Skip to content

CA REST API v2

Marco Fargetta edited this page Dec 12, 2024 · 10 revisions

API endpoints

Warning
This feature is still under development. The API might still change. Do not use it in production.
Path Method Parameters Return code Mime Input

/ca/v2/admin/kraconnector

GET

None

200

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/admin/kraconnector
{
  "host" : "pki.example.com",
  "port" : "8443",
  "transportCert" : "MIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==",
  "uri" : "/kra/agent/kra/connector",
  "timeout" : "30",
  "local" : "false",
  "enable" : "true"
}

/ca/v2/admin/kraconnector/add

POST

None

204

application/json

KRA connector configuration in json with host, port, transportCert (the base64), transportCertNickname, subsystemCert, uri, timeout, local and enable

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json '{"host":"pki.example.com","port":"8443","transportCert":"MIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==","uri":"/kra/agent/kra/connector","timeout":"30","local":"false","enable":"true"}' https://$HOSTNAME:8443/ca/v2/admin/kraconnector/add

/ca/v2/admin/kraconnector/addHost

POST

host, port

204

No output

No input expected

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X POST "https://$HOSTNAME:8443/ca/v2/admin/kraconnector/addHost?host=pki2.example.com&port=8443"

/ca/v2/admin/kraconnector/remove

POST

host, port

204

No output

No input expected

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X POST  "https://$HOSTNAME:8443/ca/v2/admin/kraconnector/remove?host=pki.example.com&port=8443"

/ca/v2/agent/certrequests

GET

pageSize, start, maxTime

200

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    "https://$HOSTNAME:8443/ca/v2/agent/certrequests?pageSize=2"
{
  "total" : 7,
  "entries" : [ {
    "requestID" : "0x58e47a524bff8fbc512465759b63f424",
    "requestType" : "enrollment",
    "requestStatus" : "complete",
    "creationTime" : 1730200079000,
    "modificationTime" : 1730200084000,
    "certId" : "0x86614664f6379c1c2d0a39d1e47d3fd0",
    "certRequestType" : "pkcs10",
    "operationResult" : "success"
  }, {
    "requestID" : "0x5f2533c00bb8934584decbf1aa9ab987",
    "requestType" : "enrollment",
    "requestStatus" : "complete",
    "creationTime" : 1730200087000,
    "modificationTime" : 1730200093000,
    "certId" : "0xf84f45cd025332f2b06d1ec58136be89",
    "certRequestType" : "pkcs10",
    "operationResult" : "success"
  } ]
}

/ca/v2/agent/certrequests/{id}

GET

None

200

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/agent/certrequests/0x5f2533c00bb8934584decbf1aa9ab987
{
  "nonce" : "-8579840105031817822",
  "requestId" : "0x5f2533c00bb8934584decbf1aa9ab987",
  "requestType" : "enrollment",
  "requestStatus" : "complete",
  "requestOwner" : "",
  "requestCreationTime" : "Tue Oct 29 11:08:07 UTC 2024",
  "requestModificationTime" : "Tue Oct 29 11:08:13 UTC 2024",
  "requestNotes" : "",
  "profileApprovedBy" : "system",
  "profileSetId" : "ocspCertSet",
  "profileIsVisible" : "true",
  "profileName" : "Manual OCSP Manager Signing Certificate Enrollment",
  "profileDescription" : "This certificate profile is for enrolling OCSP Manager certificates.",
  "ProfileID" : "caOCSPCert",
  "Renewal" : false,
  "Input" : [ {
    "ClassID" : "CertReqInput",
    "Name" : "Certificate Request Input",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "cert_request_type",
      "Value" : "pkcs10"
    }, {
      "name" : "cert_request",
      "Value" : "-----BEGIN CERTIFICATE REQUEST-----\nMIIDkjCCAfoCAQAwTTEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEkMCIG\nA1UEAwwbQ0EgT0NTUCBTaWduaW5nIENlcnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A\nMIIBigKCAYEAsaCn1oUxVloC5G+Adi8rF40WEk10IL7NUEw9Bm6+704T7pKut9BDOH/8sCU+/bcw\nAHNKUpqKbpS55N7V0xYntfyiD8RxGVY4BxPWMPuhLcb5zRZXybKIvV2KpgOqQmS5+Sx0HrEyA6Xo\nFyB5E7fE/mqheA7V1RyL047m1T0ER/tkHWYldj0aLlYQKv8dmfzW52PRYF08ByVWzTXcByFyO3Tg\nwjN84ksKAfihBiALj92jgbxyOHD/utEFtz8XpjlqLMl7MVYhpeu/p5DbCTPk55OcKwQF6MbLMExl\nSrvF6JBKHLfLdbFY3OwbryP+f1Dc9UlFoDELZjlp+Z2klwlxympqTpsXztMzAQUfRqu5GjcL7v9s\nLmNahVoKfWuZWQEC5FUHyJk3DT/v0jax30QHq3CqoYUWZs/rolfpzInvqSMmDmxHz/nIdEwpmhvt\nAijuwG+Qm1PA4eHy2l3OhIGYWvYgA5oEq/BLZgvi3SOhNR3ctz98rlEI2j3MWy9dYBDhAgMBAAGg\nADANBgkqhkiG9w0BAQsFAAOCAYEAputw+T001caAwVTyZttOf5hmmiHnwqw1BFfoVA1Sy2W9xRrU\nTvCF2/eiSiRbLfsgpikgtOpRuON+m1SiYK/W3v+SkU1d9ewNQo1u2oNh1sjpzZjkLvfEvx4jjiDQ\nmA6GhhMzUiMvWPM9+d97c+1euF8mYvnyGJclutf2OVAhHdii8g5arR+gRGQHWXfziDkm3bFtgO0O\nMazHzehow81cArN27HfPzi2hPb447vekWdrDfW4O1VWp25hxTjef5LYQd8aKTIwYah+zaAqyZG6D\n7xYRxkOhb9d37nFL8qDWAZHyIcAZrkZ72APEqtMLaOewjzVrdbj/J5yncByk8SpW2E/XGy9NlDgi\nmuhMj8PuZXEItvaSpUG+o75b/o0i/CO+t+MgIQhE6dtZkEhRUpbuUN/+kILD++i4N1WB/owcOSuW\nSWER5L0gjpw8+UES4tV3qaS3zUSCZroyoUU430goxeHdk58CAoWrs9vqDdM/NkvjXrQJUmMmAL9f\nkpVhlMfw\n-----END CERTIFICATE REQUEST-----"
    } ]
  }, {
    "ClassID" : "SubmitterInfoInput",
    "Name" : "Requestor Information",
    "ConfigAttribute" : [ ],
    "Attribute" : [ ]
  } ],
  "Output" : [ ],
  "ProfilePolicySet" : [ {
    "policies" : [ {
      "id" : "1",
      "def" : {
        "name" : "Subject Name Default",
        "text" : "This default populates a User-Supplied Certificate Subject Name to the request.",
        "attributes" : [ {
          "name" : "name",
          "Value" : "CN=CA OCSP Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Subject Name Constraint",
        "text" : "This constraint accepts the subject name that matches CN=.*",
        "classId" : "SubjectNameConstraint",
        "constraints" : [ {
          "name" : "pattern",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name Pattern"
          },
          "value" : "CN=.*"
        } ]
      }
    }, {
      "id" : "2",
      "def" : {
        "name" : "Validity Default",
        "text" : "This default populates a Certificate Validity to the request. The default values are Range=720 in days",
        "attributes" : [ {
          "name" : "notBefore",
          "Value" : "2024-10-29 11:08:09",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not Before"
          }
        }, {
          "name" : "notAfter",
          "Value" : "2026-10-19 11:08:09",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not After"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Validity Constraint",
        "text" : "This constraint rejects the validity that is not between 720 days.",
        "classId" : "ValidityConstraint",
        "constraints" : [ {
          "name" : "range",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Validity Range",
            "DefaultValue" : "365"
          },
          "value" : "720"
        }, {
          "name" : "rangeUnit",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Validity Range Unit: year, month, day (default), hour, minute",
            "DefaultValue" : "day"
          },
          "value" : ""
        }, {
          "name" : "notBeforeGracePeriod",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Grace period for Not Before being set in the future (in seconds).",
            "DefaultValue" : "0"
          },
          "value" : ""
        }, {
          "name" : "notBeforeCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not Before against current time",
            "DefaultValue" : "false"
          },
          "value" : "false"
        }, {
          "name" : "notAfterCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not After against Not Before",
            "DefaultValue" : "false"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "3",
      "def" : {
        "name" : "Key Default",
        "text" : "This default populates a User-Supplied Certificate Key to the request.",
        "attributes" : [ {
          "name" : "TYPE",
          "Value" : "RSA - 1.2.840.113549.1.1.1",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Type"
          }
        }, {
          "name" : "LEN",
          "Value" : "3072",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Length"
          }
        }, {
          "name" : "KEY",
          "Value" : "30:82:01:8A:02:82:01:81:00:B1:A0:A7:D6:85:31:56:\\n5A:02:E4:6F:80:76:2F:2B:17:8D:16:12:4D:74:20:BE:\\nCD:50:4C:3D:06:6E:BE:EF:4E:13:EE:92:AE:B7:D0:43:\\n38:7F:FC:B0:25:3E:FD:B7:30:00:73:4A:52:9A:8A:6E:\\n94:B9:E4:DE:D5:D3:16:27:B5:FC:A2:0F:C4:71:19:56:\\n38:07:13:D6:30:FB:A1:2D:C6:F9:CD:16:57:C9:B2:88:\\nBD:5D:8A:A6:03:AA:42:64:B9:F9:2C:74:1E:B1:32:03:\\nA5:E8:17:20:79:13:B7:C4:FE:6A:A1:78:0E:D5:D5:1C:\\n8B:D3:8E:E6:D5:3D:04:47:FB:64:1D:66:25:76:3D:1A:\\n2E:56:10:2A:FF:1D:99:FC:D6:E7:63:D1:60:5D:3C:07:\\n25:56:CD:35:DC:07:21:72:3B:74:E0:C2:33:7C:E2:4B:\\n0A:01:F8:A1:06:20:0B:8F:DD:A3:81:BC:72:38:70:FF:\\nBA:D1:05:B7:3F:17:A6:39:6A:2C:C9:7B:31:56:21:A5:\\nEB:BF:A7:90:DB:09:33:E4:E7:93:9C:2B:04:05:E8:C6:\\nCB:30:4C:65:4A:BB:C5:E8:90:4A:1C:B7:CB:75:B1:58:\\nDC:EC:1B:AF:23:FE:7F:50:DC:F5:49:45:A0:31:0B:66:\\n39:69:F9:9D:A4:97:09:71:CA:6A:6A:4E:9B:17:CE:D3:\\n33:01:05:1F:46:AB:B9:1A:37:0B:EE:FF:6C:2E:63:5A:\\n85:5A:0A:7D:6B:99:59:01:02:E4:55:07:C8:99:37:0D:\\n3F:EF:D2:36:B1:DF:44:07:AB:70:AA:A1:85:16:66:CF:\\nEB:A2:57:E9:CC:89:EF:A9:23:26:0E:6C:47:CF:F9:C8:\\n74:4C:29:9A:1B:ED:02:28:EE:C0:6F:90:9B:53:C0:E1:\\nE1:F2:DA:5D:CE:84:81:98:5A:F6:20:03:9A:04:AB:F0:\\n4B:66:0B:E2:DD:23:A1:35:1D:DC:B7:3F:7C:AE:51:08:\\nDA:3D:CC:5B:2F:5D:60:10:E1:02:03:01:00:01\\n",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Key Constraint",
        "text" : "This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521",
        "classId" : "KeyConstraint",
        "constraints" : [ {
          "name" : "keyType",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "-,RSA,EC",
            "Description" : "Key Type",
            "DefaultValue" : "RSA"
          },
          "value" : "-"
        }, {
          "name" : "keyParameters",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.",
            "DefaultValue" : ""
          },
          "value" : "1024,2048,3072,4096,nistp256,nistp384,nistp521"
        } ]
      }
    }, {
      "id" : "4",
      "def" : {
        "name" : "Authority Key Identifier Default",
        "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.",
        "attributes" : [ {
          "name" : "critical",
          "Value" : "false",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Criticality"
          }
        }, {
          "name" : "keyid",
          "Value" : "A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\\nC4:00:E1:25\\n",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key ID"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "NoConstraint",
        "constraints" : [ ]
      }
    }, {
      "id" : "5",
      "def" : {
        "name" : "AIA Extension Default",
        "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}",
        "attributes" : [ {
          "name" : "authInfoAccessCritical",
          "Value" : "false",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "authInfoAccessGeneralNames",
          "Value" : "Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://pki.example.com:8080/ca/ocsp\r\nEnable:true\r\n\r\n",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "NoConstraint",
        "constraints" : [ ]
      }
    }, {
      "id" : "6",
      "def" : {
        "name" : "Extended Key Usage Default",
        "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.9",
        "attributes" : [ {
          "name" : "exKeyUsageCritical",
          "Value" : "false",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "exKeyUsageOIDs",
          "Value" : "1.3.6.1.5.5.7.3.9",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "Comma-Separated list of Object Identifiers"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Extended Key Usage Extension",
        "text" : "This constraint accepts the Extended Key Usage extension, if present, only when Criticality=false, OIDs=1.3.6.1.5.5.7.3.9",
        "classId" : "ExtendedKeyUsageExtConstraint",
        "constraints" : [ {
          "name" : "exKeyUsageCritical",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Criticality",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "exKeyUsageOIDs",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Comma-Separated list of Object Identifiers"
          },
          "value" : "1.3.6.1.5.5.7.3.9"
        } ]
      }
    }, {
      "id" : "8",
      "def" : {
        "name" : "OCSP No Check Extension",
        "text" : "This default populates an OCSP No Check Extension (1.3.6.1.5.5.7.48.1.5) to the request. The default values are Criticality=false",
        "attributes" : [ {
          "name" : "ocspNoCheckCritical",
          "Value" : "false",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "This constraint accepts the extension only when Criticality=false, OID=1.3.6.1.5.5.7.48.1.5",
        "classId" : "ExtensionConstraint",
        "constraints" : [ {
          "name" : "extCritical",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Criticality",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "extOID",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Object Identifier"
          },
          "value" : "1.3.6.1.5.5.7.48.1.5"
        } ]
      }
    }, {
      "id" : "9",
      "def" : {
        "name" : "Signing Alg",
        "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA",
        "attributes" : [ {
          "name" : "signingAlg",
          "Value" : "SHA256withRSA",
          "Descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
            "Description" : "Signing Algorithm"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
        "classId" : "SigningAlgConstraint",
        "constraints" : [ {
          "name" : "signingAlgsAllowed",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Allowed Signing Algorithms",
            "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"
          },
          "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"
        } ]
      }
    } ]
  } ],
  "Attributes" : {
    "Attribute" : [ ]
  }
}

/ca/v2/agent/certrequests/{id}/approve
/ca/v2/agent/certrequests/{id}/assign
/ca/v2/agent/certrequests/{id}/cancel
/ca/v2/agent/certrequests/{id}/reject
/ca/v2/agent/certrequests/{id}/validate
/ca/v2/agent/certrequests/{id}/unassign
/ca/v2/agent/certrequests/{id}/update

POST

None

204

No output

Full cert request json obtained from GET operation

Example
$ curl --cacert ./ca_signing.crt -b session_cookie --json '{"nonce":"698006587460251198","requestId":"0x563c6ef28a2aa590fb5df963043be30e","requestType":"enrollment","requestStatus":"pending","requestOwner":"","requestCreationTime":"Wed Oct 30 11:09:30 UTC 2024","requestModificationTime":"Wed Oct 30 11:09:30 UTC 2024","requestNotes":"","profileApprovedBy":"admin","profileSetId":"userCertSet","profileIsVisible":"false","profileName":"Manual User Dual-Use Certificate Enrollment","profileDescription":"This certificate profile is for enrolling user certificates.","profileRemoteHost":"172.18.0.3","profileRemoteAddr":"172.18.0.3","ProfileID":"caUserCert","Renewal":false,"Input":[{"ClassID":"KeyGenInput","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Value":"pkcs10"},{"name":"cert_request","Value":"-----BEGIN CERTIFICATE REQUEST-----\nMIICXjCCAUYCAQAwGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUA\r\nA4IBDwAwggEKAoIBAQCfuroXU/H8AxyI3pBKF7mYRoP+yL0Qucqg9fvnJdY7M/E3OIHg+2l5f2UX\r\nL+Q9ESDZ7EMGxmuORPvqwwNuHSKaW/kfurcdTFlQjVuoXwUwy86D/veAp317tDZZmcjU6DgWrx8M\r\nA5c46Ck8KOa5NOetPjpbCufTLaKmPDM6+Rsei+aY5FMksHh6W+a1djuz1yN0COc60/+pzR4MCzMZ\r\n1N8TYKmtfprectaK9Jj0ckkRZ9zAuAwxdNnfSkNIgu8btBX7+/9IqSi+s/TUTo8jDxXWZkEu+Pn+\r\nCVpuYFd2lvij7gCJ2fKuDy5yyh1HFJFFWqQZ+V+snylBeAwHgk3V9dJvAgMBAAGgADANBgkqhkiG\r\n9w0BAQsFAAOCAQEAfYpmNiENJOVycl9DODw3UEmLDEZl5vDplUaK4E47ITz6rbB/vSQzXB/KDDuU\r\nLq/aqfPhhXFDYaQ3BLlgrxYcuojiDMEkEwi6lU1OxPpEWcCrCSMx0NzsQMA3XSWziMwCc0kyodlQ\r\nRYOEDMWfWNplBA/6kdEb5Vce/UrbOdbquWgcIopYyJ9QdLJJbqvFN2JUwpibd7pJSyglWK/WHk8o\r\nov1jQIkYmSlznQwLQyeliBMMX4pFN3BAgEuo4hFlYeP5r1ig3xsdXmKbZgtGo1FEK7OBHAbfmMs0\r\nNdp2mLo5hvNSTTYl4aATsR9SfljuRtjhZtqPfsonzDAjO+wj5dOC7g==\r\n-----END CERTIFICATE REQUEST-----"}]},{"ClassID":"SubjectNameInput","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Value":"newUser"}]},{"ClassID":"SubmitterInfoInput","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[]}],"Output":[],"ProfilePolicySet":[{"policies":[{"id":"1","def":{"name":"Subject Name Default","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Value":"UID=newUser","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"SubjectNameConstraint","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"RenewGracePeriodConstraint","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Value":"2024-10-30 11:09:30","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Value":"2025-04-28 11:09:30","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"ValidityConstraint","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Value":"RSA - 1.2.840.113549.1.1.1","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Value":"2048","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Value":"30:82:01:0A:02:82:01:01:00:9F:BA:BA:17:53:F1:FC:\\n03:1C:88:DE:90:4A:17:B9:98:46:83:FE:C8:BD:10:B9:\\nCA:A0:F5:FB:E7:25:D6:3B:33:F1:37:38:81:E0:FB:69:\\n79:7F:65:17:2F:E4:3D:11:20:D9:EC:43:06:C6:6B:8E:\\n44:FB:EA:C3:03:6E:1D:22:9A:5B:F9:1F:BA:B7:1D:4C:\\n59:50:8D:5B:A8:5F:05:30:CB:CE:83:FE:F7:80:A7:7D:\\n7B:B4:36:59:99:C8:D4:E8:38:16:AF:1F:0C:03:97:38:\\nE8:29:3C:28:E6:B9:34:E7:AD:3E:3A:5B:0A:E7:D3:2D:\\nA2:A6:3C:33:3A:F9:1B:1E:8B:E6:98:E4:53:24:B0:78:\\n7A:5B:E6:B5:76:3B:B3:D7:23:74:08:E7:3A:D3:FF:A9:\\nCD:1E:0C:0B:33:19:D4:DF:13:60:A9:AD:7E:9A:DE:72:\\nD6:8A:F4:98:F4:72:49:11:67:DC:C0:B8:0C:31:74:D9:\\nDF:4A:43:48:82:EF:1B:B4:15:FB:FB:FF:48:A9:28:BE:\\nB3:F4:D4:4E:8F:23:0F:15:D6:66:41:2E:F8:F9:FE:09:\\n5A:6E:60:57:76:96:F8:A3:EE:00:89:D9:F2:AE:0F:2E:\\n72:CA:1D:47:14:91:45:5A:A4:19:F9:5F:AC:9F:29:41:\\n78:0C:07:82:4D:D5:F5:D2:6F:02:03:01:00:01\\n","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"KeyConstraint","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Value":"false","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Value":"A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\\nC4:00:E1:25\\n","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Value":"Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://pki.example.com:8080/ca/ocsp\r\nEnable:true\r\n\r\n","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Value":"true","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Value":"false","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"KeyUsageExtConstraint","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Value":"false","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"NoConstraint","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Value":"SHA256withRSA","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"SigningAlgConstraint","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]}],"Attributes":{"Attribute":[]}}' \
    https://$HOSTNAME:8443/ca/v2/agent/certrequests/0x563c6ef28a2aa590fb5df963043be30e/approve

/ca/v2/agent/certs/{id}

GET

None

200

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee
{
  "id" : "0x55092f4611ad2ede6c4064045d64bdee",
  "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "SubjectDN" : "UID=newUser",
  "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEADCCAmigAwIBAgIQVQkvRhGtLt5sQGQEXWS97jANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQK\r\nDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRp\r\nZmljYXRlMB4XDTI0MTAzMDEwNTMyMVoXDTI1MDQyODEwNTMyMVowGTEXMBUGCgmSJomT8ixkAQEM\r\nB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwESmzBPELRnX6TZDwraEt\r\nLOCo/NVffA3KCPLqHpIedbUGUn58kegtiLCpv84Aq1kcKYGz7Uy4n94NmP4YUxd5HvbUfjI5vCPB\r\n+DsMGleB59sz8StQUQMjI8TtJKZIWx1hPmE9ji7SnNgLXDxf343Bvsny3CTt8/0cavD77+exEjWf\r\nM1Qqlsn/zlfMZRsO0+pzDIisQknsT+MWdJKH7qahfpsR7b+ibp1IjwbdmkLWVV2DpcP303+17VEg\r\nS5EJTuipbXujaAlQgbhZHqt1errA6gpbsf1JgI+rY2tJdLsHK9lk6QuZYkvowSv/wQUlSu8LkY9P\r\n9uQTPmyOO75FJmiHAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUp332LU7iaBRZZqOMreTzdsQA4SUw\r\nPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAv\r\nY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0G\r\nCSqGSIb3DQEBCwUAA4IBgQCi7tLsROR9JTKX/iUGRQqy0vjTuogW0CGj6XDqBdSif9PrCLUoffVc\r\nRubwCuBXk85atycRXnaSLv8wC1uW3X0IrsET+BPLHXTh6uJ5nFE7kfcNVPZziIAjoJc7znQEhiy2\r\nJMqvFSgM/DGu/yJvt5x9GwNJWZyyOdVAU2NTER+aVr0J4QIS5ZXkXwZAuqN9ezxfpWptWn0P6fvW\r\ntLgO/iRFFGKWohvFpGfB2F44eN+zPBQPrtL0sfUSpF+lzpCDTnOqRPCJagm+V3wd4KmzIuFpA1Nj\r\nE2KcqfusDDfLm1czbhTLhdLNVTs29lC5Y1ZlgXZbITtZ0LvW5E3dFPyq7EEv3RDZlRad0M9SmQpN\r\niB38h6a4NLdmsPDbD9SSbyg4XcdNojbEiGTHUGHWFatAnmiv/U3mpWyltbBEUjk5XPl8kiQX7Hw3\r\nnl5+nQ9RZsuJb9Ea/WQjy1Na8ml1EruoVPbmriLyaE6WfHkA/WVKxvDI/eXyNAWy9Z4qKqA2rYDV\r\nMFw=\r\n-----END CERTIFICATE-----\n",
  "PKCS7CertChain" : "MIIIsQYJKoZIhvcNAQcCoIIIojCCCJ4CAQExADALBgkqhkiG9w0BBwGgggiGMIIEADCCAmigAwIB\r\nAgIQVQkvRhGtLt5sQGQEXWS97jANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExFMRMw\r\nEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTI0\r\nMTAzMDEwNTMyMVoXDTI1MDQyODEwNTMyMVowGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEi\r\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwESmzBPELRnX6TZDwraEtLOCo/NVffA3KCPLq\r\nHpIedbUGUn58kegtiLCpv84Aq1kcKYGz7Uy4n94NmP4YUxd5HvbUfjI5vCPB+DsMGleB59sz8StQ\r\nUQMjI8TtJKZIWx1hPmE9ji7SnNgLXDxf343Bvsny3CTt8/0cavD77+exEjWfM1Qqlsn/zlfMZRsO\r\n0+pzDIisQknsT+MWdJKH7qahfpsR7b+ibp1IjwbdmkLWVV2DpcP303+17VEgS5EJTuipbXujaAlQ\r\ngbhZHqt1errA6gpbsf1JgI+rY2tJdLsHK9lk6QuZYkvowSv/wQUlSu8LkY9P9uQTPmyOO75FJmiH\r\nAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUp332LU7iaBRZZqOMreTzdsQA4SUwPwYIKwYBBQUHAQEE\r\nMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNV\r\nHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUA\r\nA4IBgQCi7tLsROR9JTKX/iUGRQqy0vjTuogW0CGj6XDqBdSif9PrCLUoffVcRubwCuBXk85atycR\r\nXnaSLv8wC1uW3X0IrsET+BPLHXTh6uJ5nFE7kfcNVPZziIAjoJc7znQEhiy2JMqvFSgM/DGu/yJv\r\nt5x9GwNJWZyyOdVAU2NTER+aVr0J4QIS5ZXkXwZAuqN9ezxfpWptWn0P6fvWtLgO/iRFFGKWohvF\r\npGfB2F44eN+zPBQPrtL0sfUSpF+lzpCDTnOqRPCJagm+V3wd4KmzIuFpA1NjE2KcqfusDDfLm1cz\r\nbhTLhdLNVTs29lC5Y1ZlgXZbITtZ0LvW5E3dFPyq7EEv3RDZlRad0M9SmQpNiB38h6a4NLdmsPDb\r\nD9SSbyg4XcdNojbEiGTHUGHWFatAnmiv/U3mpWyltbBEUjk5XPl8kiQX7Hw3nl5+nQ9RZsuJb9Ea\r\n/WQjy1Na8ml1EruoVPbmriLyaE6WfHkA/WVKxvDI/eXyNAWy9Z4qKqA2rYDVMFwwggR+MIIC5qAD\r\nAgECAhEAhmFGZPY3nBwtCjnR5H0/0DANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExF\r\nMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4X\r\nDTI0MTAyOTExMDgwMFoXDTQ0MTAyOTExMDgwMFowSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UE\r\nCwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTCCAaIwDQYJKoZI\r\nhvcNAQEBBQADggGPADCCAYoCggGBAMofTnE8azu6WaltnTqsOTSEtlHdRTk75sH1xZbYsMyhUagu\r\naIMyR4x1iva5Y620bDKb4lyLF5vJtWKDZvbN5gJW/N5P4u9CZ6UlQ5Tkm5rhvq5v4LN4Sq4hO8bD\r\nPyR6MZFnDbBpnj62e/AUhGVTb5eoG2K7hDUBp4hfYGKi/5G8NkZZlCADSbFytpXJQ86SumjiHbnZ\r\nQPMg9BTZgnMPouZA7SSS1hB/5TCgEeIJpWX8l7rZ+0WfknaoQ7zLz4zJncvsXXiKbEkdbyM8+KLi\r\n3wy5P321xDuwO4A4UcSwHvPOSu5sdLFRV88bsAJ0FLFRHgOdXm5Gl1mMv4oOz8cYRVcKRUScMRUi\r\n1uhkhIOIEhTWmvMz6FZ1mDmRzaPCA6Gc2S6IsUOjzZz5Cyd8wNyEC/zIc9FjPsVudN2YXOGn2T2a\r\nKl2jrNIdtKidxPmk80+3wzTDoqmoHe41DKTozfwPqOQeNvZvM+o/Nr6ibZw6tLt79Hy+CHleSazm\r\n87bJthu6kwIDAQABo2MwYTAdBgNVHQ4EFgQUp332LU7iaBRZZqOMreTzdsQA4SUwHwYDVR0jBBgw\r\nFoAUp332LU7iaBRZZqOMreTzdsQA4SUwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYw\r\nDQYJKoZIhvcNAQELBQADggGBAKgYiwcUiGqi0ugB96gRCuGrPbesKUU05Jv8bNExmG5eUiyaGEZi\r\n0IcD4XLLQ9pAwyDGgvZaBPZl8J+4JSRwGxf/ldQUFcFe9zwutMNOpJb0p1Y8uzNQ54eC+t7pUbuW\r\nHSE/P3Rvsxnx6eWtUqCM0gpN1BxqsgVedL2iyjXjncNNTd/bT7E/giRhE1r0fgmLSz/s8B129DXK\r\ndjhbLrkHYTmMlphtQ9qS38BqUa6GCDuOLwFsahgaHN/+XdRJF+Cb2LXQC2thTNqMCQq9yfWMHPZT\r\n1qujy19qSEUQxjqo5PtO8D8su0nuznjfgOI5zO3wBpVVAJgBjCpND9PKzMSc6ISIgBw9RYorQHTU\r\nPzArn/2VkQvm9+4X/KR/33GftcVfXk/+NFv2AePUG6PosQ3kKpUiA+7W8ivAhoHvwFKpOs2k4yK5\r\nwd7++6/ecHUNzKpKhItZt3UafldyzjzqwEBk/QjYjDEMBklth2p+QPM8lGIUWt6yD/Nzo56TDmgn\r\ndALCtTEA\r\n",
  "NotBefore" : "2024-10-30 10:53:21 +0000",
  "NotAfter" : "2025-04-28 10:53:21 +0000",
  "Status" : "VALID",
  "Nonce" : 3355442236351645821
}

/ca/v2/agent/certs/{id}/revoke

POST

None

200

application/json

Revoke requst json with Rason, InvalidityDate, Comments, Encoded and Nonce

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json '{"Reason":"Certificate_Hold","Nonce":7581228038945153660}' \
    https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee/revoke
{
  "requestID" : "0x887ffed7ad4c0ee94a07700c48895f03",
  "requestType" : "revocation",
  "requestStatus" : "complete",
  "creationTime" : 1730300307000,
  "modificationTime" : 1730300307000,
  "certId" : "0x55092f4611ad2ede6c4064045d64bdee",
  "operationResult" : "success"
}

/ca/v2/agent/certs/{id}/revoke-ca

POST

None

200

application/json

Revoke requst json with Rason, InvalidityDate, Comments, Encoded and Nonce

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json '{"Reason":"Certificate_Hold","Nonce":5052187310204086075}' \
    https://$HOSTNAME:8443/ca/v2/agent/certs/0x86614664f6379c1c2d0a39d1e47d3fd0/revoke-ca
{
  "requestID" : "0xb28c9fe27d90a97b9ec85d7ad1b32992",
  "requestType" : "revocation",
  "requestStatus" : "complete",
  "creationTime" : 1730300625000,
  "modificationTime" : 1730300625000,
  "certId" : "0x86614664f6379c1c2d0a39d1e47d3fd0",
  "operationResult" : "success"
}

/ca/v2/agent/certs/{id}/unrevoke

POST

None

200

application/json

No input expected

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X POST https://$HOSTNAME:8443/ca/v2/agent/certs/0x55092f4611ad2ede6c4064045d64bdee/unrevoke
{
  "requestID" : "0xdca57cea1f51ed123dc85dd889a595eb",
  "requestType" : "unrevocation",
  "requestStatus" : "complete",
  "creationTime" : 1730300449000,
  "modificationTime" : 1730300449000,
  "operationResult" : "success"
}

/ca/v2/authorities

GET

id, parentID, dn, issuerDN

200

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    "https://$HOSTNAME:8443/ca/v2/authorities?issuerDN=CN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE"
{"isHostAuthority":true,"id":"9f75deb6-53b1-48cc-9028-9c899f9526b4","issuerDN":"CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","serial":178621631998145652837496363178029563856,"dn":"CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":true,"description":"Host authority","ready":true}]

/ca/v2/authorities

POST

None

201

application/json

Authority json with parentID, dn, enabled and description

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json '{"parentID":"9f75deb6-53b1-48cc-9028-9c899f9526b4","dn":"CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":true}' \
    "https://$HOSTNAME:8443/ca/v2/authorities
{
  "isHostAuthority" : false,
  "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
  "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
  "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "serial" : 64174415881410080865433595357504971990,
  "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "enabled" : true,
  "ready" : true
}

/ca/v2/authorities/{id}

GET

None

200

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f
{
  "isHostAuthority" : false,
  "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
  "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
  "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "serial" : 64174415881410080865433595357504971990,
  "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "enabled" : true,
  "ready" : true
}

/ca/v2/authorities/{id}

PUT

None

200

application/json

Authority json with parentID, dn, enabled and description

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
  --json '{"parentID":"9f75deb6-53b1-48cc-9028-9c899f9526b4","dn":"CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE","enabled":false}' \
  -X PUT https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f
{
  "isHostAuthority" : false,
  "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
  "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
  "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "serial" : 64174415881410080865433595357504971990,
  "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "enabled" : false,
  "ready" : true
}

/ca/v2/authorities/{id}

DELETE

None

204

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
  -X DELETE https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f

/ca/v2/authorities/{id}/cert

GET

None

200

application/x-pem-file or application/pkix-cert

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -H 'Accpet;' -H 'Accept: application/x-pem-file' --output newCert.pem \
    https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/cert

/ca/v2/authorities/{id}/chain

GET

None

200

application/x-pem-file or application/pkcs7-mime

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -H 'Accpet;' -H 'Accept: papplication/x-pem-file' --output newChain.pem  \
    https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/chain

/ca/v2/authorities/{id}/enable

POST

None

200

application/json

No input expected

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X POST https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/enable
{
  "isHostAuthority" : false,
  "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
  "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
  "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "serial" : 64174415881410080865433595357504971990,
  "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "enabled" : true,
  "ready" : true
}

/ca/v2/authorities/{id}/disable

POST

None

200

application/json

No input expected

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X POST https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/disable
{
  "isHostAuthority" : false,
  "id" : "622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f",
  "parentID" : "9f75deb6-53b1-48cc-9028-9c899f9526b4",
  "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "serial" : 64174415881410080865433595357504971990,
  "dn" : "CN=NEW CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "enabled" : false,
  "ready" : true
}

/ca/v2/authorities/{id}/renew

POST

None

204

No input expected

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
  https://$HOSTNAME:8443/ca/v2/authorities/622f0a8b-a6cf-41ed-a7b7-99e7b1444c0f/renew

/ca/v2/certrequests

POST

None

200

application/json

Cert enroll request in json with ProfileID, ServerSideKeygenP12Passwd, Renewal, SerialNumber, RemoteHost, RemoteAddress, Input (a list as difined by the profile), Output (a list as difined by the profile) and Attributes

Example
$ curl --cacert ./ca_signing.crt \
    --json '{"ProfileID":"caUserCert","Renewal":false,"RemoteHost":"","RemoteAddress":"","Input":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Value":"pkcs10","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Value":"-----BEGIN CERTIFICATE REQUEST-----\nMIICXjCCAUYCAQAwGTEXMBUGCgmSJomT8ixkAQEMB25ld1VzZXIwggEiMA0GCSqGSIb3DQEBAQUA\r\nA4IBDwAwggEKAoIBAQDeu/zJSSDYzXcJsH7lZe8fKPV0CIWNAD0g5FpOdcqvcZMwXQsnVqCNdfby\r\nSwX6sGzKEHCXyYxaXHuLMpMJ5pHK1BzRCfjQAkPzWbCN5beg7L/l7Gi+52h0z9R/zTZkG355ja3r\r\nkyd9d0tah5XbPWsdp0BVtPOIK4t0d6F+WkEkC0pyCejtkqoBSf9F1CTHw3iOxhgKMxV+ebC/TM2l\r\n9AvnzAfF91Sf5KAd8hTAhHurgBkqxuzL16ERBbM0DFfie8RCiTVBvvS/6UmfEVH3dMHIuE5flXB+\r\nhMCrj8g7GfWIaA6WzwfkZrNgCjYoVHPivMg+akhMbQg6m0goB3zA/D/zAgMBAAGgADANBgkqhkiG\r\n9w0BAQsFAAOCAQEALi3+agIXworiPVF1qyAr3wLjffzu6RIDiLS9cVHHnnAj1AjEnKFDpwTYeuBk\r\nXaRzgyCHyCLyKSSN337PBUEnxOxNWNIJDCC8gpMcfCCnspos7N9M8dnROD60EUDVdUtfdE+g5JfG\r\nkwlQz3lbktFuQwznf3EUYPPvyMLSG1RITVJyEJ3tH0PZ5GFlDwi5Gw7DTzl7nAWwXZ5LeCa9b6d8\r\nwCbPAAHA2OCYck1PyLrFlAnmF5udsY4AY7b5YK5iIqysWikXYqexk/oE707XJhX+btDYx0W4qI8j\r\nhc50ZHgtobGXAgqNQvL2WOtmEJY2Fwpl+ejuGi6bamzTkXqh/Vi+XQ==\r\n-----END CERTIFICATE REQUEST-----\n","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Value":"newUser","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Value":"","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Value":"","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Value":"","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Value":"","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Value":"","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Value":"","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"Output":[],"Attributes":{"Attribute":[]}}' \
    https://$HOSTNAME:8443/ca/v2/certrequests
{
  "total" : 1,
  "entries" : [ {
    "requestID" : "0xd3e6013b9ae406efe9b8d45029faee9a",
    "requestType" : "enrollment",
    "requestStatus" : "pending",
    "creationTime" : 1730309766543,
    "modificationTime" : 1730309766566,
    "certRequestType" : "pkcs10",
    "operationResult" : "success"
  } ]
}

/ca/v2/certrequests/{id}

GET

None

200

application/json

Example
$ curl --cacert ./ca_signing.crt \
    https://$HOSTNAME:8443/ca/v2/certrequests/0xd3e6013b9ae406efe9b8d45029faee9a
{
  "requestID" : "0xd3e6013b9ae406efe9b8d45029faee9a",
  "requestType" : "enrollment",
  "requestStatus" : "pending",
  "creationTime" : 1730309766000,
  "modificationTime" : 1730309766000,
  "certRequestType" : "pkcs10",
  "operationResult" : "success"
}

/ca/v2/certrequests/profiles

GET

size, start

200

application/json

Example
$ curl --cacert ./ca_signing.crt \
    "https://$HOSTNAME:8443/ca/v2/certrequests/profiles?size=2&start=4"
{
  "total" : 26,
  "entries" : [ {
    "profileId" : "AdminCert",
    "profileName" : "Manual Administrator Certificate Enrollment",
    "profileDescription" : "This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.",
    "profileVisible" : true,
    "profileEnable" : true,
    "profileEnableBy" : "admin"
  }, {
    "profileId" : "ECAdminCert",
    "profileName" : "Manual Administrator Certificate Enrollment with ECC keys",
    "profileDescription" : "This certificate profile is for enrolling Administrator's certificates with ECC keys suitable for use by clients such as browsers.",
    "profileVisible" : true,
    "profileEnable" : true,
    "profileEnableBy" : "admin"
  } ]
}

/ca/v2/certrequests/profiles/{id}

GET

None

200

application/json

Example
$ curl --cacert ./ca_signing.crt \
    https://$HOSTNAME:8443/ca/v2/certrequests/profiles/caUserCert
{
  "ProfileID" : "caUserCert",
  "Renewal" : false,
  "RemoteHost" : "",
  "RemoteAddress" : "",
  "Input" : [ {
    "id" : "i1",
    "ClassID" : "keyGenInputImpl",
    "Name" : "Key Generation",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "cert_request_type",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "keygen_request_type",
        "Description" : "Key Generation Request Type"
      }
    }, {
      "name" : "cert_request",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "keygen_request",
        "Description" : "Key Generation Request"
      }
    } ]
  }, {
    "id" : "i2",
    "ClassID" : "subjectNameInputImpl",
    "Name" : "Subject Name",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "sn_uid",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "UID"
      }
    }, {
      "name" : "sn_e",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Email"
      }
    }, {
      "name" : "sn_cn",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Common Name"
      }
    }, {
      "name" : "sn_ou3",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 3"
      }
    }, {
      "name" : "sn_ou2",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 2"
      }
    }, {
      "name" : "sn_ou1",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 1"
      }
    }, {
      "name" : "sn_ou",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit"
      }
    }, {
      "name" : "sn_o",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organization"
      }
    }, {
      "name" : "sn_c",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Country"
      }
    } ]
  }, {
    "id" : "i3",
    "ClassID" : "submitterInfoInputImpl",
    "Name" : "Requestor Information",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "requestor_name",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Name"
      }
    }, {
      "name" : "requestor_email",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Email"
      }
    }, {
      "name" : "requestor_phone",
      "Value" : "",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Phone"
      }
    } ]
  } ],
  "Output" : [ ],
  "Attributes" : {
    "Attribute" : [ ]
  }
}

/ca/v2/certs

GET

size, start, maxTime

200

application/json

Example
$ curl --cacert ./ca_signing.crt \
    "https://$HOSTNAME:8443/ca/v2/certs?size=2&start=4"
{
  "entries" : [ {
    "id" : "0xc99ff8f6549f903d8df28a4e5f5105f3",
    "SubjectDN" : "CN=CA Audit Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
    "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
    "Status" : "VALID",
    "Type" : "X.509",
    "Version" : 2,
    "KeyAlgorithmOID" : "1.2.840.113549.1.1.1",
    "KeyLength" : 2048,
    "NotValidBefore" : 1730308885000,
    "NotValidAfter" : 1792516885000,
    "IssuedOn" : 1730308887000,
    "IssuedBy" : "system"
  }, {
    "id" : "0x6d5c045d3443ced273ab8d7955835db1",
    "SubjectDN" : "CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE",
    "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
    "Status" : "VALID",
    "Type" : "X.509",
    "Version" : 2,
    "KeyAlgorithmOID" : "1.2.840.113549.1.1.1",
    "KeyLength" : 2048,
    "NotValidBefore" : 1730308904000,
    "NotValidAfter" : 1792516904000,
    "IssuedOn" : 1730308905000,
    "IssuedBy" : "system"
  } ]
}

/ca/v2/certs/{id}

GET

None

200

application/json

Example
$ curl --cacert ./ca_signing.crt \
    https://$HOSTNAME:8443/ca/v2/certs/0x6d5c045d3443ced273ab8d7955835db1
{
  "id" : "0x6d5c045d3443ced273ab8d7955835db1",
  "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "SubjectDN" : "CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE",
  "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIETjCCAragAwIBAgIQbVwEXTRDztJzq415VYNdsTANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQK\r\nDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRp\r\nZmljYXRlMB4XDTI0MTAzMDE3MjE0NFoXDTI2MTAyMDE3MjE0NFowZzEQMA4GA1UECgwHRVhBTVBM\r\nRTETMBEGA1UECwwKcGtpLXRvbWNhdDEiMCAGCSqGSIb3DQEJARYTY2FhZG1pbkBleGFtcGxlLmNv\r\nbTEaMBgGA1UEAwwRUEtJIEFkbWluaXN0cmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\r\nAoIBAQDE7ahO2KtW6w2KuVflOLfLO+oE+0EyP3XU73Ese7QVBsZwxOaSNodVrL1P1a0r2w22M1Zr\r\n7B6sI5MrrcBRAhNgcHVooFheQQilMuBV0s6HEEn0CO+94Do2cJxUmWLgifT5Rpgl474RALIC+kCI\r\nnQ09I9TLH8dIuL4ZxUrJ/aMfs94rGSiqpKYmpxVCwkYdtlnqby441IUaZbPPEIu1ooBk0otz37C4\r\nGSm0HguQAc0H55FsVNbjQmnf9ubuoDTub2i2GioBI+Wt+KyDF4SAISsqtgf/tTzPvWNuXk7PvUWe\r\nnHvBSqRJc9xLNlcjr9yDl2r8uIMAE8UT3Hvzmo5WAzNJAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAU\r\ndJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8v\r\ncGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI\r\nKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQAa58Edzk60RBge24P3rrU+xOwc\r\nbCHpl+922hT5LA+KJtwjupUbdONKJf251T4ZvPcQ+jXCCR7PFi0QmrMO9Naoi3o9qzQcDMr0dRWH\r\nhEvm8RQqdVVxkfDXp3sxqTkpPfu+qGQZ+w0laGIagNOjfc/g7ScV3SLDBwAsCuFMPjoTzyqWfeUR\r\nJ4rG/lD73qVzXd30U/mB5X0sx2B/koqumColuUO2GrD0EJsqK6ldFNLLdjgjqJkeJE43BzwBOAww\r\nBnswSwwjPEe6djwFfyQ2gTHWP4LteMha9w/eclMGuybnZFDjWgne+80cMMX1Rzh7CsUv+ub7LfS9\r\noTqj5KwXo133aorjZvrEZVahzU3OEeKBH4dIksOrW6aKp3gQSJEmYcFau7kh5+ZoJaj1snb1aXQe\r\npbi1LBXzOxnub8sMKTu5nTTKt/0mG2tgRSQeZ3k3j02g+WBGaTCpvxfJdH6rQxNaZia+BssWPrGE\r\nGXfjNyGoETEaHb930gItsmEqc8VKH5s=\r\n-----END CERTIFICATE-----\n",
  "PKCS7CertChain" : "MIII/gYJKoZIhvcNAQcCoIII7zCCCOsCAQExADALBgkqhkiG9w0BBwGgggjTMIIETjCCAragAwIB\r\nAgIQbVwEXTRDztJzq415VYNdsTANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExFMRMw\r\nEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTI0\r\nMTAzMDE3MjE0NFoXDTI2MTAyMDE3MjE0NFowZzEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwK\r\ncGtpLXRvbWNhdDEiMCAGCSqGSIb3DQEJARYTY2FhZG1pbkBleGFtcGxlLmNvbTEaMBgGA1UEAwwR\r\nUEtJIEFkbWluaXN0cmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE7ahO2KtW\r\n6w2KuVflOLfLO+oE+0EyP3XU73Ese7QVBsZwxOaSNodVrL1P1a0r2w22M1Zr7B6sI5MrrcBRAhNg\r\ncHVooFheQQilMuBV0s6HEEn0CO+94Do2cJxUmWLgifT5Rpgl474RALIC+kCInQ09I9TLH8dIuL4Z\r\nxUrJ/aMfs94rGSiqpKYmpxVCwkYdtlnqby441IUaZbPPEIu1ooBk0otz37C4GSm0HguQAc0H55Fs\r\nVNbjQmnf9ubuoDTub2i2GioBI+Wt+KyDF4SAISsqtgf/tTzPvWNuXk7PvUWenHvBSqRJc9xLNlcj\r\nr9yDl2r8uIMAE8UT3Hvzmo5WAzNJAgMBAAGjgZQwgZEwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq\r\n3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUu\r\nY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG\r\nAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQAa58Edzk60RBge24P3rrU+xOwcbCHpl+922hT5LA+K\r\nJtwjupUbdONKJf251T4ZvPcQ+jXCCR7PFi0QmrMO9Naoi3o9qzQcDMr0dRWHhEvm8RQqdVVxkfDX\r\np3sxqTkpPfu+qGQZ+w0laGIagNOjfc/g7ScV3SLDBwAsCuFMPjoTzyqWfeURJ4rG/lD73qVzXd30\r\nU/mB5X0sx2B/koqumColuUO2GrD0EJsqK6ldFNLLdjgjqJkeJE43BzwBOAwwBnswSwwjPEe6djwF\r\nfyQ2gTHWP4LteMha9w/eclMGuybnZFDjWgne+80cMMX1Rzh7CsUv+ub7LfS9oTqj5KwXo133aorj\r\nZvrEZVahzU3OEeKBH4dIksOrW6aKp3gQSJEmYcFau7kh5+ZoJaj1snb1aXQepbi1LBXzOxnub8sM\r\nKTu5nTTKt/0mG2tgRSQeZ3k3j02g+WBGaTCpvxfJdH6rQxNaZia+BssWPrGEGXfjNyGoETEaHb93\r\n0gItsmEqc8VKH5swggR9MIIC5aADAgECAhAS28bqYgfeAGNdjqMHIBkOMA0GCSqGSIb3DQEBCwUA\r\nMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNp\r\nZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjQxMDMwMTcyMDQ5WhcNNDQxMDMwMTcyMDQ5WjBIMRAwDgYD\r\nVQQKDAdFWEFNUExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENl\r\ncnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwQenLXRjT+lsBoONhHmq\r\npYzEvugiELRtQ1iK1bXTTrRsAcaRscUCeEGfV6K6gVc7ekifckamtxsnx3s5JAjCfUF5K88pGTWe\r\nsXt6u0fg0cIslQP9sDz6dM0P/vjCsnxIgW1eNpeUR61Gwi3nCPXvWZ2zeOKdQReSL+MLby468Ot3\r\nbdEnVwalN70KtQNsB3I9GaFyNOCRa6P6zxR/ETuVRZVkB9mWZxpTvdF6xNlk8UF0jbmsrda3BXth\r\n1X/uej8+qE0cPN3BBvvdpkmJe+DSKq43NsZgaa8sgeGs7RiitI/7TR/gPVU5LtEK+cb93SpzcC+w\r\nhC1O4+kI7TEAK7tZO2FDPQM0lFvBXc/qtEWEa1RqpZKXEwVKCr1xpE4T1aNKnoNJQADcSxITSioq\r\ngkYNmUngeVd0AHe3gcgLOC7cQiY3uJJypVIz9vpHPr7xwxZugEF+YwSJM4zszMTbruaqn7eC90k3\r\n7dcqo4hCGsIRLWIapRG5TTxO7OY2cwzRVNyfAgMBAAGjYzBhMB0GA1UdDgQWBBR0kVsdX96mNxFN\r\nCureUbkKcJKhCTAfBgNVHSMEGDAWgBR0kVsdX96mNxFNCureUbkKcJKhCTAPBgNVHRMBAf8EBTAD\r\nAQH/MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQsFAAOCAYEAJp2R8/AhtSggrO1ewP4G1XnP\r\ng360OJT6rBcQDVKAul929/ipTGxztD70NF4UqL5ofQua79OKUF/hGc1lALKMn2dkKWL9GVpIwu7V\r\nZLU7xIw+ebUVuPpaka4D73viliHyZjFaa9OmWylA6KAnJt1aWuJt2OfRgbW6eL7xymqkCGvFxOoH\r\n5tpFMHgS75pZ5duByYgh94TIK9xxO11BAprlyK8TXHdPCwsqiafrgATpU+zIez6PAN82h1YIAorN\r\n8/5T2iNdXmWDQ02lxKKOCiDFdeB0F3KcgQVmVrGWOzp9j3AhR1+nFaSscv5FIBsFgVtyg1qDmEgh\r\nRasv/xsJfvujZkuLtMhTXBZMMjmOvu8xAYYO5DbNwdjGSq1McUorTX2W7N4w3tIpgByxc6YkVPfK\r\naUCKJG5Sajkzx6mO5GUcbw7wSBdrqoseGXQB7AbNwRTljtSF8KGEDkFfSoGlYsZz4VkY58+7v3IT\r\ntk/wcGo2clVPiQGDduo1Nj+vDa5iTSoEMQA=\r\n",
  "NotBefore" : "2024-10-30 17:21:44 +0000",
  "NotAfter" : "2026-10-20 17:21:44 +0000",
  "Status" : "VALID"
}

/ca/v2/certs/search

POST

size, start

200

application/json

Search request json with issuerDN, serialNumberRangeInUse, serialTo, serialFrom, subjectInUse, eMail, commonName, userID, orgUnit, org, locality, state, country, matchExactly, status, revokedBy, revokedOnFrom, revokedOnTo, revocationReason, issuedBy, issuedOnFrom, issuedOnTo, validNotBeforeFrom, validNotBeforeTo, validNotAfterFrom, validNotAfterTo, validityOperation, validityCount, validityUnit, certTypeSubEmailCA, certTypeSubSSLCA, certTypeSecureEmail, certTypeSSLClient, certTypeSSLServer, revokedByInUse, revokedOnInUse, revocationReasonInUse, issuedByInUse, issuedOnInUse, validNotBeforeInUse, validNotAfterInUse, validityLengthInUse and certTypeInUse

Example
$ curl --cacert ./ca_signing.crt \
    --json '{"commonName": "PKI Administrator", "subjectInUse": true}' \
    https://$HOSTNAME:8443/ca/v2/certs/0x6d5c045d3443ced273ab8d7955835db1
{
  "entries" : [ {
    "id" : "0x6d5c045d3443ced273ab8d7955835db1",
    "SubjectDN" : "CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE",
    "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
    "Status" : "VALID",
    "Type" : "X.509",
    "Version" : 2,
    "KeyAlgorithmOID" : "1.2.840.113549.1.1.1",
    "KeyLength" : 2048,
    "NotValidBefore" : 1730308904000,
    "NotValidAfter" : 1792516904000,
    "IssuedOn" : 1730308905000,
    "IssuedBy" : "system"
  } ]
}

/ca/v2/config/cert/signing

GET

None

200

application/json

Example
$ curl --cacert ./ca_signing.crt \
    https://$HOSTNAME:8443/ca/v2/config/cert/signing
{
  "id" : "0x86614664f6379c1c2d0a39d1e47d3fd0",
  "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "SubjectDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEfjCCAuagAwIBAgIRAIZhRmT2N5wcLQo50eR9P9AwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMjkxMTA4MDBaFw00NDEwMjkxMTA4MDBaMEgxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUw\r\nggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDKH05xPGs7ulmpbZ06rDk0hLZR3UU5O+bB\r\n9cWW2LDMoVGoLmiDMkeMdYr2uWOttGwym+JcixebybVig2b2zeYCVvzeT+LvQmelJUOU5Jua4b6u\r\nb+CzeEquITvGwz8kejGRZw2waZ4+tnvwFIRlU2+XqBtiu4Q1AaeIX2Biov+RvDZGWZQgA0mxcraV\r\nyUPOkrpo4h252UDzIPQU2YJzD6LmQO0kktYQf+UwoBHiCaVl/Je62ftFn5J2qEO8y8+MyZ3L7F14\r\nimxJHW8jPPii4t8MuT99tcQ7sDuAOFHEsB7zzkrubHSxUVfPG7ACdBSxUR4DnV5uRpdZjL+KDs/H\r\nGEVXCkVEnDEVItboZISDiBIU1przM+hWdZg5kc2jwgOhnNkuiLFDo82c+QsnfMDchAv8yHPRYz7F\r\nbnTdmFzhp9k9mipdo6zSHbSoncT5pPNPt8M0w6KpqB3uNQyk6M38D6jkHjb2bzPqPza+om2cOrS7\r\ne/R8vgh5Xkms5vO2ybYbupMCAwEAAaNjMGEwHQYDVR0OBBYEFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOElMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P\r\nAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQCoGIsHFIhqotLoAfeoEQrhqz23rClFNOSb/GzR\r\nMZhuXlIsmhhGYtCHA+Fyy0PaQMMgxoL2WgT2ZfCfuCUkcBsX/5XUFBXBXvc8LrTDTqSW9KdWPLsz\r\nUOeHgvre6VG7lh0hPz90b7MZ8enlrVKgjNIKTdQcarIFXnS9oso1453DTU3f20+xP4IkYRNa9H4J\r\ni0s/7PAddvQ1ynY4Wy65B2E5jJaYbUPakt/AalGuhgg7ji8BbGoYGhzf/l3USRfgm9i10AtrYUza\r\njAkKvcn1jBz2U9aro8tfakhFEMY6qOT7TvA/LLtJ7s5434DiOczt8AaVVQCYAYwqTQ/TyszEnOiE\r\niIAcPUWKK0B01D8wK5/9lZEL5vfuF/ykf99xn7XFX15P/jRb9gHj1Buj6LEN5CqVIgPu1vIrwIaB\r\n78BSqTrNpOMiucHe/vuv3nB1DcyqSoSLWbd1Gn5Xcs486sBAZP0I2IwxDAZJbYdqfkDzPJRiFFre\r\nsg/zc6Oekw5oJ3QCwrU=\r\n-----END CERTIFICATE-----\n",
  "PKCS7CertChain" : "MIIErQYJKoZIhvcNAQcCoIIEnjCCBJoCAQExADALBgkqhkiG9w0BBwGgggSCMIIEfjCCAuagAwIBAgIRAIZhRmT2N5wcLQo50eR9P9AwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMjkxMTA4MDBaFw00NDEwMjkxMTA4MDBaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDKH05xPGs7ulmpbZ06rDk0hLZR3UU5O+bB9cWW2LDMoVGoLmiDMkeMdYr2uWOttGwym+JcixebybVig2b2zeYCVvzeT+LvQmelJUOU5Jua4b6ub+CzeEquITvGwz8kejGRZw2waZ4+tnvwFIRlU2+XqBtiu4Q1AaeIX2Biov+RvDZGWZQgA0mxcraVyUPOkrpo4h252UDzIPQU2YJzD6LmQO0kktYQf+UwoBHiCaVl/Je62ftFn5J2qEO8y8+MyZ3L7F14imxJHW8jPPii4t8MuT99tcQ7sDuAOFHEsB7zzkrubHSxUVfPG7ACdBSxUR4DnV5uRpdZjL+KDs/HGEVXCkVEnDEVItboZISDiBIU1przM+hWdZg5kc2jwgOhnNkuiLFDo82c+QsnfMDchAv8yHPRYz7FbnTdmFzhp9k9mipdo6zSHbSoncT5pPNPt8M0w6KpqB3uNQyk6M38D6jkHjb2bzPqPza+om2cOrS7e/R8vgh5Xkms5vO2ybYbupMCAwEAAaNjMGEwHQYDVR0OBBYEFKd99i1O4mgUWWajjK3k83bEAOElMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOElMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQCoGIsHFIhqotLoAfeoEQrhqz23rClFNOSb/GzRMZhuXlIsmhhGYtCHA+Fyy0PaQMMgxoL2WgT2ZfCfuCUkcBsX/5XUFBXBXvc8LrTDTqSW9KdWPLszUOeHgvre6VG7lh0hPz90b7MZ8enlrVKgjNIKTdQcarIFXnS9oso1453DTU3f20+xP4IkYRNa9H4Ji0s/7PAddvQ1ynY4Wy65B2E5jJaYbUPakt/AalGuhgg7ji8BbGoYGhzf/l3USRfgm9i10AtrYUzajAkKvcn1jBz2U9aro8tfakhFEMY6qOT7TvA/LLtJ7s5434DiOczt8AaVVQCYAYwqTQ/TyszEnOiEiIAcPUWKK0B01D8wK5/9lZEL5vfuF/ykf99xn7XFX15P/jRb9gHj1Buj6LEN5CqVIgPu1vIrwIaB78BSqTrNpOMiucHe/vuv3nB1DcyqSoSLWbd1Gn5Xcs486sBAZP0I2IwxDAZJbYdqfkDzPJRiFFresg/zc6Oekw5oJ3QCwrUxAA==",
  "NotBefore" : "Tue Oct 29 11:08:00 UTC 2024",
  "NotAfter" : "Sat Oct 29 11:08:00 UTC 2044"
}

/ca/v2/config/cert/transport

GET

None

200

application/json

Example
$ curl --cacert ./ca_signing.crt \
    https://$HOSTNAME:8443/ca/v2/config/cert/transport
{
  "id" : "0x8f6afa7386fdd8efc6c3406ed1e6d8c8",
  "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "SubjectDN" : "CN=DRM Transport Certificate,OU=pki-tomcat,O=EXAMPLE",
  "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNh\r\ndGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZX\r\nnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/\r\nLeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT5\r\n7dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVq\r\ntrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EI\r\nDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYB\r\nBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2Nz\r\ncDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGB\r\nAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPR\r\neYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCq\r\nUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzT\r\ntEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW\r\n+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP\r\n3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ9\r\n1eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63AQ==\r\n-----END CERTIFICATE-----\n",
  "PKCS7CertChain" : "MIII2QYJKoZIhvcNAQcCoIIIyjCCCMYCAQExADALBgkqhkiG9w0BBwGgggiuMIIEKTCCApGgAwIBAgIRAI9q+nOG/djvxsNAbtHm2MgwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzI1MDJaFw0yNjEwMjAxNzI1MDJaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+NYqOpevPL45O6MPKBKgP9Fl19LZXnxMDFI5k3bejAMqMBPFajE2hXS7CCQ1Z4CS6P+efMuPWV+HCrVkGr7IArVSOxfZGXbol254Cm8h/LeLffZ1tzLoYX0R/5AWpTd04/9atyUrqS10Yas70VCxuGrhXvikRP9M5keuy1REk1KrqjEbcEiT57dy4/aehilZQMh2Zw1v1lldm2TwlLCUJiJagFgkaQ+oK7TM6QZTkPnwgHBECJ5cY1b/EnEo8FNVqtrzTCGORkRS7aRZuf0mV0CYvbTU449Ep3mgft/f5l3z7ftEq1xN4JTUx5QTB19fRhvKRkR4Id9EIDVg+ilUTAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUdJFbHV/epjcRTQrq3lG5CnCSoQkwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHMZAn6bUWm+pGg7V2Trr1VtKUx5lis5ePKYzpiHGIo58N785aehJ0MjEe8zBNnL6pz8YRPbZuPReYd/Gf3PSzN0WNOOYh0LP3ApJZPXTbVAo7nwHIjS6n38S6ogZ94eVOwEM7j4+Fg08bekXXYR/oCqUeKNFg+prTS5jLP9bvaNiLN78fS5uERH3PxhhOMNzaS7oc53ci7cVvBek80JGJM8SgS5r4LjtbzTtEwzSMFRopKds62+cvEi8XGNI2p2nKJFRV7g5rA1mGo2fJB7733AxVinOajtiGNW3DsF4ZXUrcpW+dUsbCQzXew8kkVJ7Ze3GaLM63g5JgXH8SIsRdezdkmVnan3Kw0qKUJmUJJTHUnSnW5KaAbogfvP3JJZcrg8T/Bq8GLS22qDvazeyrQtBgr4kJrDnmp8eIHdwDXi3n2tkIBUSXo5+DgJtz2CjklOaeQ91eAtcuzczDFAaYTTbRCtnIDms2qox8R4zlBjdmy1w+TX93lh+pTzIj63ATCCBH0wggLloAMCAQICEBLbxupiB94AY12OowcgGQ4wDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEwMzAxNzIwNDlaFw00NDEwMzAxNzIwNDlaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDBB6ctdGNP6WwGg42EeaqljMS+6CIQtG1DWIrVtdNOtGwBxpGxxQJ4QZ9XorqBVzt6SJ9yRqa3GyfHezkkCMJ9QXkrzykZNZ6xe3q7R+DRwiyVA/2wPPp0zQ/++MKyfEiBbV42l5RHrUbCLecI9e9ZnbN44p1BF5Iv4wtvLjrw63dt0SdXBqU3vQq1A2wHcj0ZoXI04JFro/rPFH8RO5VFlWQH2ZZnGlO90XrE2WTxQXSNuayt1rcFe2HVf+56Pz6oTRw83cEG+92mSYl74NIqrjc2xmBpryyB4aztGKK0j/tNH+A9VTku0Qr5xv3dKnNwL7CELU7j6QjtMQAru1k7YUM9AzSUW8Fdz+q0RYRrVGqlkpcTBUoKvXGkThPVo0qeg0lAANxLEhNKKiqCRg2ZSeB5V3QAd7eByAs4LtxCJje4knKlUjP2+kc+vvHDFm6AQX5jBIkzjOzMxNuu5qqft4L3STft1yqjiEIawhEtYhqlEblNPE7s5jZzDNFU3J8CAwEAAaNjMGEwHQYDVR0OBBYEFHSRWx1f3qY3EU0K6t5RuQpwkqEJMB8GA1UdIwQYMBaAFHSRWx1f3qY3EU0K6t5RuQpwkqEJMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQAmnZHz8CG1KCCs7V7A/gbVec+DfrQ4lPqsFxANUoC6X3b3+KlMbHO0PvQ0XhSovmh9C5rv04pQX+EZzWUAsoyfZ2QpYv0ZWkjC7tVktTvEjD55tRW4+lqRrgPve+KWIfJmMVpr06ZbKUDooCcm3Vpa4m3Y59GBtbp4vvHKaqQIa8XE6gfm2kUweBLvmlnl24HJiCH3hMgr3HE7XUECmuXIrxNcd08LCyqJp+uABOlT7Mh7Po8A3zaHVggCis3z/lPaI11eZYNDTaXEoo4KIMV14HQXcpyBBWZWsZY7On2PcCFHX6cVpKxy/kUgGwWBW3KDWoOYSCFFqy//Gwl++6NmS4u0yFNcFkwyOY6+7zEBhg7kNs3B2MZKrUxxSitNfZbs3jDe0imAHLFzpiRU98ppQIokblJqOTPHqY7kZRxvDvBIF2uqix4ZdAHsBs3BFOWO1IXwoYQOQV9KgaVixnPhWRjnz7u/chO2T/BwajZyVU+JAYN26jU2P68NrmJNKgQxAA==",
  "NotBefore" : "Wed Oct 30 17:25:02 UTC 2024",
  "NotAfter" : "Tue Oct 20 17:25:02 UTC 2026"
}

/ca/v2/info

GET

None

200

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/info
{
  "Attributes" : {
    "Attribute" : [ ]
  }
}

/ca/v2/installer/createRequestID

POST

None

200

application/json

Certiricate setup request with pin, tag and systemCert

/ca/v2/installer/createCerttID

POST

None

200

application/json

Certiricate setup request with pin, tag and systemCert

/ca/v2/profiles

GET

size, start, visible, enable, enableBy

200

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    "https://$HOSTNAME:8443/ca/v2/profiles?size=2&visible=true&enable=true&enableBy=admin"
{
  "total" : 25,
  "entries" : [ {
    "profileURL" : "https://pki.example.com:8443/ca/v2/profiles/acmeServerCert",
    "profileId" : "acmeServerCert",
    "profileName" : "ACME Server Certificate Enrollment",
    "profileDescription" : "This certificate profile is for enrolling server certificates via ACME protocol.",
    "profileVisible" : true,
    "profileEnable" : true,
    "profileEnableBy" : "admin"
  }, {
    "profileURL" : "https://pki.example.com:8443/ca/v2/profiles/caServerKeygen_UserCert",
    "profileId" : "caServerKeygen_UserCert",
    "profileName" : "Manual User Dual-Use Certificate Enrollment using server-side Key generation",
    "profileDescription" : "This certificate profile is for enrolling user certificates using server-side Key generation.",
    "profileVisible" : true,
    "profileEnable" : true,
    "profileEnableBy" : "admin"
  } ]
}

/ca/v2/profiles

POST

None

201

application/json

Profile in json format

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json '{"id":"test","classId":"caEnrollImpl","name":"Manual User Dual-Use Certificate Enrollment","description":"This certificate profile is for enrolling user certificates.","enabled":true,"visible":false,"enabledBy":"admin","authzAcl":"","renewal":false,"inputs":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"outputs":[{"id":"o1","name":"Certificate Output","classId":"certOutputImpl","attributes":[{"name":"pretty_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Pretty Print"}},{"name":"b64_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Base-64 Encoded"}}]}],"policySets":{"userCertSet":[{"id":"1","def":{"name":"Subject Name Default","classId":"userSubjectNameDefaultImpl","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[{"name":"useSysEncoding","value":""}]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"subjectNameConstraintImpl","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","classId":"noDefaultImpl","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"renewGracePeriodConstraintImpl","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","classId":"validityDefaultImpl","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[{"name":"range","value":"180"},{"name":"rangeUnit","value":""},{"name":"startTime","value":"0"}]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"validityConstraintImpl","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","classId":"userKeyDefaultImpl","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"keyConstraintImpl","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","classId":"authorityKeyIdentifierExtDefaultImpl","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","classId":"authInfoAccessExtDefaultImpl","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"authInfoAccessCritical","value":"false"},{"name":"authInfoAccessNumADs","value":"1"},{"name":"authInfoAccessADMethod_0","value":"1.3.6.1.5.5.7.48.1"},{"name":"authInfoAccessADLocationType_0","value":"URIName"},{"name":"authInfoAccessADLocation_0","value":""},{"name":"authInfoAccessADEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","classId":"keyUsageExtDefaultImpl","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[{"name":"keyUsageCritical","value":"true"},{"name":"keyUsageDigitalSignature","value":"true"},{"name":"keyUsageNonRepudiation","value":"true"},{"name":"keyUsageKeyEncipherment","value":"true"},{"name":"keyUsageDataEncipherment","value":"false"},{"name":"keyUsageKeyAgreement","value":"false"},{"name":"keyUsageKeyCertSign","value":"false"},{"name":"keyUsageCrlSign","value":"false"},{"name":"keyUsageEncipherOnly","value":"false"},{"name":"keyUsageDecipherOnly","value":"false"}]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"keyUsageExtConstraintImpl","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","classId":"extendedKeyUsageExtDefaultImpl","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[{"name":"exKeyUsageCritical","value":"false"},{"name":"exKeyUsageOIDs","value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","classId":"subjectAltNameExtDefaultImpl","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"subjAltNameExtCritical","value":"false"},{"name":"subjAltNameNumGNs","value":"1"},{"name":"subjAltExtType_0","value":"RFC822Name"},{"name":"subjAltExtPattern_0","value":"$request.requestor_email$"},{"name":"subjAltExtGNEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","classId":"signingAlgDefaultImpl","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[{"name":"signingAlg","value":"-"}]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"signingAlgConstraintImpl","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]},"xmloutput":false}' \
    https://$HOSTNAME:8443/ca/v2/profiles
{
  "id" : "test",
  "classId" : "caEnrollImpl",
  "name" : "Manual User Dual-Use Certificate Enrollment",
  "description" : "This certificate profile is for enrolling user certificates.",
  "enabled" : false,
  "visible" : false,
  "authzAcl" : "",
  "renewal" : false,
  "inputs" : [ {
    "id" : "i1",
    "ClassID" : "keyGenInputImpl",
    "Name" : "Key Generation",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "cert_request_type",
      "Descriptor" : {
        "Syntax" : "keygen_request_type",
        "Description" : "Key Generation Request Type"
      }
    }, {
      "name" : "cert_request",
      "Descriptor" : {
        "Syntax" : "keygen_request",
        "Description" : "Key Generation Request"
      }
    } ]
  }, {
    "id" : "i2",
    "ClassID" : "subjectNameInputImpl",
    "Name" : "Subject Name",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "sn_uid",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "UID"
      }
    }, {
      "name" : "sn_e",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Email"
      }
    }, {
      "name" : "sn_cn",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Common Name"
      }
    }, {
      "name" : "sn_ou3",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 3"
      }
    }, {
      "name" : "sn_ou2",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 2"
      }
    }, {
      "name" : "sn_ou1",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 1"
      }
    }, {
      "name" : "sn_ou",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit"
      }
    }, {
      "name" : "sn_o",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organization"
      }
    }, {
      "name" : "sn_c",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Country"
      }
    } ]
  }, {
    "id" : "i3",
    "ClassID" : "submitterInfoInputImpl",
    "Name" : "Requestor Information",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "requestor_name",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Name"
      }
    }, {
      "name" : "requestor_email",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Email"
      }
    }, {
      "name" : "requestor_phone",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Phone"
      }
    } ]
  } ],
  "outputs" : [ {
    "id" : "o1",
    "name" : "Certificate Output",
    "classId" : "certOutputImpl",
    "attributes" : [ {
      "name" : "pretty_cert",
      "Descriptor" : {
        "Syntax" : "pretty_print",
        "Description" : "Certificate Pretty Print"
      }
    }, {
      "name" : "b64_cert",
      "Descriptor" : {
        "Syntax" : "pretty_print",
        "Description" : "Certificate Base-64 Encoded"
      }
    } ]
  } ],
  "policySets" : {
    "userCertSet" : [ {
      "id" : "1",
      "def" : {
        "name" : "Subject Name Default",
        "classId" : "userSubjectNameDefaultImpl",
        "text" : "This default populates a User-Supplied Certificate Subject Name to the request.",
        "attributes" : [ {
          "name" : "name",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name"
          }
        } ],
        "params" : [ {
          "name" : "useSysEncoding",
          "value" : ""
        } ]
      },
      "constraint" : {
        "name" : "Subject Name Constraint",
        "text" : "This constraint accepts the subject name that matches UID=.*",
        "classId" : "subjectNameConstraintImpl",
        "constraints" : [ {
          "name" : "pattern",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name Pattern"
          },
          "value" : "UID=.*"
        } ]
      }
    }, {
      "id" : "10",
      "def" : {
        "name" : "No Default",
        "classId" : "noDefaultImpl",
        "text" : "No Default",
        "attributes" : [ ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Renewal Grace Period Constraint",
        "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.",
        "classId" : "renewGracePeriodConstraintImpl",
        "constraints" : [ {
          "name" : "renewal.graceBefore",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Renewal Grace Period Before",
            "DefaultValue" : "30"
          },
          "value" : "30"
        }, {
          "name" : "renewal.graceAfter",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Renewal Grace Period After",
            "DefaultValue" : "30"
          },
          "value" : "30"
        } ]
      }
    }, {
      "id" : "2",
      "def" : {
        "name" : "Validity Default",
        "classId" : "validityDefaultImpl",
        "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days",
        "attributes" : [ {
          "name" : "notBefore",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not Before"
          }
        }, {
          "name" : "notAfter",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not After"
          }
        } ],
        "params" : [ {
          "name" : "range",
          "value" : "180"
        }, {
          "name" : "rangeUnit",
          "value" : ""
        }, {
          "name" : "startTime",
          "value" : "0"
        } ]
      },
      "constraint" : {
        "name" : "Validity Constraint",
        "text" : "This constraint rejects the validity that is not between 365 days.",
        "classId" : "validityConstraintImpl",
        "constraints" : [ {
          "name" : "range",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Validity Range",
            "DefaultValue" : "365"
          },
          "value" : "365"
        }, {
          "name" : "rangeUnit",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Validity Range Unit: year, month, day (default), hour, minute",
            "DefaultValue" : "day"
          },
          "value" : ""
        }, {
          "name" : "notBeforeGracePeriod",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Grace period for Not Before being set in the future (in seconds).",
            "DefaultValue" : "0"
          },
          "value" : ""
        }, {
          "name" : "notBeforeCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not Before against current time",
            "DefaultValue" : "false"
          },
          "value" : "false"
        }, {
          "name" : "notAfterCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not After against Not Before",
            "DefaultValue" : "false"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "3",
      "def" : {
        "name" : "Key Default",
        "classId" : "userKeyDefaultImpl",
        "text" : "This default populates a User-Supplied Certificate Key to the request.",
        "attributes" : [ {
          "name" : "TYPE",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Type"
          }
        }, {
          "name" : "LEN",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Length"
          }
        }, {
          "name" : "KEY",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Key Constraint",
        "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096",
        "classId" : "keyConstraintImpl",
        "constraints" : [ {
          "name" : "keyType",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "-,RSA,EC",
            "Description" : "Key Type",
            "DefaultValue" : "RSA"
          },
          "value" : "RSA"
        }, {
          "name" : "keyParameters",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.",
            "DefaultValue" : ""
          },
          "value" : "1024,2048,3072,4096"
        } ]
      }
    }, {
      "id" : "4",
      "def" : {
        "name" : "Authority Key Identifier Default",
        "classId" : "authorityKeyIdentifierExtDefaultImpl",
        "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.",
        "attributes" : [ {
          "name" : "critical",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Criticality"
          }
        }, {
          "name" : "keyid",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key ID"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "5",
      "def" : {
        "name" : "AIA Extension Default",
        "classId" : "authInfoAccessExtDefaultImpl",
        "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}",
        "attributes" : [ {
          "name" : "authInfoAccessCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "authInfoAccessGeneralNames",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ {
          "name" : "authInfoAccessCritical",
          "value" : "false"
        }, {
          "name" : "authInfoAccessNumADs",
          "value" : "1"
        }, {
          "name" : "authInfoAccessADMethod_0",
          "value" : "1.3.6.1.5.5.7.48.1"
        }, {
          "name" : "authInfoAccessADLocationType_0",
          "value" : "URIName"
        }, {
          "name" : "authInfoAccessADLocation_0",
          "value" : ""
        }, {
          "name" : "authInfoAccessADEnable_0",
          "value" : "true"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "6",
      "def" : {
        "name" : "Key Usage Default",
        "classId" : "keyUsageExtDefaultImpl",
        "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
        "attributes" : [ {
          "name" : "keyUsageCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDigitalSignature",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Digital Signature",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageNonRepudiation",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Non-Repudiation",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyEncipherment",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key Encipherment",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDataEncipherment",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Data Encipherment",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyAgreement",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key Agreement",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyCertSign",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key CertSign",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageCrlSign",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "CRL Sign",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageEncipherOnly",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Encipher Only",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDecipherOnly",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Decipher Only",
            "DefaultValue" : "false"
          }
        } ],
        "params" : [ {
          "name" : "keyUsageCritical",
          "value" : "true"
        }, {
          "name" : "keyUsageDigitalSignature",
          "value" : "true"
        }, {
          "name" : "keyUsageNonRepudiation",
          "value" : "true"
        }, {
          "name" : "keyUsageKeyEncipherment",
          "value" : "true"
        }, {
          "name" : "keyUsageDataEncipherment",
          "value" : "false"
        }, {
          "name" : "keyUsageKeyAgreement",
          "value" : "false"
        }, {
          "name" : "keyUsageKeyCertSign",
          "value" : "false"
        }, {
          "name" : "keyUsageCrlSign",
          "value" : "false"
        }, {
          "name" : "keyUsageEncipherOnly",
          "value" : "false"
        }, {
          "name" : "keyUsageDecipherOnly",
          "value" : "false"
        } ]
      },
      "constraint" : {
        "name" : "Key Usage Extension Constraint",
        "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
        "classId" : "keyUsageExtConstraintImpl",
        "constraints" : [ {
          "name" : "keyUsageCritical",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Criticality",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageDigitalSignature",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Digital Signature",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageNonRepudiation",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Non-Repudiation",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageKeyEncipherment",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key Encipherment",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageDataEncipherment",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Data Encipherment",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageKeyAgreement",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key Agreement",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageKeyCertSign",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key CertSign",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageCrlSign",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "CRL Sign",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageEncipherOnly",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Encipher Only",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageDecipherOnly",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Decipher Only",
            "DefaultValue" : "-"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "7",
      "def" : {
        "name" : "Extended Key Usage Extension Default",
        "classId" : "extendedKeyUsageExtDefaultImpl",
        "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4",
        "attributes" : [ {
          "name" : "exKeyUsageCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "exKeyUsageOIDs",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "Comma-Separated list of Object Identifiers"
          }
        } ],
        "params" : [ {
          "name" : "exKeyUsageCritical",
          "value" : "false"
        }, {
          "name" : "exKeyUsageOIDs",
          "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "8",
      "def" : {
        "name" : "Subject Alt Name Constraint",
        "classId" : "subjectAltNameExtDefaultImpl",
        "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}",
        "attributes" : [ {
          "name" : "subjAltNameExtCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "subjAltNames",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ {
          "name" : "subjAltNameExtCritical",
          "value" : "false"
        }, {
          "name" : "subjAltNameNumGNs",
          "value" : "1"
        }, {
          "name" : "subjAltExtType_0",
          "value" : "RFC822Name"
        }, {
          "name" : "subjAltExtPattern_0",
          "value" : "$request.requestor_email$"
        }, {
          "name" : "subjAltExtGNEnable_0",
          "value" : "true"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "9",
      "def" : {
        "name" : "Signing Alg",
        "classId" : "signingAlgDefaultImpl",
        "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA",
        "attributes" : [ {
          "name" : "signingAlg",
          "Descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
            "Description" : "Signing Algorithm"
          }
        } ],
        "params" : [ {
          "name" : "signingAlg",
          "value" : "-"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
        "classId" : "signingAlgConstraintImpl",
        "constraints" : [ {
          "name" : "signingAlgsAllowed",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Allowed Signing Algorithms",
            "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"
          },
          "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"
        } ]
      }
    } ]
  },
  "xmloutput" : false
}

/ca/v2/profiles/{id}

GET

None

200

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/profiles/caUserCert
{
  "id" : "caUserCert",
  "classId" : "caEnrollImpl",
  "name" : "Manual User Dual-Use Certificate Enrollment",
  "description" : "This certificate profile is for enrolling user certificates.",
  "enabled" : true,
  "visible" : false,
  "enabledBy" : "admin",
  "authzAcl" : "",
  "renewal" : false,
  "inputs" : [ {
    "id" : "i1",
    "ClassID" : "keyGenInputImpl",
    "Name" : "Key Generation",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "cert_request_type",
      "Descriptor" : {
        "Syntax" : "keygen_request_type",
        "Description" : "Key Generation Request Type"
      }
    }, {
      "name" : "cert_request",
      "Descriptor" : {
        "Syntax" : "keygen_request",
        "Description" : "Key Generation Request"
      }
    } ]
  }, {
    "id" : "i2",
    "ClassID" : "subjectNameInputImpl",
    "Name" : "Subject Name",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "sn_uid",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "UID"
      }
    }, {
      "name" : "sn_e",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Email"
      }
    }, {
      "name" : "sn_cn",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Common Name"
      }
    }, {
      "name" : "sn_ou3",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 3"
      }
    }, {
      "name" : "sn_ou2",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 2"
      }
    }, {
      "name" : "sn_ou1",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 1"
      }
    }, {
      "name" : "sn_ou",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit"
      }
    }, {
      "name" : "sn_o",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organization"
      }
    }, {
      "name" : "sn_c",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Country"
      }
    } ]
  }, {
    "id" : "i3",
    "ClassID" : "submitterInfoInputImpl",
    "Name" : "Requestor Information",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "requestor_name",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Name"
      }
    }, {
      "name" : "requestor_email",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Email"
      }
    }, {
      "name" : "requestor_phone",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Phone"
      }
    } ]
  } ],
  "outputs" : [ {
    "id" : "o1",
    "name" : "Certificate Output",
    "classId" : "certOutputImpl",
    "attributes" : [ {
      "name" : "pretty_cert",
      "Descriptor" : {
        "Syntax" : "pretty_print",
        "Description" : "Certificate Pretty Print"
      }
    }, {
      "name" : "b64_cert",
      "Descriptor" : {
        "Syntax" : "pretty_print",
        "Description" : "Certificate Base-64 Encoded"
      }
    } ]
  } ],
  "policySets" : {
    "userCertSet" : [ {
      "id" : "1",
      "def" : {
        "name" : "Subject Name Default",
        "classId" : "userSubjectNameDefaultImpl",
        "text" : "This default populates a User-Supplied Certificate Subject Name to the request.",
        "attributes" : [ {
          "name" : "name",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name"
          }
        } ],
        "params" : [ {
          "name" : "useSysEncoding",
          "value" : ""
        } ]
      },
      "constraint" : {
        "name" : "Subject Name Constraint",
        "text" : "This constraint accepts the subject name that matches UID=.*",
        "classId" : "subjectNameConstraintImpl",
        "constraints" : [ {
          "name" : "pattern",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name Pattern"
          },
          "value" : "UID=.*"
        } ]
      }
    }, {
      "id" : "10",
      "def" : {
        "name" : "No Default",
        "classId" : "noDefaultImpl",
        "text" : "No Default",
        "attributes" : [ ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Renewal Grace Period Constraint",
        "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.",
        "classId" : "renewGracePeriodConstraintImpl",
        "constraints" : [ {
          "name" : "renewal.graceBefore",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Renewal Grace Period Before",
            "DefaultValue" : "30"
          },
          "value" : "30"
        }, {
          "name" : "renewal.graceAfter",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Renewal Grace Period After",
            "DefaultValue" : "30"
          },
          "value" : "30"
        } ]
      }
    }, {
      "id" : "2",
      "def" : {
        "name" : "Validity Default",
        "classId" : "validityDefaultImpl",
        "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days",
        "attributes" : [ {
          "name" : "notBefore",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not Before"
          }
        }, {
          "name" : "notAfter",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not After"
          }
        } ],
        "params" : [ {
          "name" : "range",
          "value" : "180"
        }, {
          "name" : "rangeUnit",
          "value" : ""
        }, {
          "name" : "startTime",
          "value" : "0"
        } ]
      },
      "constraint" : {
        "name" : "Validity Constraint",
        "text" : "This constraint rejects the validity that is not between 365 days.",
        "classId" : "validityConstraintImpl",
        "constraints" : [ {
          "name" : "range",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Validity Range",
            "DefaultValue" : "365"
          },
          "value" : "365"
        }, {
          "name" : "rangeUnit",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Validity Range Unit: year, month, day (default), hour, minute",
            "DefaultValue" : "day"
          },
          "value" : ""
        }, {
          "name" : "notBeforeGracePeriod",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Grace period for Not Before being set in the future (in seconds).",
            "DefaultValue" : "0"
          },
          "value" : ""
        }, {
          "name" : "notBeforeCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not Before against current time",
            "DefaultValue" : "false"
          },
          "value" : "false"
        }, {
          "name" : "notAfterCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not After against Not Before",
            "DefaultValue" : "false"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "3",
      "def" : {
        "name" : "Key Default",
        "classId" : "userKeyDefaultImpl",
        "text" : "This default populates a User-Supplied Certificate Key to the request.",
        "attributes" : [ {
          "name" : "TYPE",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Type"
          }
        }, {
          "name" : "LEN",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Length"
          }
        }, {
          "name" : "KEY",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Key Constraint",
        "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096",
        "classId" : "keyConstraintImpl",
        "constraints" : [ {
          "name" : "keyType",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "-,RSA,EC",
            "Description" : "Key Type",
            "DefaultValue" : "RSA"
          },
          "value" : "RSA"
        }, {
          "name" : "keyParameters",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.",
            "DefaultValue" : ""
          },
          "value" : "1024,2048,3072,4096"
        } ]
      }
    }, {
      "id" : "4",
      "def" : {
        "name" : "Authority Key Identifier Default",
        "classId" : "authorityKeyIdentifierExtDefaultImpl",
        "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.",
        "attributes" : [ {
          "name" : "critical",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Criticality"
          }
        }, {
          "name" : "keyid",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key ID"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "5",
      "def" : {
        "name" : "AIA Extension Default",
        "classId" : "authInfoAccessExtDefaultImpl",
        "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}",
        "attributes" : [ {
          "name" : "authInfoAccessCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "authInfoAccessGeneralNames",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ {
          "name" : "authInfoAccessCritical",
          "value" : "false"
        }, {
          "name" : "authInfoAccessNumADs",
          "value" : "1"
        }, {
          "name" : "authInfoAccessADMethod_0",
          "value" : "1.3.6.1.5.5.7.48.1"
        }, {
          "name" : "authInfoAccessADLocationType_0",
          "value" : "URIName"
        }, {
          "name" : "authInfoAccessADLocation_0",
          "value" : ""
        }, {
          "name" : "authInfoAccessADEnable_0",
          "value" : "true"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "6",
      "def" : {
        "name" : "Key Usage Default",
        "classId" : "keyUsageExtDefaultImpl",
        "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
        "attributes" : [ {
          "name" : "keyUsageCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDigitalSignature",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Digital Signature",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageNonRepudiation",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Non-Repudiation",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyEncipherment",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key Encipherment",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDataEncipherment",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Data Encipherment",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyAgreement",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key Agreement",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyCertSign",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key CertSign",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageCrlSign",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "CRL Sign",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageEncipherOnly",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Encipher Only",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDecipherOnly",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Decipher Only",
            "DefaultValue" : "false"
          }
        } ],
        "params" : [ {
          "name" : "keyUsageCritical",
          "value" : "true"
        }, {
          "name" : "keyUsageDigitalSignature",
          "value" : "true"
        }, {
          "name" : "keyUsageNonRepudiation",
          "value" : "true"
        }, {
          "name" : "keyUsageKeyEncipherment",
          "value" : "true"
        }, {
          "name" : "keyUsageDataEncipherment",
          "value" : "false"
        }, {
          "name" : "keyUsageKeyAgreement",
          "value" : "false"
        }, {
          "name" : "keyUsageKeyCertSign",
          "value" : "false"
        }, {
          "name" : "keyUsageCrlSign",
          "value" : "false"
        }, {
          "name" : "keyUsageEncipherOnly",
          "value" : "false"
        }, {
          "name" : "keyUsageDecipherOnly",
          "value" : "false"
        } ]
      },
      "constraint" : {
        "name" : "Key Usage Extension Constraint",
        "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
        "classId" : "keyUsageExtConstraintImpl",
        "constraints" : [ {
          "name" : "keyUsageCritical",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Criticality",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageDigitalSignature",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Digital Signature",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageNonRepudiation",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Non-Repudiation",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageKeyEncipherment",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key Encipherment",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageDataEncipherment",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Data Encipherment",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageKeyAgreement",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key Agreement",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageKeyCertSign",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key CertSign",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageCrlSign",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "CRL Sign",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageEncipherOnly",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Encipher Only",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageDecipherOnly",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Decipher Only",
            "DefaultValue" : "-"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "7",
      "def" : {
        "name" : "Extended Key Usage Extension Default",
        "classId" : "extendedKeyUsageExtDefaultImpl",
        "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4",
        "attributes" : [ {
          "name" : "exKeyUsageCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "exKeyUsageOIDs",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "Comma-Separated list of Object Identifiers"
          }
        } ],
        "params" : [ {
          "name" : "exKeyUsageCritical",
          "value" : "false"
        }, {
          "name" : "exKeyUsageOIDs",
          "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "8",
      "def" : {
        "name" : "Subject Alt Name Constraint",
        "classId" : "subjectAltNameExtDefaultImpl",
        "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}",
        "attributes" : [ {
          "name" : "subjAltNameExtCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "subjAltNames",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ {
          "name" : "subjAltNameExtCritical",
          "value" : "false"
        }, {
          "name" : "subjAltNameNumGNs",
          "value" : "1"
        }, {
          "name" : "subjAltExtType_0",
          "value" : "RFC822Name"
        }, {
          "name" : "subjAltExtPattern_0",
          "value" : "$request.requestor_email$"
        }, {
          "name" : "subjAltExtGNEnable_0",
          "value" : "true"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "9",
      "def" : {
        "name" : "Signing Alg",
        "classId" : "signingAlgDefaultImpl",
        "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA",
        "attributes" : [ {
          "name" : "signingAlg",
          "Descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
            "Description" : "Signing Algorithm"
          }
        } ],
        "params" : [ {
          "name" : "signingAlg",
          "value" : "-"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
        "classId" : "signingAlgConstraintImpl",
        "constraints" : [ {
          "name" : "signingAlgsAllowed",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Allowed Signing Algorithms",
            "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"
          },
          "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"
        } ]
      }
    } ]
  },
  "xmloutput" : false
}

/ca/v2/profiles/{id}

POST

action (enable/disable)

204

No input exptected

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X POST "https://$HOSTNAME:8443/ca/v2/profiles/caUserCert?action=disable"

/ca/v2/profiles/{id}

PUT

None

200

application/json

Profile in json foramt

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json '{"id":"test","classId":"caEnrollImpl","name":"Manual User Dual-Use Certificate Enrollment","description":"This certificate profile is for enrolling user certificates.","enabled":true,"visible":true,"enabledBy":"admin","authzAcl":"","renewal":false,"inputs":[{"id":"i1","ClassID":"keyGenInputImpl","Name":"Key Generation","ConfigAttribute":[],"Attribute":[{"name":"cert_request_type","Descriptor":{"Syntax":"keygen_request_type","Description":"Key Generation Request Type"}},{"name":"cert_request","Descriptor":{"Syntax":"keygen_request","Description":"Key Generation Request"}}]},{"id":"i2","ClassID":"subjectNameInputImpl","Name":"Subject Name","ConfigAttribute":[],"Attribute":[{"name":"sn_uid","Descriptor":{"Syntax":"string","Description":"UID"}},{"name":"sn_e","Descriptor":{"Syntax":"string","Description":"Email"}},{"name":"sn_cn","Descriptor":{"Syntax":"string","Description":"Common Name"}},{"name":"sn_ou3","Descriptor":{"Syntax":"string","Description":"Organizational Unit 3"}},{"name":"sn_ou2","Descriptor":{"Syntax":"string","Description":"Organizational Unit 2"}},{"name":"sn_ou1","Descriptor":{"Syntax":"string","Description":"Organizational Unit 1"}},{"name":"sn_ou","Descriptor":{"Syntax":"string","Description":"Organizational Unit"}},{"name":"sn_o","Descriptor":{"Syntax":"string","Description":"Organization"}},{"name":"sn_c","Descriptor":{"Syntax":"string","Description":"Country"}}]},{"id":"i3","ClassID":"submitterInfoInputImpl","Name":"Requestor Information","ConfigAttribute":[],"Attribute":[{"name":"requestor_name","Descriptor":{"Syntax":"string","Description":"Requestor Name"}},{"name":"requestor_email","Descriptor":{"Syntax":"string","Description":"Requestor Email"}},{"name":"requestor_phone","Descriptor":{"Syntax":"string","Description":"Requestor Phone"}}]}],"outputs":[{"id":"o1","name":"Certificate Output","classId":"certOutputImpl","attributes":[{"name":"pretty_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Pretty Print"}},{"name":"b64_cert","Descriptor":{"Syntax":"pretty_print","Description":"Certificate Base-64 Encoded"}}]}],"policySets":{"userCertSet":[{"id":"1","def":{"name":"Subject Name Default","classId":"userSubjectNameDefaultImpl","text":"This default populates a User-Supplied Certificate Subject Name to the request.","attributes":[{"name":"name","Descriptor":{"Syntax":"string","Description":"Subject Name"}}],"params":[{"name":"useSysEncoding","value":""}]},"constraint":{"name":"Subject Name Constraint","text":"This constraint accepts the subject name that matches UID=.*","classId":"subjectNameConstraintImpl","constraints":[{"name":"pattern","descriptor":{"Syntax":"string","Description":"Subject Name Pattern"},"value":"UID=.*"}]}},{"id":"10","def":{"name":"No Default","classId":"noDefaultImpl","text":"No Default","attributes":[],"params":[]},"constraint":{"name":"Renewal Grace Period Constraint","text":"This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.","classId":"renewGracePeriodConstraintImpl","constraints":[{"name":"renewal.graceBefore","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period Before","DefaultValue":"30"},"value":"30"},{"name":"renewal.graceAfter","descriptor":{"Syntax":"integer","Description":"Renewal Grace Period After","DefaultValue":"30"},"value":"30"}]}},{"id":"2","def":{"name":"Validity Default","classId":"validityDefaultImpl","text":"This default populates a Certificate Validity to the request. The default values are Range=180 in days","attributes":[{"name":"notBefore","Descriptor":{"Syntax":"string","Description":"Not Before"}},{"name":"notAfter","Descriptor":{"Syntax":"string","Description":"Not After"}}],"params":[{"name":"range","value":"180"},{"name":"rangeUnit","value":""},{"name":"startTime","value":"0"}]},"constraint":{"name":"Validity Constraint","text":"This constraint rejects the validity that is not between 365 days.","classId":"validityConstraintImpl","constraints":[{"name":"range","descriptor":{"Syntax":"integer","Description":"Validity Range","DefaultValue":"365"},"value":"365"},{"name":"rangeUnit","descriptor":{"Syntax":"string","Description":"Validity Range Unit: year, month, day (default), hour, minute","DefaultValue":"day"},"value":""},{"name":"notBeforeGracePeriod","descriptor":{"Syntax":"integer","Description":"Grace period for Not Before being set in the future (in seconds).","DefaultValue":"0"},"value":""},{"name":"notBeforeCheck","descriptor":{"Syntax":"boolean","Description":"Check Not Before against current time","DefaultValue":"false"},"value":"false"},{"name":"notAfterCheck","descriptor":{"Syntax":"boolean","Description":"Check Not After against Not Before","DefaultValue":"false"},"value":"false"}]}},{"id":"3","def":{"name":"Key Default","classId":"userKeyDefaultImpl","text":"This default populates a User-Supplied Certificate Key to the request.","attributes":[{"name":"TYPE","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Type"}},{"name":"LEN","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key Length"}},{"name":"KEY","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key"}}],"params":[]},"constraint":{"name":"Key Constraint","text":"This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096","classId":"keyConstraintImpl","constraints":[{"name":"keyType","descriptor":{"Syntax":"choice","Constraint":"-,RSA,EC","Description":"Key Type","DefaultValue":"RSA"},"value":"RSA"},{"name":"keyParameters","descriptor":{"Syntax":"string","Description":"Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.","DefaultValue":""},"value":"1024,2048,3072,4096"}]}},{"id":"4","def":{"name":"Authority Key Identifier Default","classId":"authorityKeyIdentifierExtDefaultImpl","text":"This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.","attributes":[{"name":"critical","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Criticality"}},{"name":"keyid","Descriptor":{"Syntax":"string","Constraint":"readonly","Description":"Key ID"}}],"params":[]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"5","def":{"name":"AIA Extension Default","classId":"authInfoAccessExtDefaultImpl","text":"This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}","attributes":[{"name":"authInfoAccessCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"authInfoAccessGeneralNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"authInfoAccessCritical","value":"false"},{"name":"authInfoAccessNumADs","value":"1"},{"name":"authInfoAccessADMethod_0","value":"1.3.6.1.5.5.7.48.1"},{"name":"authInfoAccessADLocationType_0","value":"URIName"},{"name":"authInfoAccessADLocation_0","value":""},{"name":"authInfoAccessADEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"6","def":{"name":"Key Usage Default","classId":"keyUsageExtDefaultImpl","text":"This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","attributes":[{"name":"keyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"keyUsageDigitalSignature","Descriptor":{"Syntax":"boolean","Description":"Digital Signature","DefaultValue":"false"}},{"name":"keyUsageNonRepudiation","Descriptor":{"Syntax":"boolean","Description":"Non-Repudiation","DefaultValue":"false"}},{"name":"keyUsageKeyEncipherment","Descriptor":{"Syntax":"boolean","Description":"Key Encipherment","DefaultValue":"false"}},{"name":"keyUsageDataEncipherment","Descriptor":{"Syntax":"boolean","Description":"Data Encipherment","DefaultValue":"false"}},{"name":"keyUsageKeyAgreement","Descriptor":{"Syntax":"boolean","Description":"Key Agreement","DefaultValue":"false"}},{"name":"keyUsageKeyCertSign","Descriptor":{"Syntax":"boolean","Description":"Key CertSign","DefaultValue":"false"}},{"name":"keyUsageCrlSign","Descriptor":{"Syntax":"boolean","Description":"CRL Sign","DefaultValue":"false"}},{"name":"keyUsageEncipherOnly","Descriptor":{"Syntax":"boolean","Description":"Encipher Only","DefaultValue":"false"}},{"name":"keyUsageDecipherOnly","Descriptor":{"Syntax":"boolean","Description":"Decipher Only","DefaultValue":"false"}}],"params":[{"name":"keyUsageCritical","value":"true"},{"name":"keyUsageDigitalSignature","value":"true"},{"name":"keyUsageNonRepudiation","value":"true"},{"name":"keyUsageKeyEncipherment","value":"true"},{"name":"keyUsageDataEncipherment","value":"false"},{"name":"keyUsageKeyAgreement","value":"false"},{"name":"keyUsageKeyCertSign","value":"false"},{"name":"keyUsageCrlSign","value":"false"},{"name":"keyUsageEncipherOnly","value":"false"},{"name":"keyUsageDecipherOnly","value":"false"}]},"constraint":{"name":"Key Usage Extension Constraint","text":"This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false","classId":"keyUsageExtConstraintImpl","constraints":[{"name":"keyUsageCritical","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Criticality","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDigitalSignature","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Digital Signature","DefaultValue":"-"},"value":"true"},{"name":"keyUsageNonRepudiation","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Non-Repudiation","DefaultValue":"-"},"value":"true"},{"name":"keyUsageKeyEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Encipherment","DefaultValue":"-"},"value":"true"},{"name":"keyUsageDataEncipherment","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Data Encipherment","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyAgreement","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key Agreement","DefaultValue":"-"},"value":"false"},{"name":"keyUsageKeyCertSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Key CertSign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageCrlSign","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"CRL Sign","DefaultValue":"-"},"value":"false"},{"name":"keyUsageEncipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Encipher Only","DefaultValue":"-"},"value":"false"},{"name":"keyUsageDecipherOnly","descriptor":{"Syntax":"choice","Constraint":"true,false,-","Description":"Decipher Only","DefaultValue":"-"},"value":"false"}]}},{"id":"7","def":{"name":"Extended Key Usage Extension Default","classId":"extendedKeyUsageExtDefaultImpl","text":"This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4","attributes":[{"name":"exKeyUsageCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"exKeyUsageOIDs","Descriptor":{"Syntax":"string_list","Description":"Comma-Separated list of Object Identifiers"}}],"params":[{"name":"exKeyUsageCritical","value":"false"},{"name":"exKeyUsageOIDs","value":"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"8","def":{"name":"Subject Alt Name Constraint","classId":"subjectAltNameExtDefaultImpl","text":"This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}","attributes":[{"name":"subjAltNameExtCritical","Descriptor":{"Syntax":"boolean","Description":"Criticality","DefaultValue":"false"}},{"name":"subjAltNames","Descriptor":{"Syntax":"string_list","Description":"General Names"}}],"params":[{"name":"subjAltNameExtCritical","value":"false"},{"name":"subjAltNameNumGNs","value":"1"},{"name":"subjAltExtType_0","value":"RFC822Name"},{"name":"subjAltExtPattern_0","value":"$request.requestor_email$"},{"name":"subjAltExtGNEnable_0","value":"true"}]},"constraint":{"name":"No Constraint","text":"No Constraint","classId":"noConstraintImpl","constraints":[]}},{"id":"9","def":{"name":"Signing Alg","classId":"signingAlgDefaultImpl","text":"This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA","attributes":[{"name":"signingAlg","Descriptor":{"Syntax":"choice","Constraint":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","Description":"Signing Algorithm"}}],"params":[{"name":"signingAlg","value":"-"}]},"constraint":{"name":"No Constraint","text":"This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS","classId":"signingAlgConstraintImpl","constraints":[{"name":"signingAlgsAllowed","descriptor":{"Syntax":"string","Description":"Allowed Signing Algorithms","DefaultValue":"SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"},"value":"SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"}]}}]},"xmloutput":false}' \
    -X Put https://$HOSTNAME:8443/ca/v2/profiles/test
{
  "id" : "test",
  "classId" : "caEnrollImpl",
  "name" : "Manual User Dual-Use Certificate Enrollment",
  "description" : "This certificate profile is for enrolling user certificates.",
  "enabled" : false,
  "visible" : true,
  "authzAcl" : "",
  "renewal" : false,
  "inputs" : [ {
    "id" : "i1",
    "ClassID" : "keyGenInputImpl",
    "Name" : "Key Generation",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "cert_request_type",
      "Descriptor" : {
        "Syntax" : "keygen_request_type",
        "Description" : "Key Generation Request Type"
      }
    }, {
      "name" : "cert_request",
      "Descriptor" : {
        "Syntax" : "keygen_request",
        "Description" : "Key Generation Request"
      }
    } ]
  }, {
    "id" : "i2",
    "ClassID" : "subjectNameInputImpl",
    "Name" : "Subject Name",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "sn_uid",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "UID"
      }
    }, {
      "name" : "sn_e",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Email"
      }
    }, {
      "name" : "sn_cn",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Common Name"
      }
    }, {
      "name" : "sn_ou3",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 3"
      }
    }, {
      "name" : "sn_ou2",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 2"
      }
    }, {
      "name" : "sn_ou1",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit 1"
      }
    }, {
      "name" : "sn_ou",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organizational Unit"
      }
    }, {
      "name" : "sn_o",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Organization"
      }
    }, {
      "name" : "sn_c",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Country"
      }
    } ]
  }, {
    "id" : "i3",
    "ClassID" : "submitterInfoInputImpl",
    "Name" : "Requestor Information",
    "ConfigAttribute" : [ ],
    "Attribute" : [ {
      "name" : "requestor_name",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Name"
      }
    }, {
      "name" : "requestor_email",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Email"
      }
    }, {
      "name" : "requestor_phone",
      "Descriptor" : {
        "Syntax" : "string",
        "Description" : "Requestor Phone"
      }
    } ]
  } ],
  "outputs" : [ {
    "id" : "o1",
    "name" : "Certificate Output",
    "classId" : "certOutputImpl",
    "attributes" : [ {
      "name" : "pretty_cert",
      "Descriptor" : {
        "Syntax" : "pretty_print",
        "Description" : "Certificate Pretty Print"
      }
    }, {
      "name" : "b64_cert",
      "Descriptor" : {
        "Syntax" : "pretty_print",
        "Description" : "Certificate Base-64 Encoded"
      }
    } ]
  } ],
  "policySets" : {
    "userCertSet" : [ {
      "id" : "1",
      "def" : {
        "name" : "Subject Name Default",
        "classId" : "userSubjectNameDefaultImpl",
        "text" : "This default populates a User-Supplied Certificate Subject Name to the request.",
        "attributes" : [ {
          "name" : "name",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name"
          }
        } ],
        "params" : [ {
          "name" : "useSysEncoding",
          "value" : ""
        } ]
      },
      "constraint" : {
        "name" : "Subject Name Constraint",
        "text" : "This constraint accepts the subject name that matches UID=.*",
        "classId" : "subjectNameConstraintImpl",
        "constraints" : [ {
          "name" : "pattern",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Subject Name Pattern"
          },
          "value" : "UID=.*"
        } ]
      }
    }, {
      "id" : "10",
      "def" : {
        "name" : "No Default",
        "classId" : "noDefaultImpl",
        "text" : "No Default",
        "attributes" : [ ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Renewal Grace Period Constraint",
        "text" : "This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.",
        "classId" : "renewGracePeriodConstraintImpl",
        "constraints" : [ {
          "name" : "renewal.graceBefore",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Renewal Grace Period Before",
            "DefaultValue" : "30"
          },
          "value" : "30"
        }, {
          "name" : "renewal.graceAfter",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Renewal Grace Period After",
            "DefaultValue" : "30"
          },
          "value" : "30"
        } ]
      }
    }, {
      "id" : "2",
      "def" : {
        "name" : "Validity Default",
        "classId" : "validityDefaultImpl",
        "text" : "This default populates a Certificate Validity to the request. The default values are Range=180 in days",
        "attributes" : [ {
          "name" : "notBefore",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not Before"
          }
        }, {
          "name" : "notAfter",
          "Descriptor" : {
            "Syntax" : "string",
            "Description" : "Not After"
          }
        } ],
        "params" : [ {
          "name" : "range",
          "value" : "180"
        }, {
          "name" : "rangeUnit",
          "value" : ""
        }, {
          "name" : "startTime",
          "value" : "0"
        } ]
      },
      "constraint" : {
        "name" : "Validity Constraint",
        "text" : "This constraint rejects the validity that is not between 365 days.",
        "classId" : "validityConstraintImpl",
        "constraints" : [ {
          "name" : "range",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Validity Range",
            "DefaultValue" : "365"
          },
          "value" : "365"
        }, {
          "name" : "rangeUnit",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Validity Range Unit: year, month, day (default), hour, minute",
            "DefaultValue" : "day"
          },
          "value" : ""
        }, {
          "name" : "notBeforeGracePeriod",
          "descriptor" : {
            "Syntax" : "integer",
            "Description" : "Grace period for Not Before being set in the future (in seconds).",
            "DefaultValue" : "0"
          },
          "value" : ""
        }, {
          "name" : "notBeforeCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not Before against current time",
            "DefaultValue" : "false"
          },
          "value" : "false"
        }, {
          "name" : "notAfterCheck",
          "descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Check Not After against Not Before",
            "DefaultValue" : "false"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "3",
      "def" : {
        "name" : "Key Default",
        "classId" : "userKeyDefaultImpl",
        "text" : "This default populates a User-Supplied Certificate Key to the request.",
        "attributes" : [ {
          "name" : "TYPE",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Type"
          }
        }, {
          "name" : "LEN",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key Length"
          }
        }, {
          "name" : "KEY",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "Key Constraint",
        "text" : "This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096",
        "classId" : "keyConstraintImpl",
        "constraints" : [ {
          "name" : "keyType",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "-,RSA,EC",
            "Description" : "Key Type",
            "DefaultValue" : "RSA"
          },
          "value" : "RSA"
        }, {
          "name" : "keyParameters",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.",
            "DefaultValue" : ""
          },
          "value" : "1024,2048,3072,4096"
        } ]
      }
    }, {
      "id" : "4",
      "def" : {
        "name" : "Authority Key Identifier Default",
        "classId" : "authorityKeyIdentifierExtDefaultImpl",
        "text" : "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.",
        "attributes" : [ {
          "name" : "critical",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Criticality"
          }
        }, {
          "name" : "keyid",
          "Descriptor" : {
            "Syntax" : "string",
            "Constraint" : "readonly",
            "Description" : "Key ID"
          }
        } ],
        "params" : [ ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "5",
      "def" : {
        "name" : "AIA Extension Default",
        "classId" : "authInfoAccessExtDefaultImpl",
        "text" : "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}",
        "attributes" : [ {
          "name" : "authInfoAccessCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "authInfoAccessGeneralNames",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ {
          "name" : "authInfoAccessCritical",
          "value" : "false"
        }, {
          "name" : "authInfoAccessNumADs",
          "value" : "1"
        }, {
          "name" : "authInfoAccessADMethod_0",
          "value" : "1.3.6.1.5.5.7.48.1"
        }, {
          "name" : "authInfoAccessADLocationType_0",
          "value" : "URIName"
        }, {
          "name" : "authInfoAccessADLocation_0",
          "value" : ""
        }, {
          "name" : "authInfoAccessADEnable_0",
          "value" : "true"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "6",
      "def" : {
        "name" : "Key Usage Default",
        "classId" : "keyUsageExtDefaultImpl",
        "text" : "This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
        "attributes" : [ {
          "name" : "keyUsageCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDigitalSignature",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Digital Signature",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageNonRepudiation",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Non-Repudiation",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyEncipherment",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key Encipherment",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDataEncipherment",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Data Encipherment",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyAgreement",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key Agreement",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageKeyCertSign",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Key CertSign",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageCrlSign",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "CRL Sign",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageEncipherOnly",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Encipher Only",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "keyUsageDecipherOnly",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Decipher Only",
            "DefaultValue" : "false"
          }
        } ],
        "params" : [ {
          "name" : "keyUsageCritical",
          "value" : "true"
        }, {
          "name" : "keyUsageDigitalSignature",
          "value" : "true"
        }, {
          "name" : "keyUsageNonRepudiation",
          "value" : "true"
        }, {
          "name" : "keyUsageKeyEncipherment",
          "value" : "true"
        }, {
          "name" : "keyUsageDataEncipherment",
          "value" : "false"
        }, {
          "name" : "keyUsageKeyAgreement",
          "value" : "false"
        }, {
          "name" : "keyUsageKeyCertSign",
          "value" : "false"
        }, {
          "name" : "keyUsageCrlSign",
          "value" : "false"
        }, {
          "name" : "keyUsageEncipherOnly",
          "value" : "false"
        }, {
          "name" : "keyUsageDecipherOnly",
          "value" : "false"
        } ]
      },
      "constraint" : {
        "name" : "Key Usage Extension Constraint",
        "text" : "This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false",
        "classId" : "keyUsageExtConstraintImpl",
        "constraints" : [ {
          "name" : "keyUsageCritical",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Criticality",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageDigitalSignature",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Digital Signature",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageNonRepudiation",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Non-Repudiation",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageKeyEncipherment",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key Encipherment",
            "DefaultValue" : "-"
          },
          "value" : "true"
        }, {
          "name" : "keyUsageDataEncipherment",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Data Encipherment",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageKeyAgreement",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key Agreement",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageKeyCertSign",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Key CertSign",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageCrlSign",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "CRL Sign",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageEncipherOnly",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Encipher Only",
            "DefaultValue" : "-"
          },
          "value" : "false"
        }, {
          "name" : "keyUsageDecipherOnly",
          "descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "true,false,-",
            "Description" : "Decipher Only",
            "DefaultValue" : "-"
          },
          "value" : "false"
        } ]
      }
    }, {
      "id" : "7",
      "def" : {
        "name" : "Extended Key Usage Extension Default",
        "classId" : "extendedKeyUsageExtDefaultImpl",
        "text" : "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4",
        "attributes" : [ {
          "name" : "exKeyUsageCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "exKeyUsageOIDs",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "Comma-Separated list of Object Identifiers"
          }
        } ],
        "params" : [ {
          "name" : "exKeyUsageCritical",
          "value" : "false"
        }, {
          "name" : "exKeyUsageOIDs",
          "value" : "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "8",
      "def" : {
        "name" : "Subject Alt Name Constraint",
        "classId" : "subjectAltNameExtDefaultImpl",
        "text" : "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}",
        "attributes" : [ {
          "name" : "subjAltNameExtCritical",
          "Descriptor" : {
            "Syntax" : "boolean",
            "Description" : "Criticality",
            "DefaultValue" : "false"
          }
        }, {
          "name" : "subjAltNames",
          "Descriptor" : {
            "Syntax" : "string_list",
            "Description" : "General Names"
          }
        } ],
        "params" : [ {
          "name" : "subjAltNameExtCritical",
          "value" : "false"
        }, {
          "name" : "subjAltNameNumGNs",
          "value" : "1"
        }, {
          "name" : "subjAltExtType_0",
          "value" : "RFC822Name"
        }, {
          "name" : "subjAltExtPattern_0",
          "value" : "$request.requestor_email$"
        }, {
          "name" : "subjAltExtGNEnable_0",
          "value" : "true"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "No Constraint",
        "classId" : "noConstraintImpl",
        "constraints" : [ ]
      }
    }, {
      "id" : "9",
      "def" : {
        "name" : "Signing Alg",
        "classId" : "signingAlgDefaultImpl",
        "text" : "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA",
        "attributes" : [ {
          "name" : "signingAlg",
          "Descriptor" : {
            "Syntax" : "choice",
            "Constraint" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
            "Description" : "Signing Algorithm"
          }
        } ],
        "params" : [ {
          "name" : "signingAlg",
          "value" : "-"
        } ]
      },
      "constraint" : {
        "name" : "No Constraint",
        "text" : "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS",
        "classId" : "signingAlgConstraintImpl",
        "constraints" : [ {
          "name" : "signingAlgsAllowed",
          "descriptor" : {
            "Syntax" : "string",
            "Description" : "Allowed Signing Algorithms",
            "DefaultValue" : "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC"
          },
          "value" : "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS"
        } ]
      }
    } ]
  },
  "xmloutput" : false
}

/ca/v2/profiles/{id}

DELETE

action (enable/disable)

204

Example
$ curl --cacert ./ca_signing.crt -b session_cookie -X DELETE https://$HOSTNAME:8443/ca/v2/profiles/test

/ca/v2/profiles/raw

POST

None

201

application/octet-stream

Profile file in the original key=<value> format

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --data-binary @- https://$HOSTNAME:8443/ca/v2/profiles/raw << EOF
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=true
enableBy=caadmin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=test
visible=false
EOF
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=false
enableBy=caadmin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=test
visible=false

/ca/v2/profiles/{id}/raw

GET

None

200

application/octet-stream

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/profiles/caUserCert
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=true
enableBy=caadmin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=caUserCert
visible=false

/ca/v2/profiles/{id}raw

PUT

None

200

application/octet-stream

Profile file in the original key=<value> format

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --data-binary @- -X PUT https://$HOSTNAME:8443/ca/v2/profiles/test/raw << EOF
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=false
enableBy=caadmin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=test
visible=false
EOF
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.3.constraint.params.keyType=RSA
input.i2.class_id=subjectNameInputImpl
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
output.o1.class_id=certOutputImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
output.list=o1
input.list=i1,i2,i3
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.2.constraint.params.range=365
visible=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.2.default.name=Validity Default
desc=This certificate profile is for enrolling user certificates.
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.9.default.params.signingAlg=-
auth.class_id=
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
enable=false
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.9.constraint.name=No Constraint
input.i1.class_id=keyGenInputImpl
enableBy=caadmin
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.name=Validity Constraint
input.i3.class_id=submitterInfoInputImpl
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
name=Manual User Dual-Use Certificate Enrollment
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.list=userCertSet
policyset.userCertSet.8.default.params.subjAltExtPattern_0=.requestor_email$
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
Note
endpoints requiring authentication can be accessed providing the session cookie retrieved in the login api (/<app>/v2/account/login) or the user credentials (user/password or certificates).
Clone this wiki locally