-
Notifications
You must be signed in to change notification settings - Fork 138
REST API v2
This page describes the REST API v2 endpoints.
Warning
|
This feature is still under development. The API might still change. Do not use it in production. |
Path | Method | Parameters | Return code | Mime | Input |
---|---|---|---|---|---|
|
|
None |
200 |
|
|
Example$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/pki/v2/info { "Name" : "Dogtag Certificate System", "Version" : "11.6.0", "Attributes" : { "Attribute" : [ ] } } |
|||||
|
|
None |
200 |
|
|
Examplecurl --cacert ./ca_signing.crt https://$HOSTNAME:8443/pki/v2/apps [{"id":"ca","name":"Certificate Authority","path":"/ca"}] |
These endpoints are available in multiple subsystem application.
Path | Method | Parameters | Return code | App | Example |
---|---|---|---|---|---|
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt --cert ca_admin_cert.p12:Secret.123 --cert-type P12 -c session_cookie https://$HOSTNAME:8443/ca/v2/account/login { "id" : "caadmin", "FullName" : "caadmin", "Email" : "caadmin@example.com", "Roles" : [ "Administrators", "Certificate Manager Agents", "Enterprise CA Administrators", "Enterprise KRA Administrators", "Enterprise OCSP Administrators", "Enterprise RA Administrators", "Enterprise TKS Administrators", "Enterprise TPS Administrators", "Security Domain Administrators" ], "Attributes" : { "Attribute" : [ ] } } |
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/account/logout |
|
|
start, size, filter |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/admin/groups?size=3&filter=Admin" { "total" : 8, "entries" : [ { "id" : "Administrators", "GroupID" : "Administrators", "Description" : "People who manage the Certificate System" }, { "id" : "Security Domain Administrators", "GroupID" : "Security Domain Administrators", "Description" : "People who are the Security Domain administrators" }, { "id" : "Enterprise CA Administrators", "GroupID" : "Enterprise CA Administrators", "Description" : "People who are the administrators for the security domain for CA" } ] } |
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"GroupID": "NewGroup", "Description":"This is a new group"}' https://$HOSTNAME:8443/ca/v2/admin/groups { "id" : "NewGroup", "GroupID" : "NewGroup", "Description" : "This is a new group" } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup { "id" : "NewGroup", "GroupID" : "NewGroup", "Description" : "This is a new group" } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"Description":"This is the new group"}' https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup { "id" : "NewGroup", "GroupID" : "NewGroup", "Description" : "This is the new group" } |
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup |
|
|
start, size, filter |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/groups/Administrators/members { "total" : 1, "entries" : [ { "id" : "caadmin", "groupID" : "Administrators" } ] } |
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"id": "caadmin"}' https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members { "id" : "caadmin", "groupID" : "NewGroup" } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members/caadmin { "id" : "caadmin", "groupID" : "NewGroup" } |
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members/caadmin |
|
|
start, size, filter |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/admin/users?size=3&filter=Admin" { "total" : 1, "entries" : [ { "id" : "caadmin", "UserID" : "caadmin", "FullName" : "caadmin" } ] } |
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"UserID": "newUser", "FullName":"New User"}' https://$HOSTNAME:8443/ca/v2/admin/users { "id" : "newUser", "UserID" : "newUser", "FullName" : "New User" } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/users/newUser { "id" : "newUser", "UserID" : "newUser", "FullName" : "New User" } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"FullName":"The New User"}' -X PATCH https://$HOSTNAME:8443/ca/v2/admin/users/newUser { "id" : "newUser", "UserID" : "newUser", "FullName" : "The New User" } |
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser |
|
|
size, start |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs { "total" : 1, "entries" : [ { "Version" : 2, "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "UID=newUser", "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser" } ] } |
|
|
size, start |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs { "total" : 1, "entries" : [ { "Version" : 2, "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "UID=newUser", "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser" } ] } |
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"Encoded":"-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n"}' https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs { "Version" : 2, "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "UID=newUser", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n", "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser" } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs/2%3B219636095195869852359558645775241978227%3BCN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE%3BUID%3DnewUser { "Version" : 2, "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "UID=newUser", "PrettyPrint" : " Certificate: \n Data: \n Version: v3\n Serial Number: 0xA53C5F8E01BAB930295A1C56134E2173\n Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Issuer: CN=CA Signing Certificate, OU=pki-tomcat, O=EXAMPLE\n Validity: \n Not Before: Wednesday, October 30, 2024, 9:40:40?AM Coordinated Universal Time Etc/UTC\n Not After: Monday, April 28, 2025, 9:40:40?AM Coordinated Universal Time Etc/UTC\n Subject: UID=newUser\n Subject Public Key Info: \n Algorithm: RSA - 1.2.840.113549.1.1.1\n Public Key: \n Exponent: 65537\n Public Key Modulus: (2048 bits) :\n BE:79:34:02:6D:DA:45:97:AF:74:FA:8B:B4:38:78:1A:\n 4B:A4:67:CF:52:AC:20:58:AB:3F:F2:5B:22:03:74:49:\n D3:1E:D2:54:77:22:70:6F:08:0B:90:AC:FD:1A:C1:37:\n 67:00:35:A8:B8:10:F0:2F:1E:3A:65:12:F0:33:46:9B:\n BF:98:4E:3C:0F:78:2F:87:9D:7C:5A:86:C8:AF:A8:37:\n AE:CA:B7:3A:9F:36:DA:C8:28:F8:05:69:3E:5C:CC:AA:\n 8B:CC:CF:8B:CE:04:5D:0E:5E:0B:7F:AA:0B:1E:59:12:\n 0C:96:F1:A9:E3:B6:34:97:FF:4F:72:2C:5C:56:44:2A:\n 21:1E:AE:CA:47:70:A9:E8:B2:65:3B:EE:F5:6C:7F:C5:\n 04:57:E8:E2:FF:A6:03:95:B0:8E:A7:59:F8:63:3D:6B:\n B3:65:AB:2B:EB:98:67:14:07:ED:AA:EC:B9:AE:0A:32:\n 82:A8:66:11:72:22:17:B3:2E:A9:60:B8:54:9F:17:DB:\n B7:0C:4B:67:19:86:CD:E8:DA:C2:B7:22:AA:D8:F8:D1:\n 4D:CD:99:D9:24:0C:9F:A7:8B:20:FB:0B:BE:70:E5:37:\n E1:99:9C:26:0D:2A:47:B3:BE:80:9A:03:C4:2C:1A:52:\n 92:2C:84:C1:DC:B2:6A:22:F9:DC:E8:CC:43:9B:83:FF\n Extensions: \n Identifier: Authority Key Identifier - 2.5.29.35\n Critical: no \n Key Identifier: \n A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\n C4:00:E1:25\n Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1\n Critical: no \n Access Description: \n Method #0: ocsp\n Location #0: URIName: http://pki.example.com:8080/ca/ocsp\n Identifier: Key Usage: - 2.5.29.15\n Critical: yes \n Key Usage: \n Digital Signature \n Non Repudiation \n Key Encipherment \n Identifier: Extended Key Usage: - 2.5.29.37\n Critical: no \n Extended Key Usage: \n clientAuth - 1.3.6.1.5.5.7.3.2\n emailProtection - 1.3.6.1.5.5.7.3.4\n Signature: \n Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Signature: \n 01:01:D9:79:88:6B:4D:81:68:7E:61:A5:3A:8A:F0:B3:\n 33:1D:9A:74:88:4F:00:E3:42:37:EE:F0:AD:52:87:98:\n 1E:24:E8:EB:62:8B:3B:3C:86:B7:B8:26:13:9D:E3:7F:\n 7B:F7:FF:B3:D7:D3:66:83:EB:13:27:10:2F:7A:C7:8E:\n 08:EE:42:B0:1A:91:0E:3C:C3:C2:B4:2C:A9:95:52:66:\n 95:73:04:BE:0C:2B:5C:80:7A:C1:33:DE:B9:61:5B:8F:\n 1B:0D:2F:C4:62:FE:02:12:43:7C:7E:3D:AD:B5:FF:D8:\n B0:2A:71:43:24:03:F5:5C:DA:80:D0:CD:BF:44:B3:A8:\n 76:D1:F1:29:68:15:6F:E5:E8:40:6D:65:94:E8:43:A4:\n 04:B3:75:FF:5D:95:29:8D:9E:40:54:93:6D:D9:8F:2E:\n 71:87:CD:C6:97:EC:D9:A0:97:EB:BC:8D:5C:EE:CA:C7:\n 53:62:98:07:09:0E:ED:A2:77:C4:EC:D3:50:4C:74:2D:\n F2:9E:B7:7C:10:DA:0C:C5:30:06:57:C8:0E:1D:CE:9A:\n 47:9F:02:87:D7:A6:F1:7B:63:55:FB:B3:2E:F0:7D:E4:\n AA:49:76:0F:0D:C6:38:03:77:7E:AF:B6:37:A9:FC:AE:\n A9:87:3D:FD:7C:FE:5F:38:53:BC:44:1F:8D:DF:E0:16:\n 26:63:07:6D:EE:D9:EB:75:02:11:83:E9:D9:90:22:15:\n 16:39:6F:8E:C8:3C:77:11:D0:7E:38:03:C5:A6:04:CA:\n F9:57:5A:52:BE:FA:CF:31:05:5D:A6:42:1A:79:14:86:\n C9:10:BA:38:3D:E3:DE:56:0A:CF:9E:40:B5:B3:9D:3C:\n B7:66:EC:FE:B2:CC:79:8E:06:CB:37:8E:91:8C:17:0A:\n 95:5C:86:48:4B:6E:0B:AB:91:C2:EC:06:6E:D4:1C:A7:\n B9:01:18:D7:87:B0:70:59:79:0E:5F:CD:47:65:B3:80:\n 7E:45:91:D9:58:FD:CE:4A:AA:5D:10:92:AA:F3:F8:21\n FingerPrint\n MD2:\n 08:B7:40:5F:0F:75:9B:7D:CE:6A:E6:02:04:0E:42:CE\n MD5:\n 70:FA:86:85:09:4C:A7:AC:C2:7E:16:12:FE:1C:23:6F\n SHA-1:\n CC:01:B7:F5:26:13:47:D9:A5:2C:05:6B:E0:94:16:7E:\n 62:CD:AB:4D\n SHA-256:\n 1A:00:A6:05:FB:14:33:B4:32:71:73:54:06:DA:52:BB:\n C9:3E:BA:24:CA:C2:4D:B2:9B:7F:A5:F7:F8:55:C0:45\n SHA-512:\n D6:C2:13:5B:5C:06:15:90:E9:78:73:C7:0C:EE:70:19:\n 31:79:1F:AB:43:57:B7:97:C8:D7:00:CA:F3:4A:DD:1B:\n 03:BE:50:10:A8:F6:4A:A0:F3:2E:28:AD:7B:7C:1F:E5:\n 70:ED:22:8E:21:DD:D9:E0:8A:7E:4C:47:D3:56:C5:49\n", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n", "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser" } |
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs/2%3B219636095195869852359558645775241978227%3BCN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE%3BUID%3DnewUser |
|
|
size, start, filter |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership { "total" : 1, "entries" : [ { "id" : "Auditors", "userID" : "newUser" } ] } |
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --data 'Auditors' https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership { "id" : "Auditors", "userID" : "newUser" } |
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership/Auditors |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/audit { "bufferSize" : 512, "Status" : "Enabled", "Signed" : false, "Interval" : 5, "Events" : { "ACCESS_SESSION_ESTABLISH" : "enabled", "ACCESS_SESSION_TERMINATED" : "enabled", "ASYMKEY_GENERATION_REQUEST" : "disabled", "ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled", "AUDIT_LOG_DELETE" : "disabled", "AUDIT_LOG_SHUTDOWN" : "disabled", "AUDIT_LOG_SIGNING" : "enabled", "AUDIT_LOG_STARTUP" : "enabled", "AUTH" : "enabled", "AUTHORITY_CONFIG" : "enabled", "AUTHZ" : "enabled", "CERT_PROFILE_APPROVAL" : "enabled", "CERT_REQUEST_PROCESSED" : "enabled", "CERT_SIGNING_INFO" : "enabled", "CERT_STATUS_CHANGE_REQUEST" : "enabled", "CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "enabled", "CIMC_CERT_VERIFICATION" : "disabled", "CLIENT_ACCESS_SESSION_ESTABLISH" : "enabled", "CLIENT_ACCESS_SESSION_TERMINATED" : "enabled", "CMC_ID_POP_LINK_WITNESS" : "disabled", "CMC_PROOF_OF_IDENTIFICATION" : "disabled", "CMC_REQUEST_RECEIVED" : "enabled", "CMC_RESPONSE_SENT" : "enabled", "CMC_SIGNED_REQUEST_SIG_VERIFY" : "enabled", "CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "enabled", "COMPUTE_RANDOM_DATA_REQUEST" : "disabled", "COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled", "COMPUTE_SESSION_KEY_REQUEST" : "disabled", "COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled", "CONFIG_ACL" : "enabled", "CONFIG_AUTH" : "enabled", "CONFIG_CERT_POLICY" : "disabled", "CONFIG_CERT_PROFILE" : "enabled", "CONFIG_CRL_PROFILE" : "enabled", "CONFIG_DRM" : "disabled", "CONFIG_ENCRYPTION" : "enabled", "CONFIG_OCSP_PROFILE" : "disabled", "CONFIG_ROLE" : "enabled", "CONFIG_SERIAL_NUMBER" : "enabled", "CONFIG_SIGNED_AUDIT" : "enabled", "CONFIG_TOKEN_AUTHENTICATOR" : "disabled", "CONFIG_TOKEN_CONNECTOR" : "disabled", "CONFIG_TOKEN_GENERAL" : "disabled", "CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled", "CONFIG_TOKEN_PROFILE" : "disabled", "CONFIG_TOKEN_RECORD" : "disabled", "CONFIG_TRUSTED_PUBLIC_KEY" : "enabled", "CRL_RETRIEVAL" : "disabled", "CRL_SIGNING_INFO" : "enabled", "CRL_VALIDATION" : "disabled", "DELTA_CRL_GENERATION" : "enabled", "DELTA_CRL_PUBLISHING" : "disabled", "DIVERSIFY_KEY_REQUEST" : "disabled", "DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled", "ENCRYPT_DATA_REQUEST" : "disabled", "ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled", "FULL_CRL_GENERATION" : "enabled", "FULL_CRL_PUBLISHING" : "disabled", "INTER_BOUNDARY" : "disabled", "KEY_GEN_ASYMMETRIC" : "enabled", "KEY_RECOVERY_AGENT_LOGIN" : "disabled", "KEY_RECOVERY_REQUEST" : "disabled", "KEY_STATUS_CHANGE" : "disabled", "LOG_PATH_CHANGE" : "enabled", "NON_PROFILE_CERT_REQUEST" : "disabled", "OCSP_ADD_CA_REQUEST" : "disabled", "OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled", "OCSP_GENERATION" : "enabled", "OCSP_REMOVE_CA_REQUEST" : "disabled", "OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled", "OCSP_SIGNING_INFO" : "enabled", "PROFILE_CERT_REQUEST" : "enabled", "PROOF_OF_POSSESSION" : "enabled", "RANDOM_GENERATION" : "enabled", "ROLE_ASSUME" : "enabled", "SCHEDULE_CRL_GENERATION" : "enabled", "SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled", "SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled", "SECURITY_DATA_EXPORT_KEY" : "disabled", "SECURITY_DATA_INFO" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled", "SECURITY_DOMAIN_UPDATE" : "enabled", "SELFTESTS_EXECUTION" : "enabled", "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled", "SERVER_SIDE_KEYGEN_REQUEST" : "enabled", "SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "enabled", "SYMKEY_GENERATION_REQUEST" : "disabled", "SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled", "TOKEN_APPLET_UPGRADE" : "disabled", "TOKEN_AUTH" : "disabled", "TOKEN_CERT_ENROLLMENT" : "disabled", "TOKEN_CERT_RENEWAL" : "disabled", "TOKEN_CERT_RETRIEVAL" : "disabled", "TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled", "TOKEN_FORMAT" : "disabled", "TOKEN_KEY_CHANGEOVER" : "disabled", "TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled", "TOKEN_KEY_RECOVERY" : "disabled", "TOKEN_KEY_SANITY_CHECK" : "disabled", "TOKEN_OP_REQUEST" : "disabled", "TOKEN_PIN_RESET" : "disabled", "TOKEN_STATE_CHANGE" : "disabled" } } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json @audit.json -X PATCH https://$HOSTNAME:8443/ca/v2/audit { "bufferSize" : 512, "Status" : "Enabled", "Signed" : false, "Interval" : 100, "Events" : { "ACCESS_SESSION_ESTABLISH" : "enabled", "ACCESS_SESSION_TERMINATED" : "disabled", "ASYMKEY_GENERATION_REQUEST" : "disabled", "ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled", "AUDIT_LOG_DELETE" : "disabled", "AUDIT_LOG_SHUTDOWN" : "disabled", "AUDIT_LOG_STARTUP" : "disabled", "AUTH" : "disabled", "AUTHORITY_CONFIG" : "disabled", "AUTHZ" : "disabled", "CERT_PROFILE_APPROVAL" : "disabled", "CERT_REQUEST_PROCESSED" : "disabled", "CERT_SIGNING_INFO" : "disabled", "CERT_STATUS_CHANGE_REQUEST" : "disabled", "CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "disabled", "CIMC_CERT_VERIFICATION" : "disabled", "CLIENT_ACCESS_SESSION_ESTABLISH" : "disabled", "CLIENT_ACCESS_SESSION_TERMINATED" : "disabled", "CMC_ID_POP_LINK_WITNESS" : "disabled", "CMC_PROOF_OF_IDENTIFICATION" : "disabled", "CMC_REQUEST_RECEIVED" : "disabled", "CMC_RESPONSE_SENT" : "disabled", "CMC_SIGNED_REQUEST_SIG_VERIFY" : "disabled", "CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "disabled", "COMPUTE_RANDOM_DATA_REQUEST" : "disabled", "COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled", "COMPUTE_SESSION_KEY_REQUEST" : "disabled", "COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled", "CONFIG_ACL" : "disabled", "CONFIG_AUTH" : "disabled", "CONFIG_CERT_POLICY" : "disabled", "CONFIG_CERT_PROFILE" : "disabled", "CONFIG_CRL_PROFILE" : "disabled", "CONFIG_DRM" : "disabled", "CONFIG_ENCRYPTION" : "disabled", "CONFIG_OCSP_PROFILE" : "disabled", "CONFIG_ROLE" : "disabled", "CONFIG_SERIAL_NUMBER" : "disabled", "CONFIG_SIGNED_AUDIT" : "disabled", "CONFIG_TOKEN_AUTHENTICATOR" : "disabled", "CONFIG_TOKEN_CONNECTOR" : "disabled", "CONFIG_TOKEN_GENERAL" : "disabled", "CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled", "CONFIG_TOKEN_PROFILE" : "disabled", "CONFIG_TOKEN_RECORD" : "disabled", "CONFIG_TRUSTED_PUBLIC_KEY" : "disabled", "CRL_RETRIEVAL" : "disabled", "CRL_SIGNING_INFO" : "disabled", "CRL_VALIDATION" : "disabled", "DELTA_CRL_GENERATION" : "disabled", "DELTA_CRL_PUBLISHING" : "disabled", "DIVERSIFY_KEY_REQUEST" : "disabled", "DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled", "ENCRYPT_DATA_REQUEST" : "disabled", "ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled", "FULL_CRL_GENERATION" : "disabled", "FULL_CRL_PUBLISHING" : "disabled", "INTER_BOUNDARY" : "disabled", "KEY_GEN_ASYMMETRIC" : "disabled", "KEY_RECOVERY_AGENT_LOGIN" : "disabled", "KEY_RECOVERY_REQUEST" : "disabled", "KEY_STATUS_CHANGE" : "disabled", "LOG_PATH_CHANGE" : "disabled", "NON_PROFILE_CERT_REQUEST" : "disabled", "OCSP_ADD_CA_REQUEST" : "disabled", "OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled", "OCSP_GENERATION" : "disabled", "OCSP_REMOVE_CA_REQUEST" : "disabled", "OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled", "OCSP_SIGNING_INFO" : "disabled", "PROFILE_CERT_REQUEST" : "disabled", "PROOF_OF_POSSESSION" : "disabled", "RANDOM_GENERATION" : "disabled", "ROLE_ASSUME" : "disabled", "SCHEDULE_CRL_GENERATION" : "disabled", "SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled", "SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled", "SECURITY_DATA_EXPORT_KEY" : "disabled", "SECURITY_DATA_INFO" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled", "SECURITY_DOMAIN_UPDATE" : "disabled", "SELFTESTS_EXECUTION" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled", "SERVER_SIDE_KEYGEN_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "disabled", "SYMKEY_GENERATION_REQUEST" : "disabled", "SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled", "TOKEN_APPLET_UPGRADE" : "disabled", "TOKEN_AUTH" : "disabled", "TOKEN_CERT_ENROLLMENT" : "disabled", "TOKEN_CERT_RENEWAL" : "disabled", "TOKEN_CERT_RETRIEVAL" : "disabled", "TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled", "TOKEN_FORMAT" : "disabled", "TOKEN_KEY_CHANGEOVER" : "disabled", "TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled", "TOKEN_KEY_RECOVERY" : "disabled", "TOKEN_KEY_SANITY_CHECK" : "disabled", "TOKEN_OP_REQUEST" : "disabled", "TOKEN_PIN_RESET" : "disabled", "TOKEN_STATE_CHANGE" : "disabled" } } |
|
|
action (enable/disable) |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -X POST "https://$HOSTNAME:8443/ca/v2/audit?action=enable" { "bufferSize" : 512, "Status" : "Enabled", "Signed" : false, "Interval" : 100, "Events" : { "ACCESS_SESSION_ESTABLISH" : "enabled", "ACCESS_SESSION_TERMINATED" : "disabled", "ASYMKEY_GENERATION_REQUEST" : "disabled", "ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled", "AUDIT_LOG_DELETE" : "disabled", "AUDIT_LOG_SHUTDOWN" : "disabled", "AUDIT_LOG_STARTUP" : "disabled", "AUTH" : "disabled", "AUTHORITY_CONFIG" : "disabled", "AUTHZ" : "disabled", "CERT_PROFILE_APPROVAL" : "disabled", "CERT_REQUEST_PROCESSED" : "disabled", "CERT_SIGNING_INFO" : "disabled", "CERT_STATUS_CHANGE_REQUEST" : "disabled", "CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "disabled", "CIMC_CERT_VERIFICATION" : "disabled", "CLIENT_ACCESS_SESSION_ESTABLISH" : "disabled", "CLIENT_ACCESS_SESSION_TERMINATED" : "disabled", "CMC_ID_POP_LINK_WITNESS" : "disabled", "CMC_PROOF_OF_IDENTIFICATION" : "disabled", "CMC_REQUEST_RECEIVED" : "disabled", "CMC_RESPONSE_SENT" : "disabled", "CMC_SIGNED_REQUEST_SIG_VERIFY" : "disabled", "CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "disabled", "COMPUTE_RANDOM_DATA_REQUEST" : "disabled", "COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled", "COMPUTE_SESSION_KEY_REQUEST" : "disabled", "COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled", "CONFIG_ACL" : "disabled", "CONFIG_AUTH" : "disabled", "CONFIG_CERT_POLICY" : "disabled", "CONFIG_CERT_PROFILE" : "disabled", "CONFIG_CRL_PROFILE" : "disabled", "CONFIG_DRM" : "disabled", "CONFIG_ENCRYPTION" : "disabled", "CONFIG_OCSP_PROFILE" : "disabled", "CONFIG_ROLE" : "disabled", "CONFIG_SERIAL_NUMBER" : "disabled", "CONFIG_SIGNED_AUDIT" : "disabled", "CONFIG_TOKEN_AUTHENTICATOR" : "disabled", "CONFIG_TOKEN_CONNECTOR" : "disabled", "CONFIG_TOKEN_GENERAL" : "disabled", "CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled", "CONFIG_TOKEN_PROFILE" : "disabled", "CONFIG_TOKEN_RECORD" : "disabled", "CONFIG_TRUSTED_PUBLIC_KEY" : "disabled", "CRL_RETRIEVAL" : "disabled", "CRL_SIGNING_INFO" : "disabled", "CRL_VALIDATION" : "disabled", "DELTA_CRL_GENERATION" : "disabled", "DELTA_CRL_PUBLISHING" : "disabled", "DIVERSIFY_KEY_REQUEST" : "disabled", "DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled", "ENCRYPT_DATA_REQUEST" : "disabled", "ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled", "FULL_CRL_GENERATION" : "disabled", "FULL_CRL_PUBLISHING" : "disabled", "INTER_BOUNDARY" : "disabled", "KEY_GEN_ASYMMETRIC" : "disabled", "KEY_RECOVERY_AGENT_LOGIN" : "disabled", "KEY_RECOVERY_REQUEST" : "disabled", "KEY_STATUS_CHANGE" : "disabled", "LOG_PATH_CHANGE" : "disabled", "NON_PROFILE_CERT_REQUEST" : "disabled", "OCSP_ADD_CA_REQUEST" : "disabled", "OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled", "OCSP_GENERATION" : "disabled", "OCSP_REMOVE_CA_REQUEST" : "disabled", "OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled", "OCSP_SIGNING_INFO" : "disabled", "PROFILE_CERT_REQUEST" : "disabled", "PROOF_OF_POSSESSION" : "disabled", "RANDOM_GENERATION" : "disabled", "ROLE_ASSUME" : "disabled", "SCHEDULE_CRL_GENERATION" : "disabled", "SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled", "SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled", "SECURITY_DATA_EXPORT_KEY" : "disabled", "SECURITY_DATA_INFO" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled", "SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled", "SECURITY_DOMAIN_UPDATE" : "disabled", "SELFTESTS_EXECUTION" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled", "SERVER_SIDE_KEYGEN_REQUEST" : "disabled", "SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "disabled", "SYMKEY_GENERATION_REQUEST" : "disabled", "SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled", "TOKEN_APPLET_UPGRADE" : "disabled", "TOKEN_AUTH" : "disabled", "TOKEN_CERT_ENROLLMENT" : "disabled", "TOKEN_CERT_RENEWAL" : "disabled", "TOKEN_CERT_RETRIEVAL" : "disabled", "TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled", "TOKEN_FORMAT" : "disabled", "TOKEN_KEY_CHANGEOVER" : "disabled", "TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled", "TOKEN_KEY_RECOVERY" : "disabled", "TOKEN_KEY_SANITY_CHECK" : "disabled", "TOKEN_OP_REQUEST" : "disabled", "TOKEN_PIN_RESET" : "disabled", "TOKEN_STATE_CHANGE" : "disabled" } } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/audit/files { "total" : 1, "entries" : [ { "name" : "ca_audit", "size" : 77606 } ] } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/audit/files/ca_audit 0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=CERT_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:C4:00:E1:25] certificate signing info 0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=CRL_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:C4:00:E1:25] CRL signing info 0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=OCSP_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=AB:AF:55:C8:C0:97:C8:B6:AA:47:0D:D0:66:C6:15:E1:B1:EF:EF:77] OCSP signing info 0.main - [29/Oct/2024:11:09:29 UTC] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Success] self tests execution (see selftests.log for details) 0.https-jsse-jss-nio-8443-exec-1 - [29/Oct/2024:11:09:31 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success 0.https-jsse-jss-nio-8443-exec-2 - [29/Oct/2024:11:09:31 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated 0.https-jsse-jss-nio-8443-exec-3 - [29/Oct/2024:11:09:32 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success 0.https-jsse-jss-nio-8443-exec-3 - [29/Oct/2024:11:09:32 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated 0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success 0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertReceived: CLOSE_NOTIFY] access session terminated 0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated 0.https-jsse-jss-nio-8443-exec-5 - [29/Oct/2024:11:45:53 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Failure][Info=serverAlertSent: UNEXPECTED_MESSAGE] access session establish failure 0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success 0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertReceived: CLOSE_NOTIFY] access session terminated 0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated |
|
|
None |
200 |
ca |
Show$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/config/features [{"id":"authority","description":"Lightweight CAs","version":"1.0","enabled":true}] |
|
|
None |
200 |
ca |
Show$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/config/features/authority { "id" : "authority", "description" : "Lightweight CAs", "version" : "1.0", "enabled" : true } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/jobs { "entries" : [ { "id" : "certRenewalNotifier", "enabled" : false, "cron" : "0 3 * * 1-5", "pluginName" : "RenewalNotificationJob", "parameters" : { } }, { "id" : "pruning", "enabled" : false, "pluginName" : "PruningJob", "parameters" : { } }, { "id" : "publishCerts", "enabled" : false, "cron" : "0 0 * * 2", "pluginName" : "PublishCertsJob", "parameters" : { } }, { "id" : "requestInQueueNotifier", "enabled" : false, "cron" : "0 0 * * 0", "pluginName" : "RequestInQueueJob", "parameters" : { } }, { "id" : "serialNumberUpdate", "enabled" : false, "pluginName" : "SerialNumberUpdateJob", "parameters" : { } }, { "id" : "unpublishExpiredCerts", "enabled" : false, "cron" : "0 0 * * 6", "pluginName" : "UnpublishExpiredJob", "parameters" : { } } ] } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/jobs/serialNumberUpdate { "id" : "serialNumberUpdate", "enabled" : false, "pluginName" : "SerialNumberUpdateJob", "parameters" : { } } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/jobs/serialNumberUpdate/start |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/securityDomain/domainInfo { "subsystemArray" : [ { "hosts" : { "CA pki.example.com 8443" : { "id" : "CA pki.example.com 8443", "Hostname" : "pki.example.com", "Port" : "8080", "SecurePort" : "8443", "SecureEEClientAuthPort" : "8443", "SecureAgentPort" : "8443", "SecureAdminPort" : "8443", "Clone" : "FALSE", "SubsystemName" : "CA pki.example.com 8443", "DomainManager" : "TRUE" } }, "hostArray" : [ { "id" : "CA pki.example.com 8443", "Hostname" : "pki.example.com", "Port" : "8080", "SecurePort" : "8443", "SecureEEClientAuthPort" : "8443", "SecureAgentPort" : "8443", "SecureAdminPort" : "8443", "Clone" : "FALSE", "SubsystemName" : "CA pki.example.com 8443", "DomainManager" : "TRUE" } ], "id" : "CA" } ], "id" : "EXAMPLE", "subsystems" : { "CA" : { "hosts" : { "CA pki.example.com 8443" : { "id" : "CA pki.example.com 8443", "Hostname" : "pki.example.com", "Port" : "8080", "SecurePort" : "8443", "SecureEEClientAuthPort" : "8443", "SecureAgentPort" : "8443", "SecureAdminPort" : "8443", "Clone" : "FALSE", "SubsystemName" : "CA pki.example.com 8443", "DomainManager" : "TRUE" } }, "hostArray" : [ { "id" : "CA pki.example.com 8443", "Hostname" : "pki.example.com", "Port" : "8080", "SecurePort" : "8443", "SecureEEClientAuthPort" : "8443", "SecureAgentPort" : "8443", "SecureAdminPort" : "8443", "Clone" : "FALSE", "SubsystemName" : "CA pki.example.com 8443", "DomainManager" : "TRUE" } ], "id" : "CA" } } } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/securityDomain/hosts [{"id":"CA pki.example.com 8443","Hostname":"pki.example.com","Port":"8080","SecurePort":"8443","SecureEEClientAuthPort":"8443","SecureAgentPort":"8443","SecureAdminPort":"8443","Clone":"FALSE","SubsystemName":"CA pki.example.com 8443","DomainManager":"TRUE"}] |
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt -b session_cookie --json '{"id":"CA pki2.example.com 8443","Hostname":"pki2.example.com","Port":"8080","SecurePort":"8443","SecureEEClientAuthPort":"8443","SecureAgentPort":"8443","SecureAdminPort":"8443","Clone":"TRUE","SubsystemName":"CA pki2.example.com 8443","DomainManager":"FALSE"}' -X PUT https://$HOSTNAME:8443/ca/v2/securityDomain/hosts |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/securityDomain/hosts/CA%20pki.example.com%208443 { "id" : "CA pki.example.com 8443", "Hostname" : "pki.example.com", "Port" : "8080", "SecurePort" : "8443", "SecureEEClientAuthPort" : "8443", "SecureAgentPort" : "8443", "SecureAdminPort" : "8443", "Clone" : "FALSE", "SubsystemName" : "CA pki.example.com 8443", "DomainManager" : "TRUE" } |
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/securityDomain/hosts/CA%20pki.example.com%208443 |
|
|
hostname, subsystem |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/securityDomain/installToken?hostname=pki.example.com&subsystem=CA" { "token" : "4984326538499940852" } |
|
|
start, size, filter |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/selftests?start=2" { "total" : 3, "entries" : [ { "id" : "SystemCertsVerification", "enabledAtStartup" : true, "criticalAtStartup" : true, "enabledOnDemand" : true, "criticalOnDemand" : true } ] } |
|
|
action (run) |
204 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/selftests?action=run" |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/selftests/CAValidity { "id" : "CAValidity", "enabledAtStartup" : false, "enabledOnDemand" : true, "criticalOnDemand" : true } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/selftests/run { "entries" : [ { "id" : "CAPresence", "status" : "PASSED" }, { "id" : "SystemCertsVerification", "status" : "PASSED" }, { "id" : "CAValidity", "status" : "PASSED" } ] } |
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
Show$ curl -v --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/selftests/CAPresence/run { "id" : "CAPresence", "status" : "PASSED" } |
Path | Method | Parameters | Return code | Example |
---|---|---|---|---|
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/kraconnector { "host" : "pki.example.com", "port" : "8443", "transportCert" : "MIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==", "uri" : "/kra/agent/kra/connector", "timeout" : "30", "local" : "false", "enable" : "true" } |
|
|
None |
204 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"host":"pki.example.com","port":"8443","transportCert":"MIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==","uri":"/kra/agent/kra/connector","timeout":"30","local":"false","enable":"true"}' https://$HOSTNAME:8443/ca/v2/admin/kraconnector/add |
|
|
host, port |
204 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -X POST "https://$HOSTNAME:8443/ca/v2/admin/kraconnector/addHost?host=pki2.example.com&port=8443" |
|
|
host, port |
204 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -X POST "https://$HOSTNAME:8443/ca/v2/admin/kraconnector/remove?host=pki.example.com&port=8443" |
|
|
pageSize, start, maxTime |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/agent/certrequests?pageSize=2" { "total" : 7, "entries" : [ { "requestID" : "0x58e47a524bff8fbc512465759b63f424", "requestType" : "enrollment", "requestStatus" : "complete", "creationTime" : 1730200079000, "modificationTime" : 1730200084000, "certId" : "0x86614664f6379c1c2d0a39d1e47d3fd0", "certRequestType" : "pkcs10", "operationResult" : "success" }, { "requestID" : "0x5f2533c00bb8934584decbf1aa9ab987", "requestType" : "enrollment", "requestStatus" : "complete", "creationTime" : 1730200087000, "modificationTime" : 1730200093000, "certId" : "0xf84f45cd025332f2b06d1ec58136be89", "certRequestType" : "pkcs10", "operationResult" : "success" } ] } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/agent/certrequests/0x5f2533c00bb8934584decbf1aa9ab987 { "nonce" : "-8579840105031817822", "requestId" : "0x5f2533c00bb8934584decbf1aa9ab987", "requestType" : "enrollment", "requestStatus" : "complete", "requestOwner" : "", "requestCreationTime" : "Tue Oct 29 11:08:07 UTC 2024", "requestModificationTime" : "Tue Oct 29 11:08:13 UTC 2024", "requestNotes" : "", "profileApprovedBy" : "system", "profileSetId" : "ocspCertSet", "profileIsVisible" : "true", "profileName" : "Manual OCSP Manager Signing Certificate Enrollment", "profileDescription" : "This certificate profile is for enrolling OCSP Manager certificates.", "ProfileID" : "caOCSPCert", "Renewal" : false, "Input" : [ { "ClassID" : "CertReqInput", "Name" : "Certificate Request Input", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Value" : "pkcs10" }, { "name" : "cert_request", "Value" : "-----BEGIN CERTIFICATE REQUEST-----\nMIIDkjCCAfoCAQAwTTEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEkMCIG\nA1UEAwwbQ0EgT0NTUCBTaWduaW5nIENlcnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A\nMIIBigKCAYEAsaCn1oUxVloC5G+Adi8rF40WEk10IL7NUEw9Bm6+704T7pKut9BDOH/8sCU+/bcw\nAHNKUpqKbpS55N7V0xYntfyiD8RxGVY4BxPWMPuhLcb5zRZXybKIvV2KpgOqQmS5+Sx0HrEyA6Xo\nFyB5E7fE/mqheA7V1RyL047m1T0ER/tkHWYldj0aLlYQKv8dmfzW52PRYF08ByVWzTXcByFyO3Tg\nwjN84ksKAfihBiALj92jgbxyOHD/utEFtz8XpjlqLMl7MVYhpeu/p5DbCTPk55OcKwQF6MbLMExl\nSrvF6JBKHLfLdbFY3OwbryP+f1Dc9UlFoDELZjlp+Z2klwlxympqTpsXztMzAQUfRqu5GjcL7v9s\nLmNahVoKfWuZWQEC5FUHyJk3DT/v0jax30QHq3CqoYUWZs/rolfpzInvqSMmDmxHz/nIdEwpmhvt\nAijuwG+Qm1PA4eHy2l3OhIGYWvYgA5oEq/BLZgvi3SOhNR3ctz98rlEI2j3MWy9dYBDhAgMBAAGg\nADANBgkqhkiG9w0BAQsFAAOCAYEAputw+T001caAwVTyZttOf5hmmiHnwqw1BFfoVA1Sy2W9xRrU\nTvCF2/eiSiRbLfsgpikgtOpRuON+m1SiYK/W3v+SkU1d9ewNQo1u2oNh1sjpzZjkLvfEvx4jjiDQ\nmA6GhhMzUiMvWPM9+d97c+1euF8mYvnyGJclutf2OVAhHdii8g5arR+gRGQHWXfziDkm3bFtgO0O\nMazHzehow81cArN27HfPzi2hPb447vekWdrDfW4O1VWp25hxTjef5LYQd8aKTIwYah+zaAqyZG6D\n7xYRxkOhb9d37nFL8qDWAZHyIcAZrkZ72APEqtMLaOewjzVrdbj/J5yncByk8SpW2E/XGy9NlDgi\nmuhMj8PuZXEItvaSpUG+o75b/o0i/CO+t+MgIQhE6dtZkEhRUpbuUN/+kILD++i4N1WB/owcOSuW\nSWER5L0gjpw8+UES4tV3qaS3zUSCZroyoUU430goxeHdk58CAoWrs9vqDdM/NkvjXrQJUmMmAL9f\nkpVhlMfw\n-----END CERTIFICATE REQUEST-----" } ] }, { "ClassID" : "SubmitterInfoInput", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ ] } ], "Output" : [ ], "ProfilePolicySet" : [ { "policies" : [ { "id" : "1", "def" : { "name" : "Subject Name Default", "text" : "This default populates a User-Supplied Certificate Subject Name to the request.", "attributes" : [ { "name" : "name", "Value" : "CN=CA OCSP Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Descriptor" : { "Syntax" : "string", "Description" : "Subject Name" } } ], "params" : [ ] }, "constraint" : { "name" : "Subject Name Constraint", "text" : "This constraint accepts the subject name that matches CN=.*", "classId" : "SubjectNameConstraint", "constraints" : [ { "name" : "pattern", "descriptor" : { "Syntax" : "string", "Description" : "Subject Name Pattern" }, "value" : "CN=.*" } ] } }, { "id" : "2", "def" : { "name" : "Validity Default", "text" : "This default populates a Certificate Validity to the request. The default values are Range=720 in days", "attributes" : [ { "name" : "notBefore", "Value" : "2024-10-29 11:08:09", "Descriptor" : { "Syntax" : "string", "Description" : "Not Before" } }, { "name" : "notAfter", "Value" : "2026-10-19 11:08:09", "Descriptor" : { "Syntax" : "string", "Description" : "Not After" } } ], "params" : [ ] }, "constraint" : { "name" : "Validity Constraint", "text" : "This constraint rejects the validity that is not between 720 days.", "classId" : "ValidityConstraint", "constraints" : [ { "name" : "range", "descriptor" : { "Syntax" : "integer", "Description" : "Validity Range", "DefaultValue" : "365" }, "value" : "720" }, { "name" : "rangeUnit", "descriptor" : { "Syntax" : "string", "Description" : "Validity Range Unit: year, month, day (default), hour, minute", "DefaultValue" : "day" }, "value" : "" }, { "name" : "notBeforeGracePeriod", "descriptor" : { "Syntax" : "integer", "Description" : "Grace period for Not Before being set in the future (in seconds).", "DefaultValue" : "0" }, "value" : "" }, { "name" : "notBeforeCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not Before against current time", "DefaultValue" : "false" }, "value" : "false" }, { "name" : "notAfterCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not After against Not Before", "DefaultValue" : "false" }, "value" : "false" } ] } }, { "id" : "3", "def" : { "name" : "Key Default", "text" : "This default populates a User-Supplied Certificate Key to the request.", "attributes" : [ { "name" : "TYPE", "Value" : "RSA - 1.2.840.113549.1.1.1", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Type" } }, { "name" : "LEN", "Value" : "3072", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Length" } }, { "name" : "KEY", "Value" : "30:82:01:8A:02:82:01:81:00:B1:A0:A7:D6:85:31:56:\\n5A:02:E4:6F:80:76:2F:2B:17:8D:16:12:4D:74:20:BE:\\nCD:50:4C:3D:06:6E:BE:EF:4E:13:EE:92:AE:B7:D0:43:\\n38:7F:FC:B0:25:3E:FD:B7:30:00:73:4A:52:9A:8A:6E:\\n94:B9:E4:DE:D5:D3:16:27:B5:FC:A2:0F:C4:71:19:56:\\n38:07:13:D6:30:FB:A1:2D:C6:F9:CD:16:57:C9:B2:88:\\nBD:5D:8A:A6:03:AA:42:64:B9:F9:2C:74:1E:B1:32:03:\\nA5:E8:17:20:79:13:B7:C4:FE:6A:A1:78:0E:D5:D5:1C:\\n8B:D3:8E:E6:D5:3D:04:47:FB:64:1D:66:25:76:3D:1A:\\n2E:56:10:2A:FF:1D:99:FC:D6:E7:63:D1:60:5D:3C:07:\\n25:56:CD:35:DC:07:21:72:3B:74:E0:C2:33:7C:E2:4B:\\n0A:01:F8:A1:06:20:0B:8F:DD:A3:81:BC:72:38:70:FF:\\nBA:D1:05:B7:3F:17:A6:39:6A:2C:C9:7B:31:56:21:A5:\\nEB:BF:A7:90:DB:09:33:E4:E7:93:9C:2B:04:05:E8:C6:\\nCB:30:4C:65:4A:BB:C5:E8:90:4A:1C:B7:CB:75:B1:58:\\nDC:EC:1B:AF:23:FE:7F:50:DC:F5:49:45:A0:31:0B:66:\\n39:69:F9:9D:A4:97:09:71:CA:6A:6A:4E:9B:17:CE:D3:\\n33:01:05:1F:46:AB:B9:1A:37:0B:EE:FF:6C:2E:63:5A:\\n85:5A:0A:7D:6B:99:59:01:02:E4:55:07:C8:99:37:0D:\\n3F:EF:D2:36:B1:DF:44:07:AB:70:AA:A1:85:16:66:CF:\\nEB:A2:57:E9:CC:89:EF:A9:23:26:0E:6C:47:CF:F9:C8:\\n74:4C:29:9A:1B:ED:02:28:EE:C0:6F:90:9B:53:C0:E1:\\nE1:F2:DA:5D:CE:84:81:98:5A:F6:20:03:9A:04:AB:F0:\\n4B:66:0B:E2:DD:23:A1:35:1D:DC:B7:3F:7C:AE:51:08:\\nDA:3D:CC:5B:2F:5D:60:10:E1:02:03:01:00:01\\n", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key" } } ], "params" : [ ] }, "constraint" : { "name" : "Key Constraint", "text" : "This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521", "classId" : "KeyConstraint", "constraints" : [ { "name" : "keyType", "descriptor" : { "Syntax" : "choice", "Constraint" : "-,RSA,EC", "Description" : "Key Type", "DefaultValue" : "RSA" }, "value" : "-" }, { "name" : "keyParameters", "descriptor" : { "Syntax" : "string", "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.", "DefaultValue" : "" }, "value" : "1024,2048,3072,4096,nistp256,nistp384,nistp521" } ] } }, { "id" : "4", "def" : { "name" : "Authority Key Identifier Default", "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.", "attributes" : [ { "name" : "critical", "Value" : "false", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Criticality" } }, { "name" : "keyid", "Value" : "A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\\nC4:00:E1:25\\n", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key ID" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "NoConstraint", "constraints" : [ ] } }, { "id" : "5", "def" : { "name" : "AIA Extension Default", "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}", "attributes" : [ { "name" : "authInfoAccessCritical", "Value" : "false", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "authInfoAccessGeneralNames", "Value" : "Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://pki.example.com:8080/ca/ocsp\r\nEnable:true\r\n\r\n", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "NoConstraint", "constraints" : [ ] } }, { "id" : "6", "def" : { "name" : "Extended Key Usage Default", "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.9", "attributes" : [ { "name" : "exKeyUsageCritical", "Value" : "false", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "exKeyUsageOIDs", "Value" : "1.3.6.1.5.5.7.3.9", "Descriptor" : { "Syntax" : "string_list", "Description" : "Comma-Separated list of Object Identifiers" } } ], "params" : [ ] }, "constraint" : { "name" : "Extended Key Usage Extension", "text" : "This constraint accepts the Extended Key Usage extension, if present, only when Criticality=false, OIDs=1.3.6.1.5.5.7.3.9", "classId" : "ExtendedKeyUsageExtConstraint", "constraints" : [ { "name" : "exKeyUsageCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "exKeyUsageOIDs", "descriptor" : { "Syntax" : "string", "Description" : "Comma-Separated list of Object Identifiers" }, "value" : "1.3.6.1.5.5.7.3.9" } ] } }, { "id" : "8", "def" : { "name" : "OCSP No Check Extension", "text" : "This default populates an OCSP No Check Extension (1.3.6.1.5.5.7.48.1.5) to the request. The default values are Criticality=false", "attributes" : [ { "name" : "ocspNoCheckCritical", "Value" : "false", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts the extension only when Criticality=false, OID=1.3.6.1.5.5.7.48.1.5", "classId" : "ExtensionConstraint", "constraints" : [ { "name" : "extCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "extOID", "descriptor" : { "Syntax" : "string", "Description" : "Object Identifier" }, "value" : "1.3.6.1.5.5.7.48.1.5" } ] } }, { "id" : "9", "def" : { "name" : "Signing Alg", "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA", "attributes" : [ { "name" : "signingAlg", "Value" : "SHA256withRSA", "Descriptor" : { "Syntax" : "choice", "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "Description" : "Signing Algorithm" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "classId" : "SigningAlgConstraint", "constraints" : [ { "name" : "signingAlgsAllowed", "descriptor" : { "Syntax" : "string", "Description" : "Allowed Signing Algorithms", "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC" }, "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS" } ] } } ] } ], "Attributes" : { "Attribute" : [ ] } } |
|
|
None |
204 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"nonce":"698006587460251198","requestId":"0x563c6ef28a2aa590fb5df963043be30e","requestType":"enrollment","requestStatus":"pending","requestOwner":"","requestCreationTime":"Wed Oct 30 11:09:30 UTC 2024","requestModificationTime":"Wed Oct 30 11:09:30 UTC 2024","requestNotes":"","profileApprovedBy":"admin","profileSetId":"userCertSet","profileIsVisible":"false","profileName":"Manual User Dual-Use Certificate Enrollment","profileDescription":"This certificate profile is for enrolling user certificates.","profileRemoteHost":"172.18.0.3","profileRemoteAddr":"172.18.0.3","ProfileID":"caUserCert","Renewal":false,"Input":[{"ClassID":"KeyGenInput","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Value":"pkcs10"},{"name":"cert_request","Value":"-----BEGIN CERTIFICATE REQUEST-----\nMIICXjCCAUYCAQAwGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUA\r\nA4IBDwAwggEKAoIBAQCfuroXU/H8AxyI3pBKF7mYRoP+yL0Qucqg9fvnJdY7M/E3OIHg+2l5f2UX\r\nL+Q9ESDZ7EMGxmuORPvqwwNuHSKaW/kfurcdTFlQjVuoXwUwy86D/veAp317tDZZmcjU6DgWrx8M\r\nA5c46Ck8KOa5NOetPjpbCufTLaKmPDM6+Rsei+aY5FMksHh6W+a1djuz1yN0COc60/+pzR4MCzMZ\r\n1N8TYKmtfprectaK9Jj0ckkRZ9zAuAwxdNnfSkNIgu8btBX7+/9IqSi+s/TUTo8jDxXWZkEu+Pn+\r\nCVpuYFd2lvij7gCJ2fKuDy5yyh1HFJFFWqQZ+V+snylBeAwHgk3V9dJvAgMBAAGgADANBgkqhkiG\r\n9w0BAQsFAAOCAQEAfYpmNiENJOVycl9DODw3UEmLDEZl5vDplUaK4E47ITz6rbB/vSQzXB/KDDuU\r\nLq/aqfPhhXFDYaQ3BLlgrxYcuojiDMEkEwi6lU1OxPpEWcCrCSMx0NzsQMA3XSWziMwCc0kyodlQ\r\nRYOEDMWfWNplBA/6kdEb5Vce/UrbOdbquWgcIopYyJ9QdLJJbqvFN2JUwpibd7pJSyglWK/WHk8o\r\nov1jQIkYmSlznQwLQyeliBMMX4pFN3BAgEuo4hFlYeP5r1ig3xsdXmKbZgtGo1FEK7OBHAbfmMs0\r\nNdp2mLo5hvNSTTYl4aATsR9SfljuRtjhZtqPfsonzDAjO+wj5dOC7g==\r\n-----END CERTIFICATE REQUEST-----"}]},{"ClassID":"SubjectNameInput","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Value":"newUser"}]},{"ClassID":"SubmitterInfoInput","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[]}],"Output":[],"ProfilePolicySet":[{"policies":[{"id":"1","def":{"name":"Subject Name Default","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Value":"UID=newUser","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"SubjectNameConstraint","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"RenewGracePeriodConstraint","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Value":"2024-10-30 11:09:30","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Value":"2025-04-28 11:09:30","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"ValidityConstraint","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Value":"RSA - 1.2.840.113549.1.1.1","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Value":"2048","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Value":"30:82:01:0A:02:82:01:01:00:9F:BA:BA:17:53:F1:FC:\\n03:1C:88:DE:90:4A:17:B9:98:46:83:FE:C8:BD:10:B9:\\nCA:A0:F5:FB:E7:25:D6:3B:33:F1:37:38:81:E0:FB:69:\\n79:7F:65:17:2F:E4:3D:11:20:D9:EC:43:06:C6:6B:8E:\\n44:FB:EA:C3:03:6E:1D:22:9A:5B:F9:1F:BA:B7:1D:4C:\\n59:50:8D:5B:A8:5F:05:30:CB:CE:83:FE:F7:80:A7:7D:\\n7B:B4:36:59:99:C8:D4:E8:38:16:AF:1F:0C:03:97:38:\\nE8:29:3C:28:E6:B9:34:E7:AD:3E:3A:5B:0A:E7:D3:2D:\\nA2:A6:3C:33:3A:F9:1B:1E:8B:E6:98:E4:53:24:B0:78:\\n7A:5B:E6:B5:76:3B:B3:D7:23:74:08:E7:3A:D3:FF:A9:\\nCD:1E:0C:0B:33:19:D4:DF:13:60:A9:AD:7E:9A:DE:72:\\nD6:8A:F4:98:F4:72:49:11:67:DC:C0:B8:0C:31:74:D9:\\nDF:4A:43:48:82:EF:1B:B4:15:FB:FB:FF:48:A9:28:BE:\\nB3:F4:D4:4E:8F:23:0F:15:D6:66:41:2E:F8:F9:FE:09:\\n5A:6E:60:57:76:96:F8:A3:EE:00:89:D9:F2:AE:0F:2E:\\n72:CA:1D:47:14:91:45:5A:A4:19:F9:5F:AC:9F:29:41:\\n78:0C:07:82:4D:D5:F5:D2:6F:02:03:01:00:01\\n","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"KeyConstraint","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Value":"false","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Value":"A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\\nC4:00:E1:25\\n","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Value":"Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://pki.example.com:8080/ca/ocsp\r\nEnable:true\r\n\r\n","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Value":"false","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"KeyUsageExtConstraint","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Value":"SHA256withRSA","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"SigningAlgConstraint","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]}],"Attributes":{"Attribute":[]}}' https://$HOSTNAME:8443/ca/v2/agent/certrequests/0x563c6ef28a2aa590fb5df963043be30e/approve |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee { "id" : "0x55092f4611ad2ede6c4064045d64bdee", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "UID=newUser", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEADCCAmigAwIBAgIQVQkvRhGtLt5sQGQEXWS97jANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQK\r\nDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRp\r\nZmljYXRlMB4XDTI0MTAzMDEwNTMyMVoXDTI1MDQyODEwNTMyMVowGTEXMBUGCgmSJomT8ixkAQEM\r\nB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwESmzBPELRnX6TZDwraEt\r\nLOCo/NVffA3KCPLqHpIedbUGUn58kegtiLCpv84Aq1kcKYGz7Uy4n94NmP4YUxd5HvbUfjI5vCPB\r\n+DsMGleB59sz8StQUQMjI8TtJKZIWx1hPmE9ji7SnNgLXDxf343Bvsny3CTt8/0cavD77+exEjWf\r\nM1Qqlsn/zlfMZRsO0+pzDIisQknsT+MWdJKH7qahfpsR7b+ibp1IjwbdmkLWVV2DpcP303+17VEg\r\nS5EJTuipbXujaAlQgbhZHqt1errA6gpbsf1JgI+rY2tJdLsHK9lk6QuZYkvowSv/wQUlSu8LkY9P\r\n9uQTPmyOO75FJmiHAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUp332LU7iaBRZZqOMreTzdsQA4SUw\r\nPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAv\r\nY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0G\r\nCSqGSIb3DQEBCwUAA4IBgQCi7tLsROR9JTKX/iUGRQqy0vjTuogW0CGj6XDqBdSif9PrCLUoffVc\r\nRubwCuBXk85atycRXnaSLv8wC1uW3X0IrsET+BPLHXTh6uJ5nFE7kfcNVPZziIAjoJc7znQEhiy2\r\nJMqvFSgM/DGu/yJvt5x9GwNJWZyyOdVAU2NTER+aVr0J4QIS5ZXkXwZAuqN9ezxfpWptWn0P6fvW\r\ntLgO/iRFFGKWohvFpGfB2F44eN+zPBQPrtL0sfUSpF+lzpCDTnOqRPCJagm+V3wd4KmzIuFpA1Nj\r\nE2KcqfusDDfLm1czbhTLhdLNVTs29lC5Y1ZlgXZbITtZ0LvW5E3dFPyq7EEv3RDZlRad0M9SmQpN\r\niB38h6a4NLdmsPDbD9SSbyg4XcdNojbEiGTHUGHWFatAnmiv/U3mpWyltbBEUjk5XPl8kiQX7Hw3\r\nnl5+nQ9RZsuJb9Ea/WQjy1Na8ml1EruoVPbmriLyaE6WfHkA/WVKxvDI/eXyNAWy9Z4qKqA2rYDV\r\nMFw=\r\n-----END CERTIFICATE-----\n", "PKCS7CertChain" : "MIIIsQYJKoZIhvcNAQcCoIIIojCCCJ4CAQExADALBgkqhkiG9w0BBwGgggiGMIIEADCCAmigAwIB\r\nAgIQVQkvRhGtLt5sQGQEXWS97jANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExFMRMw\r\nEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTI0\r\nMTAzMDEwNTMyMVoXDTI1MDQyODEwNTMyMVowGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEi\r\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwESmzBPELRnX6TZDwraEtLOCo/NVffA3KCPLq\r\nHpIedbUGUn58kegtiLCpv84Aq1kcKYGz7Uy4n94NmP4YUxd5HvbUfjI5vCPB+DsMGleB59sz8StQ\r\nUQMjI8TtJKZIWx1hPmE9ji7SnNgLXDxf343Bvsny3CTt8/0cavD77+exEjWfM1Qqlsn/zlfMZRsO\r\n0+pzDIisQknsT+MWdJKH7qahfpsR7b+ibp1IjwbdmkLWVV2DpcP303+17VEgS5EJTuipbXujaAlQ\r\ngbhZHqt1errA6gpbsf1JgI+rY2tJdLsHK9lk6QuZYkvowSv/wQUlSu8LkY9P9uQTPmyOO75FJmiH\r\nAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUp332LU7iaBRZZqOMreTzdsQA4SUwPwYIKwYBBQUHAQEE\r\nMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNV\r\nHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUA\r\nA4IBgQCi7tLsROR9JTKX/iUGRQqy0vjTuogW0CGj6XDqBdSif9PrCLUoffVcRubwCuBXk85atycR\r\nXnaSLv8wC1uW3X0IrsET+BPLHXTh6uJ5nFE7kfcNVPZziIAjoJc7znQEhiy2JMqvFSgM/DGu/yJv\r\nt5x9GwNJWZyyOdVAU2NTER+aVr0J4QIS5ZXkXwZAuqN9ezxfpWptWn0P6fvWtLgO/iRFFGKWohvF\r\npGfB2F44eN+zPBQPrtL0sfUSpF+lzpCDTnOqRPCJagm+V3wd4KmzIuFpA1NjE2KcqfusDDfLm1cz\r\nbhTLhdLNVTs29lC5Y1ZlgXZbITtZ0LvW5E3dFPyq7EEv3RDZlRad0M9SmQpNiB38h6a4NLdmsPDb\r\nD9SSbyg4XcdNojbEiGTHUGHWFatAnmiv/U3mpWyltbBEUjk5XPl8kiQX7Hw3nl5+nQ9RZsuJb9Ea\r\n/WQjy1Na8ml1EruoVPbmriLyaE6WfHkA/WVKxvDI/eXyNAWy9Z4qKqA2rYDVMFwwggR+MIIC5qAD\r\nAgECAhEAhmFGZPY3nBwtCjnR5H0/0DANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExF\r\nMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4X\r\nDTI0MTAyOTExMDgwMFoXDTQ0MTAyOTExMDgwMFowSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UE\r\nCwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTCCAaIwDQYJKoZI\r\nhvcNAQEBBQADggGPADCCAYoCggGBAMofTnE8azu6WaltnTqsOTSEtlHdRTk75sH1xZbYsMyhUagu\r\naIMyR4x1iva5Y620bDKb4lyLF5vJtWKDZvbN5gJW/N5P4u9CZ6UlQ5Tkm5rhvq5v4LN4Sq4hO8bD\r\nPyR6MZFnDbBpnj62e/AUhGVTb5eoG2K7hDUBp4hfYGKi/5G8NkZZlCADSbFytpXJQ86SumjiHbnZ\r\nQPMg9BTZgnMPouZA7SSS1hB/5TCgEeIJpWX8l7rZ+0WfknaoQ7zLz4zJncvsXXiKbEkdbyM8+KLi\r\n3wy5P321xDuwO4A4UcSwHvPOSu5sdLFRV88bsAJ0FLFRHgOdXm5Gl1mMv4oOz8cYRVcKRUScMRUi\r\n1uhkhIOIEhTWmvMz6FZ1mDmRzaPCA6Gc2S6IsUOjzZz5Cyd8wNyEC/zIc9FjPsVudN2YXOGn2T2a\r\nKl2jrNIdtKidxPmk80+3wzTDoqmoHe41DKTozfwPqOQeNvZvM+o/Nr6ibZw6tLt79Hy+CHleSazm\r\n87bJthu6kwIDAQABo2MwYTAdBgNVHQ4EFgQUp332LU7iaBRZZqOMreTzdsQA4SUwHwYDVR0jBBgw\r\nFoAUp332LU7iaBRZZqOMreTzdsQA4SUwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYw\r\nDQYJKoZIhvcNAQELBQADggGBAKgYiwcUiGqi0ugB96gRCuGrPbesKUU05Jv8bNExmG5eUiyaGEZi\r\n0IcD4XLLQ9pAwyDGgvZaBPZl8J+4JSRwGxf/ldQUFcFe9zwutMNOpJb0p1Y8uzNQ54eC+t7pUbuW\r\nHSE/P3Rvsxnx6eWtUqCM0gpN1BxqsgVedL2iyjXjncNNTd/bT7E/giRhE1r0fgmLSz/s8B129DXK\r\ndjhbLrkHYTmMlphtQ9qS38BqUa6GCDuOLwFsahgaHN/+XdRJF+Cb2LXQC2thTNqMCQq9yfWMHPZT\r\n1qujy19qSEUQxjqo5PtO8D8su0nuznjfgOI5zO3wBpVVAJgBjCpND9PKzMSc6ISIgBw9RYorQHTU\r\nPzArn/2VkQvm9+4X/KR/33GftcVfXk/+NFv2AePUG6PosQ3kKpUiA+7W8ivAhoHvwFKpOs2k4yK5\r\nwd7++6/ecHUNzKpKhItZt3UafldyzjzqwEBk/QjYjDEMBklth2p+QPM8lGIUWt6yD/Nzo56TDmgn\r\ndALCtTEA\r\n", "NotBefore" : "2024-10-30 10:53:21 +0000", "NotAfter" : "2025-04-28 10:53:21 +0000", "Status" : "VALID", "Nonce" : 3355442236351645821 } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"Reason":"Certificate_Hold","Nonce":7581228038945153660}' https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee/revoke { "requestID" : "0x887ffed7ad4c0ee94a07700c48895f03", "requestType" : "revocation", "requestStatus" : "complete", "creationTime" : 1730300307000, "modificationTime" : 1730300307000, "certId" : "0x55092f4611ad2ede6c4064045d64bdee", "operationResult" : "success" } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"Reason":"Certificate_Hold","Nonce":5052187310204086075}' https://$HOSTNAME:8443/ca/v2/agent/certs/0x86614664f6379c1c2d0a39d1e47d3fd0/revoke-ca { "requestID" : "0xb28c9fe27d90a97b9ec85d7ad1b32992", "requestType" : "revocation", "requestStatus" : "complete", "creationTime" : 1730300625000, "modificationTime" : 1730300625000, "certId" : "0x86614664f6379c1c2d0a39d1e47d3fd0", "operationResult" : "success" * Connection #0 to host pki.example.com left intact } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee/unrevoke { "requestID" : "0xdca57cea1f51ed123dc85dd889a595eb", "requestType" : "unrevocation", "requestStatus" : "complete", "creationTime" : 1730300449000, "modificationTime" : 1730300449000, "operationResult" : "success" } |
|
|
id, parentID, dn, issuerDN |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/authorities?issuerDN=CN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE" {"isHostAuthority":true,"id":"9f75deb6-53b1-48cc-9028-9c899f9526b4","issuerDN":"CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","serial":178621631998145652837496363178029563856,"dn":"CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":true,"description":"Host authority","ready":true}] |
|
|
None |
201 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"parentID":"9f75deb6-53b1-48cc-9028-9c899f9526b4","dn":"CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":true}' "https://$HOSTNAME:8443/ca/v2/authorities { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : true, "ready" : true } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : true, "ready" : true } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -json '{"parentID":"9f75deb6-53b1-48cc-9028-9c899f9526b4","dn":"CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":false}' -X PUT https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : false, "ready" : true } |
|
|
None |
204 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -H 'Accpet;' -H 'Accept: papplication/x-pem-file' --output newCert.pem https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/cert |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -H 'Accpet;' -H 'Accept: papplication/x-pem-file' --output newChain.pem https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/chain |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/enable { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : true, "ready" : true } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/disable { "isHostAuthority" : false, "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f", "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4", "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "serial" : 64174415881410080865433595357504971990, "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "enabled" : false, "ready" : true } |
|
|
None |
204 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/renew |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/config/cert/signing { "id" : "0x86614664f6379c1c2d0a39d1e47d3fd0", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEfjCCAuagAwIBAgIRAIZhRmT2N5wcLQo50eR9P9AwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMjkxMTA4MDBaFw00NDEwMjkxMTA4MDBaMEgxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUw\r\nggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDKH05xPGs7ulmpbZ06rDk0hLZR3UU5O+bB\r\n9cWW2LDMoVGoLmiDMkeMdYr2uWOttGwym+JcixebybVig2b2zeYCVvzeT+LvQmelJUOU5Jua4b6u\r\nb+CzeEquITvGwz8kejGRZw2waZ4+tnvwFIRlU2+XqBtiu4Q1AaeIX2Biov+RvDZGWZQgA0mxcraV\r\nyUPOkrpo4h252UDzIPQU2YJzD6LmQO0kktYQf+UwoBHiCaVl/Je62ftFn5J2qEO8y8+MyZ3L7F14\r\nimxJHW8jPPii4t8MuT99tcQ7sDuAOFHEsB7zzkrubHSxUVfPG7ACdBSxUR4DnV5uRpdZjL+KDs/H\r\nGEVXCkVEnDEVItboZISDiBIU1przM+hWdZg5kc2jwgOhnNkuiLFDo82c+QsnfMDchAv8yHPRYz7F\r\nbnTdmFzhp9k9mipdo6zSHbSoncT5pPNPt8M0w6KpqB3uNQyk6M38D6jkHjb2bzPqPza+om2cOrS7\r\ne/R8vgh5Xkms5vO2ybYbupMCAwEAAaNjMGEwHQYDVR0OBBYEFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOElMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P\r\nAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQCoGIsHFIhqotLoAfeoEQrhqz23rClFNOSb/GzR\r\nMZhuXlIsmhhGYtCHA+Fyy0PaQMMgxoL2WgT2ZfCfuCUkcBsX/5XUFBXBXvc8LrTDTqSW9KdWPLsz\r\nUOeHgvre6VG7lh0hPz90b7MZ8enlrVKgjNIKTdQcarIFXnS9oso1453DTU3f20+xP4IkYRNa9H4J\r\ni0s/7PAddvQ1ynY4Wy65B2E5jJaYbUPakt/AalGuhgg7ji8BbGoYGhzf/l3USRfgm9i10AtrYUza\r\njAkKvcn1jBz2U9aro8tfakhFEMY6qOT7TvA/LLtJ7s5434DiOczt8AaVVQCYAYwqTQ/TyszEnOiE\r\niIAcPUWKK0B01D8wK5/9lZEL5vfuF/ykf99xn7XFX15P/jRb9gHj1Buj6LEN5CqVIgPu1vIrwIaB\r\n78BSqTrNpOMiucHe/vuv3nB1DcyqSoSLWbd1Gn5Xcs486sBAZP0I2IwxDAZJbYdqfkDzPJRiFFre\r\nsg/zc6Oekw5oJ3QCwrU=\r\n-----END CERTIFICATE-----\n", "PKCS7CertChain" : "MIIErQYJKoZIhvcNAQcCoIIEnjCCBJoCAQExADALBgkqhkiG9w0BBwGgggSCMIIEfjCCAuagAwIBAgIRAIZhRmT2N5wcLQo50eR9P9AwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMjkxMTA4MDBaFw00NDEwMjkxMTA4MDBaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDKH05xPGs7ulmpbZ06rDk0hLZR3UU5O+bB9cWW2LDMoVGoLmiDMkeMdYr2uWOttGwym+JcixebybVig2b2zeYCVvzeT+LvQmelJUOU5Jua4b6ub+CzeEquITvGwz8kejGRZw2waZ4+tnvwFIRlU2+XqBtiu4Q1AaeIX2Biov+RvDZGWZQgA0mxcraVyUPOkrpo4h252UDzIPQU2YJzD6LmQO0kktYQf+UwoBHiCaVl/Je62ftFn5J2qEO8y8+MyZ3L7F14imxJHW8jPPii4t8MuT99tcQ7sDuAOFHEsB7zzkrubHSxUVfPG7ACdBSxUR4DnV5uRpdZjL+KDs/HGEVXCkVEnDEVItboZISDiBIU1przM+hWdZg5kc2jwgOhnNkuiLFDo82c+QsnfMDchAv8yHPRYz7FbnTdmFzhp9k9mipdo6zSHbSoncT5pPNPt8M0w6KpqB3uNQyk6M38D6jkHjb2bzPqPza+om2cOrS7e/R8vgh5Xkms5vO2ybYbupMCAwEAAaNjMGEwHQYDVR0OBBYEFKd99i1O4mgUWWajjK3k83bEAOElMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOElMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQCoGIsHFIhqotLoAfeoEQrhqz23rClFNOSb/GzRMZhuXlIsmhhGYtCHA+Fyy0PaQMMgxoL2WgT2ZfCfuCUkcBsX/5XUFBXBXvc8LrTDTqSW9KdWPLszUOeHgvre6VG7lh0hPz90b7MZ8enlrVKgjNIKTdQcarIFXnS9oso1453DTU3f20+xP4IkYRNa9H4Ji0s/7PAddvQ1ynY4Wy65B2E5jJaYbUPakt/AalGuhgg7ji8BbGoYGhzf/l3USRfgm9i10AtrYUzajAkKvcn1jBz2U9aro8tfakhFEMY6qOT7TvA/LLtJ7s5434DiOczt8AaVVQCYAYwqTQ/TyszEnOiEiIAcPUWKK0B01D8wK5/9lZEL5vfuF/ykf99xn7XFX15P/jRb9gHj1Buj6LEN5CqVIgPu1vIrwIaB78BSqTrNpOMiucHe/vuv3nB1DcyqSoSLWbd1Gn5Xcs486sBAZP0I2IwxDAZJbYdqfkDzPJRiFFresg/zc6Oekw5oJ3QCwrUxAA==", "NotBefore" : "Tue Oct 29 11:08:00 UTC 2024", "NotAfter" : "Sat Oct 29 11:08:00 UTC 2044" } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt --json '{"ProfileID":"caUserCert","Renewal":false,"RemoteHost":"","RemoteAddress":"","Input":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Value":"pkcs10","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Value":"-----BEGIN CERTIFICATE REQUEST-----\nMIICXjCCAUYCAQAwGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUA\r\nA4IBDwAwggEKAoIBAQDeu/zJSSDYzXcJsH7lZe8fKPV0CIWNAD0g5FpOdcqvcZMwXQsnVqCNdfby\r\nSwX6sGzKEHCXyYxaXHuLMpMJ5pHK1BzRCfjQAkPzWbCN5beg7L/l7Gi+52h0z9R/zTZkG355ja3r\r\nkyd9d0tah5XbPWsdp0BVtPOIK4t0d6F+WkEkC0pyCejtkqoBSf9F1CTHw3iOxhgKMxV+ebC/TM2l\r\n9AvnzAfF91Sf5KAd8hTAhHurgBkqxuzL16ERBbM0DFfie8RCiTVBvvS/6UmfEVH3dMHIuE5flXB+\r\nhMCrj8g7GfWIaA6WzwfkZrNgCjYoVHPivMg+akhMbQg6m0goB3zA/D/zAgMBAAGgADANBgkqhkiG\r\n9w0BAQsFAAOCAQEALi3+agIXworiPVF1qyAr3wLjffzu6RIDiLS9cVHHnnAj1AjEnKFDpwTYeuBk\r\nXaRzgyCHyCLyKSSN337PBUEnxOxNWNIJDCC8gpMcfCCnspos7N9M8dnROD60EUDVdUtfdE+g5JfG\r\nkwlQz3lbktFuQwznf3EUYPPvyMLSG1RITVJyEJ3tH0PZ5GFlDwi5Gw7DTzl7nAWwXZ5LeCa9b6d8\r\nwCbPAAHA2OCYck1PyLrFlAnmF5udsY4AY7b5YK5iIqysWikXYqexk/oE707XJhX+btDYx0W4qI8j\r\nhc50ZHgtobGXAgqNQvL2WOtmEJY2Fwpl+ejuGi6bamzTkXqh/Vi+XQ==\r\n-----END CERTIFICATE REQUEST-----\n","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Value":"newUser","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Value":"","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Value":"","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Value":"","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Value":"","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"Output":[],"Attributes":{"Attribute":[]}}' https://$HOSTNAME:8443/ca/v2/certrequests { "total" : 1, "entries" : [ { "requestID" : "0xd3e6013b9ae406efe9b8d45029faee9a", "requestType" : "enrollment", "requestStatus" : "pending", "creationTime" : 1730309766543, "modificationTime" : 1730309766566, "certRequestType" : "pkcs10", "operationResult" : "success" } ] } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/certrequests/0xd3e6013b9ae406efe9b8d45029faee9a { "requestID" : "0xd3e6013b9ae406efe9b8d45029faee9a", "requestType" : "enrollment", "requestStatus" : "pending", "creationTime" : 1730309766000, "modificationTime" : 1730309766000, "certRequestType" : "pkcs10", "operationResult" : "success" } |
|
|
size, start |
200 |
Show$ curl --cacert ./ca_signing.crt "https://$HOSTNAME:8443/ca/v2/certrequests/profiles?size=2&start=4" { "total" : 26, "entries" : [ { "profileId" : "AdminCert", "profileName" : "Manual Administrator Certificate Enrollment", "profileDescription" : "This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.", "profileVisible" : true, "profileEnable" : true, "profileEnableBy" : "admin" }, { "profileId" : "ECAdminCert", "profileName" : "Manual Administrator Certificate Enrollment with ECC keys", "profileDescription" : "This certificate profile is for enrolling Administrator's certificates with ECC keys suitable for use by clients such as browsers.", "profileVisible" : true, "profileEnable" : true, "profileEnableBy" : "admin" } ] } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/certrequests/profiles/caUserCert { "ProfileID" : "caUserCert", "Renewal" : false, "RemoteHost" : "", "RemoteAddress" : "", "Input" : [ { "id" : "i1", "ClassID" : "keyGenInputImpl", "Name" : "Key Generation", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Value" : "", "Descriptor" : { "Syntax" : "keygen_request_type", "Description" : "Key Generation Request Type" } }, { "name" : "cert_request", "Value" : "", "Descriptor" : { "Syntax" : "keygen_request", "Description" : "Key Generation Request" } } ] }, { "id" : "i2", "ClassID" : "subjectNameInputImpl", "Name" : "Subject Name", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "sn_uid", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "UID" } }, { "name" : "sn_e", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Email" } }, { "name" : "sn_cn", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Common Name" } }, { "name" : "sn_ou3", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 3" } }, { "name" : "sn_ou2", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 2" } }, { "name" : "sn_ou1", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 1" } }, { "name" : "sn_ou", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit" } }, { "name" : "sn_o", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Organization" } }, { "name" : "sn_c", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Country" } } ] }, { "id" : "i3", "ClassID" : "submitterInfoInputImpl", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "requestor_name", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Name" } }, { "name" : "requestor_email", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Email" } }, { "name" : "requestor_phone", "Value" : "", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Phone" } } ] } ], "Output" : [ ], "Attributes" : { "Attribute" : [ ] } } |
|
|
size, start, maxTime |
200 |
Show$ curl --cacert ./ca_signing.crt "https://$HOSTNAME:8443/ca/v2/certs?size=2&start=4" { "entries" : [ { "id" : "0xc99ff8f6549f903d8df28a4e5f5105f3", "SubjectDN" : "CN=CA Audit Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Status" : "VALID", "Type" : "X.509", "Version" : 2, "KeyAlgorithmOID" : "1.2.840.113549.1.1.1", "KeyLength" : 2048, "NotValidBefore" : 1730308885000, "NotValidAfter" : 1792516885000, "IssuedOn" : 1730308887000, "IssuedBy" : "system" }, { "id" : "0x6d5c045d3443ced273ab8d7955835db1", "SubjectDN" : "CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Status" : "VALID", "Type" : "X.509", "Version" : 2, "KeyAlgorithmOID" : "1.2.840.113549.1.1.1", "KeyLength" : 2048, "NotValidBefore" : 1730308904000, "NotValidAfter" : 1792516904000, "IssuedOn" : 1730308905000, "IssuedBy" : "system" } ] } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/certs/0x6d5c045d3443ced273ab8d7955835db1 { "id" : "0x6d5c045d3443ced273ab8d7955835db1", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIETjCCAragAwIBAgIQbVwEXTRDztJzq415VYNdsTANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQK\r\nDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRp\r\nZmljYXRlMB4XDTI0MTAzMDE3MjE0NFoXDTI2MTAyMDE3MjE0NFowZzEQMA4GA1UECgwHRVhBTVBM\r\nRTETMBEGA1UECwwKcGtpLXRvbWNhdDEiMCAGCSqGSIb3DQEJARYTY2FhZG1pbkBleGFtcGxlLmNv\r\nbTEaMBgGA1UEAwwRUEtJIEFkbWluaXN0cmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\r\nAoIBAQDE7ahO2KtW6w2KuVflOLfLO+oE+0EyP3XU73Ese7QVBsZwxOaSNodVrL1P1a0r2w22M1Zr\r\n7B6sI5MrrcBRAhNgcHVooFheQQilMuBV0s6HEEn0CO+94Do2cJxUmWLgifT5Rpgl474RALIC+kCI\r\nnQ09I9TLH8dIuL4ZxUrJ/aMfs94rGSiqpKYmpxVCwkYdtlnqby441IUaZbPPEIu1ooBk0otz37C4\r\nGSm0HguQAc0H55FsVNbjQmnf9ubuoDTub2i2GioBI+Wt+KyDF4SAISsqtgf/tTzPvWNuXk7PvUWe\r\nnHvBSqRJc9xLNlcjr9yDl2r8uIMAE8UT3Hvzmo5WAzNJAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAU\r\ndJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8v\r\ncGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI\r\nKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQAa58Edzk60RBge24P3rrU+xOwc\r\nbCHpl+922hT5LA+KJtwjupUbdONKJf251T4ZvPcQ+jXCCR7PFi0QmrMO9Naoi3o9qzQcDMr0dRWH\r\nhEvm8RQqdVVxkfDXp3sxqTkpPfu+qGQZ+w0laGIagNOjfc/g7ScV3SLDBwAsCuFMPjoTzyqWfeUR\r\nJ4rG/lD73qVzXd30U/mB5X0sx2B/koqumColuUO2GrD0EJsqK6ldFNLLdjgjqJkeJE43BzwBOAww\r\nBnswSwwjPEe6djwFfyQ2gTHWP4LteMha9w/eclMGuybnZFDjWgne+80cMMX1Rzh7CsUv+ub7LfS9\r\noTqj5KwXo133aorjZvrEZVahzU3OEeKBH4dIksOrW6aKp3gQSJEmYcFau7kh5+ZoJaj1snb1aXQe\r\npbi1LBXzOxnub8sMKTu5nTTKt/0mG2tgRSQeZ3k3j02g+WBGaTCpvxfJdH6rQxNaZia+BssWPrGE\r\nGXfjNyGoETEaHb930gItsmEqc8VKH5s=\r\n-----END CERTIFICATE-----\n", "PKCS7CertChain" : "MIII/gYJKoZIhvcNAQcCoIII7zCCCOsCAQExADALBgkqhkiG9w0BBwGgggjTMIIETjCCAragAwIB\r\nAgIQbVwEXTRDztJzq415VYNdsTANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExFMRMw\r\nEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTI0\r\nMTAzMDE3MjE0NFoXDTI2MTAyMDE3MjE0NFowZzEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwK\r\ncGtpLXRvbWNhdDEiMCAGCSqGSIb3DQEJARYTY2FhZG1pbkBleGFtcGxlLmNvbTEaMBgGA1UEAwwR\r\nUEtJIEFkbWluaXN0cmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE7ahO2KtW\r\n6w2KuVflOLfLO+oE+0EyP3XU73Ese7QVBsZwxOaSNodVrL1P1a0r2w22M1Zr7B6sI5MrrcBRAhNg\r\ncHVooFheQQilMuBV0s6HEEn0CO+94Do2cJxUmWLgifT5Rpgl474RALIC+kCInQ09I9TLH8dIuL4Z\r\nxUrJ/aMfs94rGSiqpKYmpxVCwkYdtlnqby441IUaZbPPEIu1ooBk0otz37C4GSm0HguQAc0H55Fs\r\nVNbjQmnf9ubuoDTub2i2GioBI+Wt+KyDF4SAISsqtgf/tTzPvWNuXk7PvUWenHvBSqRJc9xLNlcj\r\nr9yDl2r8uIMAE8UT3Hvzmo5WAzNJAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq\r\n3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUu\r\nY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG\r\nAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQAa58Edzk60RBge24P3rrU+xOwcbCHpl+922hT5LA+K\r\nJtwjupUbdONKJf251T4ZvPcQ+jXCCR7PFi0QmrMO9Naoi3o9qzQcDMr0dRWHhEvm8RQqdVVxkfDX\r\np3sxqTkpPfu+qGQZ+w0laGIagNOjfc/g7ScV3SLDBwAsCuFMPjoTzyqWfeURJ4rG/lD73qVzXd30\r\nU/mB5X0sx2B/koqumColuUO2GrD0EJsqK6ldFNLLdjgjqJkeJE43BzwBOAwwBnswSwwjPEe6djwF\r\nfyQ2gTHWP4LteMha9w/eclMGuybnZFDjWgne+80cMMX1Rzh7CsUv+ub7LfS9oTqj5KwXo133aorj\r\nZvrEZVahzU3OEeKBH4dIksOrW6aKp3gQSJEmYcFau7kh5+ZoJaj1snb1aXQepbi1LBXzOxnub8sM\r\nKTu5nTTKt/0mG2tgRSQeZ3k3j02g+WBGaTCpvxfJdH6rQxNaZia+BssWPrGEGXfjNyGoETEaHb93\r\n0gItsmEqc8VKH5swggR9MIIC5aADAgECAhAS28bqYgfeAGNdjqMHIBkOMA0GCSqGSIb3DQEBCwUA\r\nMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNp\r\nZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjQxMDMwMTcyMDQ5WhcNNDQxMDMwMTcyMDQ5WjBIMRAwDgYD\r\nVQQKDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENl\r\ncnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwQenLXRjT+lsBoONhHmq\r\npYzEvugiELRtQ1iK1bXTTrRsAcaRscUCeEGfV6K6gVc7ekifckamtxsnx3s5JAjCfUF5K88pGTWe\r\nsXt6u0fg0cIslQP9sDz6dM0P/vjCsnxIgW1eNpeUR61Gwi3nCPXvWZ2zeOKdQReSL+MLby468Ot3\r\nbdEnVwalN70KtQNsB3I9GaFyNOCRa6P6zxR/ETuVRZVkB9mWZxpTvdF6xNlk8UF0jbmsrda3BXth\r\n1X/uej8+qE0cPN3BBvvdpkmJe+DSKq43NsZgaa8sgeGs7RiitI/7TR/gPVU5LtEK+cb93SpzcC+w\r\nhC1O4+kI7TEAK7tZO2FDPQM0lFvBXc/qtEWEa1RqpZKXEwVKCr1xpE4T1aNKnoNJQADcSxITSioq\r\ngkYNmUngeVd0AHe3gcgLOC7cQiY3uJJypVIz9vpHPr7xwxZugEF+YwSJM4zszMTbruaqn7eC90k3\r\n7dcqo4hCGsIRLWIapRG5TTxO7OY2cwzRVNyfAgMBAAGjYzBhMB0GA1UdDgQWBBR0kVsdX96mNxFN\r\nCureUbkKcJKhCTAfBgNVHSMEGDAWgBR0kVsdX96mNxFNCureUbkKcJKhCTAPBgNVHRMBAf8EBTAD\r\nAQH/MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQsFAAOCAYEAJp2R8/AhtSggrO1ewP4G1XnP\r\ng360OJT6rBcQDVKAul929/ipTGxztD70NF4UqL5ofQua79OKUF/hGc1lALKMn2dkKWL9GVpIwu7V\r\nZLU7xIw+ebUVuPpaka4D73viliHyZjFaa9OmWylA6KAnJt1aWuJt2OfRgbW6eL7xymqkCGvFxOoH\r\n5tpFMHgS75pZ5duByYgh94TIK9xxO11BAprlyK8TXHdPCwsqiafrgATpU+zIez6PAN82h1YIAorN\r\n8/5T2iNdXmWDQ02lxKKOCiDFdeB0F3KcgQVmVrGWOzp9j3AhR1+nFaSscv5FIBsFgVtyg1qDmEgh\r\nRasv/xsJfvujZkuLtMhTXBZMMjmOvu8xAYYO5DbNwdjGSq1McUorTX2W7N4w3tIpgByxc6YkVPfK\r\naUCKJG5Sajkzx6mO5GUcbw7wSBdrqoseGXQB7AbNwRTljtSF8KGEDkFfSoGlYsZz4VkY58+7v3IT\r\ntk/wcGo2clVPiQGDduo1Nj+vDa5iTSoEMQA=\r\n", "NotBefore" : "2024-10-30 17:21:44 +0000", "NotAfter" : "2026-10-20 17:21:44 +0000", "Status" : "VALID" } |
|
|
size, start |
200 |
Show$ curl --cacert ./ca_signing.crt --json '{"commonName": "PKI Administrator", "subjectInUse": true}' https://$HOSTNAME:8443/ca/v2/certs/0x6d5c045d3443ced273ab8d7955835db1 { "entries" : [ { "id" : "0x6d5c045d3443ced273ab8d7955835db1", "SubjectDN" : "CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Status" : "VALID", "Type" : "X.509", "Version" : 2, "KeyAlgorithmOID" : "1.2.840.113549.1.1.1", "KeyLength" : 2048, "NotValidBefore" : 1730308904000, "NotValidAfter" : 1792516904000, "IssuedOn" : 1730308905000, "IssuedBy" : "system" } ] } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/config/cert/transport { "id" : "0x8f6afa7386fdd8efc6c3406ed1e6d8c8", "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "SubjectDN" : "CN=DRM Transport Certificate,OU=pki-tomcat,O=EXAMPLE", "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNh\r\ndGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZX\r\nnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/\r\nLeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT5\r\n7dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVq\r\ntrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EI\r\nDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYB\r\nBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2Nz\r\ncDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGB\r\nAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPR\r\neYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCq\r\nUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzT\r\ntEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW\r\n+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP\r\n3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ9\r\n1eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==\r\n-----END CERTIFICATE-----\n", "PKCS7CertChain" : "MIII2QYJKoZIhvcNAQcCoIIIyjCCCMYCAQExADALBgkqhkiG9w0BBwGgggiuMIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63ATCCBH0wggLloAMCAQICEBLbxupiB94AY12OowcgGQ4wDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzIwNDlaFw00NDEwMzAxNzIwNDlaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDBB6ctdGNP6WwGg42EeaqljMS+6CIQtG1DWIrVtdNOtGwBxpGxxQJ4QZ9XorqBVzt6SJ9yRqa3GyfHezkkCMJ9QXkrzykZNZ6xe3q7R+DRwiyVA/2wPPp0zQ/++MKyfEiBbV42l5RHrUbCLecI9e9ZnbN44p1BF5Iv4wtvLjrw63dt0SdXBqU3vQq1A2wHcj0ZoXI04JFro/rPFH8RO5VFlWQH2ZZnGlO90XrE2WTxQXSNuayt1rcFe2HVf+56Pz6oTRw83cEG+92mSYl74NIqrjc2xmBpryyB4aztGKK0j/tNH+A9VTku0Qr5xv3dKnNwL7CELU7j6QjtMQAru1k7YUM9AzSUW8Fdz+q0RYRrVGqlkpcTBUoKvXGkThPVo0qeg0lAANxLEhNKKiqCRg2ZSeB5V3QAd7eByAs4LtxCJje4knKlUjP2+kc+vvHDFm6AQX5jBIkzjOzMxNuu5qqft4L3STft1yqjiEIawhEtYhqlEblNPE7s5jZzDNFU3J8CAwEAAaNjMGEwHQYDVR0OBBYEFHSRWx1f3qY3EU0K6t5RuQpwkqEJMB8GA1UdIwQYMBaAFHSRWx1f3qY3EU0K6t5RuQpwkqEJMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQAmnZHz8CG1KCCs7V7A/gbVec+DfrQ4lPqsFxANUoC6X3b3+KlMbHO0PvQ0XhSovmh9C5rv04pQX+EZzWUAsoyfZ2QpYv0ZWkjC7tVktTvEjD55tRW4+lqRrgPve+KWIfJmMVpr06ZbKUDooCcm3Vpa4m3Y59GBtbp4vvHKaqQIa8XE6gfm2kUweBLvmlnl24HJiCH3hMgr3HE7XUECmuXIrxNcd08LCyqJp+uABOlT7Mh7Po8A3zaHVggCis3z/lPaI11eZYNDTaXEoo4KIMV14HQXcpyBBWZWsZY7On2PcCFHX6cVpKxy/kUgGwWBW3KDWoOYSCFFqy//Gwl++6NmS4u0yFNcFkwyOY6+7zEBhg7kNs3B2MZKrUxxSitNfZbs3jDe0imAHLFzpiRU98ppQIokblJqOTPHqY7kZRxvDvBIF2uqix4ZdAHsBs3BFOWO1IXwoYQOQV9KgaVixnPhWRjnz7u/chO2T/BwajZyVU+JAYN26jU2P68NrmJNKgQxAA==", "NotBefore" : "Wed Oct 30 17:25:02 UTC 2024", "NotAfter" : "Tue Oct 20 17:25:02 UTC 2026" } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/info { "Attributes" : { "Attribute" : [ ] } } |
|
|
None |
200 |
|
|
|
None |
200 |
|
|
|
size, start, visible, enable, enableBy |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/profiles?size=2&visible=true&enable=true&enableBy=admin" { "total" : 25, "entries" : [ { "profileURL" : "https://pki.example.com:8443/ca/v2/profiles/acmeServerCert", "profileId" : "acmeServerCert", "profileName" : "ACME Server Certificate Enrollment", "profileDescription" : "This certificate profile is for enrolling server certificates via ACME protocol.", "profileVisible" : true, "profileEnable" : true, "profileEnableBy" : "admin" }, { "profileURL" : "https://pki.example.com:8443/ca/v2/profiles/caServerKeygen_UserCert", "profileId" : "caServerKeygen_UserCert", "profileName" : "Manual User Dual-Use Certificate Enrollment using server-side Key generation", "profileDescription" : "This certificate profile is for enrolling user certificates using server-side Key generation.", "profileVisible" : true, "profileEnable" : true, "profileEnableBy" : "admin" } ] } |
|
|
None |
201 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"id":"test","classId":"caEnrollImpl","name":"Manual User Dual-Use Certificate Enrollment","description":"This certificate profile is for enrolling user certificates.","enabled":true,"visible":false,"enabledBy":"admin","authzAcl":"","renewal":false,"inputs":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"outputs":[{"id":"o1","name":"Certificate Output","classId":"certOutputImpl","attributes":[{"name":"pretty_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Pretty Print"}},{"name":"b64_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Base-64 Encoded"}}]}],"policySets":{"userCertSet":[{"id":"1","def":{"name":"Subject Name Default","classId":"userSubjectNameDefaultImpl","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[{"name":"useSysEncoding","value":""}]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"subjectNameConstraintImpl","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","classId":"noDefaultImpl","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"renewGracePeriodConstraintImpl","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","classId":"validityDefaultImpl","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[{"name":"range","value":"180"},{"name":"rangeUnit","value":""},{"name":"startTime","value":"0"}]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"validityConstraintImpl","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","classId":"userKeyDefaultImpl","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"keyConstraintImpl","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","classId":"authorityKeyIdentifierExtDefaultImpl","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","classId":"authInfoAccessExtDefaultImpl","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"authInfoAccessCritical","value":"false"},{"name":"authInfoAccessNumADs","value":"1"},{"name":"authInfoAccessADMethod_0","value":"1.3.6.1.5.5.7.48.1"},{"name":"authInfoAccessADLocationType_0","value":"URIName"},{"name":"authInfoAccessADLocation_0","value":""},{"name":"authInfoAccessADEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","classId":"keyUsageExtDefaultImpl","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[{"name":"keyUsageCritical","value":"true"},{"name":"keyUsageDigitalSignature","value":"true"},{"name":"keyUsageNonRepudiation","value":"true"},{"name":"keyUsageKeyEncipherment","value":"true"},{"name":"keyUsageDataEncipherment","value":"false"},{"name":"keyUsageKeyAgreement","value":"false"},{"name":"keyUsageKeyCertSign","value":"false"},{"name":"keyUsageCrlSign","value":"false"},{"name":"keyUsageEncipherOnly","value":"false"},{"name":"keyUsageDecipherOnly","value":"false"}]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"keyUsageExtConstraintImpl","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","classId":"extendedKeyUsageExtDefaultImpl","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[{"name":"exKeyUsageCritical","value":"false"},{"name":"exKeyUsageOIDs","value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","classId":"subjectAltNameExtDefaultImpl","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"subjAltNameExtCritical","value":"false"},{"name":"subjAltNameNumGNs","value":"1"},{"name":"subjAltExtType_0","value":"RFC822Name"},{"name":"subjAltExtPattern_0","value":"$request.requestor_email$"},{"name":"subjAltExtGNEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","classId":"signingAlgDefaultImpl","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[{"name":"signingAlg","value":"-"}]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"signingAlgConstraintImpl","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]},"xmloutput":false}' https://$HOSTNAME:8443/ca/v2/profiles { "id" : "test", "classId" : "caEnrollImpl", "name" : "Manual User Dual-Use Certificate Enrollment", "description" : "This certificate profile is for enrolling user certificates.", "enabled" : false, "visible" : false, "authzAcl" : "", "renewal" : false, "inputs" : [ { "id" : "i1", "ClassID" : "keyGenInputImpl", "Name" : "Key Generation", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Descriptor" : { "Syntax" : "keygen_request_type", "Description" : "Key Generation Request Type" } }, { "name" : "cert_request", "Descriptor" : { "Syntax" : "keygen_request", "Description" : "Key Generation Request" } } ] }, { "id" : "i2", "ClassID" : "subjectNameInputImpl", "Name" : "Subject Name", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "sn_uid", "Descriptor" : { "Syntax" : "string", "Description" : "UID" } }, { "name" : "sn_e", "Descriptor" : { "Syntax" : "string", "Description" : "Email" } }, { "name" : "sn_cn", "Descriptor" : { "Syntax" : "string", "Description" : "Common Name" } }, { "name" : "sn_ou3", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 3" } }, { "name" : "sn_ou2", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 2" } }, { "name" : "sn_ou1", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 1" } }, { "name" : "sn_ou", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit" } }, { "name" : "sn_o", "Descriptor" : { "Syntax" : "string", "Description" : "Organization" } }, { "name" : "sn_c", "Descriptor" : { "Syntax" : "string", "Description" : "Country" } } ] }, { "id" : "i3", "ClassID" : "submitterInfoInputImpl", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "requestor_name", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Name" } }, { "name" : "requestor_email", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Email" } }, { "name" : "requestor_phone", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Phone" } } ] } ], "outputs" : [ { "id" : "o1", "name" : "Certificate Output", "classId" : "certOutputImpl", "attributes" : [ { "name" : "pretty_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Pretty Print" } }, { "name" : "b64_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Base-64 Encoded" } } ] } ], "policySets" : { "userCertSet" : [ { "id" : "1", "def" : { "name" : "Subject Name Default", "classId" : "userSubjectNameDefaultImpl", "text" : "This default populates a User-Supplied Certificate Subject Name to the request.", "attributes" : [ { "name" : "name", "Descriptor" : { "Syntax" : "string", "Description" : "Subject Name" } } ], "params" : [ { "name" : "useSysEncoding", "value" : "" } ] }, "constraint" : { "name" : "Subject Name Constraint", "text" : "This constraint accepts the subject name that matches UID=.*", "classId" : "subjectNameConstraintImpl", "constraints" : [ { "name" : "pattern", "descriptor" : { "Syntax" : "string", "Description" : "Subject Name Pattern" }, "value" : "UID=.*" } ] } }, { "id" : "10", "def" : { "name" : "No Default", "classId" : "noDefaultImpl", "text" : "No Default", "attributes" : [ ], "params" : [ ] }, "constraint" : { "name" : "Renewal Grace Period Constraint", "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.", "classId" : "renewGracePeriodConstraintImpl", "constraints" : [ { "name" : "renewal.graceBefore", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period Before", "DefaultValue" : "30" }, "value" : "30" }, { "name" : "renewal.graceAfter", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period After", "DefaultValue" : "30" }, "value" : "30" } ] } }, { "id" : "2", "def" : { "name" : "Validity Default", "classId" : "validityDefaultImpl", "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days", "attributes" : [ { "name" : "notBefore", "Descriptor" : { "Syntax" : "string", "Description" : "Not Before" } }, { "name" : "notAfter", "Descriptor" : { "Syntax" : "string", "Description" : "Not After" } } ], "params" : [ { "name" : "range", "value" : "180" }, { "name" : "rangeUnit", "value" : "" }, { "name" : "startTime", "value" : "0" } ] }, "constraint" : { "name" : "Validity Constraint", "text" : "This constraint rejects the validity that is not between 365 days.", "classId" : "validityConstraintImpl", "constraints" : [ { "name" : "range", "descriptor" : { "Syntax" : "integer", "Description" : "Validity Range", "DefaultValue" : "365" }, "value" : "365" }, { "name" : "rangeUnit", "descriptor" : { "Syntax" : "string", "Description" : "Validity Range Unit: year, month, day (default), hour, minute", "DefaultValue" : "day" }, "value" : "" }, { "name" : "notBeforeGracePeriod", "descriptor" : { "Syntax" : "integer", "Description" : "Grace period for Not Before being set in the future (in seconds).", "DefaultValue" : "0" }, "value" : "" }, { "name" : "notBeforeCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not Before against current time", "DefaultValue" : "false" }, "value" : "false" }, { "name" : "notAfterCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not After against Not Before", "DefaultValue" : "false" }, "value" : "false" } ] } }, { "id" : "3", "def" : { "name" : "Key Default", "classId" : "userKeyDefaultImpl", "text" : "This default populates a User-Supplied Certificate Key to the request.", "attributes" : [ { "name" : "TYPE", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Type" } }, { "name" : "LEN", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Length" } }, { "name" : "KEY", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key" } } ], "params" : [ ] }, "constraint" : { "name" : "Key Constraint", "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096", "classId" : "keyConstraintImpl", "constraints" : [ { "name" : "keyType", "descriptor" : { "Syntax" : "choice", "Constraint" : "-,RSA,EC", "Description" : "Key Type", "DefaultValue" : "RSA" }, "value" : "RSA" }, { "name" : "keyParameters", "descriptor" : { "Syntax" : "string", "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.", "DefaultValue" : "" }, "value" : "1024,2048,3072,4096" } ] } }, { "id" : "4", "def" : { "name" : "Authority Key Identifier Default", "classId" : "authorityKeyIdentifierExtDefaultImpl", "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.", "attributes" : [ { "name" : "critical", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Criticality" } }, { "name" : "keyid", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key ID" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "5", "def" : { "name" : "AIA Extension Default", "classId" : "authInfoAccessExtDefaultImpl", "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}", "attributes" : [ { "name" : "authInfoAccessCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "authInfoAccessGeneralNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "authInfoAccessCritical", "value" : "false" }, { "name" : "authInfoAccessNumADs", "value" : "1" }, { "name" : "authInfoAccessADMethod_0", "value" : "1.3.6.1.5.5.7.48.1" }, { "name" : "authInfoAccessADLocationType_0", "value" : "URIName" }, { "name" : "authInfoAccessADLocation_0", "value" : "" }, { "name" : "authInfoAccessADEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "6", "def" : { "name" : "Key Usage Default", "classId" : "keyUsageExtDefaultImpl", "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "attributes" : [ { "name" : "keyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "keyUsageDigitalSignature", "Descriptor" : { "Syntax" : "boolean", "Description" : "Digital Signature", "DefaultValue" : "false" } }, { "name" : "keyUsageNonRepudiation", "Descriptor" : { "Syntax" : "boolean", "Description" : "Non-Repudiation", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageDataEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Data Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyAgreement", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Agreement", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyCertSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key CertSign", "DefaultValue" : "false" } }, { "name" : "keyUsageCrlSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "CRL Sign", "DefaultValue" : "false" } }, { "name" : "keyUsageEncipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Encipher Only", "DefaultValue" : "false" } }, { "name" : "keyUsageDecipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Decipher Only", "DefaultValue" : "false" } } ], "params" : [ { "name" : "keyUsageCritical", "value" : "true" }, { "name" : "keyUsageDigitalSignature", "value" : "true" }, { "name" : "keyUsageNonRepudiation", "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "value" : "true" }, { "name" : "keyUsageDataEncipherment", "value" : "false" }, { "name" : "keyUsageKeyAgreement", "value" : "false" }, { "name" : "keyUsageKeyCertSign", "value" : "false" }, { "name" : "keyUsageCrlSign", "value" : "false" }, { "name" : "keyUsageEncipherOnly", "value" : "false" }, { "name" : "keyUsageDecipherOnly", "value" : "false" } ] }, "constraint" : { "name" : "Key Usage Extension Constraint", "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "classId" : "keyUsageExtConstraintImpl", "constraints" : [ { "name" : "keyUsageCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDigitalSignature", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Digital Signature", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageNonRepudiation", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Non-Repudiation", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Encipherment", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDataEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Data Encipherment", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyAgreement", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Agreement", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyCertSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key CertSign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageCrlSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "CRL Sign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageEncipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Encipher Only", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageDecipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Decipher Only", "DefaultValue" : "-" }, "value" : "false" } ] } }, { "id" : "7", "def" : { "name" : "Extended Key Usage Extension Default", "classId" : "extendedKeyUsageExtDefaultImpl", "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4", "attributes" : [ { "name" : "exKeyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "exKeyUsageOIDs", "Descriptor" : { "Syntax" : "string_list", "Description" : "Comma-Separated list of Object Identifiers" } } ], "params" : [ { "name" : "exKeyUsageCritical", "value" : "false" }, { "name" : "exKeyUsageOIDs", "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "8", "def" : { "name" : "Subject Alt Name Constraint", "classId" : "subjectAltNameExtDefaultImpl", "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}", "attributes" : [ { "name" : "subjAltNameExtCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "subjAltNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "subjAltNameExtCritical", "value" : "false" }, { "name" : "subjAltNameNumGNs", "value" : "1" }, { "name" : "subjAltExtType_0", "value" : "RFC822Name" }, { "name" : "subjAltExtPattern_0", "value" : "$request.requestor_email$" }, { "name" : "subjAltExtGNEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "9", "def" : { "name" : "Signing Alg", "classId" : "signingAlgDefaultImpl", "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA", "attributes" : [ { "name" : "signingAlg", "Descriptor" : { "Syntax" : "choice", "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "Description" : "Signing Algorithm" } } ], "params" : [ { "name" : "signingAlg", "value" : "-" } ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "classId" : "signingAlgConstraintImpl", "constraints" : [ { "name" : "signingAlgsAllowed", "descriptor" : { "Syntax" : "string", "Description" : "Allowed Signing Algorithms", "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC" }, "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS" } ] } } ] }, "xmloutput" : false } |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/profiles/caUserCert { "id" : "caUserCert", "classId" : "caEnrollImpl", "name" : "Manual User Dual-Use Certificate Enrollment", "description" : "This certificate profile is for enrolling user certificates.", "enabled" : true, "visible" : false, "enabledBy" : "admin", "authzAcl" : "", "renewal" : false, "inputs" : [ { "id" : "i1", "ClassID" : "keyGenInputImpl", "Name" : "Key Generation", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Descriptor" : { "Syntax" : "keygen_request_type", "Description" : "Key Generation Request Type" } }, { "name" : "cert_request", "Descriptor" : { "Syntax" : "keygen_request", "Description" : "Key Generation Request" } } ] }, { "id" : "i2", "ClassID" : "subjectNameInputImpl", "Name" : "Subject Name", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "sn_uid", "Descriptor" : { "Syntax" : "string", "Description" : "UID" } }, { "name" : "sn_e", "Descriptor" : { "Syntax" : "string", "Description" : "Email" } }, { "name" : "sn_cn", "Descriptor" : { "Syntax" : "string", "Description" : "Common Name" } }, { "name" : "sn_ou3", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 3" } }, { "name" : "sn_ou2", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 2" } }, { "name" : "sn_ou1", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 1" } }, { "name" : "sn_ou", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit" } }, { "name" : "sn_o", "Descriptor" : { "Syntax" : "string", "Description" : "Organization" } }, { "name" : "sn_c", "Descriptor" : { "Syntax" : "string", "Description" : "Country" } } ] }, { "id" : "i3", "ClassID" : "submitterInfoInputImpl", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "requestor_name", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Name" } }, { "name" : "requestor_email", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Email" } }, { "name" : "requestor_phone", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Phone" } } ] } ], "outputs" : [ { "id" : "o1", "name" : "Certificate Output", "classId" : "certOutputImpl", "attributes" : [ { "name" : "pretty_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Pretty Print" } }, { "name" : "b64_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Base-64 Encoded" } } ] } ], "policySets" : { "userCertSet" : [ { "id" : "1", "def" : { "name" : "Subject Name Default", "classId" : "userSubjectNameDefaultImpl", "text" : "This default populates a User-Supplied Certificate Subject Name to the request.", "attributes" : [ { "name" : "name", "Descriptor" : { "Syntax" : "string", "Description" : "Subject Name" } } ], "params" : [ { "name" : "useSysEncoding", "value" : "" } ] }, "constraint" : { "name" : "Subject Name Constraint", "text" : "This constraint accepts the subject name that matches UID=.*", "classId" : "subjectNameConstraintImpl", "constraints" : [ { "name" : "pattern", "descriptor" : { "Syntax" : "string", "Description" : "Subject Name Pattern" }, "value" : "UID=.*" } ] } }, { "id" : "10", "def" : { "name" : "No Default", "classId" : "noDefaultImpl", "text" : "No Default", "attributes" : [ ], "params" : [ ] }, "constraint" : { "name" : "Renewal Grace Period Constraint", "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.", "classId" : "renewGracePeriodConstraintImpl", "constraints" : [ { "name" : "renewal.graceBefore", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period Before", "DefaultValue" : "30" }, "value" : "30" }, { "name" : "renewal.graceAfter", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period After", "DefaultValue" : "30" }, "value" : "30" } ] } }, { "id" : "2", "def" : { "name" : "Validity Default", "classId" : "validityDefaultImpl", "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days", "attributes" : [ { "name" : "notBefore", "Descriptor" : { "Syntax" : "string", "Description" : "Not Before" } }, { "name" : "notAfter", "Descriptor" : { "Syntax" : "string", "Description" : "Not After" } } ], "params" : [ { "name" : "range", "value" : "180" }, { "name" : "rangeUnit", "value" : "" }, { "name" : "startTime", "value" : "0" } ] }, "constraint" : { "name" : "Validity Constraint", "text" : "This constraint rejects the validity that is not between 365 days.", "classId" : "validityConstraintImpl", "constraints" : [ { "name" : "range", "descriptor" : { "Syntax" : "integer", "Description" : "Validity Range", "DefaultValue" : "365" }, "value" : "365" }, { "name" : "rangeUnit", "descriptor" : { "Syntax" : "string", "Description" : "Validity Range Unit: year, month, day (default), hour, minute", "DefaultValue" : "day" }, "value" : "" }, { "name" : "notBeforeGracePeriod", "descriptor" : { "Syntax" : "integer", "Description" : "Grace period for Not Before being set in the future (in seconds).", "DefaultValue" : "0" }, "value" : "" }, { "name" : "notBeforeCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not Before against current time", "DefaultValue" : "false" }, "value" : "false" }, { "name" : "notAfterCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not After against Not Before", "DefaultValue" : "false" }, "value" : "false" } ] } }, { "id" : "3", "def" : { "name" : "Key Default", "classId" : "userKeyDefaultImpl", "text" : "This default populates a User-Supplied Certificate Key to the request.", "attributes" : [ { "name" : "TYPE", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Type" } }, { "name" : "LEN", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Length" } }, { "name" : "KEY", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key" } } ], "params" : [ ] }, "constraint" : { "name" : "Key Constraint", "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096", "classId" : "keyConstraintImpl", "constraints" : [ { "name" : "keyType", "descriptor" : { "Syntax" : "choice", "Constraint" : "-,RSA,EC", "Description" : "Key Type", "DefaultValue" : "RSA" }, "value" : "RSA" }, { "name" : "keyParameters", "descriptor" : { "Syntax" : "string", "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.", "DefaultValue" : "" }, "value" : "1024,2048,3072,4096" } ] } }, { "id" : "4", "def" : { "name" : "Authority Key Identifier Default", "classId" : "authorityKeyIdentifierExtDefaultImpl", "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.", "attributes" : [ { "name" : "critical", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Criticality" } }, { "name" : "keyid", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key ID" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "5", "def" : { "name" : "AIA Extension Default", "classId" : "authInfoAccessExtDefaultImpl", "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}", "attributes" : [ { "name" : "authInfoAccessCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "authInfoAccessGeneralNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "authInfoAccessCritical", "value" : "false" }, { "name" : "authInfoAccessNumADs", "value" : "1" }, { "name" : "authInfoAccessADMethod_0", "value" : "1.3.6.1.5.5.7.48.1" }, { "name" : "authInfoAccessADLocationType_0", "value" : "URIName" }, { "name" : "authInfoAccessADLocation_0", "value" : "" }, { "name" : "authInfoAccessADEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "6", "def" : { "name" : "Key Usage Default", "classId" : "keyUsageExtDefaultImpl", "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "attributes" : [ { "name" : "keyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "keyUsageDigitalSignature", "Descriptor" : { "Syntax" : "boolean", "Description" : "Digital Signature", "DefaultValue" : "false" } }, { "name" : "keyUsageNonRepudiation", "Descriptor" : { "Syntax" : "boolean", "Description" : "Non-Repudiation", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageDataEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Data Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyAgreement", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Agreement", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyCertSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key CertSign", "DefaultValue" : "false" } }, { "name" : "keyUsageCrlSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "CRL Sign", "DefaultValue" : "false" } }, { "name" : "keyUsageEncipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Encipher Only", "DefaultValue" : "false" } }, { "name" : "keyUsageDecipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Decipher Only", "DefaultValue" : "false" } } ], "params" : [ { "name" : "keyUsageCritical", "value" : "true" }, { "name" : "keyUsageDigitalSignature", "value" : "true" }, { "name" : "keyUsageNonRepudiation", "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "value" : "true" }, { "name" : "keyUsageDataEncipherment", "value" : "false" }, { "name" : "keyUsageKeyAgreement", "value" : "false" }, { "name" : "keyUsageKeyCertSign", "value" : "false" }, { "name" : "keyUsageCrlSign", "value" : "false" }, { "name" : "keyUsageEncipherOnly", "value" : "false" }, { "name" : "keyUsageDecipherOnly", "value" : "false" } ] }, "constraint" : { "name" : "Key Usage Extension Constraint", "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "classId" : "keyUsageExtConstraintImpl", "constraints" : [ { "name" : "keyUsageCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDigitalSignature", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Digital Signature", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageNonRepudiation", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Non-Repudiation", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Encipherment", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDataEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Data Encipherment", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyAgreement", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Agreement", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyCertSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key CertSign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageCrlSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "CRL Sign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageEncipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Encipher Only", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageDecipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Decipher Only", "DefaultValue" : "-" }, "value" : "false" } ] } }, { "id" : "7", "def" : { "name" : "Extended Key Usage Extension Default", "classId" : "extendedKeyUsageExtDefaultImpl", "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4", "attributes" : [ { "name" : "exKeyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "exKeyUsageOIDs", "Descriptor" : { "Syntax" : "string_list", "Description" : "Comma-Separated list of Object Identifiers" } } ], "params" : [ { "name" : "exKeyUsageCritical", "value" : "false" }, { "name" : "exKeyUsageOIDs", "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "8", "def" : { "name" : "Subject Alt Name Constraint", "classId" : "subjectAltNameExtDefaultImpl", "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}", "attributes" : [ { "name" : "subjAltNameExtCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "subjAltNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "subjAltNameExtCritical", "value" : "false" }, { "name" : "subjAltNameNumGNs", "value" : "1" }, { "name" : "subjAltExtType_0", "value" : "RFC822Name" }, { "name" : "subjAltExtPattern_0", "value" : "$request.requestor_email$" }, { "name" : "subjAltExtGNEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "9", "def" : { "name" : "Signing Alg", "classId" : "signingAlgDefaultImpl", "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA", "attributes" : [ { "name" : "signingAlg", "Descriptor" : { "Syntax" : "choice", "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "Description" : "Signing Algorithm" } } ], "params" : [ { "name" : "signingAlg", "value" : "-" } ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "classId" : "signingAlgConstraintImpl", "constraints" : [ { "name" : "signingAlgsAllowed", "descriptor" : { "Syntax" : "string", "Description" : "Allowed Signing Algorithms", "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC" }, "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS" } ] } } ] }, "xmloutput" : false } |
|
|
action (enable/disable) |
204 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -X POST "https://$HOSTNAME:8443/ca/v2/profiles/caUserCert?action=disable" |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"id":"test","classId":"caEnrollImpl","name":"Manual User Dual-Use Certificate Enrollment","description":"This certificate profile is for enrolling user certificates.","enabled":true,"visible":true,"enabledBy":"admin","authzAcl":"","renewal":false,"inputs":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"outputs":[{"id":"o1","name":"Certificate Output","classId":"certOutputImpl","attributes":[{"name":"pretty_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Pretty Print"}},{"name":"b64_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Base-64 Encoded"}}]}],"policySets":{"userCertSet":[{"id":"1","def":{"name":"Subject Name Default","classId":"userSubjectNameDefaultImpl","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[{"name":"useSysEncoding","value":""}]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"subjectNameConstraintImpl","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","classId":"noDefaultImpl","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"renewGracePeriodConstraintImpl","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","classId":"validityDefaultImpl","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[{"name":"range","value":"180"},{"name":"rangeUnit","value":""},{"name":"startTime","value":"0"}]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"validityConstraintImpl","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","classId":"userKeyDefaultImpl","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"keyConstraintImpl","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","classId":"authorityKeyIdentifierExtDefaultImpl","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","classId":"authInfoAccessExtDefaultImpl","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"authInfoAccessCritical","value":"false"},{"name":"authInfoAccessNumADs","value":"1"},{"name":"authInfoAccessADMethod_0","value":"1.3.6.1.5.5.7.48.1"},{"name":"authInfoAccessADLocationType_0","value":"URIName"},{"name":"authInfoAccessADLocation_0","value":""},{"name":"authInfoAccessADEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","classId":"keyUsageExtDefaultImpl","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[{"name":"keyUsageCritical","value":"true"},{"name":"keyUsageDigitalSignature","value":"true"},{"name":"keyUsageNonRepudiation","value":"true"},{"name":"keyUsageKeyEncipherment","value":"true"},{"name":"keyUsageDataEncipherment","value":"false"},{"name":"keyUsageKeyAgreement","value":"false"},{"name":"keyUsageKeyCertSign","value":"false"},{"name":"keyUsageCrlSign","value":"false"},{"name":"keyUsageEncipherOnly","value":"false"},{"name":"keyUsageDecipherOnly","value":"false"}]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"keyUsageExtConstraintImpl","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","classId":"extendedKeyUsageExtDefaultImpl","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[{"name":"exKeyUsageCritical","value":"false"},{"name":"exKeyUsageOIDs","value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","classId":"subjectAltNameExtDefaultImpl","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"subjAltNameExtCritical","value":"false"},{"name":"subjAltNameNumGNs","value":"1"},{"name":"subjAltExtType_0","value":"RFC822Name"},{"name":"subjAltExtPattern_0","value":"$request.requestor_email$"},{"name":"subjAltExtGNEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","classId":"signingAlgDefaultImpl","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[{"name":"signingAlg","value":"-"}]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"signingAlgConstraintImpl","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]},"xmloutput":false}' -X Put https://$HOSTNAME:8443/ca/v2/profiles/test { "id" : "test", "classId" : "caEnrollImpl", "name" : "Manual User Dual-Use Certificate Enrollment", "description" : "This certificate profile is for enrolling user certificates.", "enabled" : false, "visible" : true, "authzAcl" : "", "renewal" : false, "inputs" : [ { "id" : "i1", "ClassID" : "keyGenInputImpl", "Name" : "Key Generation", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "cert_request_type", "Descriptor" : { "Syntax" : "keygen_request_type", "Description" : "Key Generation Request Type" } }, { "name" : "cert_request", "Descriptor" : { "Syntax" : "keygen_request", "Description" : "Key Generation Request" } } ] }, { "id" : "i2", "ClassID" : "subjectNameInputImpl", "Name" : "Subject Name", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "sn_uid", "Descriptor" : { "Syntax" : "string", "Description" : "UID" } }, { "name" : "sn_e", "Descriptor" : { "Syntax" : "string", "Description" : "Email" } }, { "name" : "sn_cn", "Descriptor" : { "Syntax" : "string", "Description" : "Common Name" } }, { "name" : "sn_ou3", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 3" } }, { "name" : "sn_ou2", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 2" } }, { "name" : "sn_ou1", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit 1" } }, { "name" : "sn_ou", "Descriptor" : { "Syntax" : "string", "Description" : "Organizational Unit" } }, { "name" : "sn_o", "Descriptor" : { "Syntax" : "string", "Description" : "Organization" } }, { "name" : "sn_c", "Descriptor" : { "Syntax" : "string", "Description" : "Country" } } ] }, { "id" : "i3", "ClassID" : "submitterInfoInputImpl", "Name" : "Requestor Information", "ConfigAttribute" : [ ], "Attribute" : [ { "name" : "requestor_name", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Name" } }, { "name" : "requestor_email", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Email" } }, { "name" : "requestor_phone", "Descriptor" : { "Syntax" : "string", "Description" : "Requestor Phone" } } ] } ], "outputs" : [ { "id" : "o1", "name" : "Certificate Output", "classId" : "certOutputImpl", "attributes" : [ { "name" : "pretty_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Pretty Print" } }, { "name" : "b64_cert", "Descriptor" : { "Syntax" : "pretty_print", "Description" : "Certificate Base-64 Encoded" } } ] } ], "policySets" : { "userCertSet" : [ { "id" : "1", "def" : { "name" : "Subject Name Default", "classId" : "userSubjectNameDefaultImpl", "text" : "This default populates a User-Supplied Certificate Subject Name to the request.", "attributes" : [ { "name" : "name", "Descriptor" : { "Syntax" : "string", "Description" : "Subject Name" } } ], "params" : [ { "name" : "useSysEncoding", "value" : "" } ] }, "constraint" : { "name" : "Subject Name Constraint", "text" : "This constraint accepts the subject name that matches UID=.*", "classId" : "subjectNameConstraintImpl", "constraints" : [ { "name" : "pattern", "descriptor" : { "Syntax" : "string", "Description" : "Subject Name Pattern" }, "value" : "UID=.*" } ] } }, { "id" : "10", "def" : { "name" : "No Default", "classId" : "noDefaultImpl", "text" : "No Default", "attributes" : [ ], "params" : [ ] }, "constraint" : { "name" : "Renewal Grace Period Constraint", "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.", "classId" : "renewGracePeriodConstraintImpl", "constraints" : [ { "name" : "renewal.graceBefore", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period Before", "DefaultValue" : "30" }, "value" : "30" }, { "name" : "renewal.graceAfter", "descriptor" : { "Syntax" : "integer", "Description" : "Renewal Grace Period After", "DefaultValue" : "30" }, "value" : "30" } ] } }, { "id" : "2", "def" : { "name" : "Validity Default", "classId" : "validityDefaultImpl", "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days", "attributes" : [ { "name" : "notBefore", "Descriptor" : { "Syntax" : "string", "Description" : "Not Before" } }, { "name" : "notAfter", "Descriptor" : { "Syntax" : "string", "Description" : "Not After" } } ], "params" : [ { "name" : "range", "value" : "180" }, { "name" : "rangeUnit", "value" : "" }, { "name" : "startTime", "value" : "0" } ] }, "constraint" : { "name" : "Validity Constraint", "text" : "This constraint rejects the validity that is not between 365 days.", "classId" : "validityConstraintImpl", "constraints" : [ { "name" : "range", "descriptor" : { "Syntax" : "integer", "Description" : "Validity Range", "DefaultValue" : "365" }, "value" : "365" }, { "name" : "rangeUnit", "descriptor" : { "Syntax" : "string", "Description" : "Validity Range Unit: year, month, day (default), hour, minute", "DefaultValue" : "day" }, "value" : "" }, { "name" : "notBeforeGracePeriod", "descriptor" : { "Syntax" : "integer", "Description" : "Grace period for Not Before being set in the future (in seconds).", "DefaultValue" : "0" }, "value" : "" }, { "name" : "notBeforeCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not Before against current time", "DefaultValue" : "false" }, "value" : "false" }, { "name" : "notAfterCheck", "descriptor" : { "Syntax" : "boolean", "Description" : "Check Not After against Not Before", "DefaultValue" : "false" }, "value" : "false" } ] } }, { "id" : "3", "def" : { "name" : "Key Default", "classId" : "userKeyDefaultImpl", "text" : "This default populates a User-Supplied Certificate Key to the request.", "attributes" : [ { "name" : "TYPE", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Type" } }, { "name" : "LEN", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key Length" } }, { "name" : "KEY", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key" } } ], "params" : [ ] }, "constraint" : { "name" : "Key Constraint", "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096", "classId" : "keyConstraintImpl", "constraints" : [ { "name" : "keyType", "descriptor" : { "Syntax" : "choice", "Constraint" : "-,RSA,EC", "Description" : "Key Type", "DefaultValue" : "RSA" }, "value" : "RSA" }, { "name" : "keyParameters", "descriptor" : { "Syntax" : "string", "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.", "DefaultValue" : "" }, "value" : "1024,2048,3072,4096" } ] } }, { "id" : "4", "def" : { "name" : "Authority Key Identifier Default", "classId" : "authorityKeyIdentifierExtDefaultImpl", "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.", "attributes" : [ { "name" : "critical", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Criticality" } }, { "name" : "keyid", "Descriptor" : { "Syntax" : "string", "Constraint" : "readonly", "Description" : "Key ID" } } ], "params" : [ ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "5", "def" : { "name" : "AIA Extension Default", "classId" : "authInfoAccessExtDefaultImpl", "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}", "attributes" : [ { "name" : "authInfoAccessCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "authInfoAccessGeneralNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "authInfoAccessCritical", "value" : "false" }, { "name" : "authInfoAccessNumADs", "value" : "1" }, { "name" : "authInfoAccessADMethod_0", "value" : "1.3.6.1.5.5.7.48.1" }, { "name" : "authInfoAccessADLocationType_0", "value" : "URIName" }, { "name" : "authInfoAccessADLocation_0", "value" : "" }, { "name" : "authInfoAccessADEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "6", "def" : { "name" : "Key Usage Default", "classId" : "keyUsageExtDefaultImpl", "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "attributes" : [ { "name" : "keyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "keyUsageDigitalSignature", "Descriptor" : { "Syntax" : "boolean", "Description" : "Digital Signature", "DefaultValue" : "false" } }, { "name" : "keyUsageNonRepudiation", "Descriptor" : { "Syntax" : "boolean", "Description" : "Non-Repudiation", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageDataEncipherment", "Descriptor" : { "Syntax" : "boolean", "Description" : "Data Encipherment", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyAgreement", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key Agreement", "DefaultValue" : "false" } }, { "name" : "keyUsageKeyCertSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "Key CertSign", "DefaultValue" : "false" } }, { "name" : "keyUsageCrlSign", "Descriptor" : { "Syntax" : "boolean", "Description" : "CRL Sign", "DefaultValue" : "false" } }, { "name" : "keyUsageEncipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Encipher Only", "DefaultValue" : "false" } }, { "name" : "keyUsageDecipherOnly", "Descriptor" : { "Syntax" : "boolean", "Description" : "Decipher Only", "DefaultValue" : "false" } } ], "params" : [ { "name" : "keyUsageCritical", "value" : "true" }, { "name" : "keyUsageDigitalSignature", "value" : "true" }, { "name" : "keyUsageNonRepudiation", "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "value" : "true" }, { "name" : "keyUsageDataEncipherment", "value" : "false" }, { "name" : "keyUsageKeyAgreement", "value" : "false" }, { "name" : "keyUsageKeyCertSign", "value" : "false" }, { "name" : "keyUsageCrlSign", "value" : "false" }, { "name" : "keyUsageEncipherOnly", "value" : "false" }, { "name" : "keyUsageDecipherOnly", "value" : "false" } ] }, "constraint" : { "name" : "Key Usage Extension Constraint", "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false", "classId" : "keyUsageExtConstraintImpl", "constraints" : [ { "name" : "keyUsageCritical", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Criticality", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDigitalSignature", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Digital Signature", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageNonRepudiation", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Non-Repudiation", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageKeyEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Encipherment", "DefaultValue" : "-" }, "value" : "true" }, { "name" : "keyUsageDataEncipherment", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Data Encipherment", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyAgreement", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key Agreement", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageKeyCertSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Key CertSign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageCrlSign", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "CRL Sign", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageEncipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Encipher Only", "DefaultValue" : "-" }, "value" : "false" }, { "name" : "keyUsageDecipherOnly", "descriptor" : { "Syntax" : "choice", "Constraint" : "true,false,-", "Description" : "Decipher Only", "DefaultValue" : "-" }, "value" : "false" } ] } }, { "id" : "7", "def" : { "name" : "Extended Key Usage Extension Default", "classId" : "extendedKeyUsageExtDefaultImpl", "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4", "attributes" : [ { "name" : "exKeyUsageCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "exKeyUsageOIDs", "Descriptor" : { "Syntax" : "string_list", "Description" : "Comma-Separated list of Object Identifiers" } } ], "params" : [ { "name" : "exKeyUsageCritical", "value" : "false" }, { "name" : "exKeyUsageOIDs", "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "8", "def" : { "name" : "Subject Alt Name Constraint", "classId" : "subjectAltNameExtDefaultImpl", "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}", "attributes" : [ { "name" : "subjAltNameExtCritical", "Descriptor" : { "Syntax" : "boolean", "Description" : "Criticality", "DefaultValue" : "false" } }, { "name" : "subjAltNames", "Descriptor" : { "Syntax" : "string_list", "Description" : "General Names" } } ], "params" : [ { "name" : "subjAltNameExtCritical", "value" : "false" }, { "name" : "subjAltNameNumGNs", "value" : "1" }, { "name" : "subjAltExtType_0", "value" : "RFC822Name" }, { "name" : "subjAltExtPattern_0", "value" : "$request.requestor_email$" }, { "name" : "subjAltExtGNEnable_0", "value" : "true" } ] }, "constraint" : { "name" : "No Constraint", "text" : "No Constraint", "classId" : "noConstraintImpl", "constraints" : [ ] } }, { "id" : "9", "def" : { "name" : "Signing Alg", "classId" : "signingAlgDefaultImpl", "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA", "attributes" : [ { "name" : "signingAlg", "Descriptor" : { "Syntax" : "choice", "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "Description" : "Signing Algorithm" } } ], "params" : [ { "name" : "signingAlg", "value" : "-" } ] }, "constraint" : { "name" : "No Constraint", "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "classId" : "signingAlgConstraintImpl", "constraints" : [ { "name" : "signingAlgsAllowed", "descriptor" : { "Syntax" : "string", "Description" : "Allowed Signing Algorithms", "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC" }, "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS" } ] } } ] }, "xmloutput" : false } |
|
|
action (enable/disable) |
204 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/profiles/test |
|
|
None |
201 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --data-binary @- https://$HOSTNAME:8443/ca/v2/profiles/raw << EOF auth.class_id= classId=caEnrollImpl desc=This certificate profile is for enrolling user certificates. enable=true enableBy=caadmin input.i1.class_id=keyGenInputImpl input.i2.class_id=subjectNameInputImpl input.i3.class_id=submitterInfoInputImpl input.list=i1,i2,i3 name=Manual User Dual-Use Certificate Enrollment output.list=o1 output.o1.class_id=certOutputImpl policyset.list=userCertSet policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.1.default.params.name= policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.2.constraint.name=Validity Constraint policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.2.constraint.params.range=365 policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.2.default.name=Validity Default policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.3.constraint.params.keyType=RSA policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.8.constraint.class_id=noConstraintImpl policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 profileId=test visible=false EOF auth.class_id= classId=caEnrollImpl desc=This certificate profile is for enrolling user certificates. enable=false enableBy=caadmin input.i1.class_id=keyGenInputImpl input.i2.class_id=subjectNameInputImpl input.i3.class_id=submitterInfoInputImpl input.list=i1,i2,i3 name=Manual User Dual-Use Certificate Enrollment output.list=o1 output.o1.class_id=certOutputImpl policyset.list=userCertSet policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.1.default.params.name= policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.2.constraint.name=Validity Constraint policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.2.constraint.params.range=365 policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.2.default.name=Validity Default policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.3.constraint.params.keyType=RSA policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.8.constraint.class_id=noConstraintImpl policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltExtPattern_0=.requestor_email$ policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 profileId=test visible=false |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/profiles/caUserCert auth.class_id= classId=caEnrollImpl desc=This certificate profile is for enrolling user certificates. enable=true enableBy=caadmin input.i1.class_id=keyGenInputImpl input.i2.class_id=subjectNameInputImpl input.i3.class_id=submitterInfoInputImpl input.list=i1,i2,i3 name=Manual User Dual-Use Certificate Enrollment output.list=o1 output.o1.class_id=certOutputImpl policyset.list=userCertSet policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.1.default.params.name= policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.2.constraint.name=Validity Constraint policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.2.constraint.params.range=365 policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.2.default.name=Validity Default policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.3.constraint.params.keyType=RSA policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.8.constraint.class_id=noConstraintImpl policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 profileId=caUserCert visible=false |
|
|
None |
200 |
Show$ curl --cacert ./ca_signing.crt -b session_cookie --data-binary @- -X PUT https://$HOSTNAME:8443/ca/v2/profiles/test/raw << EOF auth.class_id= classId=caEnrollImpl desc=This certificate profile is for enrolling user certificates. enable=false enableBy=caadmin input.i1.class_id=keyGenInputImpl input.i2.class_id=subjectNameInputImpl input.i3.class_id=submitterInfoInputImpl input.list=i1,i2,i3 name=Manual User Dual-Use Certificate Enrollment output.list=o1 output.o1.class_id=certOutputImpl policyset.list=userCertSet policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.1.default.params.name= policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.2.constraint.name=Validity Constraint policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.2.constraint.params.range=365 policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.2.default.name=Validity Default policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.3.constraint.params.keyType=RSA policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.6.default.params.keyUsageCrlSign=false policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.8.constraint.class_id=noConstraintImpl policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.9.constraint.name=No Constraint policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.9.default.params.signingAlg=- policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 profileId=test visible=false EOF policyset.userCertSet.7.constraint.class_id=noConstraintImpl policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false policyset.userCertSet.3.constraint.params.keyType=RSA input.i2.class_id=subjectNameInputImpl policyset.userCertSet.7.default.params.exKeyUsageCritical=false policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 output.o1.class_id=certOutputImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.5.constraint.name=No Constraint policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.8.default.name=Subject Alt Name Constraint output.list=o1 input.list=i1,i2,i3 policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl policyset.userCertSet.2.constraint.params.range=365 visible=false policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false policyset.userCertSet.2.default.class_id=validityDefaultImpl policyset.userCertSet.8.default.params.subjAltNameExtCritical=false policyset.userCertSet.2.default.name=Validity Default desc=This certificate profile is for enrolling user certificates. policyset.userCertSet.4.constraint.name=No Constraint policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false policyset.userCertSet.9.default.params.signingAlg=- auth.class_id= policyset.userCertSet.7.default.name=Extended Key Usage Extension Default policyset.userCertSet.2.constraint.params.notBeforeCheck=false policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false policyset.userCertSet.1.constraint.params.pattern=UID=.* policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 policyset.userCertSet.2.default.params.range=180 policyset.userCertSet.6.default.params.keyUsageCrlSign=false enable=false policyset.userCertSet.2.constraint.class_id=validityConstraintImpl policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.1.default.name=Subject Name Default policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 policyset.userCertSet.9.constraint.name=No Constraint input.i1.class_id=keyGenInputImpl enableBy=caadmin policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.userCertSet.10.default.name=No Default policyset.userCertSet.2.constraint.params.notAfterCheck=false policyset.userCertSet.2.constraint.name=Validity Constraint input.i3.class_id=submitterInfoInputImpl policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.6.default.name=Key Usage Default policyset.userCertSet.5.constraint.class_id=noConstraintImpl policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true policyset.userCertSet.8.constraint.class_id=noConstraintImpl name=Manual User Dual-Use Certificate Enrollment policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false policyset.userCertSet.5.default.name=AIA Extension Default policyset.userCertSet.6.constraint.params.keyUsageCritical=true policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 policyset.userCertSet.8.constraint.name=No Constraint policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.1.constraint.name=Subject Name Constraint policyset.userCertSet.1.constraint.params.accept=true policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl policyset.userCertSet.7.constraint.name=No Constraint policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 policyset.list=userCertSet policyset.userCertSet.8.default.params.subjAltExtPattern_0=.requestor_email$ policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.userCertSet.4.default.name=Authority Key Identifier Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl policyset.userCertSet.6.default.params.keyUsageCritical=true policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name policyset.userCertSet.5.default.params.authInfoAccessCritical=false policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true policyset.userCertSet.9.default.name=Signing Alg policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint policyset.userCertSet.1.default.params.name= policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false |
Note
|
endpoints requiring authentication can be accessed providing the session cookie retrieved in the login api (/<app>/v2/account/login ) or the user credentials (user/password or certificates).
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |