "SHA256withRSA", "Descriptor" : { "Syntax" : "choice", "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "Description" : "Signing Algorithm" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "classId" : "SigningAlgConstraint", "constraints" : [ { "name" : "signingAlgsAllowed", "descriptor" : { "Syntax" : "string", "Description" : "Allowed Signing Algorithms", "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC" }, "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS" } ] } } ] } ], "Attributes" : { "Attribute" : [ ] } }
/ca/v2/agent/certrequests/{id}/approve /ca/v2/agent/certrequests/{id}/assign /ca/v2/agent/certrequests/{id}/cancel /ca/v2/agent/certrequests/{id}/reject /ca/v2/agent/certrequests/{id}/validate /ca/v2/agent/certrequests/{id}/unassign /ca/v2/agent/certrequests/{id}/update	POST	None	204	No output	Full cert request json obtained from GET operation
Example $ curl --cacert ./ca_signing.crt -b session_cookie --json '{"nonce":"698006587460251198","requestId":"0x563c6ef28a2aa590fb5df963043be30e","requestType":"enrollment","requestStatus":"pending","requestOwner":"","requestCreationTime":"Wed Oct 30 11:09:30 UTC 2024","requestModificationTime":"Wed Oct 30 11:09:30 UTC 2024","requestNotes":"","profileApprovedBy":"admin","profileSetId":"userCertSet","profileIsVisible":"false","profileName":"Manual User Dual-Use Certificate Enrollment","profileDescription":"This certificate profile is for enrolling user certificates.","profileRemoteHost":"172.18.0.3","profileRemoteAddr":"172.18.0.3","ProfileID":"caUserCert","Renewal":false,"Input":[{"ClassID":"KeyGenInput","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Value":"pkcs10"},{"name":"cert_request","Value":"-----BEGIN CERTIFICATE REQUEST-----\nMIICXjCCAUYCAQAwGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUA\r\nA4IBDwAwggEKAoIBAQCfuroXU/H8AxyI3pBKF7mYRoP+yL0Qucqg9fvnJdY7M/E3OIHg+2l5f2UX\r\nL+Q9ESDZ7EMGxmuORPvqwwNuHSKaW/kfurcdTFlQjVuoXwUwy86D/veAp317tDZZmcjU6DgWrx8M\r\nA5c46Ck8KOa5NOetPjpbCufTLaKmPDM6+Rsei+aY5FMksHh6W+a1djuz1yN0COc60/+pzR4MCzMZ\r\n1N8TYKmtfprectaK9Jj0ckkRZ9zAuAwxdNnfSkNIgu8btBX7+/9IqSi+s/TUTo8jDxXWZkEu+Pn+\r\nCVpuYFd2lvij7gCJ2fKuDy5yyh1HFJFFWqQZ+V+snylBeAwHgk3V9dJvAgMBAAGgADANBgkqhkiG\r\n9w0BAQsFAAOCAQEAfYpmNiENJOVycl9DODw3UEmLDEZl5vDplUaK4E47ITz6rbB/vSQzXB/KDDuU\r\nLq/aqfPhhXFDYaQ3BLlgrxYcuojiDMEkEwi6lU1OxPpEWcCrCSMx0NzsQMA3XSWziMwCc0kyodlQ\r\nRYOEDMWfWNplBA/6kdEb5Vce/UrbOdbquWgcIopYyJ9QdLJJbqvFN2JUwpibd7pJSyglWK/WHk8o\r\nov1jQIkYmSlznQwLQyeliBMMX4pFN3BAgEuo4hFlYeP5r1ig3xsdXmKbZgtGo1FEK7OBHAbfmMs0\r\nNdp2mLo5hvNSTTYl4aATsR9SfljuRtjhZtqPfsonzDAjO+wj5dOC7g==\r\n-----END CERTIFICATE REQUEST-----"}]},{"ClassID":"SubjectNameInput","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Value":"newUser"}]},{"ClassID":"SubmitterInfoInput","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[]}],"Output":[],"ProfilePolicySet":[{"policies":[{"id":"1","def":{"name":"Subject Name Default","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Value":"UID=newUser","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"SubjectNameConstraint","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"RenewGracePeriodConstraint","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Value":"2024-10-30 11:09:30","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Value":"2025-04-28 11:09:30","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"ValidityConstraint","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Value":"RSA - 1.2.840.113549.1.1.1","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Value":"2048","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Value":"30:82:01:0A:02:82:01:01:00:9F:BA:BA:17:53:F1:FC:\\n03:1C:88:DE:90:4A:17:B9:98:46:83:FE:C8:BD:10:B9:\\nCA:A0:F5:FB:E7:25:D6:3B:33:F1:37:38:81:E0:FB:69:\\n79:7F:65:17:2F:E4:3D:11:20:D9:EC:43:06:C6:6B:8E:\\n44:FB:EA:C3:03:6E:1D:22:9A:5B:F9:1F:BA:B7:1D:4C:\\n59:50:8D:5B:A8:5F:05:30:CB:CE:83:FE:F7:80:A7:7D:\\n7B:B4:36:59:99:C8:D4:E8:38:16:AF:1F:0C:03:97:38:\\nE8:29:3C:28:E6:B9:34:E7:AD:3E:3A:5B:0A:E7:D3:2D:\\nA2:A6:3C:33:3A:F9:1B:1E:8B:E6:98:E4:53:24:B0:78:\\n7A:5B:E6:B5:76:3B:B3:D7:23:74:08:E7:3A:D3:FF:A9:\\nCD:1E:0C:0B:33:19:D4:DF:13:60:A9:AD:7E:9A:DE:72:\\nD6:8A:F4:98:F4:72:49:11:67:DC:C0:B8:0C:31:74:D9:\\nDF:4A:43:48:82:EF:1B:B4:15:FB:FB:FF:48:A9:28:BE:\\nB3:F4:D4:4E:8F:23:0F:15:D6:66:41:2E:F8:F9:FE:09:\\n5A:6E:60:57:76:96:F8:A3:EE:00:89:D9:F2:AE:0F:2E:\\n72:CA:1D:47:14:91:45:5A:A4:19:F9:5F:AC:9F:29:41:\\n78:0C:07:82:4D:D5:F5:D2:6F:02:03:01:00:01\\n","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"KeyConstraint","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Value":"false","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Value":"A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\\nC4:00:E1:25\\n","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Value":"Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://pki.example.com:8080/ca/ocsp\r\nEnable:true\r\n\r\n","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Value":"false","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"KeyUsageExtConstraint","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Value":"SHA256withRSA","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"SigningAlgConstraint","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]}],"Attributes":{"Attribute":[]}}' \ https://$HOSTNAME:8443/ca/v2/agent/certrequests/0x563c6ef28a2aa590fb5df963043be30e/approve
/ca/v2/agent/certs/{id}	GET	None	200	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee { "id" : "0x55092f4611ad2ede6c4064045d64bdee", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "UID=newUser", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEADCCAmigAwIBAgIQVQkvRhGtLt5sQGQEXWS97jANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQK\r\nDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRp\r\nZmljYXRlMB4XDTI0MTAzMDEwNTMyMVoXDTI1MDQyODEwNTMyMVowGTEXMBUGCgmSJomT8ixkAQEM\r\nB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwESmzBPELRnX6TZDwraEt\r\nLOCo/NVffA3KCPLqHpIedbUGUn58kegtiLCpv84Aq1kcKYGz7Uy4n94NmP4YUxd5HvbUfjI5vCPB\r\n+DsMGleB59sz8StQUQMjI8TtJKZIWx1hPmE9ji7SnNgLXDxf343Bvsny3CTt8/0cavD77+exEjWf\r\nM1Qqlsn/zlfMZRsO0+pzDIisQknsT+MWdJKH7qahfpsR7b+ibp1IjwbdmkLWVV2DpcP303+17VEg\r\nS5EJTuipbXujaAlQgbhZHqt1errA6gpbsf1JgI+rY2tJdLsHK9lk6QuZYkvowSv/wQUlSu8LkY9P\r\n9uQTPmyOO75FJmiHAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUp332LU7iaBRZZqOMreTzdsQA4SUw\r\nPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAv\r\nY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0G\r\nCSqGSIb3DQEBCwUAA4IBgQCi7tLsROR9JTKX/iUGRQqy0vjTuogW0CGj6XDqBdSif9PrCLUoffVc\r\nRubwCuBXk85atycRXnaSLv8wC1uW3X0IrsET+BPLHXTh6uJ5nFE7kfcNVPZziIAjoJc7znQEhiy2\r\nJMqvFSgM/DGu/yJvt5x9GwNJWZyyOdVAU2NTER+aVr0J4QIS5ZXkXwZAuqN9ezxfpWptWn0P6fvW\r\ntLgO/iRFFGKWohvFpGfB2F44eN+zPBQPrtL0sfUSpF+lzpCDTnOqRPCJagm+V3wd4KmzIuFpA1Nj\r\nE2KcqfusDDfLm1czbhTLhdLNVTs29lC5Y1ZlgXZbITtZ0LvW5E3dFPyq7EEv3RDZlRad0M9SmQpN\r\niB38h6a4NLdmsPDbD9SSbyg4XcdNojbEiGTHUGHWFatAnmiv/U3mpWyltbBEUjk5XPl8kiQX7Hw3\r\nnl5+nQ9RZsuJb9Ea/WQjy1Na8ml1EruoVPbmriLyaE6WfHkA/WVKxvDI/eXyNAWy9Z4qKqA2rYDV\r\nMFw=\r\n-----END CERTIFICATE-----\n", "PKCS7CertChain" : "MIIIsQYJKoZIhvcNAQcCoIIIojCCCJ4CAQExADALBgkqhkiG9w0BBwGgggiGMIIEADCCAmigAwIB\r\nAgIQVQkvRhGtLt5sQGQEXWS97jANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExFMRMw\r\nEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTI0\r\nMTAzMDEwNTMyMVoXDTI1MDQyODEwNTMyMVowGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEi\r\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwESmzBPELRnX6TZDwraEtLOCo/NVffA3KCPLq\r\nHpIedbUGUn58kegtiLCpv84Aq1kcKYGz7Uy4n94NmP4YUxd5HvbUfjI5vCPB+DsMGleB59sz8StQ\r\nUQMjI8TtJKZIWx1hPmE9ji7SnNgLXDxf343Bvsny3CTt8/0cavD77+exEjWfM1Qqlsn/zlfMZRsO\r\n0+pzDIisQknsT+MWdJKH7qahfpsR7b+ibp1IjwbdmkLWVV2DpcP303+17VEgS5EJTuipbXujaAlQ\r\ngbhZHqt1errA6gpbsf1JgI+rY2tJdLsHK9lk6QuZYkvowSv/wQUlSu8LkY9P9uQTPmyOO75FJmiH\r\nAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUp332LU7iaBRZZqOMreTzdsQA4SUwPwYIKwYBBQUHAQEE\r\nMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNV\r\nHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUA\r\nA4IBgQCi7tLsROR9JTKX/iUGRQqy0vjTuogW0CGj6XDqBdSif9PrCLUoffVcRubwCuBXk85atycR\r\nXnaSLv8wC1uW3X0IrsET+BPLHXTh6uJ5nFE7kfcNVPZziIAjoJc7znQEhiy2JMqvFSgM/DGu/yJv\r\nt5x9GwNJWZyyOdVAU2NTER+aVr0J4QIS5ZXkXwZAuqN9ezxfpWptWn0P6fvWtLgO/iRFFGKWohvF\r\npGfB2F44eN+zPBQPrtL0sfUSpF+lzpCDTnOqRPCJagm+V3wd4KmzIuFpA1NjE2KcqfusDDfLm1cz\r\nbhTLhdLNVTs29lC5Y1ZlgXZbITtZ0LvW5E3dFPyq7EEv3RDZlRad0M9SmQpNiB38h6a4NLdmsPDb\r\nD9SSbyg4XcdNojbEiGTHUGHWFatAnmiv/U3mpWyltbBEUjk5XPl8kiQX7Hw3nl5+nQ9RZsuJb9Ea\r\n/WQjy1Na8ml1EruoVPbmriLyaE6WfHkA/WVKxvDI/eXyNAWy9Z4qKqA2rYDVMFwwggR+MIIC5qAD\r\nAgECAhEAhmFGZPY3nBwtCjnR5H0/0DANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExF\r\nMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4X\r\nDTI0MTAyOTExMDgwMFoXDTQ0MTAyOTExMDgwMFowSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UE\r\nCwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTCCAaIwDQYJKoZI\r\nhvcNAQEBBQADggGPADCCAYoCggGBAMofTnE8azu6WaltnTqsOTSEtlHdRTk75sH1xZbYsMyhUagu\r\naIMyR4x1iva5Y620bDKb4lyLF5vJtWKDZvbN5gJW/N5P4u9CZ6UlQ5Tkm5rhvq5v4LN4Sq4hO8bD\r\nPyR6MZFnDbBpnj62e/AUhGVTb5eoG2K7hDUBp4hfYGKi/5G8NkZZlCADSbFytpXJQ86SumjiHbnZ\r\nQPMg9BTZgnMPouZA7SSS1hB/5TCgEeIJpWX8l7rZ+0WfknaoQ7zLz4zJncvsXXiKbEkdbyM8+KLi\r\n3wy5P321xDuwO4A4UcSwHvPOSu5sdLFRV88bsAJ0FLFRHgOdXm5Gl1mMv4oOz8cYRVcKRUScMRUi\r\n1uhkhIOIEhTWmvMz6FZ1mDmRzaPCA6Gc2S6IsUOjzZz5Cyd8wNyEC/zIc9FjPsVudN2YXOGn2T2a\r\nKl2jrNIdtKidxPmk80+3wzTDoqmoHe41DKTozfwPqOQeNvZvM+o/Nr6ibZw6tLt79Hy+CHleSazm\r\n87bJthu6kwIDAQABo2MwYTAdBgNVHQ4EFgQUp332LU7iaBRZZqOMreTzdsQA4SUwHwYDVR0jBBgw\r\nFoAUp332LU7iaBRZZqOMreTzdsQA4SUwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYw\r\nDQYJKoZIhvcNAQELBQADggGBAKgYiwcUiGqi0ugB96gRCuGrPbesKUU05Jv8bNExmG5eUiyaGEZi\r\n0IcD4XLLQ9pAwyDGgvZaBPZl8J+4JSRwGxf/ldQUFcFe9zwutMNOpJb0p1Y8uzNQ54eC+t7pUbuW\r\nHSE/P3Rvsxnx6eWtUqCM0gpN1BxqsgVedL2iyjXjncNNTd/bT7E/giRhE1r0fgmLSz/s8B129DXK\r\ndjhbLrkHYTmMlphtQ9qS38BqUa6GCDuOLwFsahgaHN/+XdRJF+Cb2LXQC2thTNqMCQq9yfWMHPZT\r\n1qujy19qSEUQxjqo5PtO8D8su0nuznjfgOI5zO3wBpVVAJgBjCpND9PKzMSc6ISIgBw9RYorQHTU\r\nPzArn/2VkQvm9+4X/KR/33GftcVfXk/+NFv2AePUG6PosQ3kKpUiA+7W8ivAhoHvwFKpOs2k4yK5\r\nwd7++6/ecHUNzKpKhItZt3UafldyzjzqwEBk/QjYjDEMBklth2p+QPM8lGIUWt6yD/Nzo56TDmgn\r\ndALCtTEA\r\n", "NotBefore" : "2024-10-30 10:53:21 +0000", "NotAfter" : "2025-04-28 10:53:21 +0000", "Status" : "VALID", "Nonce" : 3355442236351645821 }
/ca/v2/agent/certs/{id}/revoke	POST	None	200	application/json	Revoke requst json with Rason, InvalidityDate, Comments, Encoded and Nonce
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"Reason":"Certificate_Hold","Nonce":7581228038945153660}' \ https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee/revoke { "requestID" : "0x887ffed7ad4c0ee94a07700c48895f03", "requestType" : "revocation", "requestStatus" : "complete", "creationTime" : 1730300307000, "modificationTime" : 1730300307000, "certId" : "0x55092f4611ad2ede6c4064045d64bdee", "operationResult" : "success" }
/ca/v2/agent/certs/{id}/revoke-ca	POST	None	200	application/json	Revoke requst json with Rason, InvalidityDate, Comments, Encoded and Nonce
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"Reason":"Certificate_Hold","Nonce":5052187310204086075}' \ https://$HOSTNAME:8443/ca/v2/agent/certs/0x86614664f6379c1c2d0a39d1e47d3fd0/revoke-ca { "requestID" : "0xb28c9fe27d90a97b9ec85d7ad1b32992", "requestType" : "revocation", "requestStatus" : "complete", "creationTime" : 1730300625000, "modificationTime" : 1730300625000, "certId" : "0x86614664f6379c1c2d0a39d1e47d3fd0", "operationResult" : "success" }
/ca/v2/agent/certs/{id}/unrevoke	POST	None	200	application/json	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee/unrevoke { "requestID" : "0xdca57cea1f51ed123dc85dd889a595eb", "requestType" : "unrevocation", "requestStatus" : "complete", "creationTime" : 1730300449000, "modificationTime" : 1730300449000, "operationResult" : "success" }
/ca/v2/authorities	GET	id, parentID, dn, issuerDN	200	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ "https://$HOSTNAME:8443/ca/v2/authorities?issuerDN=CN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE" {"isHostAuthority":true,"id":"9f75deb6-53b1-48cc-9028-9c899f9526b4","issuerDN":"CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","serial":178621631998145652837496363178029563856,"dn":"CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":true,"description":"Host authority","ready":true}]
/ca/v2/authorities	POST	None	201	application/json	Authority json with parentID, dn, enabled and description
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"parentID":"9f75deb6-53b1-48cc-9028-9c899f9526b4","dn":"CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":true}' \ "https://$HOSTNAME:8443/ca/v2/authorities { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : true, "ready" : true }
/ca/v2/authorities/{id}	GET	None	200	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : true, "ready" : true }
/ca/v2/authorities/{id}	PUT	None	200	application/json	Authority json with parentID, dn, enabled and description
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"parentID":"9f75deb6-53b1-48cc-9028-9c899f9526b4","dn":"CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":false}' \ -X PUT https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : false, "ready" : true }
/ca/v2/authorities/{id}	DELETE	None	204
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X DELETE https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f
/ca/v2/authorities/{id}/cert	GET	None	200	application/x-pem-file or application/pkix-cert
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -H 'Accpet;' -H 'Accept: application/x-pem-file' --output newCert.pem \ https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/cert
/ca/v2/authorities/{id}/chain	GET	None	200	application/x-pem-file or application/pkcs7-mime
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -H 'Accpet;' -H 'Accept: papplication/x-pem-file' --output newChain.pem \ https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/chain
/ca/v2/authorities/{id}/enable	POST	None	200	application/json	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/enable { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : true, "ready" : true }
/ca/v2/authorities/{id}/disable	POST	None	200	application/json	No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/disable { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : false, "ready" : true }
/ca/v2/authorities/{id}/renew	POST	None	204		No input expected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/renew
/ca/v2/certrequests	POST	None	200	application/json	Cert enroll request in json with ProfileID, ServerSideKeygenP12Passwd, Renewal, SerialNumber, RemoteHost, RemoteAddress, Input (a list as difined by the profile), Output (a list as difined by the profile) and Attributes
Example $ curl --cacert ./ca_signing.crt \ --json '{"ProfileID":"caUserCert","Renewal":false,"RemoteHost":"","RemoteAddress":"","Input":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Value":"pkcs10","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Value":"-----BEGIN CERTIFICATE REQUEST-----\nMIICXjCCAUYCAQAwGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUA\r\nA4IBDwAwggEKAoIBAQDeu/zJSSDYzXcJsH7lZe8fKPV0CIWNAD0g5FpOdcqvcZMwXQsnVqCNdfby\r\nSwX6sGzKEHCXyYxaXHuLMpMJ5pHK1BzRCfjQAkPzWbCN5beg7L/l7Gi+52h0z9R/zTZkG355ja3r\r\nkyd9d0tah5XbPWsdp0BVtPOIK4t0d6F+WkEkC0pyCejtkqoBSf9F1CTHw3iOxhgKMxV+ebC/TM2l\r\n9AvnzAfF91Sf5KAd8hTAhHurgBkqxuzL16ERBbM0DFfie8RCiTVBvvS/6UmfEVH3dMHIuE5flXB+\r\nhMCrj8g7GfWIaA6WzwfkZrNgCjYoVHPivMg+akhMbQg6m0goB3zA/D/zAgMBAAGgADANBgkqhkiG\r\n9w0BAQsFAAOCAQEALi3+agIXworiPVF1qyAr3wLjffzu6RIDiLS9cVHHnnAj1AjEnKFDpwTYeuBk\r\nXaRzgyCHyCLyKSSN337PBUEnxOxNWNIJDCC8gpMcfCCnspos7N9M8dnROD60EUDVdUtfdE+g5JfG\r\nkwlQz3lbktFuQwznf3EUYPPvyMLSG1RITVJyEJ3tH0PZ5GFlDwi5Gw7DTzl7nAWwXZ5LeCa9b6d8\r\nwCbPAAHA2OCYck1PyLrFlAnmF5udsY4AY7b5YK5iIqysWikXYqexk/oE707XJhX+btDYx0W4qI8j\r\nhc50ZHgtobGXAgqNQvL2WOtmEJY2Fwpl+ejuGi6bamzTkXqh/Vi+XQ==\r\n-----END CERTIFICATE REQUEST-----\n","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Value":"newUser","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Value":"","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Value":"","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Value":"","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Value":"","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"Output":[],"Attributes":{"Attribute":[]}}' \ https://$HOSTNAME:8443/ca/v2/certrequests { "total" : 1, "entries" : [ { "requestID" : "0xd3e6013b9ae406efe9b8d45029faee9a", "requestType" : "enrollment", "requestStatus" : "pending", "creationTime" : 1730309766543, "modificationTime" : 1730309766566, "certRequestType" : "pkcs10", "operationResult" : "success" } ] }
/ca/v2/certrequests/{id}	GET	None	200	application/json
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/certrequests/0xd3e6013b9ae406efe9b8d45029faee9a { "requestID" : "0xd3e6013b9ae406efe9b8d45029faee9a", "requestType" : "enrollment", "requestStatus" : "pending", "creationTime" : 1730309766000, "modificationTime" : 1730309766000, "certRequestType" : "pkcs10", "operationResult" : "success" }
/ca/v2/certrequests/profiles	GET	size, start	200	application/json
Example $ curl --cacert ./ca_signing.crt \ "https://$HOSTNAME:8443/ca/v2/certrequests/profiles?size=2&start=4" { "total" : 26, "entries" : [ { "profileId" : "AdminCert", "profileName" : "Manual Administrator Certificate Enrollment", "profileDescription" : "This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.", "profileVisible" : true, "profileEnable" : true, "profileEnableBy" : "admin" }, { "profileId" : "ECAdminCert", "profileName" : "Manual Administrator Certificate Enrollment with ECC keys", "profileDescription" : "This certificate profile is for enrolling Administrator's certificates with ECC keys suitable for use by clients such as browsers.", "profileVisible" : true, "profileEnable" : true, "profileEnableBy" : "admin" } ] }
/ca/v2/certrequests/profiles/{id}	GET	None	200	application/json
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/certrequests/profiles/caUserCert { "ProfileID" : "caUserCert", "Renewal" : false, "RemoteHost" : "", "RemoteAddress" : "", "Input" : [ { "id" : "i1", "ClassID" : "keyGenInputImpl", "Name" : "Key Generation", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Value" : "", "Descriptor" : { "Syntax" : "keygen_request_type", "Description" : "Key Generation Request Type" } }, { "name" : "cert_request", "Value" : "", "Descriptor" : { "Syntax" : "keygen_request", "Description" : "Key Generation Request" } } ] }, { "id" : "i2", "ClassID" : "subjectNameInputImpl", "Name" : "Subject Name", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "sn_uid", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "UID" } }, { "name" : "sn_e", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Email" } }, { "name" : "sn_cn", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Common Name" } }, { "name" : "sn_ou3", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 3" } }, { "name" : "sn_ou2", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 2" } }, { "name" : "sn_ou1", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 1" } }, { "name" : "sn_ou", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit" } }, { "name" : "sn_o", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organization" } }, { "name" : "sn_c", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Country" } } ] }, { "id" : "i3", "ClassID" : "submitterInfoInputImpl", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "requestor_name", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Name" } }, { "name" : "requestor_email", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Email" } }, { "name" : "requestor_phone", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Phone" } } ] } ], "Output" : [ ], "Attributes" : { "Attribute" : [ ] } }
/ca/v2/certs	GET	size, start, maxTime	200	application/json
Example $ curl --cacert ./ca_signing.crt \ "https://$HOSTNAME:8443/ca/v2/certs?size=2&start=4" { "entries" : [ { "id" : "0xc99ff8f6549f903d8df28a4e5f5105f3", "SubjectDN" : "CN=CA Audit Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Status" : "VALID", "Type" : "X.509", "Version" : 2, "KeyAlgorithmOID" : "1.2.840.113549.1.1.1", "KeyLength" : 2048, "NotValidBefore" : 1730308885000, "NotValidAfter" : 1792516885000, "IssuedOn" : 1730308887000, "IssuedBy" : "system" }, { "id" : "0x6d5c045d3443ced273ab8d7955835db1", "SubjectDN" : "CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Status" : "VALID", "Type" : "X.509", "Version" : 2, "KeyAlgorithmOID" : "1.2.840.113549.1.1.1", "KeyLength" : 2048, "NotValidBefore" : 1730308904000, "NotValidAfter" : 1792516904000, "IssuedOn" : 1730308905000, "IssuedBy" : "system" } ] }
/ca/v2/certs/{id}	GET	None	200	application/json
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/certs/0x6d5c045d3443ced273ab8d7955835db1 { "id" : "0x6d5c045d3443ced273ab8d7955835db1", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIETjCCAragAwIBAgIQbVwEXTRDztJzq415VYNdsTANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQK\r\nDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRp\r\nZmljYXRlMB4XDTI0MTAzMDE3MjE0NFoXDTI2MTAyMDE3MjE0NFowZzEQMA4GA1UECgwHRVhBTVBM\r\nRTETMBEGA1UECwwKcGtpLXRvbWNhdDEiMCAGCSqGSIb3DQEJARYTY2FhZG1pbkBleGFtcGxlLmNv\r\nbTEaMBgGA1UEAwwRUEtJIEFkbWluaXN0cmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\r\nAoIBAQDE7ahO2KtW6w2KuVflOLfLO+oE+0EyP3XU73Ese7QVBsZwxOaSNodVrL1P1a0r2w22M1Zr\r\n7B6sI5MrrcBRAhNgcHVooFheQQilMuBV0s6HEEn0CO+94Do2cJxUmWLgifT5Rpgl474RALIC+kCI\r\nnQ09I9TLH8dIuL4ZxUrJ/aMfs94rGSiqpKYmpxVCwkYdtlnqby441IUaZbPPEIu1ooBk0otz37C4\r\nGSm0HguQAc0H55FsVNbjQmnf9ubuoDTub2i2GioBI+Wt+KyDF4SAISsqtgf/tTzPvWNuXk7PvUWe\r\nnHvBSqRJc9xLNlcjr9yDl2r8uIMAE8UT3Hvzmo5WAzNJAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAU\r\ndJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8v\r\ncGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI\r\nKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQAa58Edzk60RBge24P3rrU+xOwc\r\nbCHpl+922hT5LA+KJtwjupUbdONKJf251T4ZvPcQ+jXCCR7PFi0QmrMO9Naoi3o9qzQcDMr0dRWH\r\nhEvm8RQqdVVxkfDXp3sxqTkpPfu+qGQZ+w0laGIagNOjfc/g7ScV3SLDBwAsCuFMPjoTzyqWfeUR\r\nJ4rG/lD73qVzXd30U/mB5X0sx2B/koqumColuUO2GrD0EJsqK6ldFNLLdjgjqJkeJE43BzwBOAww\r\nBnswSwwjPEe6djwFfyQ2gTHWP4LteMha9w/eclMGuybnZFDjWgne+80cMMX1Rzh7CsUv+ub7LfS9\r\noTqj5KwXo133aorjZvrEZVahzU3OEeKBH4dIksOrW6aKp3gQSJEmYcFau7kh5+ZoJaj1snb1aXQe\r\npbi1LBXzOxnub8sMKTu5nTTKt/0mG2tgRSQeZ3k3j02g+WBGaTCpvxfJdH6rQxNaZia+BssWPrGE\r\nGXfjNyGoETEaHb930gItsmEqc8VKH5s=\r\n-----END CERTIFICATE-----\n", "PKCS7CertChain" : "MIII/gYJKoZIhvcNAQcCoIII7zCCCOsCAQExADALBgkqhkiG9w0BBwGgggjTMIIETjCCAragAwIB\r\nAgIQbVwEXTRDztJzq415VYNdsTANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExFMRMw\r\nEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTI0\r\nMTAzMDE3MjE0NFoXDTI2MTAyMDE3MjE0NFowZzEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwK\r\ncGtpLXRvbWNhdDEiMCAGCSqGSIb3DQEJARYTY2FhZG1pbkBleGFtcGxlLmNvbTEaMBgGA1UEAwwR\r\nUEtJIEFkbWluaXN0cmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE7ahO2KtW\r\n6w2KuVflOLfLO+oE+0EyP3XU73Ese7QVBsZwxOaSNodVrL1P1a0r2w22M1Zr7B6sI5MrrcBRAhNg\r\ncHVooFheQQilMuBV0s6HEEn0CO+94Do2cJxUmWLgifT5Rpgl474RALIC+kCInQ09I9TLH8dIuL4Z\r\nxUrJ/aMfs94rGSiqpKYmpxVCwkYdtlnqby441IUaZbPPEIu1ooBk0otz37C4GSm0HguQAc0H55Fs\r\nVNbjQmnf9ubuoDTub2i2GioBI+Wt+KyDF4SAISsqtgf/tTzPvWNuXk7PvUWenHvBSqRJc9xLNlcj\r\nr9yDl2r8uIMAE8UT3Hvzmo5WAzNJAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq\r\n3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUu\r\nY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG\r\nAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQAa58Edzk60RBge24P3rrU+xOwcbCHpl+922hT5LA+K\r\nJtwjupUbdONKJf251T4ZvPcQ+jXCCR7PFi0QmrMO9Naoi3o9qzQcDMr0dRWHhEvm8RQqdVVxkfDX\r\np3sxqTkpPfu+qGQZ+w0laGIagNOjfc/g7ScV3SLDBwAsCuFMPjoTzyqWfeURJ4rG/lD73qVzXd30\r\nU/mB5X0sx2B/koqumColuUO2GrD0EJsqK6ldFNLLdjgjqJkeJE43BzwBOAwwBnswSwwjPEe6djwF\r\nfyQ2gTHWP4LteMha9w/eclMGuybnZFDjWgne+80cMMX1Rzh7CsUv+ub7LfS9oTqj5KwXo133aorj\r\nZvrEZVahzU3OEeKBH4dIksOrW6aKp3gQSJEmYcFau7kh5+ZoJaj1snb1aXQepbi1LBXzOxnub8sM\r\nKTu5nTTKt/0mG2tgRSQeZ3k3j02g+WBGaTCpvxfJdH6rQxNaZia+BssWPrGEGXfjNyGoETEaHb93\r\n0gItsmEqc8VKH5swggR9MIIC5aADAgECAhAS28bqYgfeAGNdjqMHIBkOMA0GCSqGSIb3DQEBCwUA\r\nMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNp\r\nZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjQxMDMwMTcyMDQ5WhcNNDQxMDMwMTcyMDQ5WjBIMRAwDgYD\r\nVQQKDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENl\r\ncnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwQenLXRjT+lsBoONhHmq\r\npYzEvugiELRtQ1iK1bXTTrRsAcaRscUCeEGfV6K6gVc7ekifckamtxsnx3s5JAjCfUF5K88pGTWe\r\nsXt6u0fg0cIslQP9sDz6dM0P/vjCsnxIgW1eNpeUR61Gwi3nCPXvWZ2zeOKdQReSL+MLby468Ot3\r\nbdEnVwalN70KtQNsB3I9GaFyNOCRa6P6zxR/ETuVRZVkB9mWZxpTvdF6xNlk8UF0jbmsrda3BXth\r\n1X/uej8+qE0cPN3BBvvdpkmJe+DSKq43NsZgaa8sgeGs7RiitI/7TR/gPVU5LtEK+cb93SpzcC+w\r\nhC1O4+kI7TEAK7tZO2FDPQM0lFvBXc/qtEWEa1RqpZKXEwVKCr1xpE4T1aNKnoNJQADcSxITSioq\r\ngkYNmUngeVd0AHe3gcgLOC7cQiY3uJJypVIz9vpHPr7xwxZugEF+YwSJM4zszMTbruaqn7eC90k3\r\n7dcqo4hCGsIRLWIapRG5TTxO7OY2cwzRVNyfAgMBAAGjYzBhMB0GA1UdDgQWBBR0kVsdX96mNxFN\r\nCureUbkKcJKhCTAfBgNVHSMEGDAWgBR0kVsdX96mNxFNCureUbkKcJKhCTAPBgNVHRMBAf8EBTAD\r\nAQH/MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQsFAAOCAYEAJp2R8/AhtSggrO1ewP4G1XnP\r\ng360OJT6rBcQDVKAul929/ipTGxztD70NF4UqL5ofQua79OKUF/hGc1lALKMn2dkKWL9GVpIwu7V\r\nZLU7xIw+ebUVuPpaka4D73viliHyZjFaa9OmWylA6KAnJt1aWuJt2OfRgbW6eL7xymqkCGvFxOoH\r\n5tpFMHgS75pZ5duByYgh94TIK9xxO11BAprlyK8TXHdPCwsqiafrgATpU+zIez6PAN82h1YIAorN\r\n8/5T2iNdXmWDQ02lxKKOCiDFdeB0F3KcgQVmVrGWOzp9j3AhR1+nFaSscv5FIBsFgVtyg1qDmEgh\r\nRasv/xsJfvujZkuLtMhTXBZMMjmOvu8xAYYO5DbNwdjGSq1McUorTX2W7N4w3tIpgByxc6YkVPfK\r\naUCKJG5Sajkzx6mO5GUcbw7wSBdrqoseGXQB7AbNwRTljtSF8KGEDkFfSoGlYsZz4VkY58+7v3IT\r\ntk/wcGo2clVPiQGDduo1Nj+vDa5iTSoEMQA=\r\n", "NotBefore" : "2024-10-30 17:21:44 +0000", "NotAfter" : "2026-10-20 17:21:44 +0000", "Status" : "VALID" }
/ca/v2/certs/search	POST	size, start	200	application/json	Search request json with issuerDN, serialNumberRangeInUse, serialTo, serialFrom, subjectInUse, eMail, commonName, userID, orgUnit, org, locality, state, country, matchExactly, status, revokedBy, revokedOnFrom, revokedOnTo, revocationReason, issuedBy, issuedOnFrom, issuedOnTo, validNotBeforeFrom, validNotBeforeTo, validNotAfterFrom, validNotAfterTo, validityOperation, validityCount, validityUnit, certTypeSubEmailCA, certTypeSubSSLCA, certTypeSecureEmail, certTypeSSLClient, certTypeSSLServer, revokedByInUse, revokedOnInUse, revocationReasonInUse, issuedByInUse, issuedOnInUse, validNotBeforeInUse, validNotAfterInUse, validityLengthInUse and certTypeInUse
Example $ curl --cacert ./ca_signing.crt \ --json '{"commonName": "PKI Administrator", "subjectInUse": true}' \ https://$HOSTNAME:8443/ca/v2/certs/0x6d5c045d3443ced273ab8d7955835db1 { "entries" : [ { "id" : "0x6d5c045d3443ced273ab8d7955835db1", "SubjectDN" : "CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Status" : "VALID", "Type" : "X.509", "Version" : 2, "KeyAlgorithmOID" : "1.2.840.113549.1.1.1", "KeyLength" : 2048, "NotValidBefore" : 1730308904000, "NotValidAfter" : 1792516904000, "IssuedOn" : 1730308905000, "IssuedBy" : "system" } ] }
/ca/v2/config/cert/signing	GET	None	200	application/json
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/config/cert/signing { "id" : "0x86614664f6379c1c2d0a39d1e47d3fd0", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEfjCCAuagAwIBAgIRAIZhRmT2N5wcLQo50eR9P9AwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMjkxMTA4MDBaFw00NDEwMjkxMTA4MDBaMEgxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUw\r\nggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDKH05xPGs7ulmpbZ06rDk0hLZR3UU5O+bB\r\n9cWW2LDMoVGoLmiDMkeMdYr2uWOttGwym+JcixebybVig2b2zeYCVvzeT+LvQmelJUOU5Jua4b6u\r\nb+CzeEquITvGwz8kejGRZw2waZ4+tnvwFIRlU2+XqBtiu4Q1AaeIX2Biov+RvDZGWZQgA0mxcraV\r\nyUPOkrpo4h252UDzIPQU2YJzD6LmQO0kktYQf+UwoBHiCaVl/Je62ftFn5J2qEO8y8+MyZ3L7F14\r\nimxJHW8jPPii4t8MuT99tcQ7sDuAOFHEsB7zzkrubHSxUVfPG7ACdBSxUR4DnV5uRpdZjL+KDs/H\r\nGEVXCkVEnDEVItboZISDiBIU1przM+hWdZg5kc2jwgOhnNkuiLFDo82c+QsnfMDchAv8yHPRYz7F\r\nbnTdmFzhp9k9mipdo6zSHbSoncT5pPNPt8M0w6KpqB3uNQyk6M38D6jkHjb2bzPqPza+om2cOrS7\r\ne/R8vgh5Xkms5vO2ybYbupMCAwEAAaNjMGEwHQYDVR0OBBYEFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOElMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P\r\nAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQCoGIsHFIhqotLoAfeoEQrhqz23rClFNOSb/GzR\r\nMZhuXlIsmhhGYtCHA+Fyy0PaQMMgxoL2WgT2ZfCfuCUkcBsX/5XUFBXBXvc8LrTDTqSW9KdWPLsz\r\nUOeHgvre6VG7lh0hPz90b7MZ8enlrVKgjNIKTdQcarIFXnS9oso1453DTU3f20+xP4IkYRNa9H4J\r\ni0s/7PAddvQ1ynY4Wy65B2E5jJaYbUPakt/AalGuhgg7ji8BbGoYGhzf/l3USRfgm9i10AtrYUza\r\njAkKvcn1jBz2U9aro8tfakhFEMY6qOT7TvA/LLtJ7s5434DiOczt8AaVVQCYAYwqTQ/TyszEnOiE\r\niIAcPUWKK0B01D8wK5/9lZEL5vfuF/ykf99xn7XFX15P/jRb9gHj1Buj6LEN5CqVIgPu1vIrwIaB\r\n78BSqTrNpOMiucHe/vuv3nB1DcyqSoSLWbd1Gn5Xcs486sBAZP0I2IwxDAZJbYdqfkDzPJRiFFre\r\nsg/zc6Oekw5oJ3QCwrU=\r\n-----END CERTIFICATE-----\n", "PKCS7CertChain" : "MIIErQYJKoZIhvcNAQcCoIIEnjCCBJoCAQExADALBgkqhkiG9w0BBwGgggSCMIIEfjCCAuagAwIBAgIRAIZhRmT2N5wcLQo50eR9P9AwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMjkxMTA4MDBaFw00NDEwMjkxMTA4MDBaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDKH05xPGs7ulmpbZ06rDk0hLZR3UU5O+bB9cWW2LDMoVGoLmiDMkeMdYr2uWOttGwym+JcixebybVig2b2zeYCVvzeT+LvQmelJUOU5Jua4b6ub+CzeEquITvGwz8kejGRZw2waZ4+tnvwFIRlU2+XqBtiu4Q1AaeIX2Biov+RvDZGWZQgA0mxcraVyUPOkrpo4h252UDzIPQU2YJzD6LmQO0kktYQf+UwoBHiCaVl/Je62ftFn5J2qEO8y8+MyZ3L7F14imxJHW8jPPii4t8MuT99tcQ7sDuAOFHEsB7zzkrubHSxUVfPG7ACdBSxUR4DnV5uRpdZjL+KDs/HGEVXCkVEnDEVItboZISDiBIU1przM+hWdZg5kc2jwgOhnNkuiLFDo82c+QsnfMDchAv8yHPRYz7FbnTdmFzhp9k9mipdo6zSHbSoncT5pPNPt8M0w6KpqB3uNQyk6M38D6jkHjb2bzPqPza+om2cOrS7e/R8vgh5Xkms5vO2ybYbupMCAwEAAaNjMGEwHQYDVR0OBBYEFKd99i1O4mgUWWajjK3k83bEAOElMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOElMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQCoGIsHFIhqotLoAfeoEQrhqz23rClFNOSb/GzRMZhuXlIsmhhGYtCHA+Fyy0PaQMMgxoL2WgT2ZfCfuCUkcBsX/5XUFBXBXvc8LrTDTqSW9KdWPLszUOeHgvre6VG7lh0hPz90b7MZ8enlrVKgjNIKTdQcarIFXnS9oso1453DTU3f20+xP4IkYRNa9H4Ji0s/7PAddvQ1ynY4Wy65B2E5jJaYbUPakt/AalGuhgg7ji8BbGoYGhzf/l3USRfgm9i10AtrYUzajAkKvcn1jBz2U9aro8tfakhFEMY6qOT7TvA/LLtJ7s5434DiOczt8AaVVQCYAYwqTQ/TyszEnOiEiIAcPUWKK0B01D8wK5/9lZEL5vfuF/ykf99xn7XFX15P/jRb9gHj1Buj6LEN5CqVIgPu1vIrwIaB78BSqTrNpOMiucHe/vuv3nB1DcyqSoSLWbd1Gn5Xcs486sBAZP0I2IwxDAZJbYdqfkDzPJRiFFresg/zc6Oekw5oJ3QCwrUxAA==", "NotBefore" : "Tue Oct 29 11:08:00 UTC 2024", "NotAfter" : "Sat Oct 29 11:08:00 UTC 2044" }
/ca/v2/config/cert/transport	GET	None	200	application/json
Example $ curl --cacert ./ca_signing.crt \ https://$HOSTNAME:8443/ca/v2/config/cert/transport { "id" : "0x8f6afa7386fdd8efc6c3406ed1e6d8c8", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "CN=DRM Transport Certificate,OU=pki-tomcat,O=EXAMPLE", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNh\r\ndGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZX\r\nnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/\r\nLeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT5\r\n7dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVq\r\ntrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EI\r\nDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYB\r\nBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2Nz\r\ncDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGB\r\nAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPR\r\neYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCq\r\nUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzT\r\ntEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW\r\n+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP\r\n3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ9\r\n1eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==\r\n-----END CERTIFICATE-----\n", "PKCS7CertChain" : "MIII2QYJKoZIhvcNAQcCoIIIyjCCCMYCAQExADALBgkqhkiG9w0BBwGgggiuMIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63ATCCBH0wggLloAMCAQICEBLbxupiB94AY12OowcgGQ4wDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzIwNDlaFw00NDEwMzAxNzIwNDlaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDBB6ctdGNP6WwGg42EeaqljMS+6CIQtG1DWIrVtdNOtGwBxpGxxQJ4QZ9XorqBVzt6SJ9yRqa3GyfHezkkCMJ9QXkrzykZNZ6xe3q7R+DRwiyVA/2wPPp0zQ/++MKyfEiBbV42l5RHrUbCLecI9e9ZnbN44p1BF5Iv4wtvLjrw63dt0SdXBqU3vQq1A2wHcj0ZoXI04JFro/rPFH8RO5VFlWQH2ZZnGlO90XrE2WTxQXSNuayt1rcFe2HVf+56Pz6oTRw83cEG+92mSYl74NIqrjc2xmBpryyB4aztGKK0j/tNH+A9VTku0Qr5xv3dKnNwL7CELU7j6QjtMQAru1k7YUM9AzSUW8Fdz+q0RYRrVGqlkpcTBUoKvXGkThPVo0qeg0lAANxLEhNKKiqCRg2ZSeB5V3QAd7eByAs4LtxCJje4knKlUjP2+kc+vvHDFm6AQX5jBIkzjOzMxNuu5qqft4L3STft1yqjiEIawhEtYhqlEblNPE7s5jZzDNFU3J8CAwEAAaNjMGEwHQYDVR0OBBYEFHSRWx1f3qY3EU0K6t5RuQpwkqEJMB8GA1UdIwQYMBaAFHSRWx1f3qY3EU0K6t5RuQpwkqEJMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQAmnZHz8CG1KCCs7V7A/gbVec+DfrQ4lPqsFxANUoC6X3b3+KlMbHO0PvQ0XhSovmh9C5rv04pQX+EZzWUAsoyfZ2QpYv0ZWkjC7tVktTvEjD55tRW4+lqRrgPve+KWIfJmMVpr06ZbKUDooCcm3Vpa4m3Y59GBtbp4vvHKaqQIa8XE6gfm2kUweBLvmlnl24HJiCH3hMgr3HE7XUECmuXIrxNcd08LCyqJp+uABOlT7Mh7Po8A3zaHVggCis3z/lPaI11eZYNDTaXEoo4KIMV14HQXcpyBBWZWsZY7On2PcCFHX6cVpKxy/kUgGwWBW3KDWoOYSCFFqy//Gwl++6NmS4u0yFNcFkwyOY6+7zEBhg7kNs3B2MZKrUxxSitNfZbs3jDe0imAHLFzpiRU98ppQIokblJqOTPHqY7kZRxvDvBIF2uqix4ZdAHsBs3BFOWO1IXwoYQOQV9KgaVixnPhWRjnz7u/chO2T/BwajZyVU+JAYN26jU2P68NrmJNKgQxAA==", "NotBefore" : "Wed Oct 30 17:25:02 UTC 2024", "NotAfter" : "Tue Oct 20 17:25:02 UTC 2026" }
/ca/v2/info	GET	None	200	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/info { "Attributes" : { "Attribute" : [ ] } }
/ca/v2/installer/createRequestID	POST	None	200	application/json	Certiricate setup request with pin, tag and systemCert
/ca/v2/installer/createCerttID	POST	None	200	application/json	Certiricate setup request with pin, tag and systemCert
/ca/v2/profiles	GET	size, start, visible, enable, enableBy	200	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ "https://$HOSTNAME:8443/ca/v2/profiles?size=2&visible=true&enable=true&enableBy=admin" { "total" : 25, "entries" : [ { "profileURL" : "https://pki.example.com:8443/ca/v2/profiles/acmeServerCert", "profileId" : "acmeServerCert", "profileName" : "ACME Server Certificate Enrollment", "profileDescription" : "This certificate profile is for enrolling server certificates via ACME protocol.", "profileVisible" : true, "profileEnable" : true, "profileEnableBy" : "admin" }, { "profileURL" : "https://pki.example.com:8443/ca/v2/profiles/caServerKeygen_UserCert", "profileId" : "caServerKeygen_UserCert", "profileName" : "Manual User Dual-Use Certificate Enrollment using server-side Key generation", "profileDescription" : "This certificate profile is for enrolling user certificates using server-side Key generation.", "profileVisible" : true, "profileEnable" : true, "profileEnableBy" : "admin" } ] }
/ca/v2/profiles	POST	None	201	application/json	Profile in json format
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"id":"test","classId":"caEnrollImpl","name":"Manual User Dual-Use Certificate Enrollment","description":"This certificate profile is for enrolling user certificates.","enabled":true,"visible":false,"enabledBy":"admin","authzAcl":"","renewal":false,"inputs":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"outputs":[{"id":"o1","name":"Certificate Output","classId":"certOutputImpl","attributes":[{"name":"pretty_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Pretty Print"}},{"name":"b64_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Base-64 Encoded"}}]}],"policySets":{"userCertSet":[{"id":"1","def":{"name":"Subject Name Default","classId":"userSubjectNameDefaultImpl","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[{"name":"useSysEncoding","value":""}]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"subjectNameConstraintImpl","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","classId":"noDefaultImpl","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"renewGracePeriodConstraintImpl","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","classId":"validityDefaultImpl","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[{"name":"range","value":"180"},{"name":"rangeUnit","value":""},{"name":"startTime","value":"0"}]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"validityConstraintImpl","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","classId":"userKeyDefaultImpl","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"keyConstraintImpl","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","classId":"authorityKeyIdentifierExtDefaultImpl","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","classId":"authInfoAccessExtDefaultImpl","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"authInfoAccessCritical","value":"false"},{"name":"authInfoAccessNumADs","value":"1"},{"name":"authInfoAccessADMethod_0","value":"1.3.6.1.5.5.7.48.1"},{"name":"authInfoAccessADLocationType_0","value":"URIName"},{"name":"authInfoAccessADLocation_0","value":""},{"name":"authInfoAccessADEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","classId":"keyUsageExtDefaultImpl","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[{"name":"keyUsageCritical","value":"true"},{"name":"keyUsageDigitalSignature","value":"true"},{"name":"keyUsageNonRepudiation","value":"true"},{"name":"keyUsageKeyEncipherment","value":"true"},{"name":"keyUsageDataEncipherment","value":"false"},{"name":"keyUsageKeyAgreement","value":"false"},{"name":"keyUsageKeyCertSign","value":"false"},{"name":"keyUsageCrlSign","value":"false"},{"name":"keyUsageEncipherOnly","value":"false"},{"name":"keyUsageDecipherOnly","value":"false"}]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"keyUsageExtConstraintImpl","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","classId":"extendedKeyUsageExtDefaultImpl","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[{"name":"exKeyUsageCritical","value":"false"},{"name":"exKeyUsageOIDs","value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","classId":"subjectAltNameExtDefaultImpl","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"subjAltNameExtCritical","value":"false"},{"name":"subjAltNameNumGNs","value":"1"},{"name":"subjAltExtType_0","value":"RFC822Name"},{"name":"subjAltExtPattern_0","value":"$request.requestor_email$"},{"name":"subjAltExtGNEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","classId":"signingAlgDefaultImpl","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[{"name":"signingAlg","value":"-"}]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"signingAlgConstraintImpl","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]},"xmloutput":false}' \ https://$HOSTNAME:8443/ca/v2/profiles { "id" : "test", "classId" : "caEnrollImpl", "name" : "Manual User Dual-Use Certificate Enrollment", "description" : "This certificate profile is for enrolling user certificates.", "enabled" : false, "visible" : false, "authzAcl" : "", "renewal" : false, "inputs" : [ { "id" : "i1", "ClassID" : "keyGenInputImpl", "Name" : "Key Generation", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Descriptor" : { "Syntax" : "keygen_request_type", "Description" : "Key Generation Request Type" } }, { "name" : "cert_request", "Descriptor" : { "Syntax" : "keygen_request", "Description" : "Key Generation Request" } } ] }, { "id" : "i2", "ClassID" : "subjectNameInputImpl", "Name" : "Subject Name", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "sn_uid", "Descriptor" : { "Syntax" : "string", "Description" : "UID" } }, { "name" : "sn_e", "Descriptor" : { "Syntax" : "string", "Description" : "Email" } }, { "name" : "sn_cn", "Descriptor" : { "Syntax" : "string", "Description" : "Common Name" } }, { "name" : "sn_ou3", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 3" } }, { "name" : "sn_ou2", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 2" } }, { "name" : "sn_ou1", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 1" } }, { "name" : "sn_ou", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit" } }, { "name" : "sn_o", "Descriptor" : { "Syntax" : "string", "Description" : "Organization" } }, { "name" : "sn_c", "Descriptor" : { "Syntax" : "string", "Description" : "Country" } } ] }, { "id" : "i3", "ClassID" : "submitterInfoInputImpl", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "requestor_name", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Name" } }, { "name" : "requestor_email", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Email" } }, { "name" : "requestor_phone", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Phone" } } ] } ], "outputs" : [ { "id" : "o1", "name" : "Certificate Output", "classId" : "certOutputImpl", "attributes" : [ { "name" : "pretty_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Pretty Print" } }, { "name" : "b64_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Base-64 Encoded" } } ] } ], "policySets" : { "userCertSet" : [ { "id" : "1", "def" : { "name" : "Subject Name Default", "classId" : "userSubjectNameDefaultImpl", "text" : "This default populates a User-Supplied Certificate Subject Name to the request.", "attributes" : [ { "name" : "name", "Descriptor" : { "Syntax" : "string", "Description" : "Subject Name" } } ], "params" : [ { "name" : "useSysEncoding", "value" : "" } ] }, "constraint" : { "name" : "Subject Name Constraint", "text" : "This constraint accepts the subject name that matches UID=.*", "classId" : "subjectNameConstraintImpl", "constraints" : [ { "name" : "pattern", "descriptor" : { "Syntax" : "string", "Description" : "Subject Name Pattern" }, "value" : "UID=.*" } ] } }, { "id" : "10", "def" : { "name" : "No Default", "classId" : "noDefaultImpl", "text" : "No Default", "attributes" : [ ], "params" : [ ] }, "constraint" : { "name" : "Renewal Grace Period Constraint", "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.", "classId" : "renewGracePeriodConstraintImpl", "constraints" : [ { "name" : "renewal.graceBefore", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period Before", "DefaultValue" : "30" }, "value" : "30" }, { "name" : "renewal.graceAfter", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period After", "DefaultValue" : "30" }, "value" : "30" } ] } }, { "id" : "2", "def" : { "name" : "Validity Default", "classId" : "validityDefaultImpl", "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days", "attributes" : [ { "name" : "notBefore", "Descriptor" : { "Syntax" : "string", "Description" : "Not Before" } }, { "name" : "notAfter", "Descriptor" : { "Syntax" : "string", "Description" : "Not After" } } ], "params" : [ { "name" : "range", "value" : "180" }, { "name" : "rangeUnit", "value" : "" }, { "name" : "startTime", "value" : "0" } ] }, "constraint" : { "name" : "Validity Constraint", "text" : "This constraint rejects the validity that is not between 365 days.", "classId" : "validityConstraintImpl", "constraints" : [ { "name" : "range", "descriptor" : { "Syntax" : "integer", "Description" : "Validity Range", "DefaultValue" : "365" }, "value" : "365" }, { "name" : "rangeUnit", "descriptor" : { "Syntax" : "string", "Description" : "Validity Range Unit: year, month, day (default), hour, minute", "DefaultValue" : "day" }, "value" : "" }, { "name" : "notBeforeGracePeriod", "descriptor" : { "Syntax" : "integer", "Description" : "Grace period for Not Before being set in the future (in seconds).", "DefaultValue" : "0" }, "value" : "" }, { "name" : "notBeforeCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not Before against current time", "DefaultValue" : "false" }, "value" : "false" }, { "name" : "notAfterCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not After against Not Before", "DefaultValue" : "false" }, "value" : "false" } ] } }, { "id" : "3", "def" : { "name" : "Key Default", "classId" : "userKeyDefaultImpl", "text" : "This default populates a User-Supplied Certificate Key to the request.", "attributes" : [ { "name" : "TYPE", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Type" } }, { "name" : "LEN", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Length" } }, { "name" : "KEY", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key" } } ], "params" : [ ] }, "constraint" : { "name" : "Key Constraint", "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096", "classId" : "keyConstraintImpl", "constraints" : [ { "name" : "keyType", "descriptor" : { "Syntax" : "choice", "Constraint" : "-,RSA,EC", "Description" : "Key Type", "DefaultValue" : "RSA" }, "value" : "RSA" }, { "name" : "keyParameters", "descriptor" : { "Syntax" : "string", "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.", "DefaultValue" : "" }, "value" : "1024,2048,3072,4096" } ] } }, { "id" : "4", "def" : { "name" : "Authority Key Identifier Default", "classId" : "authorityKeyIdentifierExtDefaultImpl", "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.", "attributes" : [ { "name" : "critical", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Criticality" } }, { "name" : "keyid", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key ID" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "5", "def" : { "name" : "AIA Extension Default", "classId" : "authInfoAccessExtDefaultImpl", "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}", "attributes" : [ { "name" : "authInfoAccessCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "authInfoAccessGeneralNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "authInfoAccessCritical", "value" : "false" }, { "name" : "authInfoAccessNumADs", "value" : "1" }, { "name" : "authInfoAccessADMethod_0", "value" : "1.3.6.1.5.5.7.48.1" }, { "name" : "authInfoAccessADLocationType_0", "value" : "URIName" }, { "name" : "authInfoAccessADLocation_0", "value" : "" }, { "name" : "authInfoAccessADEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "6", "def" : { "name" : "Key Usage Default", "classId" : "keyUsageExtDefaultImpl", "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "attributes" : [ { "name" : "keyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "keyUsageDigitalSignature", "Descriptor" : { "Syntax" : "boolean", "Description" : "Digital Signature", "DefaultValue" : "false" } }, { "name" : "keyUsageNonRepudiation", "Descriptor" : { "Syntax" : "boolean", "Description" : "Non-Repudiation", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageDataEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Data Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyAgreement", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Agreement", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyCertSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key CertSign", "DefaultValue" : "false" } }, { "name" : "keyUsageCrlSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "CRL Sign", "DefaultValue" : "false" } }, { "name" : "keyUsageEncipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Encipher Only", "DefaultValue" : "false" } }, { "name" : "keyUsageDecipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Decipher Only", "DefaultValue" : "false" } } ], "params" : [ { "name" : "keyUsageCritical", "value" : "true" }, { "name" : "keyUsageDigitalSignature", "value" : "true" }, { "name" : "keyUsageNonRepudiation", "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "value" : "true" }, { "name" : "keyUsageDataEncipherment", "value" : "false" }, { "name" : "keyUsageKeyAgreement", "value" : "false" }, { "name" : "keyUsageKeyCertSign", "value" : "false" }, { "name" : "keyUsageCrlSign", "value" : "false" }, { "name" : "keyUsageEncipherOnly", "value" : "false" }, { "name" : "keyUsageDecipherOnly", "value" : "false" } ] }, "constraint" : { "name" : "Key Usage Extension Constraint", "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "classId" : "keyUsageExtConstraintImpl", "constraints" : [ { "name" : "keyUsageCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDigitalSignature", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Digital Signature", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageNonRepudiation", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Non-Repudiation", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Encipherment", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDataEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Data Encipherment", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyAgreement", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Agreement", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyCertSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key CertSign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageCrlSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "CRL Sign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageEncipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Encipher Only", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageDecipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Decipher Only", "DefaultValue" : "-" }, "value" : "false" } ] } }, { "id" : "7", "def" : { "name" : "Extended Key Usage Extension Default", "classId" : "extendedKeyUsageExtDefaultImpl", "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4", "attributes" : [ { "name" : "exKeyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "exKeyUsageOIDs", "Descriptor" : { "Syntax" : "string_list", "Description" : "Comma-Separated list of Object Identifiers" } } ], "params" : [ { "name" : "exKeyUsageCritical", "value" : "false" }, { "name" : "exKeyUsageOIDs", "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "8", "def" : { "name" : "Subject Alt Name Constraint", "classId" : "subjectAltNameExtDefaultImpl", "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}", "attributes" : [ { "name" : "subjAltNameExtCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "subjAltNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "subjAltNameExtCritical", "value" : "false" }, { "name" : "subjAltNameNumGNs", "value" : "1" }, { "name" : "subjAltExtType_0", "value" : "RFC822Name" }, { "name" : "subjAltExtPattern_0", "value" : "$request.requestor_email$" }, { "name" : "subjAltExtGNEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "9", "def" : { "name" : "Signing Alg", "classId" : "signingAlgDefaultImpl", "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA", "attributes" : [ { "name" : "signingAlg", "Descriptor" : { "Syntax" : "choice", "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "Description" : "Signing Algorithm" } } ], "params" : [ { "name" : "signingAlg", "value" : "-" } ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "classId" : "signingAlgConstraintImpl", "constraints" : [ { "name" : "signingAlgsAllowed", "descriptor" : { "Syntax" : "string", "Description" : "Allowed Signing Algorithms", "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC" }, "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS" } ] } } ] }, "xmloutput" : false }
/ca/v2/profiles/{id}	GET	None	200	application/json
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/profiles/caUserCert { "id" : "caUserCert", "classId" : "caEnrollImpl", "name" : "Manual User Dual-Use Certificate Enrollment", "description" : "This certificate profile is for enrolling user certificates.", "enabled" : true, "visible" : false, "enabledBy" : "admin", "authzAcl" : "", "renewal" : false, "inputs" : [ { "id" : "i1", "ClassID" : "keyGenInputImpl", "Name" : "Key Generation", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Descriptor" : { "Syntax" : "keygen_request_type", "Description" : "Key Generation Request Type" } }, { "name" : "cert_request", "Descriptor" : { "Syntax" : "keygen_request", "Description" : "Key Generation Request" } } ] }, { "id" : "i2", "ClassID" : "subjectNameInputImpl", "Name" : "Subject Name", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "sn_uid", "Descriptor" : { "Syntax" : "string", "Description" : "UID" } }, { "name" : "sn_e", "Descriptor" : { "Syntax" : "string", "Description" : "Email" } }, { "name" : "sn_cn", "Descriptor" : { "Syntax" : "string", "Description" : "Common Name" } }, { "name" : "sn_ou3", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 3" } }, { "name" : "sn_ou2", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 2" } }, { "name" : "sn_ou1", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 1" } }, { "name" : "sn_ou", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit" } }, { "name" : "sn_o", "Descriptor" : { "Syntax" : "string", "Description" : "Organization" } }, { "name" : "sn_c", "Descriptor" : { "Syntax" : "string", "Description" : "Country" } } ] }, { "id" : "i3", "ClassID" : "submitterInfoInputImpl", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "requestor_name", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Name" } }, { "name" : "requestor_email", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Email" } }, { "name" : "requestor_phone", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Phone" } } ] } ], "outputs" : [ { "id" : "o1", "name" : "Certificate Output", "classId" : "certOutputImpl", "attributes" : [ { "name" : "pretty_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Pretty Print" } }, { "name" : "b64_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Base-64 Encoded" } } ] } ], "policySets" : { "userCertSet" : [ { "id" : "1", "def" : { "name" : "Subject Name Default", "classId" : "userSubjectNameDefaultImpl", "text" : "This default populates a User-Supplied Certificate Subject Name to the request.", "attributes" : [ { "name" : "name", "Descriptor" : { "Syntax" : "string", "Description" : "Subject Name" } } ], "params" : [ { "name" : "useSysEncoding", "value" : "" } ] }, "constraint" : { "name" : "Subject Name Constraint", "text" : "This constraint accepts the subject name that matches UID=.*", "classId" : "subjectNameConstraintImpl", "constraints" : [ { "name" : "pattern", "descriptor" : { "Syntax" : "string", "Description" : "Subject Name Pattern" }, "value" : "UID=.*" } ] } }, { "id" : "10", "def" : { "name" : "No Default", "classId" : "noDefaultImpl", "text" : "No Default", "attributes" : [ ], "params" : [ ] }, "constraint" : { "name" : "Renewal Grace Period Constraint", "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.", "classId" : "renewGracePeriodConstraintImpl", "constraints" : [ { "name" : "renewal.graceBefore", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period Before", "DefaultValue" : "30" }, "value" : "30" }, { "name" : "renewal.graceAfter", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period After", "DefaultValue" : "30" }, "value" : "30" } ] } }, { "id" : "2", "def" : { "name" : "Validity Default", "classId" : "validityDefaultImpl", "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days", "attributes" : [ { "name" : "notBefore", "Descriptor" : { "Syntax" : "string", "Description" : "Not Before" } }, { "name" : "notAfter", "Descriptor" : { "Syntax" : "string", "Description" : "Not After" } } ], "params" : [ { "name" : "range", "value" : "180" }, { "name" : "rangeUnit", "value" : "" }, { "name" : "startTime", "value" : "0" } ] }, "constraint" : { "name" : "Validity Constraint", "text" : "This constraint rejects the validity that is not between 365 days.", "classId" : "validityConstraintImpl", "constraints" : [ { "name" : "range", "descriptor" : { "Syntax" : "integer", "Description" : "Validity Range", "DefaultValue" : "365" }, "value" : "365" }, { "name" : "rangeUnit", "descriptor" : { "Syntax" : "string", "Description" : "Validity Range Unit: year, month, day (default), hour, minute", "DefaultValue" : "day" }, "value" : "" }, { "name" : "notBeforeGracePeriod", "descriptor" : { "Syntax" : "integer", "Description" : "Grace period for Not Before being set in the future (in seconds).", "DefaultValue" : "0" }, "value" : "" }, { "name" : "notBeforeCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not Before against current time", "DefaultValue" : "false" }, "value" : "false" }, { "name" : "notAfterCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not After against Not Before", "DefaultValue" : "false" }, "value" : "false" } ] } }, { "id" : "3", "def" : { "name" : "Key Default", "classId" : "userKeyDefaultImpl", "text" : "This default populates a User-Supplied Certificate Key to the request.", "attributes" : [ { "name" : "TYPE", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Type" } }, { "name" : "LEN", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Length" } }, { "name" : "KEY", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key" } } ], "params" : [ ] }, "constraint" : { "name" : "Key Constraint", "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096", "classId" : "keyConstraintImpl", "constraints" : [ { "name" : "keyType", "descriptor" : { "Syntax" : "choice", "Constraint" : "-,RSA,EC", "Description" : "Key Type", "DefaultValue" : "RSA" }, "value" : "RSA" }, { "name" : "keyParameters", "descriptor" : { "Syntax" : "string", "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.", "DefaultValue" : "" }, "value" : "1024,2048,3072,4096" } ] } }, { "id" : "4", "def" : { "name" : "Authority Key Identifier Default", "classId" : "authorityKeyIdentifierExtDefaultImpl", "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.", "attributes" : [ { "name" : "critical", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Criticality" } }, { "name" : "keyid", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key ID" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "5", "def" : { "name" : "AIA Extension Default", "classId" : "authInfoAccessExtDefaultImpl", "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}", "attributes" : [ { "name" : "authInfoAccessCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "authInfoAccessGeneralNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "authInfoAccessCritical", "value" : "false" }, { "name" : "authInfoAccessNumADs", "value" : "1" }, { "name" : "authInfoAccessADMethod_0", "value" : "1.3.6.1.5.5.7.48.1" }, { "name" : "authInfoAccessADLocationType_0", "value" : "URIName" }, { "name" : "authInfoAccessADLocation_0", "value" : "" }, { "name" : "authInfoAccessADEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "6", "def" : { "name" : "Key Usage Default", "classId" : "keyUsageExtDefaultImpl", "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "attributes" : [ { "name" : "keyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "keyUsageDigitalSignature", "Descriptor" : { "Syntax" : "boolean", "Description" : "Digital Signature", "DefaultValue" : "false" } }, { "name" : "keyUsageNonRepudiation", "Descriptor" : { "Syntax" : "boolean", "Description" : "Non-Repudiation", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageDataEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Data Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyAgreement", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Agreement", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyCertSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key CertSign", "DefaultValue" : "false" } }, { "name" : "keyUsageCrlSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "CRL Sign", "DefaultValue" : "false" } }, { "name" : "keyUsageEncipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Encipher Only", "DefaultValue" : "false" } }, { "name" : "keyUsageDecipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Decipher Only", "DefaultValue" : "false" } } ], "params" : [ { "name" : "keyUsageCritical", "value" : "true" }, { "name" : "keyUsageDigitalSignature", "value" : "true" }, { "name" : "keyUsageNonRepudiation", "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "value" : "true" }, { "name" : "keyUsageDataEncipherment", "value" : "false" }, { "name" : "keyUsageKeyAgreement", "value" : "false" }, { "name" : "keyUsageKeyCertSign", "value" : "false" }, { "name" : "keyUsageCrlSign", "value" : "false" }, { "name" : "keyUsageEncipherOnly", "value" : "false" }, { "name" : "keyUsageDecipherOnly", "value" : "false" } ] }, "constraint" : { "name" : "Key Usage Extension Constraint", "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "classId" : "keyUsageExtConstraintImpl", "constraints" : [ { "name" : "keyUsageCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDigitalSignature", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Digital Signature", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageNonRepudiation", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Non-Repudiation", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Encipherment", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDataEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Data Encipherment", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyAgreement", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Agreement", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyCertSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key CertSign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageCrlSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "CRL Sign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageEncipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Encipher Only", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageDecipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Decipher Only", "DefaultValue" : "-" }, "value" : "false" } ] } }, { "id" : "7", "def" : { "name" : "Extended Key Usage Extension Default", "classId" : "extendedKeyUsageExtDefaultImpl", "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4", "attributes" : [ { "name" : "exKeyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "exKeyUsageOIDs", "Descriptor" : { "Syntax" : "string_list", "Description" : "Comma-Separated list of Object Identifiers" } } ], "params" : [ { "name" : "exKeyUsageCritical", "value" : "false" }, { "name" : "exKeyUsageOIDs", "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "8", "def" : { "name" : "Subject Alt Name Constraint", "classId" : "subjectAltNameExtDefaultImpl", "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}", "attributes" : [ { "name" : "subjAltNameExtCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "subjAltNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "subjAltNameExtCritical", "value" : "false" }, { "name" : "subjAltNameNumGNs", "value" : "1" }, { "name" : "subjAltExtType_0", "value" : "RFC822Name" }, { "name" : "subjAltExtPattern_0", "value" : "$request.requestor_email$" }, { "name" : "subjAltExtGNEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "9", "def" : { "name" : "Signing Alg", "classId" : "signingAlgDefaultImpl", "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA", "attributes" : [ { "name" : "signingAlg", "Descriptor" : { "Syntax" : "choice", "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "Description" : "Signing Algorithm" } } ], "params" : [ { "name" : "signingAlg", "value" : "-" } ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "classId" : "signingAlgConstraintImpl", "constraints" : [ { "name" : "signingAlgsAllowed", "descriptor" : { "Syntax" : "string", "Description" : "Allowed Signing Algorithms", "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC" }, "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS" } ] } } ] }, "xmloutput" : false }
/ca/v2/profiles/{id}	POST	action (enable/disable)	204		No input exptected
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ -X POST "https://$HOSTNAME:8443/ca/v2/profiles/caUserCert?action=disable"
/ca/v2/profiles/{id}	PUT	None	200	application/json	Profile in json foramt
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --json '{"id":"test","classId":"caEnrollImpl","name":"Manual User Dual-Use Certificate Enrollment","description":"This certificate profile is for enrolling user certificates.","enabled":true,"visible":true,"enabledBy":"admin","authzAcl":"","renewal":false,"inputs":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"outputs":[{"id":"o1","name":"Certificate Output","classId":"certOutputImpl","attributes":[{"name":"pretty_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Pretty Print"}},{"name":"b64_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Base-64 Encoded"}}]}],"policySets":{"userCertSet":[{"id":"1","def":{"name":"Subject Name Default","classId":"userSubjectNameDefaultImpl","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[{"name":"useSysEncoding","value":""}]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"subjectNameConstraintImpl","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","classId":"noDefaultImpl","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"renewGracePeriodConstraintImpl","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","classId":"validityDefaultImpl","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[{"name":"range","value":"180"},{"name":"rangeUnit","value":""},{"name":"startTime","value":"0"}]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"validityConstraintImpl","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","classId":"userKeyDefaultImpl","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"keyConstraintImpl","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","classId":"authorityKeyIdentifierExtDefaultImpl","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","classId":"authInfoAccessExtDefaultImpl","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"authInfoAccessCritical","value":"false"},{"name":"authInfoAccessNumADs","value":"1"},{"name":"authInfoAccessADMethod_0","value":"1.3.6.1.5.5.7.48.1"},{"name":"authInfoAccessADLocationType_0","value":"URIName"},{"name":"authInfoAccessADLocation_0","value":""},{"name":"authInfoAccessADEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","classId":"keyUsageExtDefaultImpl","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[{"name":"keyUsageCritical","value":"true"},{"name":"keyUsageDigitalSignature","value":"true"},{"name":"keyUsageNonRepudiation","value":"true"},{"name":"keyUsageKeyEncipherment","value":"true"},{"name":"keyUsageDataEncipherment","value":"false"},{"name":"keyUsageKeyAgreement","value":"false"},{"name":"keyUsageKeyCertSign","value":"false"},{"name":"keyUsageCrlSign","value":"false"},{"name":"keyUsageEncipherOnly","value":"false"},{"name":"keyUsageDecipherOnly","value":"false"}]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"keyUsageExtConstraintImpl","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","classId":"extendedKeyUsageExtDefaultImpl","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[{"name":"exKeyUsageCritical","value":"false"},{"name":"exKeyUsageOIDs","value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","classId":"subjectAltNameExtDefaultImpl","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"subjAltNameExtCritical","value":"false"},{"name":"subjAltNameNumGNs","value":"1"},{"name":"subjAltExtType_0","value":"RFC822Name"},{"name":"subjAltExtPattern_0","value":"$request.requestor_email$"},{"name":"subjAltExtGNEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","classId":"signingAlgDefaultImpl","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[{"name":"signingAlg","value":"-"}]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"signingAlgConstraintImpl","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]},"xmloutput":false}' \ -X Put https://$HOSTNAME:8443/ca/v2/profiles/test { "id" : "test", "classId" : "caEnrollImpl", "name" : "Manual User Dual-Use Certificate Enrollment", "description" : "This certificate profile is for enrolling user certificates.", "enabled" : false, "visible" : true, "authzAcl" : "", "renewal" : false, "inputs" : [ { "id" : "i1", "ClassID" : "keyGenInputImpl", "Name" : "Key Generation", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Descriptor" : { "Syntax" : "keygen_request_type", "Description" : "Key Generation Request Type" } }, { "name" : "cert_request", "Descriptor" : { "Syntax" : "keygen_request", "Description" : "Key Generation Request" } } ] }, { "id" : "i2", "ClassID" : "subjectNameInputImpl", "Name" : "Subject Name", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "sn_uid", "Descriptor" : { "Syntax" : "string", "Description" : "UID" } }, { "name" : "sn_e", "Descriptor" : { "Syntax" : "string", "Description" : "Email" } }, { "name" : "sn_cn", "Descriptor" : { "Syntax" : "string", "Description" : "Common Name" } }, { "name" : "sn_ou3", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 3" } }, { "name" : "sn_ou2", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 2" } }, { "name" : "sn_ou1", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 1" } }, { "name" : "sn_ou", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit" } }, { "name" : "sn_o", "Descriptor" : { "Syntax" : "string", "Description" : "Organization" } }, { "name" : "sn_c", "Descriptor" : { "Syntax" : "string", "Description" : "Country" } } ] }, { "id" : "i3", "ClassID" : "submitterInfoInputImpl", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "requestor_name", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Name" } }, { "name" : "requestor_email", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Email" } }, { "name" : "requestor_phone", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Phone" } } ] } ], "outputs" : [ { "id" : "o1", "name" : "Certificate Output", "classId" : "certOutputImpl", "attributes" : [ { "name" : "pretty_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Pretty Print" } }, { "name" : "b64_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Base-64 Encoded" } } ] } ], "policySets" : { "userCertSet" : [ { "id" : "1", "def" : { "name" : "Subject Name Default", "classId" : "userSubjectNameDefaultImpl", "text" : "This default populates a User-Supplied Certificate Subject Name to the request.", "attributes" : [ { "name" : "name", "Descriptor" : { "Syntax" : "string", "Description" : "Subject Name" } } ], "params" : [ { "name" : "useSysEncoding", "value" : "" } ] }, "constraint" : { "name" : "Subject Name Constraint", "text" : "This constraint accepts the subject name that matches UID=.*", "classId" : "subjectNameConstraintImpl", "constraints" : [ { "name" : "pattern", "descriptor" : { "Syntax" : "string", "Description" : "Subject Name Pattern" }, "value" : "UID=.*" } ] } }, { "id" : "10", "def" : { "name" : "No Default", "classId" : "noDefaultImpl", "text" : "No Default", "attributes" : [ ], "params" : [ ] }, "constraint" : { "name" : "Renewal Grace Period Constraint", "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.", "classId" : "renewGracePeriodConstraintImpl", "constraints" : [ { "name" : "renewal.graceBefore", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period Before", "DefaultValue" : "30" }, "value" : "30" }, { "name" : "renewal.graceAfter", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period After", "DefaultValue" : "30" }, "value" : "30" } ] } }, { "id" : "2", "def" : { "name" : "Validity Default", "classId" : "validityDefaultImpl", "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days", "attributes" : [ { "name" : "notBefore", "Descriptor" : { "Syntax" : "string", "Description" : "Not Before" } }, { "name" : "notAfter", "Descriptor" : { "Syntax" : "string", "Description" : "Not After" } } ], "params" : [ { "name" : "range", "value" : "180" }, { "name" : "rangeUnit", "value" : "" }, { "name" : "startTime", "value" : "0" } ] }, "constraint" : { "name" : "Validity Constraint", "text" : "This constraint rejects the validity that is not between 365 days.", "classId" : "validityConstraintImpl", "constraints" : [ { "name" : "range", "descriptor" : { "Syntax" : "integer", "Description" : "Validity Range", "DefaultValue" : "365" }, "value" : "365" }, { "name" : "rangeUnit", "descriptor" : { "Syntax" : "string", "Description" : "Validity Range Unit: year, month, day (default), hour, minute", "DefaultValue" : "day" }, "value" : "" }, { "name" : "notBeforeGracePeriod", "descriptor" : { "Syntax" : "integer", "Description" : "Grace period for Not Before being set in the future (in seconds).", "DefaultValue" : "0" }, "value" : "" }, { "name" : "notBeforeCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not Before against current time", "DefaultValue" : "false" }, "value" : "false" }, { "name" : "notAfterCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not After against Not Before", "DefaultValue" : "false" }, "value" : "false" } ] } }, { "id" : "3", "def" : { "name" : "Key Default", "classId" : "userKeyDefaultImpl", "text" : "This default populates a User-Supplied Certificate Key to the request.", "attributes" : [ { "name" : "TYPE", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Type" } }, { "name" : "LEN", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Length" } }, { "name" : "KEY", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key" } } ], "params" : [ ] }, "constraint" : { "name" : "Key Constraint", "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096", "classId" : "keyConstraintImpl", "constraints" : [ { "name" : "keyType", "descriptor" : { "Syntax" : "choice", "Constraint" : "-,RSA,EC", "Description" : "Key Type", "DefaultValue" : "RSA" }, "value" : "RSA" }, { "name" : "keyParameters", "descriptor" : { "Syntax" : "string", "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.", "DefaultValue" : "" }, "value" : "1024,2048,3072,4096" } ] } }, { "id" : "4", "def" : { "name" : "Authority Key Identifier Default", "classId" : "authorityKeyIdentifierExtDefaultImpl", "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.", "attributes" : [ { "name" : "critical", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Criticality" } }, { "name" : "keyid", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key ID" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "5", "def" : { "name" : "AIA Extension Default", "classId" : "authInfoAccessExtDefaultImpl", "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}", "attributes" : [ { "name" : "authInfoAccessCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "authInfoAccessGeneralNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "authInfoAccessCritical", "value" : "false" }, { "name" : "authInfoAccessNumADs", "value" : "1" }, { "name" : "authInfoAccessADMethod_0", "value" : "1.3.6.1.5.5.7.48.1" }, { "name" : "authInfoAccessADLocationType_0", "value" : "URIName" }, { "name" : "authInfoAccessADLocation_0", "value" : "" }, { "name" : "authInfoAccessADEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "6", "def" : { "name" : "Key Usage Default", "classId" : "keyUsageExtDefaultImpl", "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "attributes" : [ { "name" : "keyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "keyUsageDigitalSignature", "Descriptor" : { "Syntax" : "boolean", "Description" : "Digital Signature", "DefaultValue" : "false" } }, { "name" : "keyUsageNonRepudiation", "Descriptor" : { "Syntax" : "boolean", "Description" : "Non-Repudiation", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageDataEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Data Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyAgreement", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Agreement", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyCertSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key CertSign", "DefaultValue" : "false" } }, { "name" : "keyUsageCrlSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "CRL Sign", "DefaultValue" : "false" } }, { "name" : "keyUsageEncipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Encipher Only", "DefaultValue" : "false" } }, { "name" : "keyUsageDecipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Decipher Only", "DefaultValue" : "false" } } ], "params" : [ { "name" : "keyUsageCritical", "value" : "true" }, { "name" : "keyUsageDigitalSignature", "value" : "true" }, { "name" : "keyUsageNonRepudiation", "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "value" : "true" }, { "name" : "keyUsageDataEncipherment", "value" : "false" }, { "name" : "keyUsageKeyAgreement", "value" : "false" }, { "name" : "keyUsageKeyCertSign", "value" : "false" }, { "name" : "keyUsageCrlSign", "value" : "false" }, { "name" : "keyUsageEncipherOnly", "value" : "false" }, { "name" : "keyUsageDecipherOnly", "value" : "false" } ] }, "constraint" : { "name" : "Key Usage Extension Constraint", "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "classId" : "keyUsageExtConstraintImpl", "constraints" : [ { "name" : "keyUsageCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDigitalSignature", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Digital Signature", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageNonRepudiation", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Non-Repudiation", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Encipherment", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDataEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Data Encipherment", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyAgreement", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Agreement", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyCertSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key CertSign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageCrlSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "CRL Sign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageEncipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Encipher Only", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageDecipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Decipher Only", "DefaultValue" : "-" }, "value" : "false" } ] } }, { "id" : "7", "def" : { "name" : "Extended Key Usage Extension Default", "classId" : "extendedKeyUsageExtDefaultImpl", "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4", "attributes" : [ { "name" : "exKeyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "exKeyUsageOIDs", "Descriptor" : { "Syntax" : "string_list", "Description" : "Comma-Separated list of Object Identifiers" } } ], "params" : [ { "name" : "exKeyUsageCritical", "value" : "false" }, { "name" : "exKeyUsageOIDs", "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "8", "def" : { "name" : "Subject Alt Name Constraint", "classId" : "subjectAltNameExtDefaultImpl", "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}", "attributes" : [ { "name" : "subjAltNameExtCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "subjAltNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "subjAltNameExtCritical", "value" : "false" }, { "name" : "subjAltNameNumGNs", "value" : "1" }, { "name" : "subjAltExtType_0", "value" : "RFC822Name" }, { "name" : "subjAltExtPattern_0", "value" : "$request.requestor_email$" }, { "name" : "subjAltExtGNEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "9", "def" : { "name" : "Signing Alg", "classId" : "signingAlgDefaultImpl", "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA", "attributes" : [ { "name" : "signingAlg", "Descriptor" : { "Syntax" : "choice", "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "Description" : "Signing Algorithm" } } ], "params" : [ { "name" : "signingAlg", "value" : "-" } ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "classId" : "signingAlgConstraintImpl", "constraints" : [ { "name" : "signingAlgsAllowed", "descriptor" : { "Syntax" : "string", "Description" : "Allowed Signing Algorithms", "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC" }, "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS" } ] } } ] }, "xmloutput" : false }
/ca/v2/profiles/{id}	DELETE	action (enable/disable)	204
Example $ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/profiles/test
/ca/v2/profiles/raw	POST	None	201	application/octet-stream	Profile file in the original key=<value> format
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --data-binary @- https://$HOSTNAME:8443/ca/v2/profiles/raw << EOF auth.class_id= classId=caEnrollImpl desc=This certificate profile is for enrolling user certificates. enable=true enableBy=caadmin input.i1.class_id=keyGenInputImpl input.i2.class_id=subjectNameInputImpl input.i3.class_id=submitterInfoInputImpl input.list=i1,i2,i3 name=Manual User Dual-Use Certificate Enrollment output.list=o1 output.o1.class_id=certOutputImpl policyset.list=userCertSet policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.1.default.params.name= policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.2.constraint.name=Validity Constraint policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.2.constraint.params.range=365 policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.2.default.name=Validity Default policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.3.constraint.params.keyType=RSA policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.8.constraint.class_id=noConstraintImpl policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 profileId=test visible=false EOF auth.class_id= classId=caEnrollImpl desc=This certificate profile is for enrolling user certificates. enable=false enableBy=caadmin input.i1.class_id=keyGenInputImpl input.i2.class_id=subjectNameInputImpl input.i3.class_id=submitterInfoInputImpl input.list=i1,i2,i3 name=Manual User Dual-Use Certificate Enrollment output.list=o1 output.o1.class_id=certOutputImpl policyset.list=userCertSet policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.1.default.params.name= policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.2.constraint.name=Validity Constraint policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.2.constraint.params.range=365 policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.2.default.name=Validity Default policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.3.constraint.params.keyType=RSA policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.8.constraint.class_id=noConstraintImpl policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltExtPattern_0=.requestor_email$ policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 profileId=test visible=false
/ca/v2/profiles/{id}/raw	GET	None	200	application/octet-stream
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ https://$HOSTNAME:8443/ca/v2/profiles/caUserCert auth.class_id= classId=caEnrollImpl desc=This certificate profile is for enrolling user certificates. enable=true enableBy=caadmin input.i1.class_id=keyGenInputImpl input.i2.class_id=subjectNameInputImpl input.i3.class_id=submitterInfoInputImpl input.list=i1,i2,i3 name=Manual User Dual-Use Certificate Enrollment output.list=o1 output.o1.class_id=certOutputImpl policyset.list=userCertSet policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.1.default.params.name= policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.2.constraint.name=Validity Constraint policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.2.constraint.params.range=365 policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.2.default.name=Validity Default policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.3.constraint.params.keyType=RSA policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.8.constraint.class_id=noConstraintImpl policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 profileId=caUserCert visible=false
/ca/v2/profiles/{id}raw	PUT	None	200	application/octet-stream	Profile file in the original key=<value> format
Example $ curl --cacert ./ca_signing.crt -b session_cookie \ --data-binary @- -X PUT https://$HOSTNAME:8443/ca/v2/profiles/test/raw << EOF auth.class_id= classId=caEnrollImpl desc=This certificate profile is for enrolling user certificates. enable=false enableBy=caadmin input.i1.class_id=keyGenInputImpl input.i2.class_id=subjectNameInputImpl input.i3.class_id=submitterInfoInputImpl input.list=i1,i2,i3 name=Manual User Dual-Use Certificate Enrollment output.list=o1 output.o1.class_id=certOutputImpl policyset.list=userCertSet policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.1.default.params.name= policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.2.constraint.name=Validity Constraint policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.2.constraint.params.range=365 policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.2.default.name=Validity Default policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.3.constraint.params.keyType=RSA policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.8.constraint.class_id=noConstraintImpl policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 profileId=test visible=false EOF policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.3.constraint.params.keyType=RSA input.i2.class_id=subjectNameInputImpl policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 output.o1.class_id=certOutputImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint output.list=o1 input.list=i1,i2,i3 policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.2.constraint.params.range=365 visible=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.2.default.name=Validity Default desc=This certificate profile is for enrolling user certificates. policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.9.default.params.signingAlg=- auth.class_id= policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.6.default.params.keyUsageCrlSign=false enable=false policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.9.constraint.name=No Constraint input.i1.class_id=keyGenInputImpl enableBy=caadmin policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.name=Validity Constraint input.i3.class_id=submitterInfoInputImpl policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.8.constraint.class_id=noConstraintImpl name=Manual User Dual-Use Certificate Enrollment policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.list=userCertSet policyset.userCertSet.8.default.params.subjAltExtPattern_0=.requestor_email$ policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.1.default.params.name= policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false

KRA endpoints

• KRA REST API v2

Note	endpoints requiring authentication can be accessed providing the session cookie retrieved in the login api (/<app>/v2/account/login) or the user credentials (user/password or certificates).

TPS endpoints

• TPS REST API v2

See Also

• REST API