Skip to content

REST API v2

Endi S. Dewata edited this page Nov 7, 2024 · 4 revisions

Overview

This page describes the REST API v2 endpoints.

Warning
This feature is still under development. The API might still change. Do not use it in production.

General endpoints

Path Method Parameters Return code Mime Input

/pki/v2/info

GET

None

200

application/json

Example
$ curl --cacert ./ca_signing.crt  https://$HOSTNAME:8443/pki/v2/info
{
  "Name" : "Dogtag Certificate System",
  "Version" : "11.6.0",
  "Attributes" : {
    "Attribute" : [ ]
  }
}

/pki/v2/apps

GET

None

200

application/json

Example
curl --cacert ./ca_signing.crt   https://$HOSTNAME:8443/pki/v2/apps
[{"id":"ca","name":"Certificate Authority","path":"/ca"}]

Shared endpoints

These endpoints are available in multiple subsystem application.

Path Method Parameters Return code App Example

/<app>/v2/account/login

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt --cert ca_admin_cert.p12:Secret.123 --cert-type P12 -c session_cookie  https://$HOSTNAME:8443/ca/v2/account/login
{
  "id" : "caadmin",
  "FullName" : "caadmin",
  "Email" : "caadmin@example.com",
  "Roles" : [ "Administrators", "Certificate Manager Agents", "Enterprise CA Administrators", "Enterprise KRA Administrators", "Enterprise OCSP Administrators", "Enterprise RA Administrators", "Enterprise TKS Administrators", "Enterprise TPS Administrators", "Security Domain Administrators" ],
  "Attributes" : {
    "Attribute" : [ ]
  }
}

/<app>/v2/account/logout

GET

None

204

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/account/logout

/<app>/v2/admin/groups

GET

start, size, filter

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/admin/groups?size=3&filter=Admin"
{
  "total" : 8,
  "entries" : [ {
    "id" : "Administrators",
    "GroupID" : "Administrators",
    "Description" : "People who manage the Certificate System"
  }, {
    "id" : "Security Domain Administrators",
    "GroupID" : "Security Domain Administrators",
    "Description" : "People who are the Security Domain administrators"
  }, {
    "id" : "Enterprise CA Administrators",
    "GroupID" : "Enterprise CA Administrators",
    "Description" : "People who are the administrators for the security domain for CA"
  } ]
}

/<app>/v2/admin/groups

POST

None

201

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"GroupID": "NewGroup", "Description":"This is a new group"}' https://$HOSTNAME:8443/ca/v2/admin/groups
{
  "id" : "NewGroup",
  "GroupID" : "NewGroup",
  "Description" : "This is a new group"
}

/<app>/v2/admin/groups/{id}

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup
{
  "id" : "NewGroup",
  "GroupID" : "NewGroup",
  "Description" : "This is a new group"
}

/<app>/v2/admin/groups/{id}

PATCH

None

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"Description":"This is the new group"}' https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup
{
  "id" : "NewGroup",
  "GroupID" : "NewGroup",
  "Description" : "This is the new group"
}

/<app>/v2/admin/groups/{id}

DELETE

None

204

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup

/<app>/v2/admin/groups/{id}/members

GET

start, size, filter

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/groups/Administrators/members
{
  "total" : 1,
  "entries" : [ {
    "id" : "caadmin",
    "groupID" : "Administrators"
  } ]
}

/<app>/v2/admin/groups/{id}/members

POST

None

201

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"id": "caadmin"}' https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members
{
  "id" : "caadmin",
  "groupID" : "NewGroup"
}

/<app>/v2/admin/groups/{groupId}/members{memberId}

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members/caadmin
{
  "id" : "caadmin",
  "groupID" : "NewGroup"
}

/<app>/v2/admin/groups/{groupId}/members{memberId}

DELETE

None

204

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members/caadmin

/<app>/v2/admin/users

GET

start, size, filter

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/admin/users?size=3&filter=Admin"
{
  "total" : 1,
  "entries" : [ {
    "id" : "caadmin",
    "UserID" : "caadmin",
    "FullName" : "caadmin"
  } ]
}

/<app>/v2/admin/users

POST

None

201

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"UserID": "newUser", "FullName":"New User"}' https://$HOSTNAME:8443/ca/v2/admin/users
{
  "id" : "newUser",
  "UserID" : "newUser",
  "FullName" : "New User"
}

/<app>/v2/admin/users/{id}

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/users/newUser
{
  "id" : "newUser",
  "UserID" : "newUser",
  "FullName" : "New User"
}

/<app>/v2/admin/users/{id}

PATCH

None

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"FullName":"The New User"}' -X PATCH https://$HOSTNAME:8443/ca/v2/admin/users/newUser
{
  "id" : "newUser",
  "UserID" : "newUser",
  "FullName" : "The New User"
}

/<app>/v2/admin/users/{id}

DELETE

None

204

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser

/<app>/v2/admin/users/{id}/certs

GET

size, start

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs
{
  "total" : 1,
  "entries" : [ {
    "Version" : 2,
    "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173",
    "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
    "SubjectDN" : "UID=newUser",
    "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser"
  } ]
}

/<app>/v2/admin/users/{id}/certs

GET

size, start

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs
{
  "total" : 1,
  "entries" : [ {
    "Version" : 2,
    "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173",
    "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
    "SubjectDN" : "UID=newUser",
    "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser"
  } ]
}

/<app>/v2/admin/users/{id}/certs

POST

None

201

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"Encoded":"-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n"}' https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs
{
  "Version" : 2,
  "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173",
  "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "SubjectDN" : "UID=newUser",
  "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n",
  "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser"
}

/<app>/v2/admin/users/{userId}/certs/{certId}

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs/2%3B219636095195869852359558645775241978227%3BCN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE%3BUID%3DnewUser
{
  "Version" : 2,
  "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173",
  "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "SubjectDN" : "UID=newUser",
  "PrettyPrint" : "    Certificate: \n        Data: \n            Version:  v3\n            Serial Number: 0xA53C5F8E01BAB930295A1C56134E2173\n            Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n            Issuer: CN=CA Signing Certificate, OU=pki-tomcat, O=EXAMPLE\n            Validity: \n                Not Before: Wednesday, October 30, 2024, 9:40:40?AM Coordinated Universal Time Etc/UTC\n                Not  After: Monday, April 28, 2025, 9:40:40?AM Coordinated Universal Time Etc/UTC\n            Subject: UID=newUser\n            Subject Public Key Info: \n                Algorithm: RSA - 1.2.840.113549.1.1.1\n                Public Key: \n                    Exponent: 65537\n                    Public Key Modulus: (2048 bits) :\n                        BE:79:34:02:6D:DA:45:97:AF:74:FA:8B:B4:38:78:1A:\n                        4B:A4:67:CF:52:AC:20:58:AB:3F:F2:5B:22:03:74:49:\n                        D3:1E:D2:54:77:22:70:6F:08:0B:90:AC:FD:1A:C1:37:\n                        67:00:35:A8:B8:10:F0:2F:1E:3A:65:12:F0:33:46:9B:\n                        BF:98:4E:3C:0F:78:2F:87:9D:7C:5A:86:C8:AF:A8:37:\n                        AE:CA:B7:3A:9F:36:DA:C8:28:F8:05:69:3E:5C:CC:AA:\n                        8B:CC:CF:8B:CE:04:5D:0E:5E:0B:7F:AA:0B:1E:59:12:\n                        0C:96:F1:A9:E3:B6:34:97:FF:4F:72:2C:5C:56:44:2A:\n                        21:1E:AE:CA:47:70:A9:E8:B2:65:3B:EE:F5:6C:7F:C5:\n                        04:57:E8:E2:FF:A6:03:95:B0:8E:A7:59:F8:63:3D:6B:\n                        B3:65:AB:2B:EB:98:67:14:07:ED:AA:EC:B9:AE:0A:32:\n                        82:A8:66:11:72:22:17:B3:2E:A9:60:B8:54:9F:17:DB:\n                        B7:0C:4B:67:19:86:CD:E8:DA:C2:B7:22:AA:D8:F8:D1:\n                        4D:CD:99:D9:24:0C:9F:A7:8B:20:FB:0B:BE:70:E5:37:\n                        E1:99:9C:26:0D:2A:47:B3:BE:80:9A:03:C4:2C:1A:52:\n                        92:2C:84:C1:DC:B2:6A:22:F9:DC:E8:CC:43:9B:83:FF\n            Extensions: \n                Identifier: Authority Key Identifier - 2.5.29.35\n                    Critical: no \n                    Key Identifier: \n                        A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\n                        C4:00:E1:25\n                Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1\n                    Critical: no \n                    Access Description: \n                        Method #0: ocsp\n                        Location #0: URIName: http://pki.example.com:8080/ca/ocsp\n                Identifier: Key Usage: - 2.5.29.15\n                    Critical: yes \n                    Key Usage: \n                        Digital Signature \n                        Non Repudiation \n                        Key Encipherment \n                Identifier: Extended Key Usage: - 2.5.29.37\n                    Critical: no \n                    Extended Key Usage: \n                        clientAuth - 1.3.6.1.5.5.7.3.2\n                        emailProtection - 1.3.6.1.5.5.7.3.4\n        Signature: \n            Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n            Signature: \n                01:01:D9:79:88:6B:4D:81:68:7E:61:A5:3A:8A:F0:B3:\n                33:1D:9A:74:88:4F:00:E3:42:37:EE:F0:AD:52:87:98:\n                1E:24:E8:EB:62:8B:3B:3C:86:B7:B8:26:13:9D:E3:7F:\n                7B:F7:FF:B3:D7:D3:66:83:EB:13:27:10:2F:7A:C7:8E:\n                08:EE:42:B0:1A:91:0E:3C:C3:C2:B4:2C:A9:95:52:66:\n                95:73:04:BE:0C:2B:5C:80:7A:C1:33:DE:B9:61:5B:8F:\n                1B:0D:2F:C4:62:FE:02:12:43:7C:7E:3D:AD:B5:FF:D8:\n                B0:2A:71:43:24:03:F5:5C:DA:80:D0:CD:BF:44:B3:A8:\n                76:D1:F1:29:68:15:6F:E5:E8:40:6D:65:94:E8:43:A4:\n                04:B3:75:FF:5D:95:29:8D:9E:40:54:93:6D:D9:8F:2E:\n                71:87:CD:C6:97:EC:D9:A0:97:EB:BC:8D:5C:EE:CA:C7:\n                53:62:98:07:09:0E:ED:A2:77:C4:EC:D3:50:4C:74:2D:\n                F2:9E:B7:7C:10:DA:0C:C5:30:06:57:C8:0E:1D:CE:9A:\n                47:9F:02:87:D7:A6:F1:7B:63:55:FB:B3:2E:F0:7D:E4:\n                AA:49:76:0F:0D:C6:38:03:77:7E:AF:B6:37:A9:FC:AE:\n                A9:87:3D:FD:7C:FE:5F:38:53:BC:44:1F:8D:DF:E0:16:\n                26:63:07:6D:EE:D9:EB:75:02:11:83:E9:D9:90:22:15:\n                16:39:6F:8E:C8:3C:77:11:D0:7E:38:03:C5:A6:04:CA:\n                F9:57:5A:52:BE:FA:CF:31:05:5D:A6:42:1A:79:14:86:\n                C9:10:BA:38:3D:E3:DE:56:0A:CF:9E:40:B5:B3:9D:3C:\n                B7:66:EC:FE:B2:CC:79:8E:06:CB:37:8E:91:8C:17:0A:\n                95:5C:86:48:4B:6E:0B:AB:91:C2:EC:06:6E:D4:1C:A7:\n                B9:01:18:D7:87:B0:70:59:79:0E:5F:CD:47:65:B3:80:\n                7E:45:91:D9:58:FD:CE:4A:AA:5D:10:92:AA:F3:F8:21\n        FingerPrint\n            MD2:\n                08:B7:40:5F:0F:75:9B:7D:CE:6A:E6:02:04:0E:42:CE\n            MD5:\n                70:FA:86:85:09:4C:A7:AC:C2:7E:16:12:FE:1C:23:6F\n            SHA-1:\n                CC:01:B7:F5:26:13:47:D9:A5:2C:05:6B:E0:94:16:7E:\n                62:CD:AB:4D\n            SHA-256:\n                1A:00:A6:05:FB:14:33:B4:32:71:73:54:06:DA:52:BB:\n                C9:3E:BA:24:CA:C2:4D:B2:9B:7F:A5:F7:F8:55:C0:45\n            SHA-512:\n                D6:C2:13:5B:5C:06:15:90:E9:78:73:C7:0C:EE:70:19:\n                31:79:1F:AB:43:57:B7:97:C8:D7:00:CA:F3:4A:DD:1B:\n                03:BE:50:10:A8:F6:4A:A0:F3:2E:28:AD:7B:7C:1F:E5:\n                70:ED:22:8E:21:DD:D9:E0:8A:7E:4C:47:D3:56:C5:49\n",
  "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n",
  "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser"
}

/<app>/v2/admin/users/{userId}/certs/{certId}

DELETE

None

204

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs/2%3B219636095195869852359558645775241978227%3BCN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE%3BUID%3DnewUser

/<app>/v2/admin/users/{id}//membership

GET

size, start, filter

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership
{
  "total" : 1,
  "entries" : [ {
    "id" : "Auditors",
    "userID" : "newUser"
  } ]
}

/<app>/v2/admin/users/{id}//membership

POST

None

201

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --data 'Auditors' https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership
{
  "id" : "Auditors",
  "userID" : "newUser"
}

/<app>/v2/admin/users/{userId}//membership/{groupId}

DELETE

None

204

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership/Auditors

/<app>/v2/audit

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/audit
{
  "bufferSize" : 512,
  "Status" : "Enabled",
  "Signed" : false,
  "Interval" : 5,
  "Events" : {
    "ACCESS_SESSION_ESTABLISH" : "enabled",
    "ACCESS_SESSION_TERMINATED" : "enabled",
    "ASYMKEY_GENERATION_REQUEST" : "disabled",
    "ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
    "AUDIT_LOG_DELETE" : "disabled",
    "AUDIT_LOG_SHUTDOWN" : "disabled",
    "AUDIT_LOG_SIGNING" : "enabled",
    "AUDIT_LOG_STARTUP" : "enabled",
    "AUTH" : "enabled",
    "AUTHORITY_CONFIG" : "enabled",
    "AUTHZ" : "enabled",
    "CERT_PROFILE_APPROVAL" : "enabled",
    "CERT_REQUEST_PROCESSED" : "enabled",
    "CERT_SIGNING_INFO" : "enabled",
    "CERT_STATUS_CHANGE_REQUEST" : "enabled",
    "CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "enabled",
    "CIMC_CERT_VERIFICATION" : "disabled",
    "CLIENT_ACCESS_SESSION_ESTABLISH" : "enabled",
    "CLIENT_ACCESS_SESSION_TERMINATED" : "enabled",
    "CMC_ID_POP_LINK_WITNESS" : "disabled",
    "CMC_PROOF_OF_IDENTIFICATION" : "disabled",
    "CMC_REQUEST_RECEIVED" : "enabled",
    "CMC_RESPONSE_SENT" : "enabled",
    "CMC_SIGNED_REQUEST_SIG_VERIFY" : "enabled",
    "CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "enabled",
    "COMPUTE_RANDOM_DATA_REQUEST" : "disabled",
    "COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled",
    "COMPUTE_SESSION_KEY_REQUEST" : "disabled",
    "COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled",
    "CONFIG_ACL" : "enabled",
    "CONFIG_AUTH" : "enabled",
    "CONFIG_CERT_POLICY" : "disabled",
    "CONFIG_CERT_PROFILE" : "enabled",
    "CONFIG_CRL_PROFILE" : "enabled",
    "CONFIG_DRM" : "disabled",
    "CONFIG_ENCRYPTION" : "enabled",
    "CONFIG_OCSP_PROFILE" : "disabled",
    "CONFIG_ROLE" : "enabled",
    "CONFIG_SERIAL_NUMBER" : "enabled",
    "CONFIG_SIGNED_AUDIT" : "enabled",
    "CONFIG_TOKEN_AUTHENTICATOR" : "disabled",
    "CONFIG_TOKEN_CONNECTOR" : "disabled",
    "CONFIG_TOKEN_GENERAL" : "disabled",
    "CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled",
    "CONFIG_TOKEN_PROFILE" : "disabled",
    "CONFIG_TOKEN_RECORD" : "disabled",
    "CONFIG_TRUSTED_PUBLIC_KEY" : "enabled",
    "CRL_RETRIEVAL" : "disabled",
    "CRL_SIGNING_INFO" : "enabled",
    "CRL_VALIDATION" : "disabled",
    "DELTA_CRL_GENERATION" : "enabled",
    "DELTA_CRL_PUBLISHING" : "disabled",
    "DIVERSIFY_KEY_REQUEST" : "disabled",
    "DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled",
    "ENCRYPT_DATA_REQUEST" : "disabled",
    "ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled",
    "FULL_CRL_GENERATION" : "enabled",
    "FULL_CRL_PUBLISHING" : "disabled",
    "INTER_BOUNDARY" : "disabled",
    "KEY_GEN_ASYMMETRIC" : "enabled",
    "KEY_RECOVERY_AGENT_LOGIN" : "disabled",
    "KEY_RECOVERY_REQUEST" : "disabled",
    "KEY_STATUS_CHANGE" : "disabled",
    "LOG_PATH_CHANGE" : "enabled",
    "NON_PROFILE_CERT_REQUEST" : "disabled",
    "OCSP_ADD_CA_REQUEST" : "disabled",
    "OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled",
    "OCSP_GENERATION" : "enabled",
    "OCSP_REMOVE_CA_REQUEST" : "disabled",
    "OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled",
    "OCSP_SIGNING_INFO" : "enabled",
    "PROFILE_CERT_REQUEST" : "enabled",
    "PROOF_OF_POSSESSION" : "enabled",
    "RANDOM_GENERATION" : "enabled",
    "ROLE_ASSUME" : "enabled",
    "SCHEDULE_CRL_GENERATION" : "enabled",
    "SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled",
    "SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled",
    "SECURITY_DATA_EXPORT_KEY" : "disabled",
    "SECURITY_DATA_INFO" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled",
    "SECURITY_DOMAIN_UPDATE" : "enabled",
    "SELFTESTS_EXECUTION" : "enabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled",
    "SERVER_SIDE_KEYGEN_REQUEST" : "enabled",
    "SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "enabled",
    "SYMKEY_GENERATION_REQUEST" : "disabled",
    "SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
    "TOKEN_APPLET_UPGRADE" : "disabled",
    "TOKEN_AUTH" : "disabled",
    "TOKEN_CERT_ENROLLMENT" : "disabled",
    "TOKEN_CERT_RENEWAL" : "disabled",
    "TOKEN_CERT_RETRIEVAL" : "disabled",
    "TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled",
    "TOKEN_FORMAT" : "disabled",
    "TOKEN_KEY_CHANGEOVER" : "disabled",
    "TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled",
    "TOKEN_KEY_RECOVERY" : "disabled",
    "TOKEN_KEY_SANITY_CHECK" : "disabled",
    "TOKEN_OP_REQUEST" : "disabled",
    "TOKEN_PIN_RESET" : "disabled",
    "TOKEN_STATE_CHANGE" : "disabled"
  }
}

/<app>/v2/audit

PATCH

None

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json @audit.json -X PATCH https://$HOSTNAME:8443/ca/v2/audit
{
  "bufferSize" : 512,
  "Status" : "Enabled",
  "Signed" : false,
  "Interval" : 100,
  "Events" : {
    "ACCESS_SESSION_ESTABLISH" : "enabled",
    "ACCESS_SESSION_TERMINATED" : "disabled",
    "ASYMKEY_GENERATION_REQUEST" : "disabled",
    "ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
    "AUDIT_LOG_DELETE" : "disabled",
    "AUDIT_LOG_SHUTDOWN" : "disabled",
    "AUDIT_LOG_STARTUP" : "disabled",
    "AUTH" : "disabled",
    "AUTHORITY_CONFIG" : "disabled",
    "AUTHZ" : "disabled",
    "CERT_PROFILE_APPROVAL" : "disabled",
    "CERT_REQUEST_PROCESSED" : "disabled",
    "CERT_SIGNING_INFO" : "disabled",
    "CERT_STATUS_CHANGE_REQUEST" : "disabled",
    "CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "disabled",
    "CIMC_CERT_VERIFICATION" : "disabled",
    "CLIENT_ACCESS_SESSION_ESTABLISH" : "disabled",
    "CLIENT_ACCESS_SESSION_TERMINATED" : "disabled",
    "CMC_ID_POP_LINK_WITNESS" : "disabled",
    "CMC_PROOF_OF_IDENTIFICATION" : "disabled",
    "CMC_REQUEST_RECEIVED" : "disabled",
    "CMC_RESPONSE_SENT" : "disabled",
    "CMC_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
    "CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
    "COMPUTE_RANDOM_DATA_REQUEST" : "disabled",
    "COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled",
    "COMPUTE_SESSION_KEY_REQUEST" : "disabled",
    "COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled",
    "CONFIG_ACL" : "disabled",
    "CONFIG_AUTH" : "disabled",
    "CONFIG_CERT_POLICY" : "disabled",
    "CONFIG_CERT_PROFILE" : "disabled",
    "CONFIG_CRL_PROFILE" : "disabled",
    "CONFIG_DRM" : "disabled",
    "CONFIG_ENCRYPTION" : "disabled",
    "CONFIG_OCSP_PROFILE" : "disabled",
    "CONFIG_ROLE" : "disabled",
    "CONFIG_SERIAL_NUMBER" : "disabled",
    "CONFIG_SIGNED_AUDIT" : "disabled",
    "CONFIG_TOKEN_AUTHENTICATOR" : "disabled",
    "CONFIG_TOKEN_CONNECTOR" : "disabled",
    "CONFIG_TOKEN_GENERAL" : "disabled",
    "CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled",
    "CONFIG_TOKEN_PROFILE" : "disabled",
    "CONFIG_TOKEN_RECORD" : "disabled",
    "CONFIG_TRUSTED_PUBLIC_KEY" : "disabled",
    "CRL_RETRIEVAL" : "disabled",
    "CRL_SIGNING_INFO" : "disabled",
    "CRL_VALIDATION" : "disabled",
    "DELTA_CRL_GENERATION" : "disabled",
    "DELTA_CRL_PUBLISHING" : "disabled",
    "DIVERSIFY_KEY_REQUEST" : "disabled",
    "DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled",
    "ENCRYPT_DATA_REQUEST" : "disabled",
    "ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled",
    "FULL_CRL_GENERATION" : "disabled",
    "FULL_CRL_PUBLISHING" : "disabled",
    "INTER_BOUNDARY" : "disabled",
    "KEY_GEN_ASYMMETRIC" : "disabled",
    "KEY_RECOVERY_AGENT_LOGIN" : "disabled",
    "KEY_RECOVERY_REQUEST" : "disabled",
    "KEY_STATUS_CHANGE" : "disabled",
    "LOG_PATH_CHANGE" : "disabled",
    "NON_PROFILE_CERT_REQUEST" : "disabled",
    "OCSP_ADD_CA_REQUEST" : "disabled",
    "OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled",
    "OCSP_GENERATION" : "disabled",
    "OCSP_REMOVE_CA_REQUEST" : "disabled",
    "OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled",
    "OCSP_SIGNING_INFO" : "disabled",
    "PROFILE_CERT_REQUEST" : "disabled",
    "PROOF_OF_POSSESSION" : "disabled",
    "RANDOM_GENERATION" : "disabled",
    "ROLE_ASSUME" : "disabled",
    "SCHEDULE_CRL_GENERATION" : "disabled",
    "SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled",
    "SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled",
    "SECURITY_DATA_EXPORT_KEY" : "disabled",
    "SECURITY_DATA_INFO" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled",
    "SECURITY_DOMAIN_UPDATE" : "disabled",
    "SELFTESTS_EXECUTION" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled",
    "SERVER_SIDE_KEYGEN_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "disabled",
    "SYMKEY_GENERATION_REQUEST" : "disabled",
    "SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
    "TOKEN_APPLET_UPGRADE" : "disabled",
    "TOKEN_AUTH" : "disabled",
    "TOKEN_CERT_ENROLLMENT" : "disabled",
    "TOKEN_CERT_RENEWAL" : "disabled",
    "TOKEN_CERT_RETRIEVAL" : "disabled",
    "TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled",
    "TOKEN_FORMAT" : "disabled",
    "TOKEN_KEY_CHANGEOVER" : "disabled",
    "TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled",
    "TOKEN_KEY_RECOVERY" : "disabled",
    "TOKEN_KEY_SANITY_CHECK" : "disabled",
    "TOKEN_OP_REQUEST" : "disabled",
    "TOKEN_PIN_RESET" : "disabled",
    "TOKEN_STATE_CHANGE" : "disabled"
  }
}

/<app>/v2/audit

POST

action (enable/disable)

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -X POST "https://$HOSTNAME:8443/ca/v2/audit?action=enable"
{
  "bufferSize" : 512,
  "Status" : "Enabled",
  "Signed" : false,
  "Interval" : 100,
  "Events" : {
    "ACCESS_SESSION_ESTABLISH" : "enabled",
    "ACCESS_SESSION_TERMINATED" : "disabled",
    "ASYMKEY_GENERATION_REQUEST" : "disabled",
    "ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
    "AUDIT_LOG_DELETE" : "disabled",
    "AUDIT_LOG_SHUTDOWN" : "disabled",
    "AUDIT_LOG_STARTUP" : "disabled",
    "AUTH" : "disabled",
    "AUTHORITY_CONFIG" : "disabled",
    "AUTHZ" : "disabled",
    "CERT_PROFILE_APPROVAL" : "disabled",
    "CERT_REQUEST_PROCESSED" : "disabled",
    "CERT_SIGNING_INFO" : "disabled",
    "CERT_STATUS_CHANGE_REQUEST" : "disabled",
    "CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "disabled",
    "CIMC_CERT_VERIFICATION" : "disabled",
    "CLIENT_ACCESS_SESSION_ESTABLISH" : "disabled",
    "CLIENT_ACCESS_SESSION_TERMINATED" : "disabled",
    "CMC_ID_POP_LINK_WITNESS" : "disabled",
    "CMC_PROOF_OF_IDENTIFICATION" : "disabled",
    "CMC_REQUEST_RECEIVED" : "disabled",
    "CMC_RESPONSE_SENT" : "disabled",
    "CMC_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
    "CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
    "COMPUTE_RANDOM_DATA_REQUEST" : "disabled",
    "COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled",
    "COMPUTE_SESSION_KEY_REQUEST" : "disabled",
    "COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled",
    "CONFIG_ACL" : "disabled",
    "CONFIG_AUTH" : "disabled",
    "CONFIG_CERT_POLICY" : "disabled",
    "CONFIG_CERT_PROFILE" : "disabled",
    "CONFIG_CRL_PROFILE" : "disabled",
    "CONFIG_DRM" : "disabled",
    "CONFIG_ENCRYPTION" : "disabled",
    "CONFIG_OCSP_PROFILE" : "disabled",
    "CONFIG_ROLE" : "disabled",
    "CONFIG_SERIAL_NUMBER" : "disabled",
    "CONFIG_SIGNED_AUDIT" : "disabled",
    "CONFIG_TOKEN_AUTHENTICATOR" : "disabled",
    "CONFIG_TOKEN_CONNECTOR" : "disabled",
    "CONFIG_TOKEN_GENERAL" : "disabled",
    "CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled",
    "CONFIG_TOKEN_PROFILE" : "disabled",
    "CONFIG_TOKEN_RECORD" : "disabled",
    "CONFIG_TRUSTED_PUBLIC_KEY" : "disabled",
    "CRL_RETRIEVAL" : "disabled",
    "CRL_SIGNING_INFO" : "disabled",
    "CRL_VALIDATION" : "disabled",
    "DELTA_CRL_GENERATION" : "disabled",
    "DELTA_CRL_PUBLISHING" : "disabled",
    "DIVERSIFY_KEY_REQUEST" : "disabled",
    "DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled",
    "ENCRYPT_DATA_REQUEST" : "disabled",
    "ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled",
    "FULL_CRL_GENERATION" : "disabled",
    "FULL_CRL_PUBLISHING" : "disabled",
    "INTER_BOUNDARY" : "disabled",
    "KEY_GEN_ASYMMETRIC" : "disabled",
    "KEY_RECOVERY_AGENT_LOGIN" : "disabled",
    "KEY_RECOVERY_REQUEST" : "disabled",
    "KEY_STATUS_CHANGE" : "disabled",
    "LOG_PATH_CHANGE" : "disabled",
    "NON_PROFILE_CERT_REQUEST" : "disabled",
    "OCSP_ADD_CA_REQUEST" : "disabled",
    "OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled",
    "OCSP_GENERATION" : "disabled",
    "OCSP_REMOVE_CA_REQUEST" : "disabled",
    "OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled",
    "OCSP_SIGNING_INFO" : "disabled",
    "PROFILE_CERT_REQUEST" : "disabled",
    "PROOF_OF_POSSESSION" : "disabled",
    "RANDOM_GENERATION" : "disabled",
    "ROLE_ASSUME" : "disabled",
    "SCHEDULE_CRL_GENERATION" : "disabled",
    "SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled",
    "SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled",
    "SECURITY_DATA_EXPORT_KEY" : "disabled",
    "SECURITY_DATA_INFO" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled",
    "SECURITY_DOMAIN_UPDATE" : "disabled",
    "SELFTESTS_EXECUTION" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled",
    "SERVER_SIDE_KEYGEN_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "disabled",
    "SYMKEY_GENERATION_REQUEST" : "disabled",
    "SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
    "TOKEN_APPLET_UPGRADE" : "disabled",
    "TOKEN_AUTH" : "disabled",
    "TOKEN_CERT_ENROLLMENT" : "disabled",
    "TOKEN_CERT_RENEWAL" : "disabled",
    "TOKEN_CERT_RETRIEVAL" : "disabled",
    "TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled",
    "TOKEN_FORMAT" : "disabled",
    "TOKEN_KEY_CHANGEOVER" : "disabled",
    "TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled",
    "TOKEN_KEY_RECOVERY" : "disabled",
    "TOKEN_KEY_SANITY_CHECK" : "disabled",
    "TOKEN_OP_REQUEST" : "disabled",
    "TOKEN_PIN_RESET" : "disabled",
    "TOKEN_STATE_CHANGE" : "disabled"
  }
}

/<app>/v2/audit/files

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/audit/files
{
  "total" : 1,
  "entries" : [ {
    "name" : "ca_audit",
    "size" : 77606
  } ]
}

/<app>/v2/audit/files/{id}

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/audit/files/ca_audit
0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=CERT_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:C4:00:E1:25] certificate signing info
0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=CRL_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:C4:00:E1:25] CRL signing info
0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=OCSP_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=AB:AF:55:C8:C0:97:C8:B6:AA:47:0D:D0:66:C6:15:E1:B1:EF:EF:77] OCSP signing info
0.main - [29/Oct/2024:11:09:29 UTC] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Success] self tests execution (see selftests.log for details)
0.https-jsse-jss-nio-8443-exec-1 - [29/Oct/2024:11:09:31 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-2 - [29/Oct/2024:11:09:31 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-3 - [29/Oct/2024:11:09:32 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-3 - [29/Oct/2024:11:09:32 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertReceived: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-5 - [29/Oct/2024:11:45:53 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Failure][Info=serverAlertSent: UNEXPECTED_MESSAGE] access session establish failure
0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertReceived: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated

/<app>/v2/config/features

GET

None

200

ca

Show
$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/config/features
[{"id":"authority","description":"Lightweight CAs","version":"1.0","enabled":true}]

/<app>/v2/config/features/{id}

GET

None

200

ca

Show
$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/config/features/authority
{
  "id" : "authority",
  "description" : "Lightweight CAs",
  "version" : "1.0",
  "enabled" : true
}

/<app>/v2/jobs

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/jobs
{
  "entries" : [ {
    "id" : "certRenewalNotifier",
    "enabled" : false,
    "cron" : "0 3 * * 1-5",
    "pluginName" : "RenewalNotificationJob",
    "parameters" : { }
  }, {
    "id" : "pruning",
    "enabled" : false,
    "pluginName" : "PruningJob",
    "parameters" : { }
  }, {
    "id" : "publishCerts",
    "enabled" : false,
    "cron" : "0 0 * * 2",
    "pluginName" : "PublishCertsJob",
    "parameters" : { }
  }, {
    "id" : "requestInQueueNotifier",
    "enabled" : false,
    "cron" : "0 0 * * 0",
    "pluginName" : "RequestInQueueJob",
    "parameters" : { }
  }, {
    "id" : "serialNumberUpdate",
    "enabled" : false,
    "pluginName" : "SerialNumberUpdateJob",
    "parameters" : { }
  }, {
    "id" : "unpublishExpiredCerts",
    "enabled" : false,
    "cron" : "0 0 * * 6",
    "pluginName" : "UnpublishExpiredJob",
    "parameters" : { }
  } ]
}

/<app>/v2/jobs/{id}

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/jobs/serialNumberUpdate
{
  "id" : "serialNumberUpdate",
  "enabled" : false,
  "pluginName" : "SerialNumberUpdateJob",
  "parameters" : { }
}

/<app>/v2/jobs/{id}/start

POST

None

200

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/jobs/serialNumberUpdate/start

/<app>/v2/securityDomain/domainInfo

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/securityDomain/domainInfo
{
  "subsystemArray" : [ {
    "hosts" : {
      "CA pki.example.com 8443" : {
        "id" : "CA pki.example.com 8443",
        "Hostname" : "pki.example.com",
        "Port" : "8080",
        "SecurePort" : "8443",
        "SecureEEClientAuthPort" : "8443",
        "SecureAgentPort" : "8443",
        "SecureAdminPort" : "8443",
        "Clone" : "FALSE",
        "SubsystemName" : "CA pki.example.com 8443",
        "DomainManager" : "TRUE"
      }
    },
    "hostArray" : [ {
      "id" : "CA pki.example.com 8443",
      "Hostname" : "pki.example.com",
      "Port" : "8080",
      "SecurePort" : "8443",
      "SecureEEClientAuthPort" : "8443",
      "SecureAgentPort" : "8443",
      "SecureAdminPort" : "8443",
      "Clone" : "FALSE",
      "SubsystemName" : "CA pki.example.com 8443",
      "DomainManager" : "TRUE"
    } ],
    "id" : "CA"
  } ],
  "id" : "EXAMPLE",
  "subsystems" : {
    "CA" : {
      "hosts" : {
        "CA pki.example.com 8443" : {
          "id" : "CA pki.example.com 8443",
          "Hostname" : "pki.example.com",
          "Port" : "8080",
          "SecurePort" : "8443",
          "SecureEEClientAuthPort" : "8443",
          "SecureAgentPort" : "8443",
          "SecureAdminPort" : "8443",
          "Clone" : "FALSE",
          "SubsystemName" : "CA pki.example.com 8443",
          "DomainManager" : "TRUE"
        }
      },
      "hostArray" : [ {
        "id" : "CA pki.example.com 8443",
        "Hostname" : "pki.example.com",
        "Port" : "8080",
        "SecurePort" : "8443",
        "SecureEEClientAuthPort" : "8443",
        "SecureAgentPort" : "8443",
        "SecureAdminPort" : "8443",
        "Clone" : "FALSE",
        "SubsystemName" : "CA pki.example.com 8443",
        "DomainManager" : "TRUE"
      } ],
      "id" : "CA"
    }
  }
}

/<app>/v2/securityDomain/hosts

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/securityDomain/hosts
[{"id":"CA pki.example.com 8443","Hostname":"pki.example.com","Port":"8080","SecurePort":"8443","SecureEEClientAuthPort":"8443","SecureAgentPort":"8443","SecureAdminPort":"8443","Clone":"FALSE","SubsystemName":"CA pki.example.com 8443","DomainManager":"TRUE"}]

/<app>/v2/securityDomain/hosts

PUT

None

204

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt -b session_cookie --json '{"id":"CA pki2.example.com 8443","Hostname":"pki2.example.com","Port":"8080","SecurePort":"8443","SecureEEClientAuthPort":"8443","SecureAgentPort":"8443","SecureAdminPort":"8443","Clone":"TRUE","SubsystemName":"CA pki2.example.com 8443","DomainManager":"FALSE"}' -X PUT https://$HOSTNAME:8443/ca/v2/securityDomain/hosts

/<app>/v2/securityDomain/hosts/{ID}

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/securityDomain/hosts/CA%20pki.example.com%208443
{
  "id" : "CA pki.example.com 8443",
  "Hostname" : "pki.example.com",
  "Port" : "8080",
  "SecurePort" : "8443",
  "SecureEEClientAuthPort" : "8443",
  "SecureAgentPort" : "8443",
  "SecureAdminPort" : "8443",
  "Clone" : "FALSE",
  "SubsystemName" : "CA pki.example.com 8443",
  "DomainManager" : "TRUE"
}

/<app>/v2/securityDomain/hosts/{ID}

DELETE

None

204

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/securityDomain/hosts/CA%20pki.example.com%208443

/<app>/v2/securityDomain/installToken

GET

hostname, subsystem

200

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/securityDomain/installToken?hostname=pki.example.com&subsystem=CA"
{
  "token" : "4984326538499940852"
}

/<app>/v2/selftests

GET

start, size, filter

200

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/selftests?start=2"
{
  "total" : 3,
  "entries" : [ {
    "id" : "SystemCertsVerification",
    "enabledAtStartup" : true,
    "criticalAtStartup" : true,
    "enabledOnDemand" : true,
    "criticalOnDemand" : true
  } ]
}

/<app>/v2/selftests

POST

action (run)

204

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/selftests?action=run"

/<app>/v2/selftests/{id}

GET

None

200

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/selftests/CAValidity
{
  "id" : "CAValidity",
  "enabledAtStartup" : false,
  "enabledOnDemand" : true,
  "criticalOnDemand" : true
}

/<app>/v2/selftests/run

POST

None

200

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/selftests/run
{
  "entries" : [ {
    "id" : "CAPresence",
    "status" : "PASSED"
  }, {
    "id" : "SystemCertsVerification",
    "status" : "PASSED"
  }, {
    "id" : "CAValidity",
    "status" : "PASSED"
  } ]
}

/<app>/v2/selftests/{id}/run

POST

None

200

ca, kra, ocsp, tks, tps

Show
$ curl -v --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/selftests/CAPresence/run
{
  "id" : "CAPresence",
  "status" : "PASSED"
}

CA endpoints

Path Method Parameters Return code Example

/ca/v2/admin/kraconnector

GET

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/kraconnector
{
  "host" : "pki.example.com",
  "port" : "8443",
  "transportCert" : "MIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==",
  "uri" : "/kra/agent/kra/connector",
  "timeout" : "30",
  "local" : "false",
  "enable" : "true"
}

/ca/v2/admin/kraconnector/add

POST

None

204

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"host":"pki.example.com","port":"8443","transportCert":"MIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==","uri":"/kra/agent/kra/connector","timeout":"30","local":"false","enable":"true"}' https://$HOSTNAME:8443/ca/v2/admin/kraconnector/add

/ca/v2/admin/kraconnector/addHost

POST

host, port

204

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -X POST  "https://$HOSTNAME:8443/ca/v2/admin/kraconnector/addHost?host=pki2.example.com&port=8443"

/ca/v2/admin/kraconnector/remove

POST

host, port

204

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -X POST  "https://$HOSTNAME:8443/ca/v2/admin/kraconnector/remove?host=pki.example.com&port=8443"

/ca/v2/agent/certrequests

GET

pageSize, start, maxTime

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/agent/certrequests?pageSize=2"
{
  "total" : 7,
  "entries" : [ {
    "requestID" : "0x58e47a524bff8fbc512465759b63f424",
    "requestType" : "enrollment",
    "requestStatus" : "complete",
    "creationTime" : 1730200079000,
    "modificationTime" : 1730200084000,
    "certId" : "0x86614664f6379c1c2d0a39d1e47d3fd0",
    "certRequestType" : "pkcs10",
    "operationResult" : "success"
  }, {
    "requestID" : "0x5f2533c00bb8934584decbf1aa9ab987",
    "requestType" : "enrollment",
    "requestStatus" : "complete",
    "creationTime" : 1730200087000,
    "modificationTime" : 1730200093000,
    "certId" : "0xf84f45cd025332f2b06d1ec58136be89",
    "certRequestType" : "pkcs10",
    "operationResult" : "success"
  } ]
}

/ca/v2/agent/certrequests/{id}

GET

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/agent/certrequests/0x5f2533c00bb8934584decbf1aa9ab987
{
  "nonce" : "-8579840105031817822",
  "requestId" : "0x5f2533c00bb8934584decbf1aa9ab987",
  "requestType" : "enrollment",
  "requestStatus" : "complete",
  "requestOwner" : "",
  "requestCreationTime" : "Tue Oct 29 11:08:07 UTC 2024",
  "requestModificationTime" : "Tue Oct 29 11:08:13 UTC 2024",
  "requestNotes" : "",
  "profileApprovedBy" : "system",
  "profileSetId" : "ocspCertSet",
  "profileIsVisible" : "true",
  "profileName" : "Manual OCSP Manager Signing Certificate Enrollment",
  "profileDescription" : "This certificate profile is for enrolling OCSP Manager certificates.",
  "ProfileID" : "caOCSPCert",
  "Renewal" : false,
  "Input" : [ {
    "ClassID" : "CertReqInput",
    "Name" : "Certificate Request Input",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "cert_request_type",
      "Value" : "pkcs10"
    }, {
      "name" : "cert_request",
      "Value" : "-----BEGIN CERTIFICATE REQUEST-----\nMIIDkjCCAfoCAQAwTTEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEkMCIG\nA1UEAwwbQ0EgT0NTUCBTaWduaW5nIENlcnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A\nMIIBigKCAYEAsaCn1oUxVloC5G+Adi8rF40WEk10IL7NUEw9Bm6+704T7pKut9BDOH/8sCU+/bcw\nAHNKUpqKbpS55N7V0xYntfyiD8RxGVY4BxPWMPuhLcb5zRZXybKIvV2KpgOqQmS5+Sx0HrEyA6Xo\nFyB5E7fE/mqheA7V1RyL047m1T0ER/tkHWYldj0aLlYQKv8dmfzW52PRYF08ByVWzTXcByFyO3Tg\nwjN84ksKAfihBiALj92jgbxyOHD/utEFtz8XpjlqLMl7MVYhpeu/p5DbCTPk55OcKwQF6MbLMExl\nSrvF6JBKHLfLdbFY3OwbryP+f1Dc9UlFoDELZjlp+Z2klwlxympqTpsXztMzAQUfRqu5GjcL7v9s\nLmNahVoKfWuZWQEC5FUHyJk3DT/v0jax30QHq3CqoYUWZs/rolfpzInvqSMmDmxHz/nIdEwpmhvt\nAijuwG+Qm1PA4eHy2l3OhIGYWvYgA5oEq/BLZgvi3SOhNR3ctz98rlEI2j3MWy9dYBDhAgMBAAGg\nADANBgkqhkiG9w0BAQsFAAOCAYEAputw+T001caAwVTyZttOf5hmmiHnwqw1BFfoVA1Sy2W9xRrU\nTvCF2/eiSiRbLfsgpikgtOpRuON+m1SiYK/W3v+SkU1d9ewNQo1u2oNh1sjpzZjkLvfEvx4jjiDQ\nmA6GhhMzUiMvWPM9+d97c+1euF8mYvnyGJclutf2OVAhHdii8g5arR+gRGQHWXfziDkm3bFtgO0O\nMazHzehow81cArN27HfPzi2hPb447vekWdrDfW4O1VWp25hxTjef5LYQd8aKTIwYah+zaAqyZG6D\n7xYRxkOhb9d37nFL8qDWAZHyIcAZrkZ72APEqtMLaOewjzVrdbj/J5yncByk8SpW2E/XGy9NlDgi\nmuhMj8PuZXEItvaSpUG+o75b/o0i/CO+t+MgIQhE6dtZkEhRUpbuUN/+kILD++i4N1WB/owcOSuW\nSWER5L0gjpw8+UES4tV3qaS3zUSCZroyoUU430goxeHdk58CAoWrs9vqDdM/NkvjXrQJUmMmAL9f\nkpVhlMfw\n-----END CERTIFICATE REQUEST-----"
    } ]
  }, {
    "ClassID" : "SubmitterInfoInput",
    "Name" : "Requestor Information",
    "ConfigAttribute" : [ ],
    "Attribute" : [ ]
  } ],
  "Output" : [ ],
  "ProfilePolicySet" : [ {
    "policies" : [ {
      "id" : "1",
      "def" : {
        "name" : "Subject Name Default",
        "text" : "This default populates a User-Supplied Certificate Subject Name to the request.",
        "attributes" : [ {
          "name" : "name",
          "Value" : "CN=CA OCSP Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Subject Name Constraint",
        "text" : "This constraint accepts the subject name that matches CN=.*",
        "classId" : "SubjectNameConstraint",
        "constraints" : [ {
          "name" : "pattern",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name Pattern"
          },
          "value" : "CN=.*"
        } ]
      }
    }, {
      "id" : "2",
      "def" : {
        "name" : "Validity Default",
        "text" : "This default populates a Certificate Validity to the request. The default values are Range=720 in days",
        "attributes" : [ {
          "name" : "notBefore",
          "Value" : "2024-10-29 11:08:09",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not Before"
          }
        }, {
          "name" : "notAfter",
          "Value" : "2026-10-19 11:08:09",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not After"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Validity Constraint",
        "text" : "This constraint rejects the validity that is not between 720 days.",
        "classId" : "ValidityConstraint",
        "constraints" : [ {
          "name" : "range",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Validity Range",
            "DefaultValue" : "365"
          },
          "value" : "720"
        }, {
          "name" : "rangeUnit",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Validity Range Unit: year, month, day (default), hour, minute",
            "DefaultValue" : "day"
          },
          "value" : ""
        }, {
          "name" : "notBeforeGracePeriod",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Grace period for Not Before being set in the future (in seconds).",
            "DefaultValue" : "0"
          },
          "value" : ""
        }, {
          "name" : "notBeforeCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not Before against current time",
            "DefaultValue" : "false"
          },
          "value" : "false"
        }, {
          "name" : "notAfterCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not After against Not Before",
            "DefaultValue" : "false"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "3",
      "def" : {
        "name" : "Key Default",
        "text" : "This default populates a User-Supplied Certificate Key to the request.",
        "attributes" : [ {
          "name" : "TYPE",
          "Value" : "RSA - 1.2.840.113549.1.1.1",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Type"
          }
        }, {
          "name" : "LEN",
          "Value" : "3072",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Length"
          }
        }, {
          "name" : "KEY",
          "Value" : "30:82:01:8A:02:82:01:81:00:B1:A0:A7:D6:85:31:56:\\n5A:02:E4:6F:80:76:2F:2B:17:8D:16:12:4D:74:20:BE:\\nCD:50:4C:3D:06:6E:BE:EF:4E:13:EE:92:AE:B7:D0:43:\\n38:7F:FC:B0:25:3E:FD:B7:30:00:73:4A:52:9A:8A:6E:\\n94:B9:E4:DE:D5:D3:16:27:B5:FC:A2:0F:C4:71:19:56:\\n38:07:13:D6:30:FB:A1:2D:C6:F9:CD:16:57:C9:B2:88:\\nBD:5D:8A:A6:03:AA:42:64:B9:F9:2C:74:1E:B1:32:03:\\nA5:E8:17:20:79:13:B7:C4:FE:6A:A1:78:0E:D5:D5:1C:\\n8B:D3:8E:E6:D5:3D:04:47:FB:64:1D:66:25:76:3D:1A:\\n2E:56:10:2A:FF:1D:99:FC:D6:E7:63:D1:60:5D:3C:07:\\n25:56:CD:35:DC:07:21:72:3B:74:E0:C2:33:7C:E2:4B:\\n0A:01:F8:A1:06:20:0B:8F:DD:A3:81:BC:72:38:70:FF:\\nBA:D1:05:B7:3F:17:A6:39:6A:2C:C9:7B:31:56:21:A5:\\nEB:BF:A7:90:DB:09:33:E4:E7:93:9C:2B:04:05:E8:C6:\\nCB:30:4C:65:4A:BB:C5:E8:90:4A:1C:B7:CB:75:B1:58:\\nDC:EC:1B:AF:23:FE:7F:50:DC:F5:49:45:A0:31:0B:66:\\n39:69:F9:9D:A4:97:09:71:CA:6A:6A:4E:9B:17:CE:D3:\\n33:01:05:1F:46:AB:B9:1A:37:0B:EE:FF:6C:2E:63:5A:\\n85:5A:0A:7D:6B:99:59:01:02:E4:55:07:C8:99:37:0D:\\n3F:EF:D2:36:B1:DF:44:07:AB:70:AA:A1:85:16:66:CF:\\nEB:A2:57:E9:CC:89:EF:A9:23:26:0E:6C:47:CF:F9:C8:\\n74:4C:29:9A:1B:ED:02:28:EE:C0:6F:90:9B:53:C0:E1:\\nE1:F2:DA:5D:CE:84:81:98:5A:F6:20:03:9A:04:AB:F0:\\n4B:66:0B:E2:DD:23:A1:35:1D:DC:B7:3F:7C:AE:51:08:\\nDA:3D:CC:5B:2F:5D:60:10:E1:02:03:01:00:01\\n",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Key Constraint",
        "text" : "This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521",
        "classId" : "KeyConstraint",
        "constraints" : [ {
          "name" : "keyType",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "-,RSA,EC",
            "Description" : "Key Type",
            "DefaultValue" : "RSA"
          },
          "value" : "-"
        }, {
          "name" : "keyParameters",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.",
            "DefaultValue" : ""
          },
          "value" : "1024,2048,3072,4096,nistp256,nistp384,nistp521"
        } ]
      }
    }, {
      "id" : "4",
      "def" : {
        "name" : "Authority Key Identifier Default",
        "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.",
        "attributes" : [ {
          "name" : "critical",
          "Value" : "false",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Criticality"
          }
        }, {
          "name" : "keyid",
          "Value" : "A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\\nC4:00:E1:25\\n",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key ID"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "NoConstraint",
        "constraints" : [ ]
      }
    }, {
      "id" : "5",
      "def" : {
        "name" : "AIA Extension Default",
        "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}",
        "attributes" : [ {
          "name" : "authInfoAccessCritical",
          "Value" : "false",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "authInfoAccessGeneralNames",
          "Value" : "Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://pki.example.com:8080/ca/ocsp\r\nEnable:true\r\n\r\n",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "NoConstraint",
        "constraints" : [ ]
      }
    }, {
      "id" : "6",
      "def" : {
        "name" : "Extended Key Usage Default",
        "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.9",
        "attributes" : [ {
          "name" : "exKeyUsageCritical",
          "Value" : "false",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "exKeyUsageOIDs",
          "Value" : "1.3.6.1.5.5.7.3.9",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "Comma-Separated list of Object Identifiers"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Extended Key Usage Extension",
        "text" : "This constraint accepts the Extended Key Usage extension, if present, only when Criticality=false, OIDs=1.3.6.1.5.5.7.3.9",
        "classId" : "ExtendedKeyUsageExtConstraint",
        "constraints" : [ {
          "name" : "exKeyUsageCritical",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Criticality",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "exKeyUsageOIDs",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Comma-Separated list of Object Identifiers"
          },
          "value" : "1.3.6.1.5.5.7.3.9"
        } ]
      }
    }, {
      "id" : "8",
      "def" : {
        "name" : "OCSP No Check Extension",
        "text" : "This default populates an OCSP No Check Extension (1.3.6.1.5.5.7.48.1.5) to the request. The default values are Criticality=false",
        "attributes" : [ {
          "name" : "ocspNoCheckCritical",
          "Value" : "false",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "This constraint accepts the extension only when Criticality=false, OID=1.3.6.1.5.5.7.48.1.5",
        "classId" : "ExtensionConstraint",
        "constraints" : [ {
          "name" : "extCritical",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Criticality",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "extOID",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Object Identifier"
          },
          "value" : "1.3.6.1.5.5.7.48.1.5"
        } ]
      }
    }, {
      "id" : "9",
      "def" : {
        "name" : "Signing Alg",
        "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA",
        "attributes" : [ {
          "name" : "signingAlg",
          "Value" : "SHA256withRSA",
          "Descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
            "Description" : "Signing Algorithm"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
        "classId" : "SigningAlgConstraint",
        "constraints" : [ {
          "name" : "signingAlgsAllowed",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Allowed Signing Algorithms",
            "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"
          },
          "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"
        } ]
      }
    } ]
  } ],
  "Attributes" : {
    "Attribute" : [ ]
  }
}

/ca/v2/agent/certrequests/{id}/approve
/ca/v2/agent/certrequests/{id}/assign
/ca/v2/agent/certrequests/{id}/cancel
/ca/v2/agent/certrequests/{id}/reject
/ca/v2/agent/certrequests/{id}/validate
/ca/v2/agent/certrequests/{id}/unassign
/ca/v2/agent/certrequests/{id}/update

POST

None

204

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"nonce":"698006587460251198","requestId":"0x563c6ef28a2aa590fb5df963043be30e","requestType":"enrollment","requestStatus":"pending","requestOwner":"","requestCreationTime":"Wed Oct 30 11:09:30 UTC 2024","requestModificationTime":"Wed Oct 30 11:09:30 UTC 2024","requestNotes":"","profileApprovedBy":"admin","profileSetId":"userCertSet","profileIsVisible":"false","profileName":"Manual User Dual-Use Certificate Enrollment","profileDescription":"This certificate profile is for enrolling user certificates.","profileRemoteHost":"172.18.0.3","profileRemoteAddr":"172.18.0.3","ProfileID":"caUserCert","Renewal":false,"Input":[{"ClassID":"KeyGenInput","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Value":"pkcs10"},{"name":"cert_request","Value":"-----BEGIN CERTIFICATE REQUEST-----\nMIICXjCCAUYCAQAwGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUA\r\nA4IBDwAwggEKAoIBAQCfuroXU/H8AxyI3pBKF7mYRoP+yL0Qucqg9fvnJdY7M/E3OIHg+2l5f2UX\r\nL+Q9ESDZ7EMGxmuORPvqwwNuHSKaW/kfurcdTFlQjVuoXwUwy86D/veAp317tDZZmcjU6DgWrx8M\r\nA5c46Ck8KOa5NOetPjpbCufTLaKmPDM6+Rsei+aY5FMksHh6W+a1djuz1yN0COc60/+pzR4MCzMZ\r\n1N8TYKmtfprectaK9Jj0ckkRZ9zAuAwxdNnfSkNIgu8btBX7+/9IqSi+s/TUTo8jDxXWZkEu+Pn+\r\nCVpuYFd2lvij7gCJ2fKuDy5yyh1HFJFFWqQZ+V+snylBeAwHgk3V9dJvAgMBAAGgADANBgkqhkiG\r\n9w0BAQsFAAOCAQEAfYpmNiENJOVycl9DODw3UEmLDEZl5vDplUaK4E47ITz6rbB/vSQzXB/KDDuU\r\nLq/aqfPhhXFDYaQ3BLlgrxYcuojiDMEkEwi6lU1OxPpEWcCrCSMx0NzsQMA3XSWziMwCc0kyodlQ\r\nRYOEDMWfWNplBA/6kdEb5Vce/UrbOdbquWgcIopYyJ9QdLJJbqvFN2JUwpibd7pJSyglWK/WHk8o\r\nov1jQIkYmSlznQwLQyeliBMMX4pFN3BAgEuo4hFlYeP5r1ig3xsdXmKbZgtGo1FEK7OBHAbfmMs0\r\nNdp2mLo5hvNSTTYl4aATsR9SfljuRtjhZtqPfsonzDAjO+wj5dOC7g==\r\n-----END CERTIFICATE REQUEST-----"}]},{"ClassID":"SubjectNameInput","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Value":"newUser"}]},{"ClassID":"SubmitterInfoInput","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[]}],"Output":[],"ProfilePolicySet":[{"policies":[{"id":"1","def":{"name":"Subject Name Default","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Value":"UID=newUser","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"SubjectNameConstraint","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"RenewGracePeriodConstraint","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Value":"2024-10-30 11:09:30","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Value":"2025-04-28 11:09:30","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"ValidityConstraint","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Value":"RSA - 1.2.840.113549.1.1.1","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Value":"2048","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Value":"30:82:01:0A:02:82:01:01:00:9F:BA:BA:17:53:F1:FC:\\n03:1C:88:DE:90:4A:17:B9:98:46:83:FE:C8:BD:10:B9:\\nCA:A0:F5:FB:E7:25:D6:3B:33:F1:37:38:81:E0:FB:69:\\n79:7F:65:17:2F:E4:3D:11:20:D9:EC:43:06:C6:6B:8E:\\n44:FB:EA:C3:03:6E:1D:22:9A:5B:F9:1F:BA:B7:1D:4C:\\n59:50:8D:5B:A8:5F:05:30:CB:CE:83:FE:F7:80:A7:7D:\\n7B:B4:36:59:99:C8:D4:E8:38:16:AF:1F:0C:03:97:38:\\nE8:29:3C:28:E6:B9:34:E7:AD:3E:3A:5B:0A:E7:D3:2D:\\nA2:A6:3C:33:3A:F9:1B:1E:8B:E6:98:E4:53:24:B0:78:\\n7A:5B:E6:B5:76:3B:B3:D7:23:74:08:E7:3A:D3:FF:A9:\\nCD:1E:0C:0B:33:19:D4:DF:13:60:A9:AD:7E:9A:DE:72:\\nD6:8A:F4:98:F4:72:49:11:67:DC:C0:B8:0C:31:74:D9:\\nDF:4A:43:48:82:EF:1B:B4:15:FB:FB:FF:48:A9:28:BE:\\nB3:F4:D4:4E:8F:23:0F:15:D6:66:41:2E:F8:F9:FE:09:\\n5A:6E:60:57:76:96:F8:A3:EE:00:89:D9:F2:AE:0F:2E:\\n72:CA:1D:47:14:91:45:5A:A4:19:F9:5F:AC:9F:29:41:\\n78:0C:07:82:4D:D5:F5:D2:6F:02:03:01:00:01\\n","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"KeyConstraint","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Value":"false","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Value":"A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\\nC4:00:E1:25\\n","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Value":"Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://pki.example.com:8080/ca/ocsp\r\nEnable:true\r\n\r\n","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Value":"false","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"KeyUsageExtConstraint","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Value":"SHA256withRSA","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"SigningAlgConstraint","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]}],"Attributes":{"Attribute":[]}}' https://$HOSTNAME:8443/ca/v2/agent/certrequests/0x563c6ef28a2aa590fb5df963043be30e/approve

/ca/v2/agent/certs/{id}

GET

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee
{
  "id" : "0x55092f4611ad2ede6c4064045d64bdee",
  "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "SubjectDN" : "UID=newUser",
  "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEADCCAmigAwIBAgIQVQkvRhGtLt5sQGQEXWS97jANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQK\r\nDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRp\r\nZmljYXRlMB4XDTI0MTAzMDEwNTMyMVoXDTI1MDQyODEwNTMyMVowGTEXMBUGCgmSJomT8ixkAQEM\r\nB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwESmzBPELRnX6TZDwraEt\r\nLOCo/NVffA3KCPLqHpIedbUGUn58kegtiLCpv84Aq1kcKYGz7Uy4n94NmP4YUxd5HvbUfjI5vCPB\r\n+DsMGleB59sz8StQUQMjI8TtJKZIWx1hPmE9ji7SnNgLXDxf343Bvsny3CTt8/0cavD77+exEjWf\r\nM1Qqlsn/zlfMZRsO0+pzDIisQknsT+MWdJKH7qahfpsR7b+ibp1IjwbdmkLWVV2DpcP303+17VEg\r\nS5EJTuipbXujaAlQgbhZHqt1errA6gpbsf1JgI+rY2tJdLsHK9lk6QuZYkvowSv/wQUlSu8LkY9P\r\n9uQTPmyOO75FJmiHAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUp332LU7iaBRZZqOMreTzdsQA4SUw\r\nPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAv\r\nY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0G\r\nCSqGSIb3DQEBCwUAA4IBgQCi7tLsROR9JTKX/iUGRQqy0vjTuogW0CGj6XDqBdSif9PrCLUoffVc\r\nRubwCuBXk85atycRXnaSLv8wC1uW3X0IrsET+BPLHXTh6uJ5nFE7kfcNVPZziIAjoJc7znQEhiy2\r\nJMqvFSgM/DGu/yJvt5x9GwNJWZyyOdVAU2NTER+aVr0J4QIS5ZXkXwZAuqN9ezxfpWptWn0P6fvW\r\ntLgO/iRFFGKWohvFpGfB2F44eN+zPBQPrtL0sfUSpF+lzpCDTnOqRPCJagm+V3wd4KmzIuFpA1Nj\r\nE2KcqfusDDfLm1czbhTLhdLNVTs29lC5Y1ZlgXZbITtZ0LvW5E3dFPyq7EEv3RDZlRad0M9SmQpN\r\niB38h6a4NLdmsPDbD9SSbyg4XcdNojbEiGTHUGHWFatAnmiv/U3mpWyltbBEUjk5XPl8kiQX7Hw3\r\nnl5+nQ9RZsuJb9Ea/WQjy1Na8ml1EruoVPbmriLyaE6WfHkA/WVKxvDI/eXyNAWy9Z4qKqA2rYDV\r\nMFw=\r\n-----END CERTIFICATE-----\n",
  "PKCS7CertChain" : "MIIIsQYJKoZIhvcNAQcCoIIIojCCCJ4CAQExADALBgkqhkiG9w0BBwGgggiGMIIEADCCAmigAwIB\r\nAgIQVQkvRhGtLt5sQGQEXWS97jANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExFMRMw\r\nEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTI0\r\nMTAzMDEwNTMyMVoXDTI1MDQyODEwNTMyMVowGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEi\r\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwESmzBPELRnX6TZDwraEtLOCo/NVffA3KCPLq\r\nHpIedbUGUn58kegtiLCpv84Aq1kcKYGz7Uy4n94NmP4YUxd5HvbUfjI5vCPB+DsMGleB59sz8StQ\r\nUQMjI8TtJKZIWx1hPmE9ji7SnNgLXDxf343Bvsny3CTt8/0cavD77+exEjWfM1Qqlsn/zlfMZRsO\r\n0+pzDIisQknsT+MWdJKH7qahfpsR7b+ibp1IjwbdmkLWVV2DpcP303+17VEgS5EJTuipbXujaAlQ\r\ngbhZHqt1errA6gpbsf1JgI+rY2tJdLsHK9lk6QuZYkvowSv/wQUlSu8LkY9P9uQTPmyOO75FJmiH\r\nAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUp332LU7iaBRZZqOMreTzdsQA4SUwPwYIKwYBBQUHAQEE\r\nMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNV\r\nHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUA\r\nA4IBgQCi7tLsROR9JTKX/iUGRQqy0vjTuogW0CGj6XDqBdSif9PrCLUoffVcRubwCuBXk85atycR\r\nXnaSLv8wC1uW3X0IrsET+BPLHXTh6uJ5nFE7kfcNVPZziIAjoJc7znQEhiy2JMqvFSgM/DGu/yJv\r\nt5x9GwNJWZyyOdVAU2NTER+aVr0J4QIS5ZXkXwZAuqN9ezxfpWptWn0P6fvWtLgO/iRFFGKWohvF\r\npGfB2F44eN+zPBQPrtL0sfUSpF+lzpCDTnOqRPCJagm+V3wd4KmzIuFpA1NjE2KcqfusDDfLm1cz\r\nbhTLhdLNVTs29lC5Y1ZlgXZbITtZ0LvW5E3dFPyq7EEv3RDZlRad0M9SmQpNiB38h6a4NLdmsPDb\r\nD9SSbyg4XcdNojbEiGTHUGHWFatAnmiv/U3mpWyltbBEUjk5XPl8kiQX7Hw3nl5+nQ9RZsuJb9Ea\r\n/WQjy1Na8ml1EruoVPbmriLyaE6WfHkA/WVKxvDI/eXyNAWy9Z4qKqA2rYDVMFwwggR+MIIC5qAD\r\nAgECAhEAhmFGZPY3nBwtCjnR5H0/0DANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExF\r\nMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4X\r\nDTI0MTAyOTExMDgwMFoXDTQ0MTAyOTExMDgwMFowSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UE\r\nCwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTCCAaIwDQYJKoZI\r\nhvcNAQEBBQADggGPADCCAYoCggGBAMofTnE8azu6WaltnTqsOTSEtlHdRTk75sH1xZbYsMyhUagu\r\naIMyR4x1iva5Y620bDKb4lyLF5vJtWKDZvbN5gJW/N5P4u9CZ6UlQ5Tkm5rhvq5v4LN4Sq4hO8bD\r\nPyR6MZFnDbBpnj62e/AUhGVTb5eoG2K7hDUBp4hfYGKi/5G8NkZZlCADSbFytpXJQ86SumjiHbnZ\r\nQPMg9BTZgnMPouZA7SSS1hB/5TCgEeIJpWX8l7rZ+0WfknaoQ7zLz4zJncvsXXiKbEkdbyM8+KLi\r\n3wy5P321xDuwO4A4UcSwHvPOSu5sdLFRV88bsAJ0FLFRHgOdXm5Gl1mMv4oOz8cYRVcKRUScMRUi\r\n1uhkhIOIEhTWmvMz6FZ1mDmRzaPCA6Gc2S6IsUOjzZz5Cyd8wNyEC/zIc9FjPsVudN2YXOGn2T2a\r\nKl2jrNIdtKidxPmk80+3wzTDoqmoHe41DKTozfwPqOQeNvZvM+o/Nr6ibZw6tLt79Hy+CHleSazm\r\n87bJthu6kwIDAQABo2MwYTAdBgNVHQ4EFgQUp332LU7iaBRZZqOMreTzdsQA4SUwHwYDVR0jBBgw\r\nFoAUp332LU7iaBRZZqOMreTzdsQA4SUwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYw\r\nDQYJKoZIhvcNAQELBQADggGBAKgYiwcUiGqi0ugB96gRCuGrPbesKUU05Jv8bNExmG5eUiyaGEZi\r\n0IcD4XLLQ9pAwyDGgvZaBPZl8J+4JSRwGxf/ldQUFcFe9zwutMNOpJb0p1Y8uzNQ54eC+t7pUbuW\r\nHSE/P3Rvsxnx6eWtUqCM0gpN1BxqsgVedL2iyjXjncNNTd/bT7E/giRhE1r0fgmLSz/s8B129DXK\r\ndjhbLrkHYTmMlphtQ9qS38BqUa6GCDuOLwFsahgaHN/+XdRJF+Cb2LXQC2thTNqMCQq9yfWMHPZT\r\n1qujy19qSEUQxjqo5PtO8D8su0nuznjfgOI5zO3wBpVVAJgBjCpND9PKzMSc6ISIgBw9RYorQHTU\r\nPzArn/2VkQvm9+4X/KR/33GftcVfXk/+NFv2AePUG6PosQ3kKpUiA+7W8ivAhoHvwFKpOs2k4yK5\r\nwd7++6/ecHUNzKpKhItZt3UafldyzjzqwEBk/QjYjDEMBklth2p+QPM8lGIUWt6yD/Nzo56TDmgn\r\ndALCtTEA\r\n",
  "NotBefore" : "2024-10-30 10:53:21 +0000",
  "NotAfter" : "2025-04-28 10:53:21 +0000",
  "Status" : "VALID",
  "Nonce" : 3355442236351645821
}

/ca/v2/agent/certs/{id}/revoke

POST

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"Reason":"Certificate_Hold","Nonce":7581228038945153660}' https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee/revoke
{
  "requestID" : "0x887ffed7ad4c0ee94a07700c48895f03",
  "requestType" : "revocation",
  "requestStatus" : "complete",
  "creationTime" : 1730300307000,
  "modificationTime" : 1730300307000,
  "certId" : "0x55092f4611ad2ede6c4064045d64bdee",
  "operationResult" : "success"
}

/ca/v2/agent/certs/{id}/revoke-ca

POST

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"Reason":"Certificate_Hold","Nonce":5052187310204086075}' https://$HOSTNAME:8443/ca/v2/agent/certs/0x86614664f6379c1c2d0a39d1e47d3fd0/revoke-ca
{
  "requestID" : "0xb28c9fe27d90a97b9ec85d7ad1b32992",
  "requestType" : "revocation",
  "requestStatus" : "complete",
  "creationTime" : 1730300625000,
  "modificationTime" : 1730300625000,
  "certId" : "0x86614664f6379c1c2d0a39d1e47d3fd0",
  "operationResult" : "success"
* Connection #0 to host pki.example.com left intact
}

/ca/v2/agent/certs/{id}/unrevoke

POST

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee/unrevoke
{
  "requestID" : "0xdca57cea1f51ed123dc85dd889a595eb",
  "requestType" : "unrevocation",
  "requestStatus" : "complete",
  "creationTime" : 1730300449000,
  "modificationTime" : 1730300449000,
  "operationResult" : "success"
}

/ca/v2/authorities

GET

id, parentID, dn, issuerDN

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/authorities?issuerDN=CN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE"
{"isHostAuthority":true,"id":"9f75deb6-53b1-48cc-9028-9c899f9526b4","issuerDN":"CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","serial":178621631998145652837496363178029563856,"dn":"CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":true,"description":"Host authority","ready":true}]

/ca/v2/authorities

POST

None

201

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"parentID":"9f75deb6-53b1-48cc-9028-9c899f9526b4","dn":"CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":true}' "https://$HOSTNAME:8443/ca/v2/authorities
{
  "isHostAuthority" : false,
  "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
  "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
  "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "serial" : 64174415881410080865433595357504971990,
  "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "enabled" : true,
  "ready" : true
}

/ca/v2/authorities/{id}

GET

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f
{
  "isHostAuthority" : false,
  "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
  "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
  "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "serial" : 64174415881410080865433595357504971990,
  "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "enabled" : true,
  "ready" : true
}

/ca/v2/authorities/{id}

PUT

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -json '{"parentID":"9f75deb6-53b1-48cc-9028-9c899f9526b4","dn":"CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":false}' -X PUT https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f
{
  "isHostAuthority" : false,
  "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
  "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
  "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "serial" : 64174415881410080865433595357504971990,
  "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "enabled" : false,
  "ready" : true
}

/ca/v2/authorities/{id}

DELETE

None

204

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f

/ca/v2/authorities/{id}/cert

GET

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -H 'Accpet;' -H 'Accept: papplication/x-pem-file' --output newCert.pem  https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/cert

/ca/v2/authorities/{id}/chain

GET

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -H 'Accpet;' -H 'Accept: papplication/x-pem-file' --output newChain.pem  https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/chain

/ca/v2/authorities/{id}/enable

POST

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/enable
{
  "isHostAuthority" : false,
  "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
  "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
  "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "serial" : 64174415881410080865433595357504971990,
  "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "enabled" : true,
  "ready" : true
}

/ca/v2/authorities/{id}/disable

POST

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/disable
{
  "isHostAuthority" : false,
  "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
  "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
  "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "serial" : 64174415881410080865433595357504971990,
  "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "enabled" : false,
  "ready" : true
}

/ca/v2/authorities/{id}/renew

GET

None

204

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/renew

/ca/v2/config/cert/signing

GET

None

200

Show
$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/config/cert/signing
{
  "id" : "0x86614664f6379c1c2d0a39d1e47d3fd0",
  "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "SubjectDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEfjCCAuagAwIBAgIRAIZhRmT2N5wcLQo50eR9P9AwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMjkxMTA4MDBaFw00NDEwMjkxMTA4MDBaMEgxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUw\r\nggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDKH05xPGs7ulmpbZ06rDk0hLZR3UU5O+bB\r\n9cWW2LDMoVGoLmiDMkeMdYr2uWOttGwym+JcixebybVig2b2zeYCVvzeT+LvQmelJUOU5Jua4b6u\r\nb+CzeEquITvGwz8kejGRZw2waZ4+tnvwFIRlU2+XqBtiu4Q1AaeIX2Biov+RvDZGWZQgA0mxcraV\r\nyUPOkrpo4h252UDzIPQU2YJzD6LmQO0kktYQf+UwoBHiCaVl/Je62ftFn5J2qEO8y8+MyZ3L7F14\r\nimxJHW8jPPii4t8MuT99tcQ7sDuAOFHEsB7zzkrubHSxUVfPG7ACdBSxUR4DnV5uRpdZjL+KDs/H\r\nGEVXCkVEnDEVItboZISDiBIU1przM+hWdZg5kc2jwgOhnNkuiLFDo82c+QsnfMDchAv8yHPRYz7F\r\nbnTdmFzhp9k9mipdo6zSHbSoncT5pPNPt8M0w6KpqB3uNQyk6M38D6jkHjb2bzPqPza+om2cOrS7\r\ne/R8vgh5Xkms5vO2ybYbupMCAwEAAaNjMGEwHQYDVR0OBBYEFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOElMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P\r\nAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQCoGIsHFIhqotLoAfeoEQrhqz23rClFNOSb/GzR\r\nMZhuXlIsmhhGYtCHA+Fyy0PaQMMgxoL2WgT2ZfCfuCUkcBsX/5XUFBXBXvc8LrTDTqSW9KdWPLsz\r\nUOeHgvre6VG7lh0hPz90b7MZ8enlrVKgjNIKTdQcarIFXnS9oso1453DTU3f20+xP4IkYRNa9H4J\r\ni0s/7PAddvQ1ynY4Wy65B2E5jJaYbUPakt/AalGuhgg7ji8BbGoYGhzf/l3USRfgm9i10AtrYUza\r\njAkKvcn1jBz2U9aro8tfakhFEMY6qOT7TvA/LLtJ7s5434DiOczt8AaVVQCYAYwqTQ/TyszEnOiE\r\niIAcPUWKK0B01D8wK5/9lZEL5vfuF/ykf99xn7XFX15P/jRb9gHj1Buj6LEN5CqVIgPu1vIrwIaB\r\n78BSqTrNpOMiucHe/vuv3nB1DcyqSoSLWbd1Gn5Xcs486sBAZP0I2IwxDAZJbYdqfkDzPJRiFFre\r\nsg/zc6Oekw5oJ3QCwrU=\r\n-----END CERTIFICATE-----\n",
  "PKCS7CertChain" : "MIIErQYJKoZIhvcNAQcCoIIEnjCCBJoCAQExADALBgkqhkiG9w0BBwGgggSCMIIEfjCCAuagAwIBAgIRAIZhRmT2N5wcLQo50eR9P9AwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMjkxMTA4MDBaFw00NDEwMjkxMTA4MDBaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDKH05xPGs7ulmpbZ06rDk0hLZR3UU5O+bB9cWW2LDMoVGoLmiDMkeMdYr2uWOttGwym+JcixebybVig2b2zeYCVvzeT+LvQmelJUOU5Jua4b6ub+CzeEquITvGwz8kejGRZw2waZ4+tnvwFIRlU2+XqBtiu4Q1AaeIX2Biov+RvDZGWZQgA0mxcraVyUPOkrpo4h252UDzIPQU2YJzD6LmQO0kktYQf+UwoBHiCaVl/Je62ftFn5J2qEO8y8+MyZ3L7F14imxJHW8jPPii4t8MuT99tcQ7sDuAOFHEsB7zzkrubHSxUVfPG7ACdBSxUR4DnV5uRpdZjL+KDs/HGEVXCkVEnDEVItboZISDiBIU1przM+hWdZg5kc2jwgOhnNkuiLFDo82c+QsnfMDchAv8yHPRYz7FbnTdmFzhp9k9mipdo6zSHbSoncT5pPNPt8M0w6KpqB3uNQyk6M38D6jkHjb2bzPqPza+om2cOrS7e/R8vgh5Xkms5vO2ybYbupMCAwEAAaNjMGEwHQYDVR0OBBYEFKd99i1O4mgUWWajjK3k83bEAOElMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOElMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQCoGIsHFIhqotLoAfeoEQrhqz23rClFNOSb/GzRMZhuXlIsmhhGYtCHA+Fyy0PaQMMgxoL2WgT2ZfCfuCUkcBsX/5XUFBXBXvc8LrTDTqSW9KdWPLszUOeHgvre6VG7lh0hPz90b7MZ8enlrVKgjNIKTdQcarIFXnS9oso1453DTU3f20+xP4IkYRNa9H4Ji0s/7PAddvQ1ynY4Wy65B2E5jJaYbUPakt/AalGuhgg7ji8BbGoYGhzf/l3USRfgm9i10AtrYUzajAkKvcn1jBz2U9aro8tfakhFEMY6qOT7TvA/LLtJ7s5434DiOczt8AaVVQCYAYwqTQ/TyszEnOiEiIAcPUWKK0B01D8wK5/9lZEL5vfuF/ykf99xn7XFX15P/jRb9gHj1Buj6LEN5CqVIgPu1vIrwIaB78BSqTrNpOMiucHe/vuv3nB1DcyqSoSLWbd1Gn5Xcs486sBAZP0I2IwxDAZJbYdqfkDzPJRiFFresg/zc6Oekw5oJ3QCwrUxAA==",
  "NotBefore" : "Tue Oct 29 11:08:00 UTC 2024",
  "NotAfter" : "Sat Oct 29 11:08:00 UTC 2044"
}

/ca/v2/certrequests

POST

None

200

Show
$ curl --cacert ./ca_signing.crt --json '{"ProfileID":"caUserCert","Renewal":false,"RemoteHost":"","RemoteAddress":"","Input":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Value":"pkcs10","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Value":"-----BEGIN CERTIFICATE REQUEST-----\nMIICXjCCAUYCAQAwGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUA\r\nA4IBDwAwggEKAoIBAQDeu/zJSSDYzXcJsH7lZe8fKPV0CIWNAD0g5FpOdcqvcZMwXQsnVqCNdfby\r\nSwX6sGzKEHCXyYxaXHuLMpMJ5pHK1BzRCfjQAkPzWbCN5beg7L/l7Gi+52h0z9R/zTZkG355ja3r\r\nkyd9d0tah5XbPWsdp0BVtPOIK4t0d6F+WkEkC0pyCejtkqoBSf9F1CTHw3iOxhgKMxV+ebC/TM2l\r\n9AvnzAfF91Sf5KAd8hTAhHurgBkqxuzL16ERBbM0DFfie8RCiTVBvvS/6UmfEVH3dMHIuE5flXB+\r\nhMCrj8g7GfWIaA6WzwfkZrNgCjYoVHPivMg+akhMbQg6m0goB3zA/D/zAgMBAAGgADANBgkqhkiG\r\n9w0BAQsFAAOCAQEALi3+agIXworiPVF1qyAr3wLjffzu6RIDiLS9cVHHnnAj1AjEnKFDpwTYeuBk\r\nXaRzgyCHyCLyKSSN337PBUEnxOxNWNIJDCC8gpMcfCCnspos7N9M8dnROD60EUDVdUtfdE+g5JfG\r\nkwlQz3lbktFuQwznf3EUYPPvyMLSG1RITVJyEJ3tH0PZ5GFlDwi5Gw7DTzl7nAWwXZ5LeCa9b6d8\r\nwCbPAAHA2OCYck1PyLrFlAnmF5udsY4AY7b5YK5iIqysWikXYqexk/oE707XJhX+btDYx0W4qI8j\r\nhc50ZHgtobGXAgqNQvL2WOtmEJY2Fwpl+ejuGi6bamzTkXqh/Vi+XQ==\r\n-----END CERTIFICATE REQUEST-----\n","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Value":"newUser","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Value":"","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Value":"","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Value":"","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Value":"","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"Output":[],"Attributes":{"Attribute":[]}}' https://$HOSTNAME:8443/ca/v2/certrequests
{
  "total" : 1,
  "entries" : [ {
    "requestID" : "0xd3e6013b9ae406efe9b8d45029faee9a",
    "requestType" : "enrollment",
    "requestStatus" : "pending",
    "creationTime" : 1730309766543,
    "modificationTime" : 1730309766566,
    "certRequestType" : "pkcs10",
    "operationResult" : "success"
  } ]
}

/ca/v2/certrequests/{id}

GET

None

200

Show
$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/certrequests/0xd3e6013b9ae406efe9b8d45029faee9a
{
  "requestID" : "0xd3e6013b9ae406efe9b8d45029faee9a",
  "requestType" : "enrollment",
  "requestStatus" : "pending",
  "creationTime" : 1730309766000,
  "modificationTime" : 1730309766000,
  "certRequestType" : "pkcs10",
  "operationResult" : "success"
}

/ca/v2/certrequests/profiles

GET

size, start

200

Show
$ curl --cacert ./ca_signing.crt "https://$HOSTNAME:8443/ca/v2/certrequests/profiles?size=2&start=4"
{
  "total" : 26,
  "entries" : [ {
    "profileId" : "AdminCert",
    "profileName" : "Manual Administrator Certificate Enrollment",
    "profileDescription" : "This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.",
    "profileVisible" : true,
    "profileEnable" : true,
    "profileEnableBy" : "admin"
  }, {
    "profileId" : "ECAdminCert",
    "profileName" : "Manual Administrator Certificate Enrollment with ECC keys",
    "profileDescription" : "This certificate profile is for enrolling Administrator's certificates with ECC keys suitable for use by clients such as browsers.",
    "profileVisible" : true,
    "profileEnable" : true,
    "profileEnableBy" : "admin"
  } ]
}

/ca/v2/certrequests/profiles/{id}

GET

None

200

Show
$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/certrequests/profiles/caUserCert
{
  "ProfileID" : "caUserCert",
  "Renewal" : false,
  "RemoteHost" : "",
  "RemoteAddress" : "",
  "Input" : [ {
    "id" : "i1",
    "ClassID" : "keyGenInputImpl",
    "Name" : "Key Generation",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "cert_request_type",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "keygen_request_type",
        "Description" : "Key Generation Request Type"
      }
    }, {
      "name" : "cert_request",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "keygen_request",
        "Description" : "Key Generation Request"
      }
    } ]
  }, {
    "id" : "i2",
    "ClassID" : "subjectNameInputImpl",
    "Name" : "Subject Name",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "sn_uid",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "UID"
      }
    }, {
      "name" : "sn_e",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Email"
      }
    }, {
      "name" : "sn_cn",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Common Name"
      }
    }, {
      "name" : "sn_ou3",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 3"
      }
    }, {
      "name" : "sn_ou2",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 2"
      }
    }, {
      "name" : "sn_ou1",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 1"
      }
    }, {
      "name" : "sn_ou",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit"
      }
    }, {
      "name" : "sn_o",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organization"
      }
    }, {
      "name" : "sn_c",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Country"
      }
    } ]
  }, {
    "id" : "i3",
    "ClassID" : "submitterInfoInputImpl",
    "Name" : "Requestor Information",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "requestor_name",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Name"
      }
    }, {
      "name" : "requestor_email",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Email"
      }
    }, {
      "name" : "requestor_phone",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Phone"
      }
    } ]
  } ],
  "Output" : [ ],
  "Attributes" : {
    "Attribute" : [ ]
  }
}

/ca/v2/certs

GET

size, start, maxTime

200

Show
$ curl --cacert ./ca_signing.crt "https://$HOSTNAME:8443/ca/v2/certs?size=2&start=4"
{
  "entries" : [ {
    "id" : "0xc99ff8f6549f903d8df28a4e5f5105f3",
    "SubjectDN" : "CN=CA Audit Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
    "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
    "Status" : "VALID",
    "Type" : "X.509",
    "Version" : 2,
    "KeyAlgorithmOID" : "1.2.840.113549.1.1.1",
    "KeyLength" : 2048,
    "NotValidBefore" : 1730308885000,
    "NotValidAfter" : 1792516885000,
    "IssuedOn" : 1730308887000,
    "IssuedBy" : "system"
  }, {
    "id" : "0x6d5c045d3443ced273ab8d7955835db1",
    "SubjectDN" : "CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE",
    "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
    "Status" : "VALID",
    "Type" : "X.509",
    "Version" : 2,
    "KeyAlgorithmOID" : "1.2.840.113549.1.1.1",
    "KeyLength" : 2048,
    "NotValidBefore" : 1730308904000,
    "NotValidAfter" : 1792516904000,
    "IssuedOn" : 1730308905000,
    "IssuedBy" : "system"
  } ]
}

/ca/v2/certs/{id}

GET

None

200

Show
$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/certs/0x6d5c045d3443ced273ab8d7955835db1
{
  "id" : "0x6d5c045d3443ced273ab8d7955835db1",
  "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "SubjectDN" : "CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE",
  "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIETjCCAragAwIBAgIQbVwEXTRDztJzq415VYNdsTANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQK\r\nDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRp\r\nZmljYXRlMB4XDTI0MTAzMDE3MjE0NFoXDTI2MTAyMDE3MjE0NFowZzEQMA4GA1UECgwHRVhBTVBM\r\nRTETMBEGA1UECwwKcGtpLXRvbWNhdDEiMCAGCSqGSIb3DQEJARYTY2FhZG1pbkBleGFtcGxlLmNv\r\nbTEaMBgGA1UEAwwRUEtJIEFkbWluaXN0cmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\r\nAoIBAQDE7ahO2KtW6w2KuVflOLfLO+oE+0EyP3XU73Ese7QVBsZwxOaSNodVrL1P1a0r2w22M1Zr\r\n7B6sI5MrrcBRAhNgcHVooFheQQilMuBV0s6HEEn0CO+94Do2cJxUmWLgifT5Rpgl474RALIC+kCI\r\nnQ09I9TLH8dIuL4ZxUrJ/aMfs94rGSiqpKYmpxVCwkYdtlnqby441IUaZbPPEIu1ooBk0otz37C4\r\nGSm0HguQAc0H55FsVNbjQmnf9ubuoDTub2i2GioBI+Wt+KyDF4SAISsqtgf/tTzPvWNuXk7PvUWe\r\nnHvBSqRJc9xLNlcjr9yDl2r8uIMAE8UT3Hvzmo5WAzNJAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAU\r\ndJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8v\r\ncGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI\r\nKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQAa58Edzk60RBge24P3rrU+xOwc\r\nbCHpl+922hT5LA+KJtwjupUbdONKJf251T4ZvPcQ+jXCCR7PFi0QmrMO9Naoi3o9qzQcDMr0dRWH\r\nhEvm8RQqdVVxkfDXp3sxqTkpPfu+qGQZ+w0laGIagNOjfc/g7ScV3SLDBwAsCuFMPjoTzyqWfeUR\r\nJ4rG/lD73qVzXd30U/mB5X0sx2B/koqumColuUO2GrD0EJsqK6ldFNLLdjgjqJkeJE43BzwBOAww\r\nBnswSwwjPEe6djwFfyQ2gTHWP4LteMha9w/eclMGuybnZFDjWgne+80cMMX1Rzh7CsUv+ub7LfS9\r\noTqj5KwXo133aorjZvrEZVahzU3OEeKBH4dIksOrW6aKp3gQSJEmYcFau7kh5+ZoJaj1snb1aXQe\r\npbi1LBXzOxnub8sMKTu5nTTKt/0mG2tgRSQeZ3k3j02g+WBGaTCpvxfJdH6rQxNaZia+BssWPrGE\r\nGXfjNyGoETEaHb930gItsmEqc8VKH5s=\r\n-----END CERTIFICATE-----\n",
  "PKCS7CertChain" : "MIII/gYJKoZIhvcNAQcCoIII7zCCCOsCAQExADALBgkqhkiG9w0BBwGgggjTMIIETjCCAragAwIB\r\nAgIQbVwEXTRDztJzq415VYNdsTANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExFMRMw\r\nEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTI0\r\nMTAzMDE3MjE0NFoXDTI2MTAyMDE3MjE0NFowZzEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwK\r\ncGtpLXRvbWNhdDEiMCAGCSqGSIb3DQEJARYTY2FhZG1pbkBleGFtcGxlLmNvbTEaMBgGA1UEAwwR\r\nUEtJIEFkbWluaXN0cmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE7ahO2KtW\r\n6w2KuVflOLfLO+oE+0EyP3XU73Ese7QVBsZwxOaSNodVrL1P1a0r2w22M1Zr7B6sI5MrrcBRAhNg\r\ncHVooFheQQilMuBV0s6HEEn0CO+94Do2cJxUmWLgifT5Rpgl474RALIC+kCInQ09I9TLH8dIuL4Z\r\nxUrJ/aMfs94rGSiqpKYmpxVCwkYdtlnqby441IUaZbPPEIu1ooBk0otz37C4GSm0HguQAc0H55Fs\r\nVNbjQmnf9ubuoDTub2i2GioBI+Wt+KyDF4SAISsqtgf/tTzPvWNuXk7PvUWenHvBSqRJc9xLNlcj\r\nr9yDl2r8uIMAE8UT3Hvzmo5WAzNJAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq\r\n3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUu\r\nY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG\r\nAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQAa58Edzk60RBge24P3rrU+xOwcbCHpl+922hT5LA+K\r\nJtwjupUbdONKJf251T4ZvPcQ+jXCCR7PFi0QmrMO9Naoi3o9qzQcDMr0dRWHhEvm8RQqdVVxkfDX\r\np3sxqTkpPfu+qGQZ+w0laGIagNOjfc/g7ScV3SLDBwAsCuFMPjoTzyqWfeURJ4rG/lD73qVzXd30\r\nU/mB5X0sx2B/koqumColuUO2GrD0EJsqK6ldFNLLdjgjqJkeJE43BzwBOAwwBnswSwwjPEe6djwF\r\nfyQ2gTHWP4LteMha9w/eclMGuybnZFDjWgne+80cMMX1Rzh7CsUv+ub7LfS9oTqj5KwXo133aorj\r\nZvrEZVahzU3OEeKBH4dIksOrW6aKp3gQSJEmYcFau7kh5+ZoJaj1snb1aXQepbi1LBXzOxnub8sM\r\nKTu5nTTKt/0mG2tgRSQeZ3k3j02g+WBGaTCpvxfJdH6rQxNaZia+BssWPrGEGXfjNyGoETEaHb93\r\n0gItsmEqc8VKH5swggR9MIIC5aADAgECAhAS28bqYgfeAGNdjqMHIBkOMA0GCSqGSIb3DQEBCwUA\r\nMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNp\r\nZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjQxMDMwMTcyMDQ5WhcNNDQxMDMwMTcyMDQ5WjBIMRAwDgYD\r\nVQQKDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENl\r\ncnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwQenLXRjT+lsBoONhHmq\r\npYzEvugiELRtQ1iK1bXTTrRsAcaRscUCeEGfV6K6gVc7ekifckamtxsnx3s5JAjCfUF5K88pGTWe\r\nsXt6u0fg0cIslQP9sDz6dM0P/vjCsnxIgW1eNpeUR61Gwi3nCPXvWZ2zeOKdQReSL+MLby468Ot3\r\nbdEnVwalN70KtQNsB3I9GaFyNOCRa6P6zxR/ETuVRZVkB9mWZxpTvdF6xNlk8UF0jbmsrda3BXth\r\n1X/uej8+qE0cPN3BBvvdpkmJe+DSKq43NsZgaa8sgeGs7RiitI/7TR/gPVU5LtEK+cb93SpzcC+w\r\nhC1O4+kI7TEAK7tZO2FDPQM0lFvBXc/qtEWEa1RqpZKXEwVKCr1xpE4T1aNKnoNJQADcSxITSioq\r\ngkYNmUngeVd0AHe3gcgLOC7cQiY3uJJypVIz9vpHPr7xwxZugEF+YwSJM4zszMTbruaqn7eC90k3\r\n7dcqo4hCGsIRLWIapRG5TTxO7OY2cwzRVNyfAgMBAAGjYzBhMB0GA1UdDgQWBBR0kVsdX96mNxFN\r\nCureUbkKcJKhCTAfBgNVHSMEGDAWgBR0kVsdX96mNxFNCureUbkKcJKhCTAPBgNVHRMBAf8EBTAD\r\nAQH/MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQsFAAOCAYEAJp2R8/AhtSggrO1ewP4G1XnP\r\ng360OJT6rBcQDVKAul929/ipTGxztD70NF4UqL5ofQua79OKUF/hGc1lALKMn2dkKWL9GVpIwu7V\r\nZLU7xIw+ebUVuPpaka4D73viliHyZjFaa9OmWylA6KAnJt1aWuJt2OfRgbW6eL7xymqkCGvFxOoH\r\n5tpFMHgS75pZ5duByYgh94TIK9xxO11BAprlyK8TXHdPCwsqiafrgATpU+zIez6PAN82h1YIAorN\r\n8/5T2iNdXmWDQ02lxKKOCiDFdeB0F3KcgQVmVrGWOzp9j3AhR1+nFaSscv5FIBsFgVtyg1qDmEgh\r\nRasv/xsJfvujZkuLtMhTXBZMMjmOvu8xAYYO5DbNwdjGSq1McUorTX2W7N4w3tIpgByxc6YkVPfK\r\naUCKJG5Sajkzx6mO5GUcbw7wSBdrqoseGXQB7AbNwRTljtSF8KGEDkFfSoGlYsZz4VkY58+7v3IT\r\ntk/wcGo2clVPiQGDduo1Nj+vDa5iTSoEMQA=\r\n",
  "NotBefore" : "2024-10-30 17:21:44 +0000",
  "NotAfter" : "2026-10-20 17:21:44 +0000",
  "Status" : "VALID"
}

/ca/v2/certs/search

POST

size, start

200

Show
$ curl --cacert ./ca_signing.crt --json '{"commonName": "PKI Administrator", "subjectInUse": true}' https://$HOSTNAME:8443/ca/v2/certs/0x6d5c045d3443ced273ab8d7955835db1
{
  "entries" : [ {
    "id" : "0x6d5c045d3443ced273ab8d7955835db1",
    "SubjectDN" : "CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE",
    "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
    "Status" : "VALID",
    "Type" : "X.509",
    "Version" : 2,
    "KeyAlgorithmOID" : "1.2.840.113549.1.1.1",
    "KeyLength" : 2048,
    "NotValidBefore" : 1730308904000,
    "NotValidAfter" : 1792516904000,
    "IssuedOn" : 1730308905000,
    "IssuedBy" : "system"
  } ]
}

/ca/v2/config/cert/transport

GET

None

200

Show
$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/config/cert/transport
{
  "id" : "0x8f6afa7386fdd8efc6c3406ed1e6d8c8",
  "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "SubjectDN" : "CN=DRM Transport Certificate,OU=pki-tomcat,O=EXAMPLE",
  "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNh\r\ndGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZX\r\nnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/\r\nLeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT5\r\n7dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVq\r\ntrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EI\r\nDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYB\r\nBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2Nz\r\ncDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGB\r\nAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPR\r\neYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCq\r\nUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzT\r\ntEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW\r\n+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP\r\n3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ9\r\n1eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==\r\n-----END CERTIFICATE-----\n",
  "PKCS7CertChain" : "MIII2QYJKoZIhvcNAQcCoIIIyjCCCMYCAQExADALBgkqhkiG9w0BBwGgggiuMIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63ATCCBH0wggLloAMCAQICEBLbxupiB94AY12OowcgGQ4wDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzIwNDlaFw00NDEwMzAxNzIwNDlaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDBB6ctdGNP6WwGg42EeaqljMS+6CIQtG1DWIrVtdNOtGwBxpGxxQJ4QZ9XorqBVzt6SJ9yRqa3GyfHezkkCMJ9QXkrzykZNZ6xe3q7R+DRwiyVA/2wPPp0zQ/++MKyfEiBbV42l5RHrUbCLecI9e9ZnbN44p1BF5Iv4wtvLjrw63dt0SdXBqU3vQq1A2wHcj0ZoXI04JFro/rPFH8RO5VFlWQH2ZZnGlO90XrE2WTxQXSNuayt1rcFe2HVf+56Pz6oTRw83cEG+92mSYl74NIqrjc2xmBpryyB4aztGKK0j/tNH+A9VTku0Qr5xv3dKnNwL7CELU7j6QjtMQAru1k7YUM9AzSUW8Fdz+q0RYRrVGqlkpcTBUoKvXGkThPVo0qeg0lAANxLEhNKKiqCRg2ZSeB5V3QAd7eByAs4LtxCJje4knKlUjP2+kc+vvHDFm6AQX5jBIkzjOzMxNuu5qqft4L3STft1yqjiEIawhEtYhqlEblNPE7s5jZzDNFU3J8CAwEAAaNjMGEwHQYDVR0OBBYEFHSRWx1f3qY3EU0K6t5RuQpwkqEJMB8GA1UdIwQYMBaAFHSRWx1f3qY3EU0K6t5RuQpwkqEJMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQAmnZHz8CG1KCCs7V7A/gbVec+DfrQ4lPqsFxANUoC6X3b3+KlMbHO0PvQ0XhSovmh9C5rv04pQX+EZzWUAsoyfZ2QpYv0ZWkjC7tVktTvEjD55tRW4+lqRrgPve+KWIfJmMVpr06ZbKUDooCcm3Vpa4m3Y59GBtbp4vvHKaqQIa8XE6gfm2kUweBLvmlnl24HJiCH3hMgr3HE7XUECmuXIrxNcd08LCyqJp+uABOlT7Mh7Po8A3zaHVggCis3z/lPaI11eZYNDTaXEoo4KIMV14HQXcpyBBWZWsZY7On2PcCFHX6cVpKxy/kUgGwWBW3KDWoOYSCFFqy//Gwl++6NmS4u0yFNcFkwyOY6+7zEBhg7kNs3B2MZKrUxxSitNfZbs3jDe0imAHLFzpiRU98ppQIokblJqOTPHqY7kZRxvDvBIF2uqix4ZdAHsBs3BFOWO1IXwoYQOQV9KgaVixnPhWRjnz7u/chO2T/BwajZyVU+JAYN26jU2P68NrmJNKgQxAA==",
  "NotBefore" : "Wed Oct 30 17:25:02 UTC 2024",
  "NotAfter" : "Tue Oct 20 17:25:02 UTC 2026"
}

/ca/v2/info

GET

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/info
{
  "Attributes" : {
    "Attribute" : [ ]
  }
}

/ca/v2/installer/createRequestID

POST

None

200

/ca/v2/installer/createCerttID

POST

None

200

/ca/v2/profiles

GET

size, start, visible, enable, enableBy

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/profiles?size=2&visible=true&enable=true&enableBy=admin"
{
  "total" : 25,
  "entries" : [ {
    "profileURL" : "https://pki.example.com:8443/ca/v2/profiles/acmeServerCert",
    "profileId" : "acmeServerCert",
    "profileName" : "ACME Server Certificate Enrollment",
    "profileDescription" : "This certificate profile is for enrolling server certificates via ACME protocol.",
    "profileVisible" : true,
    "profileEnable" : true,
    "profileEnableBy" : "admin"
  }, {
    "profileURL" : "https://pki.example.com:8443/ca/v2/profiles/caServerKeygen_UserCert",
    "profileId" : "caServerKeygen_UserCert",
    "profileName" : "Manual User Dual-Use Certificate Enrollment using server-side Key generation",
    "profileDescription" : "This certificate profile is for enrolling user certificates using server-side Key generation.",
    "profileVisible" : true,
    "profileEnable" : true,
    "profileEnableBy" : "admin"
  } ]
}

/ca/v2/profiles

POST

None

201

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"id":"test","classId":"caEnrollImpl","name":"Manual User Dual-Use Certificate Enrollment","description":"This certificate profile is for enrolling user certificates.","enabled":true,"visible":false,"enabledBy":"admin","authzAcl":"","renewal":false,"inputs":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"outputs":[{"id":"o1","name":"Certificate Output","classId":"certOutputImpl","attributes":[{"name":"pretty_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Pretty Print"}},{"name":"b64_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Base-64 Encoded"}}]}],"policySets":{"userCertSet":[{"id":"1","def":{"name":"Subject Name Default","classId":"userSubjectNameDefaultImpl","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[{"name":"useSysEncoding","value":""}]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"subjectNameConstraintImpl","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","classId":"noDefaultImpl","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"renewGracePeriodConstraintImpl","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","classId":"validityDefaultImpl","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[{"name":"range","value":"180"},{"name":"rangeUnit","value":""},{"name":"startTime","value":"0"}]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"validityConstraintImpl","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","classId":"userKeyDefaultImpl","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"keyConstraintImpl","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","classId":"authorityKeyIdentifierExtDefaultImpl","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","classId":"authInfoAccessExtDefaultImpl","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"authInfoAccessCritical","value":"false"},{"name":"authInfoAccessNumADs","value":"1"},{"name":"authInfoAccessADMethod_0","value":"1.3.6.1.5.5.7.48.1"},{"name":"authInfoAccessADLocationType_0","value":"URIName"},{"name":"authInfoAccessADLocation_0","value":""},{"name":"authInfoAccessADEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","classId":"keyUsageExtDefaultImpl","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[{"name":"keyUsageCritical","value":"true"},{"name":"keyUsageDigitalSignature","value":"true"},{"name":"keyUsageNonRepudiation","value":"true"},{"name":"keyUsageKeyEncipherment","value":"true"},{"name":"keyUsageDataEncipherment","value":"false"},{"name":"keyUsageKeyAgreement","value":"false"},{"name":"keyUsageKeyCertSign","value":"false"},{"name":"keyUsageCrlSign","value":"false"},{"name":"keyUsageEncipherOnly","value":"false"},{"name":"keyUsageDecipherOnly","value":"false"}]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"keyUsageExtConstraintImpl","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","classId":"extendedKeyUsageExtDefaultImpl","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[{"name":"exKeyUsageCritical","value":"false"},{"name":"exKeyUsageOIDs","value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","classId":"subjectAltNameExtDefaultImpl","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"subjAltNameExtCritical","value":"false"},{"name":"subjAltNameNumGNs","value":"1"},{"name":"subjAltExtType_0","value":"RFC822Name"},{"name":"subjAltExtPattern_0","value":"$request.requestor_email$"},{"name":"subjAltExtGNEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","classId":"signingAlgDefaultImpl","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[{"name":"signingAlg","value":"-"}]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"signingAlgConstraintImpl","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]},"xmloutput":false}' https://$HOSTNAME:8443/ca/v2/profiles
{
  "id" : "test",
  "classId" : "caEnrollImpl",
  "name" : "Manual User Dual-Use Certificate Enrollment",
  "description" : "This certificate profile is for enrolling user certificates.",
  "enabled" : false,
  "visible" : false,
  "authzAcl" : "",
  "renewal" : false,
  "inputs" : [ {
    "id" : "i1",
    "ClassID" : "keyGenInputImpl",
    "Name" : "Key Generation",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "cert_request_type",
      "Descriptor" : {
        "Syntax" : "keygen_request_type",
        "Description" : "Key Generation Request Type"
      }
    }, {
      "name" : "cert_request",
      "Descriptor" : {
        "Syntax" : "keygen_request",
        "Description" : "Key Generation Request"
      }
    } ]
  }, {
    "id" : "i2",
    "ClassID" : "subjectNameInputImpl",
    "Name" : "Subject Name",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "sn_uid",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "UID"
      }
    }, {
      "name" : "sn_e",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Email"
      }
    }, {
      "name" : "sn_cn",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Common Name"
      }
    }, {
      "name" : "sn_ou3",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 3"
      }
    }, {
      "name" : "sn_ou2",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 2"
      }
    }, {
      "name" : "sn_ou1",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 1"
      }
    }, {
      "name" : "sn_ou",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit"
      }
    }, {
      "name" : "sn_o",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organization"
      }
    }, {
      "name" : "sn_c",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Country"
      }
    } ]
  }, {
    "id" : "i3",
    "ClassID" : "submitterInfoInputImpl",
    "Name" : "Requestor Information",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "requestor_name",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Name"
      }
    }, {
      "name" : "requestor_email",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Email"
      }
    }, {
      "name" : "requestor_phone",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Phone"
      }
    } ]
  } ],
  "outputs" : [ {
    "id" : "o1",
    "name" : "Certificate Output",
    "classId" : "certOutputImpl",
    "attributes" : [ {
      "name" : "pretty_cert",
      "Descriptor" : {
        "Syntax" : "pretty_print",
        "Description" : "Certificate Pretty Print"
      }
    }, {
      "name" : "b64_cert",
      "Descriptor" : {
        "Syntax" : "pretty_print",
        "Description" : "Certificate Base-64 Encoded"
      }
    } ]
  } ],
  "policySets" : {
    "userCertSet" : [ {
      "id" : "1",
      "def" : {
        "name" : "Subject Name Default",
        "classId" : "userSubjectNameDefaultImpl",
        "text" : "This default populates a User-Supplied Certificate Subject Name to the request.",
        "attributes" : [ {
          "name" : "name",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name"
          }
        } ],
        "params" : [ {
          "name" : "useSysEncoding",
          "value" : ""
        } ]
      },
      "constraint" : {
        "name" : "Subject Name Constraint",
        "text" : "This constraint accepts the subject name that matches UID=.*",
        "classId" : "subjectNameConstraintImpl",
        "constraints" : [ {
          "name" : "pattern",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name Pattern"
          },
          "value" : "UID=.*"
        } ]
      }
    }, {
      "id" : "10",
      "def" : {
        "name" : "No Default",
        "classId" : "noDefaultImpl",
        "text" : "No Default",
        "attributes" : [ ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Renewal Grace Period Constraint",
        "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.",
        "classId" : "renewGracePeriodConstraintImpl",
        "constraints" : [ {
          "name" : "renewal.graceBefore",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Renewal Grace Period Before",
            "DefaultValue" : "30"
          },
          "value" : "30"
        }, {
          "name" : "renewal.graceAfter",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Renewal Grace Period After",
            "DefaultValue" : "30"
          },
          "value" : "30"
        } ]
      }
    }, {
      "id" : "2",
      "def" : {
        "name" : "Validity Default",
        "classId" : "validityDefaultImpl",
        "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days",
        "attributes" : [ {
          "name" : "notBefore",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not Before"
          }
        }, {
          "name" : "notAfter",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not After"
          }
        } ],
        "params" : [ {
          "name" : "range",
          "value" : "180"
        }, {
          "name" : "rangeUnit",
          "value" : ""
        }, {
          "name" : "startTime",
          "value" : "0"
        } ]
      },
      "constraint" : {
        "name" : "Validity Constraint",
        "text" : "This constraint rejects the validity that is not between 365 days.",
        "classId" : "validityConstraintImpl",
        "constraints" : [ {
          "name" : "range",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Validity Range",
            "DefaultValue" : "365"
          },
          "value" : "365"
        }, {
          "name" : "rangeUnit",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Validity Range Unit: year, month, day (default), hour, minute",
            "DefaultValue" : "day"
          },
          "value" : ""
        }, {
          "name" : "notBeforeGracePeriod",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Grace period for Not Before being set in the future (in seconds).",
            "DefaultValue" : "0"
          },
          "value" : ""
        }, {
          "name" : "notBeforeCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not Before against current time",
            "DefaultValue" : "false"
          },
          "value" : "false"
        }, {
          "name" : "notAfterCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not After against Not Before",
            "DefaultValue" : "false"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "3",
      "def" : {
        "name" : "Key Default",
        "classId" : "userKeyDefaultImpl",
        "text" : "This default populates a User-Supplied Certificate Key to the request.",
        "attributes" : [ {
          "name" : "TYPE",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Type"
          }
        }, {
          "name" : "LEN",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Length"
          }
        }, {
          "name" : "KEY",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Key Constraint",
        "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096",
        "classId" : "keyConstraintImpl",
        "constraints" : [ {
          "name" : "keyType",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "-,RSA,EC",
            "Description" : "Key Type",
            "DefaultValue" : "RSA"
          },
          "value" : "RSA"
        }, {
          "name" : "keyParameters",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.",
            "DefaultValue" : ""
          },
          "value" : "1024,2048,3072,4096"
        } ]
      }
    }, {
      "id" : "4",
      "def" : {
        "name" : "Authority Key Identifier Default",
        "classId" : "authorityKeyIdentifierExtDefaultImpl",
        "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.",
        "attributes" : [ {
          "name" : "critical",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Criticality"
          }
        }, {
          "name" : "keyid",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key ID"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "5",
      "def" : {
        "name" : "AIA Extension Default",
        "classId" : "authInfoAccessExtDefaultImpl",
        "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}",
        "attributes" : [ {
          "name" : "authInfoAccessCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "authInfoAccessGeneralNames",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ {
          "name" : "authInfoAccessCritical",
          "value" : "false"
        }, {
          "name" : "authInfoAccessNumADs",
          "value" : "1"
        }, {
          "name" : "authInfoAccessADMethod_0",
          "value" : "1.3.6.1.5.5.7.48.1"
        }, {
          "name" : "authInfoAccessADLocationType_0",
          "value" : "URIName"
        }, {
          "name" : "authInfoAccessADLocation_0",
          "value" : ""
        }, {
          "name" : "authInfoAccessADEnable_0",
          "value" : "true"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "6",
      "def" : {
        "name" : "Key Usage Default",
        "classId" : "keyUsageExtDefaultImpl",
        "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
        "attributes" : [ {
          "name" : "keyUsageCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDigitalSignature",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Digital Signature",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageNonRepudiation",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Non-Repudiation",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyEncipherment",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key Encipherment",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDataEncipherment",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Data Encipherment",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyAgreement",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key Agreement",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyCertSign",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key CertSign",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageCrlSign",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "CRL Sign",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageEncipherOnly",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Encipher Only",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDecipherOnly",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Decipher Only",
            "DefaultValue" : "false"
          }
        } ],
        "params" : [ {
          "name" : "keyUsageCritical",
          "value" : "true"
        }, {
          "name" : "keyUsageDigitalSignature",
          "value" : "true"
        }, {
          "name" : "keyUsageNonRepudiation",
          "value" : "true"
        }, {
          "name" : "keyUsageKeyEncipherment",
          "value" : "true"
        }, {
          "name" : "keyUsageDataEncipherment",
          "value" : "false"
        }, {
          "name" : "keyUsageKeyAgreement",
          "value" : "false"
        }, {
          "name" : "keyUsageKeyCertSign",
          "value" : "false"
        }, {
          "name" : "keyUsageCrlSign",
          "value" : "false"
        }, {
          "name" : "keyUsageEncipherOnly",
          "value" : "false"
        }, {
          "name" : "keyUsageDecipherOnly",
          "value" : "false"
        } ]
      },
      "constraint" : {
        "name" : "Key Usage Extension Constraint",
        "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
        "classId" : "keyUsageExtConstraintImpl",
        "constraints" : [ {
          "name" : "keyUsageCritical",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Criticality",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageDigitalSignature",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Digital Signature",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageNonRepudiation",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Non-Repudiation",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageKeyEncipherment",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key Encipherment",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageDataEncipherment",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Data Encipherment",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageKeyAgreement",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key Agreement",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageKeyCertSign",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key CertSign",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageCrlSign",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "CRL Sign",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageEncipherOnly",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Encipher Only",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageDecipherOnly",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Decipher Only",
            "DefaultValue" : "-"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "7",
      "def" : {
        "name" : "Extended Key Usage Extension Default",
        "classId" : "extendedKeyUsageExtDefaultImpl",
        "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4",
        "attributes" : [ {
          "name" : "exKeyUsageCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "exKeyUsageOIDs",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "Comma-Separated list of Object Identifiers"
          }
        } ],
        "params" : [ {
          "name" : "exKeyUsageCritical",
          "value" : "false"
        }, {
          "name" : "exKeyUsageOIDs",
          "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "8",
      "def" : {
        "name" : "Subject Alt Name Constraint",
        "classId" : "subjectAltNameExtDefaultImpl",
        "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}",
        "attributes" : [ {
          "name" : "subjAltNameExtCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "subjAltNames",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ {
          "name" : "subjAltNameExtCritical",
          "value" : "false"
        }, {
          "name" : "subjAltNameNumGNs",
          "value" : "1"
        }, {
          "name" : "subjAltExtType_0",
          "value" : "RFC822Name"
        }, {
          "name" : "subjAltExtPattern_0",
          "value" : "$request.requestor_email$"
        }, {
          "name" : "subjAltExtGNEnable_0",
          "value" : "true"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "9",
      "def" : {
        "name" : "Signing Alg",
        "classId" : "signingAlgDefaultImpl",
        "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA",
        "attributes" : [ {
          "name" : "signingAlg",
          "Descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
            "Description" : "Signing Algorithm"
          }
        } ],
        "params" : [ {
          "name" : "signingAlg",
          "value" : "-"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
        "classId" : "signingAlgConstraintImpl",
        "constraints" : [ {
          "name" : "signingAlgsAllowed",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Allowed Signing Algorithms",
            "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"
          },
          "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"
        } ]
      }
    } ]
  },
  "xmloutput" : false
}

/ca/v2/profiles/{id}

GET

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/profiles/caUserCert
{
  "id" : "caUserCert",
  "classId" : "caEnrollImpl",
  "name" : "Manual User Dual-Use Certificate Enrollment",
  "description" : "This certificate profile is for enrolling user certificates.",
  "enabled" : true,
  "visible" : false,
  "enabledBy" : "admin",
  "authzAcl" : "",
  "renewal" : false,
  "inputs" : [ {
    "id" : "i1",
    "ClassID" : "keyGenInputImpl",
    "Name" : "Key Generation",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "cert_request_type",
      "Descriptor" : {
        "Syntax" : "keygen_request_type",
        "Description" : "Key Generation Request Type"
      }
    }, {
      "name" : "cert_request",
      "Descriptor" : {
        "Syntax" : "keygen_request",
        "Description" : "Key Generation Request"
      }
    } ]
  }, {
    "id" : "i2",
    "ClassID" : "subjectNameInputImpl",
    "Name" : "Subject Name",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "sn_uid",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "UID"
      }
    }, {
      "name" : "sn_e",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Email"
      }
    }, {
      "name" : "sn_cn",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Common Name"
      }
    }, {
      "name" : "sn_ou3",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 3"
      }
    }, {
      "name" : "sn_ou2",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 2"
      }
    }, {
      "name" : "sn_ou1",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 1"
      }
    }, {
      "name" : "sn_ou",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit"
      }
    }, {
      "name" : "sn_o",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organization"
      }
    }, {
      "name" : "sn_c",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Country"
      }
    } ]
  }, {
    "id" : "i3",
    "ClassID" : "submitterInfoInputImpl",
    "Name" : "Requestor Information",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "requestor_name",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Name"
      }
    }, {
      "name" : "requestor_email",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Email"
      }
    }, {
      "name" : "requestor_phone",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Phone"
      }
    } ]
  } ],
  "outputs" : [ {
    "id" : "o1",
    "name" : "Certificate Output",
    "classId" : "certOutputImpl",
    "attributes" : [ {
      "name" : "pretty_cert",
      "Descriptor" : {
        "Syntax" : "pretty_print",
        "Description" : "Certificate Pretty Print"
      }
    }, {
      "name" : "b64_cert",
      "Descriptor" : {
        "Syntax" : "pretty_print",
        "Description" : "Certificate Base-64 Encoded"
      }
    } ]
  } ],
  "policySets" : {
    "userCertSet" : [ {
      "id" : "1",
      "def" : {
        "name" : "Subject Name Default",
        "classId" : "userSubjectNameDefaultImpl",
        "text" : "This default populates a User-Supplied Certificate Subject Name to the request.",
        "attributes" : [ {
          "name" : "name",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name"
          }
        } ],
        "params" : [ {
          "name" : "useSysEncoding",
          "value" : ""
        } ]
      },
      "constraint" : {
        "name" : "Subject Name Constraint",
        "text" : "This constraint accepts the subject name that matches UID=.*",
        "classId" : "subjectNameConstraintImpl",
        "constraints" : [ {
          "name" : "pattern",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name Pattern"
          },
          "value" : "UID=.*"
        } ]
      }
    }, {
      "id" : "10",
      "def" : {
        "name" : "No Default",
        "classId" : "noDefaultImpl",
        "text" : "No Default",
        "attributes" : [ ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Renewal Grace Period Constraint",
        "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.",
        "classId" : "renewGracePeriodConstraintImpl",
        "constraints" : [ {
          "name" : "renewal.graceBefore",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Renewal Grace Period Before",
            "DefaultValue" : "30"
          },
          "value" : "30"
        }, {
          "name" : "renewal.graceAfter",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Renewal Grace Period After",
            "DefaultValue" : "30"
          },
          "value" : "30"
        } ]
      }
    }, {
      "id" : "2",
      "def" : {
        "name" : "Validity Default",
        "classId" : "validityDefaultImpl",
        "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days",
        "attributes" : [ {
          "name" : "notBefore",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not Before"
          }
        }, {
          "name" : "notAfter",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not After"
          }
        } ],
        "params" : [ {
          "name" : "range",
          "value" : "180"
        }, {
          "name" : "rangeUnit",
          "value" : ""
        }, {
          "name" : "startTime",
          "value" : "0"
        } ]
      },
      "constraint" : {
        "name" : "Validity Constraint",
        "text" : "This constraint rejects the validity that is not between 365 days.",
        "classId" : "validityConstraintImpl",
        "constraints" : [ {
          "name" : "range",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Validity Range",
            "DefaultValue" : "365"
          },
          "value" : "365"
        }, {
          "name" : "rangeUnit",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Validity Range Unit: year, month, day (default), hour, minute",
            "DefaultValue" : "day"
          },
          "value" : ""
        }, {
          "name" : "notBeforeGracePeriod",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Grace period for Not Before being set in the future (in seconds).",
            "DefaultValue" : "0"
          },
          "value" : ""
        }, {
          "name" : "notBeforeCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not Before against current time",
            "DefaultValue" : "false"
          },
          "value" : "false"
        }, {
          "name" : "notAfterCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not After against Not Before",
            "DefaultValue" : "false"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "3",
      "def" : {
        "name" : "Key Default",
        "classId" : "userKeyDefaultImpl",
        "text" : "This default populates a User-Supplied Certificate Key to the request.",
        "attributes" : [ {
          "name" : "TYPE",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Type"
          }
        }, {
          "name" : "LEN",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Length"
          }
        }, {
          "name" : "KEY",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Key Constraint",
        "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096",
        "classId" : "keyConstraintImpl",
        "constraints" : [ {
          "name" : "keyType",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "-,RSA,EC",
            "Description" : "Key Type",
            "DefaultValue" : "RSA"
          },
          "value" : "RSA"
        }, {
          "name" : "keyParameters",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.",
            "DefaultValue" : ""
          },
          "value" : "1024,2048,3072,4096"
        } ]
      }
    }, {
      "id" : "4",
      "def" : {
        "name" : "Authority Key Identifier Default",
        "classId" : "authorityKeyIdentifierExtDefaultImpl",
        "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.",
        "attributes" : [ {
          "name" : "critical",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Criticality"
          }
        }, {
          "name" : "keyid",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key ID"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "5",
      "def" : {
        "name" : "AIA Extension Default",
        "classId" : "authInfoAccessExtDefaultImpl",
        "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}",
        "attributes" : [ {
          "name" : "authInfoAccessCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "authInfoAccessGeneralNames",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ {
          "name" : "authInfoAccessCritical",
          "value" : "false"
        }, {
          "name" : "authInfoAccessNumADs",
          "value" : "1"
        }, {
          "name" : "authInfoAccessADMethod_0",
          "value" : "1.3.6.1.5.5.7.48.1"
        }, {
          "name" : "authInfoAccessADLocationType_0",
          "value" : "URIName"
        }, {
          "name" : "authInfoAccessADLocation_0",
          "value" : ""
        }, {
          "name" : "authInfoAccessADEnable_0",
          "value" : "true"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "6",
      "def" : {
        "name" : "Key Usage Default",
        "classId" : "keyUsageExtDefaultImpl",
        "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
        "attributes" : [ {
          "name" : "keyUsageCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDigitalSignature",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Digital Signature",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageNonRepudiation",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Non-Repudiation",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyEncipherment",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key Encipherment",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDataEncipherment",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Data Encipherment",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyAgreement",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key Agreement",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyCertSign",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key CertSign",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageCrlSign",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "CRL Sign",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageEncipherOnly",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Encipher Only",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDecipherOnly",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Decipher Only",
            "DefaultValue" : "false"
          }
        } ],
        "params" : [ {
          "name" : "keyUsageCritical",
          "value" : "true"
        }, {
          "name" : "keyUsageDigitalSignature",
          "value" : "true"
        }, {
          "name" : "keyUsageNonRepudiation",
          "value" : "true"
        }, {
          "name" : "keyUsageKeyEncipherment",
          "value" : "true"
        }, {
          "name" : "keyUsageDataEncipherment",
          "value" : "false"
        }, {
          "name" : "keyUsageKeyAgreement",
          "value" : "false"
        }, {
          "name" : "keyUsageKeyCertSign",
          "value" : "false"
        }, {
          "name" : "keyUsageCrlSign",
          "value" : "false"
        }, {
          "name" : "keyUsageEncipherOnly",
          "value" : "false"
        }, {
          "name" : "keyUsageDecipherOnly",
          "value" : "false"
        } ]
      },
      "constraint" : {
        "name" : "Key Usage Extension Constraint",
        "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
        "classId" : "keyUsageExtConstraintImpl",
        "constraints" : [ {
          "name" : "keyUsageCritical",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Criticality",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageDigitalSignature",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Digital Signature",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageNonRepudiation",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Non-Repudiation",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageKeyEncipherment",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key Encipherment",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageDataEncipherment",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Data Encipherment",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageKeyAgreement",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key Agreement",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageKeyCertSign",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key CertSign",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageCrlSign",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "CRL Sign",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageEncipherOnly",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Encipher Only",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageDecipherOnly",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Decipher Only",
            "DefaultValue" : "-"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "7",
      "def" : {
        "name" : "Extended Key Usage Extension Default",
        "classId" : "extendedKeyUsageExtDefaultImpl",
        "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4",
        "attributes" : [ {
          "name" : "exKeyUsageCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "exKeyUsageOIDs",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "Comma-Separated list of Object Identifiers"
          }
        } ],
        "params" : [ {
          "name" : "exKeyUsageCritical",
          "value" : "false"
        }, {
          "name" : "exKeyUsageOIDs",
          "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "8",
      "def" : {
        "name" : "Subject Alt Name Constraint",
        "classId" : "subjectAltNameExtDefaultImpl",
        "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}",
        "attributes" : [ {
          "name" : "subjAltNameExtCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "subjAltNames",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ {
          "name" : "subjAltNameExtCritical",
          "value" : "false"
        }, {
          "name" : "subjAltNameNumGNs",
          "value" : "1"
        }, {
          "name" : "subjAltExtType_0",
          "value" : "RFC822Name"
        }, {
          "name" : "subjAltExtPattern_0",
          "value" : "$request.requestor_email$"
        }, {
          "name" : "subjAltExtGNEnable_0",
          "value" : "true"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "9",
      "def" : {
        "name" : "Signing Alg",
        "classId" : "signingAlgDefaultImpl",
        "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA",
        "attributes" : [ {
          "name" : "signingAlg",
          "Descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
            "Description" : "Signing Algorithm"
          }
        } ],
        "params" : [ {
          "name" : "signingAlg",
          "value" : "-"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
        "classId" : "signingAlgConstraintImpl",
        "constraints" : [ {
          "name" : "signingAlgsAllowed",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Allowed Signing Algorithms",
            "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"
          },
          "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"
        } ]
      }
    } ]
  },
  "xmloutput" : false
}

/ca/v2/profiles/{id}

POST

action (enable/disable)

204

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -X POST "https://$HOSTNAME:8443/ca/v2/profiles/caUserCert?action=disable"

/ca/v2/profiles/{id}

PUT

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"id":"test","classId":"caEnrollImpl","name":"Manual User Dual-Use Certificate Enrollment","description":"This certificate profile is for enrolling user certificates.","enabled":true,"visible":true,"enabledBy":"admin","authzAcl":"","renewal":false,"inputs":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"outputs":[{"id":"o1","name":"Certificate Output","classId":"certOutputImpl","attributes":[{"name":"pretty_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Pretty Print"}},{"name":"b64_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Base-64 Encoded"}}]}],"policySets":{"userCertSet":[{"id":"1","def":{"name":"Subject Name Default","classId":"userSubjectNameDefaultImpl","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[{"name":"useSysEncoding","value":""}]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"subjectNameConstraintImpl","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","classId":"noDefaultImpl","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"renewGracePeriodConstraintImpl","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","classId":"validityDefaultImpl","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[{"name":"range","value":"180"},{"name":"rangeUnit","value":""},{"name":"startTime","value":"0"}]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"validityConstraintImpl","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","classId":"userKeyDefaultImpl","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"keyConstraintImpl","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","classId":"authorityKeyIdentifierExtDefaultImpl","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","classId":"authInfoAccessExtDefaultImpl","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"authInfoAccessCritical","value":"false"},{"name":"authInfoAccessNumADs","value":"1"},{"name":"authInfoAccessADMethod_0","value":"1.3.6.1.5.5.7.48.1"},{"name":"authInfoAccessADLocationType_0","value":"URIName"},{"name":"authInfoAccessADLocation_0","value":""},{"name":"authInfoAccessADEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","classId":"keyUsageExtDefaultImpl","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[{"name":"keyUsageCritical","value":"true"},{"name":"keyUsageDigitalSignature","value":"true"},{"name":"keyUsageNonRepudiation","value":"true"},{"name":"keyUsageKeyEncipherment","value":"true"},{"name":"keyUsageDataEncipherment","value":"false"},{"name":"keyUsageKeyAgreement","value":"false"},{"name":"keyUsageKeyCertSign","value":"false"},{"name":"keyUsageCrlSign","value":"false"},{"name":"keyUsageEncipherOnly","value":"false"},{"name":"keyUsageDecipherOnly","value":"false"}]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"keyUsageExtConstraintImpl","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","classId":"extendedKeyUsageExtDefaultImpl","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[{"name":"exKeyUsageCritical","value":"false"},{"name":"exKeyUsageOIDs","value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","classId":"subjectAltNameExtDefaultImpl","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"subjAltNameExtCritical","value":"false"},{"name":"subjAltNameNumGNs","value":"1"},{"name":"subjAltExtType_0","value":"RFC822Name"},{"name":"subjAltExtPattern_0","value":"$request.requestor_email$"},{"name":"subjAltExtGNEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","classId":"signingAlgDefaultImpl","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[{"name":"signingAlg","value":"-"}]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"signingAlgConstraintImpl","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]},"xmloutput":false}' -X Put https://$HOSTNAME:8443/ca/v2/profiles/test
{
  "id" : "test",
  "classId" : "caEnrollImpl",
  "name" : "Manual User Dual-Use Certificate Enrollment",
  "description" : "This certificate profile is for enrolling user certificates.",
  "enabled" : false,
  "visible" : true,
  "authzAcl" : "",
  "renewal" : false,
  "inputs" : [ {
    "id" : "i1",
    "ClassID" : "keyGenInputImpl",
    "Name" : "Key Generation",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "cert_request_type",
      "Descriptor" : {
        "Syntax" : "keygen_request_type",
        "Description" : "Key Generation Request Type"
      }
    }, {
      "name" : "cert_request",
      "Descriptor" : {
        "Syntax" : "keygen_request",
        "Description" : "Key Generation Request"
      }
    } ]
  }, {
    "id" : "i2",
    "ClassID" : "subjectNameInputImpl",
    "Name" : "Subject Name",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "sn_uid",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "UID"
      }
    }, {
      "name" : "sn_e",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Email"
      }
    }, {
      "name" : "sn_cn",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Common Name"
      }
    }, {
      "name" : "sn_ou3",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 3"
      }
    }, {
      "name" : "sn_ou2",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 2"
      }
    }, {
      "name" : "sn_ou1",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 1"
      }
    }, {
      "name" : "sn_ou",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit"
      }
    }, {
      "name" : "sn_o",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organization"
      }
    }, {
      "name" : "sn_c",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Country"
      }
    } ]
  }, {
    "id" : "i3",
    "ClassID" : "submitterInfoInputImpl",
    "Name" : "Requestor Information",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "requestor_name",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Name"
      }
    }, {
      "name" : "requestor_email",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Email"
      }
    }, {
      "name" : "requestor_phone",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Phone"
      }
    } ]
  } ],
  "outputs" : [ {
    "id" : "o1",
    "name" : "Certificate Output",
    "classId" : "certOutputImpl",
    "attributes" : [ {
      "name" : "pretty_cert",
      "Descriptor" : {
        "Syntax" : "pretty_print",
        "Description" : "Certificate Pretty Print"
      }
    }, {
      "name" : "b64_cert",
      "Descriptor" : {
        "Syntax" : "pretty_print",
        "Description" : "Certificate Base-64 Encoded"
      }
    } ]
  } ],
  "policySets" : {
    "userCertSet" : [ {
      "id" : "1",
      "def" : {
        "name" : "Subject Name Default",
        "classId" : "userSubjectNameDefaultImpl",
        "text" : "This default populates a User-Supplied Certificate Subject Name to the request.",
        "attributes" : [ {
          "name" : "name",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name"
          }
        } ],
        "params" : [ {
          "name" : "useSysEncoding",
          "value" : ""
        } ]
      },
      "constraint" : {
        "name" : "Subject Name Constraint",
        "text" : "This constraint accepts the subject name that matches UID=.*",
        "classId" : "subjectNameConstraintImpl",
        "constraints" : [ {
          "name" : "pattern",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name Pattern"
          },
          "value" : "UID=.*"
        } ]
      }
    }, {
      "id" : "10",
      "def" : {
        "name" : "No Default",
        "classId" : "noDefaultImpl",
        "text" : "No Default",
        "attributes" : [ ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Renewal Grace Period Constraint",
        "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.",
        "classId" : "renewGracePeriodConstraintImpl",
        "constraints" : [ {
          "name" : "renewal.graceBefore",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Renewal Grace Period Before",
            "DefaultValue" : "30"
          },
          "value" : "30"
        }, {
          "name" : "renewal.graceAfter",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Renewal Grace Period After",
            "DefaultValue" : "30"
          },
          "value" : "30"
        } ]
      }
    }, {
      "id" : "2",
      "def" : {
        "name" : "Validity Default",
        "classId" : "validityDefaultImpl",
        "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days",
        "attributes" : [ {
          "name" : "notBefore",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not Before"
          }
        }, {
          "name" : "notAfter",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not After"
          }
        } ],
        "params" : [ {
          "name" : "range",
          "value" : "180"
        }, {
          "name" : "rangeUnit",
          "value" : ""
        }, {
          "name" : "startTime",
          "value" : "0"
        } ]
      },
      "constraint" : {
        "name" : "Validity Constraint",
        "text" : "This constraint rejects the validity that is not between 365 days.",
        "classId" : "validityConstraintImpl",
        "constraints" : [ {
          "name" : "range",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Validity Range",
            "DefaultValue" : "365"
          },
          "value" : "365"
        }, {
          "name" : "rangeUnit",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Validity Range Unit: year, month, day (default), hour, minute",
            "DefaultValue" : "day"
          },
          "value" : ""
        }, {
          "name" : "notBeforeGracePeriod",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Grace period for Not Before being set in the future (in seconds).",
            "DefaultValue" : "0"
          },
          "value" : ""
        }, {
          "name" : "notBeforeCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not Before against current time",
            "DefaultValue" : "false"
          },
          "value" : "false"
        }, {
          "name" : "notAfterCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not After against Not Before",
            "DefaultValue" : "false"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "3",
      "def" : {
        "name" : "Key Default",
        "classId" : "userKeyDefaultImpl",
        "text" : "This default populates a User-Supplied Certificate Key to the request.",
        "attributes" : [ {
          "name" : "TYPE",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Type"
          }
        }, {
          "name" : "LEN",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Length"
          }
        }, {
          "name" : "KEY",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Key Constraint",
        "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096",
        "classId" : "keyConstraintImpl",
        "constraints" : [ {
          "name" : "keyType",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "-,RSA,EC",
            "Description" : "Key Type",
            "DefaultValue" : "RSA"
          },
          "value" : "RSA"
        }, {
          "name" : "keyParameters",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.",
            "DefaultValue" : ""
          },
          "value" : "1024,2048,3072,4096"
        } ]
      }
    }, {
      "id" : "4",
      "def" : {
        "name" : "Authority Key Identifier Default",
        "classId" : "authorityKeyIdentifierExtDefaultImpl",
        "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.",
        "attributes" : [ {
          "name" : "critical",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Criticality"
          }
        }, {
          "name" : "keyid",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key ID"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "5",
      "def" : {
        "name" : "AIA Extension Default",
        "classId" : "authInfoAccessExtDefaultImpl",
        "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}",
        "attributes" : [ {
          "name" : "authInfoAccessCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "authInfoAccessGeneralNames",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ {
          "name" : "authInfoAccessCritical",
          "value" : "false"
        }, {
          "name" : "authInfoAccessNumADs",
          "value" : "1"
        }, {
          "name" : "authInfoAccessADMethod_0",
          "value" : "1.3.6.1.5.5.7.48.1"
        }, {
          "name" : "authInfoAccessADLocationType_0",
          "value" : "URIName"
        }, {
          "name" : "authInfoAccessADLocation_0",
          "value" : ""
        }, {
          "name" : "authInfoAccessADEnable_0",
          "value" : "true"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "6",
      "def" : {
        "name" : "Key Usage Default",
        "classId" : "keyUsageExtDefaultImpl",
        "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
        "attributes" : [ {
          "name" : "keyUsageCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDigitalSignature",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Digital Signature",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageNonRepudiation",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Non-Repudiation",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyEncipherment",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key Encipherment",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDataEncipherment",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Data Encipherment",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyAgreement",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key Agreement",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyCertSign",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key CertSign",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageCrlSign",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "CRL Sign",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageEncipherOnly",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Encipher Only",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDecipherOnly",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Decipher Only",
            "DefaultValue" : "false"
          }
        } ],
        "params" : [ {
          "name" : "keyUsageCritical",
          "value" : "true"
        }, {
          "name" : "keyUsageDigitalSignature",
          "value" : "true"
        }, {
          "name" : "keyUsageNonRepudiation",
          "value" : "true"
        }, {
          "name" : "keyUsageKeyEncipherment",
          "value" : "true"
        }, {
          "name" : "keyUsageDataEncipherment",
          "value" : "false"
        }, {
          "name" : "keyUsageKeyAgreement",
          "value" : "false"
        }, {
          "name" : "keyUsageKeyCertSign",
          "value" : "false"
        }, {
          "name" : "keyUsageCrlSign",
          "value" : "false"
        }, {
          "name" : "keyUsageEncipherOnly",
          "value" : "false"
        }, {
          "name" : "keyUsageDecipherOnly",
          "value" : "false"
        } ]
      },
      "constraint" : {
        "name" : "Key Usage Extension Constraint",
        "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
        "classId" : "keyUsageExtConstraintImpl",
        "constraints" : [ {
          "name" : "keyUsageCritical",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Criticality",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageDigitalSignature",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Digital Signature",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageNonRepudiation",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Non-Repudiation",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageKeyEncipherment",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key Encipherment",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageDataEncipherment",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Data Encipherment",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageKeyAgreement",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key Agreement",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageKeyCertSign",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key CertSign",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageCrlSign",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "CRL Sign",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageEncipherOnly",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Encipher Only",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageDecipherOnly",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Decipher Only",
            "DefaultValue" : "-"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "7",
      "def" : {
        "name" : "Extended Key Usage Extension Default",
        "classId" : "extendedKeyUsageExtDefaultImpl",
        "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4",
        "attributes" : [ {
          "name" : "exKeyUsageCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "exKeyUsageOIDs",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "Comma-Separated list of Object Identifiers"
          }
        } ],
        "params" : [ {
          "name" : "exKeyUsageCritical",
          "value" : "false"
        }, {
          "name" : "exKeyUsageOIDs",
          "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "8",
      "def" : {
        "name" : "Subject Alt Name Constraint",
        "classId" : "subjectAltNameExtDefaultImpl",
        "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}",
        "attributes" : [ {
          "name" : "subjAltNameExtCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "subjAltNames",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ {
          "name" : "subjAltNameExtCritical",
          "value" : "false"
        }, {
          "name" : "subjAltNameNumGNs",
          "value" : "1"
        }, {
          "name" : "subjAltExtType_0",
          "value" : "RFC822Name"
        }, {
          "name" : "subjAltExtPattern_0",
          "value" : "$request.requestor_email$"
        }, {
          "name" : "subjAltExtGNEnable_0",
          "value" : "true"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "9",
      "def" : {
        "name" : "Signing Alg",
        "classId" : "signingAlgDefaultImpl",
        "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA",
        "attributes" : [ {
          "name" : "signingAlg",
          "Descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
            "Description" : "Signing Algorithm"
          }
        } ],
        "params" : [ {
          "name" : "signingAlg",
          "value" : "-"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
        "classId" : "signingAlgConstraintImpl",
        "constraints" : [ {
          "name" : "signingAlgsAllowed",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Allowed Signing Algorithms",
            "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"
          },
          "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"
        } ]
      }
    } ]
  },
  "xmloutput" : false
}

/ca/v2/profiles/{id}

DELETE

action (enable/disable)

204

Show
$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/profiles/test

/ca/v2/profiles/raw

POST

None

201

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --data-binary @- https://$HOSTNAME:8443/ca/v2/profiles/raw << EOF
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=true
enableBy=caadmin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=test
visible=false
EOF
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=false
enableBy=caadmin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=test
visible=false

/ca/v2/profiles/{id}/raw

GET

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/profiles/caUserCert
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=true
enableBy=caadmin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=caUserCert
visible=false

/ca/v2/profiles/{id}raw

PUT

None

200

Show
$ curl --cacert ./ca_signing.crt -b session_cookie --data-binary @- -X PUT https://$HOSTNAME:8443/ca/v2/profiles/test/raw << EOF
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=false
enableBy=caadmin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=test
visible=false
EOF
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.3.constraint.params.keyType=RSA
input.i2.class_id=subjectNameInputImpl
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
output.o1.class_id=certOutputImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
output.list=o1
input.list=i1,i2,i3
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.2.constraint.params.range=365
visible=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.2.default.name=Validity Default
desc=This certificate profile is for enrolling user certificates.
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.9.default.params.signingAlg=-
auth.class_id=
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
enable=false
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.9.constraint.name=No Constraint
input.i1.class_id=keyGenInputImpl
enableBy=caadmin
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.name=Validity Constraint
input.i3.class_id=submitterInfoInputImpl
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
name=Manual User Dual-Use Certificate Enrollment
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.list=userCertSet
policyset.userCertSet.8.default.params.subjAltExtPattern_0=.requestor_email$
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false

TPS endpoints

Note
endpoints requiring authentication can be accessed providing the session cookie retrieved in the login api (/<app>/v2/account/login) or the user credentials (user/password or certificates).

See Also

Clone this wiki locally