-
Notifications
You must be signed in to change notification settings - Fork 139
PKI CA Review Certificate Request REST API
Endi S. Dewata edited this page Mar 8, 2024
·
4 revisions
-
Path:
/ca/rest/agent/certrequests/{id}
-
Method:
GET
-
Authentication: client certificate
-
Query Parameters:
-
id
: dec/hex request ID
-
-
Content: None
JSON
$ curl \ -k \ -s \ -H "Accept: application/json" \ --user caadmin:Secret.123 \ https://localhost.localdomain:8443/ca/rest/agent/certrequests/2 | python -m json.tool { "nonce": "1848741545571711687", "requestId": "2", "requestType": "enrollment", "requestStatus": "complete", "requestCreationTime": "Tue Jun 08 09:21:02 BST 2021", "requestModificationTime": "Tue Jun 08 09:21:02 BST 2021", "profileApprovedBy": "system", "profileSetId": "ocspCertSet", "profileIsVisible": "true", "profileName": "Manual OCSP Manager Signing Certificate Enrollment", "profileDescription": "This certificate profile is for enrolling OCSP Manager certificates.", "Attributes": { "Attribute": [] }, "ProfileID": "caOCSPCert", "Renewal": false, "Input": [ { "id": null, "ClassID": "CertReqInput", "Name": "Certificate Request Input", "Text": null, "Attribute": [ { "name": "cert_request_type", "Value": "pkcs10", "Descriptor": null }, { "name": "cert_request", "Value": "-----BEGIN CERTIFICATE REQUEST-----\nMIICkjCCAXoCAQAwTTEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEkMCIG\nA1UEAwwbQ0EgT0NTUCBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\nMIIBCgKCAQEAt6EZtIIusgnocf5UwOGm8z2INRwi611A2kJCDJYFrgjgpFqjgVqR+VH14TH9LN1v\n8RTgEbCoJ9/yKGJlWluKu3hvvm5fM9DZeYpPSRjE0IasjNU8ZEDBwZtYtSnL8kq/rEDHBcS1WaxB\nJB03w8IL+WpwR5tWREGbNVeSgBvvKXrupLX5j2S89THuiWbTUVjib+vLBNonxacZBi9+hCUVtAB4\nG4gPBgMH57BKGVryRsRh7jiChdJZe/ZIs3K7iqTn8cL84kdfCRlDmIUZyUDjmjD70LRbhYklOK1q\nLC6e81wW3R6+rFelzZmt58IfcRko7VxTpHclbDWpBnVRzqVVXwIDAQABoAAwDQYJKoZIhvcNAQEL\nBQADggEBAAp78CbUDQ8Gyy622QS/talNO75BAHi3OsjXnRtyHxYdP8ffmbQsRIG0OFnrlqDRAZg2\nGZq6IEFypek4S3A/VUi7drKgyR9/AqD1bN6mn47kik7N8A1K+7y+OJYB/YWqG5u19v4rzPlk2JjB\nsP+7GvcOg/8hipVojZvZRAI/XXIQjMu3ImCLbVfDJIuY37dtMKdEb4+nek2g8y1pDVbPk+HgvfIL\n4wGA19rYb3okCU6g3UkxamFDs1+Avoaa/soVWd2zAHR19WaqlqNwqBCq9+Hl2j4iRugsD3XLyTEH\npZsSpHjiSvSEK/4ZU4Yv14mg+LwUWIiLAbGmeFGb3zujoe0=\n-----END CERTIFICATE REQUEST-----", "Descriptor": null } ], "ConfigAttribute": [] }, { "id": null, "ClassID": "SubmitterInfoInput", "Name": "Requestor Information", "Text": null, "Attribute": [], "ConfigAttribute": [] } ], "ProfilePolicySet": [ { "policies": [ { "id": null, "def": { "classId": null, "id": "Subject Name Default", "description": "This default populates a User-Supplied Certificate Subject Name to the request.", "policyAttribute": [ { "name": "name", "Value": "CN=CA OCSP Signing Certificate,OU=pki-tomcat,O=EXAMPLE", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Subject Name", "DefaultValue": null } } ], "params": [] }, "constraint": { "classId": "SubjectNameConstraint", "id": "Subject Name Constraint", "description": "This constraint accepts the subject name that matches CN=.*", "constraint": [ { "descriptor": { "Syntax": "string", "Constraint": null, "Description": "Subject Name Pattern", "DefaultValue": null }, "value": "CN=.*", "id": "pattern" } ] } }, { "id": null, "def": { "classId": null, "id": "Validity Default", "description": "This default populates a Certificate Validity to the request. The default values are Range=720 in days", "policyAttribute": [ { "name": "notBefore", "Value": "2021-06-08 09:21:02", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Not Before", "DefaultValue": null } }, { "name": "notAfter", "Value": "2023-05-29 09:21:02", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Not After", "DefaultValue": null } } ], "params": [] }, "constraint": { "classId": "ValidityConstraint", "id": "Validity Constraint", "description": "This constraint rejects the validity that is not between 720 days.", "constraint": [ { "descriptor": { "Syntax": "integer", "Constraint": null, "Description": "Validity Range", "DefaultValue": "365" }, "value": "720", "id": "range" }, { "descriptor": { "Syntax": "string", "Constraint": null, "Description": "Validity Range Unit: year, month, day (default), hour, minute", "DefaultValue": "day" }, "value": "", "id": "rangeUnit" }, { "descriptor": { "Syntax": "integer", "Constraint": null, "Description": "Grace period for Not Before being set in the future (in seconds).", "DefaultValue": "0" }, "value": "", "id": "notBeforeGracePeriod" }, { "descriptor": { "Syntax": "boolean", "Constraint": null, "Description": "Check Not Before against current time", "DefaultValue": "false" }, "value": "false", "id": "notBeforeCheck" }, { "descriptor": { "Syntax": "boolean", "Constraint": null, "Description": "Check Not After against Not Before", "DefaultValue": "false" }, "value": "false", "id": "notAfterCheck" } ] } }, { "id": null, "def": { "classId": null, "id": "Key Default", "description": "This default populates a User-Supplied Certificate Key to the request.", "policyAttribute": [ { "name": "TYPE", "Value": "RSA - 1.2.840.113549.1.1.1", "Descriptor": { "Syntax": "string", "Constraint": "readonly", "Description": "Key Type", "DefaultValue": null } }, { "name": "LEN", "Value": "2048", "Descriptor": { "Syntax": "string", "Constraint": "readonly", "Description": "Key Length", "DefaultValue": null } }, { "name": "KEY", "Value": "30:82:01:0A:02:82:01:01:00:B7:A1:19:B4:82:2E:B2:\\n09:E8:71:FE:54:C0:E1:A6:F3:3D:88:35:1C:22:EB:5D:\\n40:DA:42:42:0C:96:05:AE:08:E0:A4:5A:A3:81:5A:91:\\nF9:51:F5:E1:31:FD:2C:DD:6F:F1:14:E0:11:B0:A8:27:\\nDF:F2:28:62:65:5A:5B:8A:BB:78:6F:BE:6E:5F:33:D0:\\nD9:79:8A:4F:49:18:C4:D0:86:AC:8C:D5:3C:64:40:C1:\\nC1:9B:58:B5:29:CB:F2:4A:BF:AC:40:C7:05:C4:B5:59:\\nAC:41:24:1D:37:C3:C2:0B:F9:6A:70:47:9B:56:44:41:\\n9B:35:57:92:80:1B:EF:29:7A:EE:A4:B5:F9:8F:64:BC:\\nF5:31:EE:89:66:D3:51:58:E2:6F:EB:CB:04:DA:27:C5:\\nA7:19:06:2F:7E:84:25:15:B4:00:78:1B:88:0F:06:03:\\n07:E7:B0:4A:19:5A:F2:46:C4:61:EE:38:82:85:D2:59:\\n7B:F6:48:B3:72:BB:8A:A4:E7:F1:C2:FC:E2:47:5F:09:\\n19:43:98:85:19:C9:40:E3:9A:30:FB:D0:B4:5B:85:89:\\n25:38:AD:6A:2C:2E:9E:F3:5C:16:DD:1E:BE:AC:57:A5:\\nCD:99:AD:E7:C2:1F:71:19:28:ED:5C:53:A4:77:25:6C:\\n35:A9:06:75:51:CE:A5:55:5F:02:03:01:00:01\\n", "Descriptor": { "Syntax": "string", "Constraint": "readonly", "Description": "Key", "DefaultValue": null } } ], "params": [] }, "constraint": { "classId": "KeyConstraint", "id": "Key Constraint", "description": "This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521", "constraint": [ { "descriptor": { "Syntax": "choice", "Constraint": "-,RSA,EC", "Description": "Key Type", "DefaultValue": "RSA" }, "value": "-", "id": "keyType" }, { "descriptor": { "Syntax": "string", "Constraint": null, "Description": "Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.", "DefaultValue": "" }, "value": "1024,2048,3072,4096,nistp256,nistp384,nistp521", "id": "keyParameters" } ] } }, { "id": null, "def": { "classId": null, "id": "Authority Key Identifier Default", "description": "This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.", "policyAttribute": [ { "name": "critical", "Value": "false", "Descriptor": { "Syntax": "string", "Constraint": "readonly", "Description": "Criticality", "DefaultValue": null } }, { "name": "keyid", "Value": "69:77:28:72:1E:0B:32:81:9F:33:07:B4:45:A5:FA:25:\\nB5:F5:88:E3\\n", "Descriptor": { "Syntax": "string", "Constraint": "readonly", "Description": "Key ID", "DefaultValue": null } } ], "params": [] }, "constraint": { "classId": "NoConstraint", "id": "No Constraint", "description": "No Constraint", "constraint": [] } }, { "id": null, "def": { "classId": null, "id": "AIA Extension Default", "description": "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}", "policyAttribute": [ { "name": "authInfoAccessCritical", "Value": "false", "Descriptor": { "Syntax": "boolean", "Constraint": null, "Description": "Criticality", "DefaultValue": "false" } }, { "name": "authInfoAccessGeneralNames", "Value": "Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://localhost.localdomain:8080/ca/ocsp\r\nEnable:true\r\n\r\n", "Descriptor": { "Syntax": "string_list", "Constraint": null, "Description": "General Names", "DefaultValue": null } } ], "params": [] }, "constraint": { "classId": "NoConstraint", "id": "No Constraint", "description": "No Constraint", "constraint": [] } }, { "id": null, "def": { "classId": null, "id": "Extended Key Usage Default", "description": "This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.9", "policyAttribute": [ { "name": "exKeyUsageCritical", "Value": "false", "Descriptor": { "Syntax": "boolean", "Constraint": null, "Description": "Criticality", "DefaultValue": "false" } }, { "name": "exKeyUsageOIDs", "Value": "1.3.6.1.5.5.7.3.9", "Descriptor": { "Syntax": "string_list", "Constraint": null, "Description": "Comma-Separated list of Object Identifiers", "DefaultValue": null } } ], "params": [] }, "constraint": { "classId": "ExtendedKeyUsageExtConstraint", "id": "Extended Key Usage Extension", "description": "This constraint accepts the Extended Key Usage extension, if present, only when Criticality=false, OIDs=1.3.6.1.5.5.7.3.9", "constraint": [ { "descriptor": { "Syntax": "choice", "Constraint": "true,false,-", "Description": "Criticality", "DefaultValue": "-" }, "value": "false", "id": "exKeyUsageCritical" }, { "descriptor": { "Syntax": "string", "Constraint": null, "Description": "Comma-Separated list of Object Identifiers", "DefaultValue": null }, "value": "1.3.6.1.5.5.7.3.9", "id": "exKeyUsageOIDs" } ] } }, { "id": null, "def": { "classId": null, "id": "OCSP No Check Extension", "description": "This default populates an OCSP No Check Extension (1.3.6.1.5.5.7.48.1.5) to the request. The default values are Criticality=false", "policyAttribute": [ { "name": "ocspNoCheckCritical", "Value": "false", "Descriptor": { "Syntax": "boolean", "Constraint": null, "Description": "Criticality", "DefaultValue": "false" } } ], "params": [] }, "constraint": { "classId": "ExtensionConstraint", "id": "No Constraint", "description": "This constraint accepts the extension only when Criticality=false, OID=1.3.6.1.5.5.7.48.1.5", "constraint": [ { "descriptor": { "Syntax": "choice", "Constraint": "true,false,-", "Description": "Criticality", "DefaultValue": "-" }, "value": "false", "id": "extCritical" }, { "descriptor": { "Syntax": "string", "Constraint": null, "Description": "Object Identifier", "DefaultValue": null }, "value": "1.3.6.1.5.5.7.48.1.5", "id": "extOID" } ] } }, { "id": null, "def": { "classId": null, "id": "Signing Alg", "description": "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA", "policyAttribute": [ { "name": "signingAlg", "Value": "SHA256withRSA", "Descriptor": { "Syntax": "choice", "Constraint": "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "Description": "Signing Algorithm", "DefaultValue": null } } ], "params": [] }, "constraint": { "classId": "SigningAlgConstraint", "id": "No Constraint", "description": "This constraint accepts only the Signing Algorithms of SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "constraint": [ { "descriptor": { "Syntax": "string", "Constraint": null, "Description": "Allowed Signing Algorithms", "DefaultValue": "SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC" }, "value": "SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS", "id": "signingAlgsAllowed" } ] } } ] } ] }
XML
$ curl \ -k \ -s \ -H "Accept: application/xml" \ --user caadmin:Secret.123 \ https://localhost.localdomain:8443/ca/rest/agent/certrequests/20 | xmllint --format - <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <certReviewResponse> <Attributes/> <ProfileID>caUserCert</ProfileID> <Renewal>false</Renewal> <Input> <ClassID>KeyGenInput</ClassID> <Name>Key Generation</Name> <Attribute name="cert_request_type"> <Value>pkcs10</Value> </Attribute> <Attribute name="cert_request"> <Value>-----BEGIN CERTIFICATE REQUEST----- MIICXzCCAUcCAQAwGjEYMBYGCgmSJomT8ixkAQETCHRlc3R1c2VyMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA8VfCbrwYhBqds9Q1GvE/KQioT+WgeIt6vyKkBIJKFfAWgoiAy8oKMVIc j8ajwqtmV5/e/kv1ahzf1gIq5ARYVDvjm0gOyqz//0YPL4X6K9euMcV3rDU+y73/v0Z8CSPaF0RC sYox1B/VVukgxpWfRL0m1Vjtp9qRR9wBcSV4Io5rCTCXgTkVTNuuQwXuilkvcfKOi19NhqiEeTtj f3UyXl1cECUM/Zk4kNj/CCOf4UVNh4BhDygu7nGrN0BUaBOurbMgq65BWn11olDuwaoHzklmJ8gO SwL7pwQhe3Yn4zXO5nqi2T85sGlItzDj78dUgEaJlhX9n7jCTlABdtfvzQIDAQABoAAwDQYJKoZI hvcNAQELBQADggEBAE1GBhjNVBYF3oOLsq9NMnklxkTIWTVjby+Kkrapnp39csWlt6V+NVSI6cvW pRDES7WlV2f0gBQiH/qtRz9GPR/hisLkpX1bvGgTW/oi5nah5L3o0W2KRHk7Di4nLnDXteSSAPnI Ja80li+bgNGqhkCOn4dnej9CeuKCRpNfx6dW4TWktE3Z8FuuNKzB2Qji8XOT2KZyNHlOLgY13tX/ 1EpsBDbUP7GvkXqj3ZR62jOOUhHcmlgyABiN3I7NyOMJrrSe3uTLmMtAbGdFxC27azXMOeNl57DV osikU4aC15xi78BUrYnnpHGxTjueZgrmjyYA2ihcy6tLsWVpp1OHMmQ= -----END CERTIFICATE REQUEST-----</Value> </Attribute> </Input> <Input> <ClassID>SubjectNameInput</ClassID> <Name>Subject Name</Name> <Attribute name="sn_uid"> <Value>testuser</Value> </Attribute> </Input> <Input> <ClassID>SubmitterInfoInput</ClassID> <Name>Requestor Information</Name> </Input> <ProfilePolicySet> <policies> <def id="Subject Name Default"> <description>This default populates a User-Supplied Certificate Subject Name to the request.</description> <policyAttribute name="name"> <Value>UID=testuser</Value> <Descriptor> <Syntax>string</Syntax> <Description>Subject Name</Description> </Descriptor> </policyAttribute> </def> <constraint id="Subject Name Constraint"> <description>This constraint accepts the subject name that matches UID=.*</description> <classId>SubjectNameConstraint</classId> <constraint id="pattern"> <descriptor> <Syntax>string</Syntax> <Description>Subject Name Pattern</Description> </descriptor> <value>UID=.*</value> </constraint> </constraint> </policies> <policies> <def id="No Default"> <description>No Default</description> </def> <constraint id="Renewal Grace Period Constraint"> <description>This constraint rejects the validity that is not between 30 days before and 30 days after original cert expiration date days.</description> <classId>RenewGracePeriodConstraint</classId> <constraint id="renewal.graceBefore"> <descriptor> <Syntax>integer</Syntax> <Description>Renewal Grace Period Before</Description> <DefaultValue>30</DefaultValue> </descriptor> <value>30</value> </constraint> <constraint id="renewal.graceAfter"> <descriptor> <Syntax>integer</Syntax> <Description>Renewal Grace Period After</Description> <DefaultValue>30</DefaultValue> </descriptor> <value>30</value> </constraint> </constraint> </policies> <policies> <def id="Validity Default"> <description>This default populates a Certificate Validity to the request. The default values are Range=180 in days</description> <policyAttribute name="notBefore"> <Value>2021-08-23 22:21:49</Value> <Descriptor> <Syntax>string</Syntax> <Description>Not Before</Description> </Descriptor> </policyAttribute> <policyAttribute name="notAfter"> <Value>2022-02-19 22:21:49</Value> <Descriptor> <Syntax>string</Syntax> <Description>Not After</Description> </Descriptor> </policyAttribute> </def> <constraint id="Validity Constraint"> <description>This constraint rejects the validity that is not between 365 days.</description> <classId>ValidityConstraint</classId> <constraint id="range"> <descriptor> <Syntax>integer</Syntax> <Description>Validity Range</Description> <DefaultValue>365</DefaultValue> </descriptor> <value>365</value> </constraint> <constraint id="rangeUnit"> <descriptor> <Syntax>string</Syntax> <Description>Validity Range Unit: year, month, day (default), hour, minute</Description> <DefaultValue>day</DefaultValue> </descriptor> <value/> </constraint> <constraint id="notBeforeGracePeriod"> <descriptor> <Syntax>integer</Syntax> <Description>Grace period for Not Before being set in the future (in seconds).</Description> <DefaultValue>0</DefaultValue> </descriptor> <value/> </constraint> <constraint id="notBeforeCheck"> <descriptor> <Syntax>boolean</Syntax> <Description>Check Not Before against current time</Description> <DefaultValue>false</DefaultValue> </descriptor> <value>false</value> </constraint> <constraint id="notAfterCheck"> <descriptor> <Syntax>boolean</Syntax> <Description>Check Not After against Not Before</Description> <DefaultValue>false</DefaultValue> </descriptor> <value>false</value> </constraint> </constraint> </policies> <policies> <def id="Key Default"> <description>This default populates a User-Supplied Certificate Key to the request.</description> <policyAttribute name="TYPE"> <Value>RSA - 1.2.840.113549.1.1.1</Value> <Descriptor> <Syntax>string</Syntax> <Constraint>readonly</Constraint> <Description>Key Type</Description> </Descriptor> </policyAttribute> <policyAttribute name="LEN"> <Value>2048</Value> <Descriptor> <Syntax>string</Syntax> <Constraint>readonly</Constraint> <Description>Key Length</Description> </Descriptor> </policyAttribute> <policyAttribute name="KEY"> <Value>30:82:01:0A:02:82:01:01:00:F1:57:C2:6E:BC:18:84:\n1A:9D:B3:D4:35:1A:F1:3F:29:08:A8:4F:E5:A0:78:8B:\n7A:BF:22:A4:04:82:4A:15:F0:16:82:88:80:CB:CA:0A:\n31:52:1C:8F:C6:A3:C2:AB:66:57:9F:DE:FE:4B:F5:6A:\n1C:DF:D6:02:2A:E4:04:58:54:3B:E3:9B:48:0E:CA:AC:\nFF:FF:46:0F:2F:85:FA:2B:D7:AE:31:C5:77:AC:35:3E:\nCB:BD:FF:BF:46:7C:09:23:DA:17:44:42:B1:8A:31:D4:\n1F:D5:56:E9:20:C6:95:9F:44:BD:26:D5:58:ED:A7:DA:\n91:47:DC:01:71:25:78:22:8E:6B:09:30:97:81:39:15:\n4C:DB:AE:43:05:EE:8A:59:2F:71:F2:8E:8B:5F:4D:86:\nA8:84:79:3B:63:7F:75:32:5E:5D:5C:10:25:0C:FD:99:\n38:90:D8:FF:08:23:9F:E1:45:4D:87:80:61:0F:28:2E:\nEE:71:AB:37:40:54:68:13:AE:AD:B3:20:AB:AE:41:5A:\n7D:75:A2:50:EE:C1:AA:07:CE:49:66:27:C8:0E:4B:02:\nFB:A7:04:21:7B:76:27:E3:35:CE:E6:7A:A2:D9:3F:39:\nB0:69:48:B7:30:E3:EF:C7:54:80:46:89:96:15:FD:9F:\nB8:C2:4E:50:01:76:D7:EF:CD:02:03:01:00:01\n</Value> <Descriptor> <Syntax>string</Syntax> <Constraint>readonly</Constraint> <Description>Key</Description> </Descriptor> </policyAttribute> </def> <constraint id="Key Constraint"> <description>This constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096</description> <classId>KeyConstraint</classId> <constraint id="keyType"> <descriptor> <Syntax>choice</Syntax> <Constraint>-,RSA,EC</Constraint> <Description>Key Type</Description> <DefaultValue>RSA</DefaultValue> </descriptor> <value>RSA</value> </constraint> <constraint id="keyParameters"> <descriptor> <Syntax>string</Syntax> <Description>Key Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.</Description> <DefaultValue/> </descriptor> <value>1024,2048,3072,4096</value> </constraint> </constraint> </policies> <policies> <def id="Authority Key Identifier Default"> <description>This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.</description> <policyAttribute name="critical"> <Value>false</Value> <Descriptor> <Syntax>string</Syntax> <Constraint>readonly</Constraint> <Description>Criticality</Description> </Descriptor> </policyAttribute> <policyAttribute name="keyid"> <Value>2B:A7:3C:0B:0C:66:5F:68:CE:A4:66:A8:34:D4:1C:89:\n5C:58:64:44\n</Value> <Descriptor> <Syntax>string</Syntax> <Constraint>readonly</Constraint> <Description>Key ID</Description> </Descriptor> </policyAttribute> </def> <constraint id="No Constraint"> <description>No Constraint</description> <classId>NoConstraint</classId> </constraint> </policies> <policies> <def id="AIA Extension Default"> <description>This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}</description> <policyAttribute name="authInfoAccessCritical"> <Value>false</Value> <Descriptor> <Syntax>boolean</Syntax> <Description>Criticality</Description> <DefaultValue>false</DefaultValue> </Descriptor> </policyAttribute> <policyAttribute name="authInfoAccessGeneralNames"> <Value>Record #0 Method:1.3.6.1.5.5.7.48.1 Location Type:URIName Location:http://localhost.localdomain:8080/ca/ocsp Enable:true </Value> <Descriptor> <Syntax>string_list</Syntax> <Description>General Names</Description> </Descriptor> </policyAttribute> </def> <constraint id="No Constraint"> <description>No Constraint</description> <classId>NoConstraint</classId> </constraint> </policies> <policies> <def id="Key Usage Default"> <description>This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false</description> <policyAttribute name="keyUsageCritical"> <Value>true</Value> <Descriptor> <Syntax>boolean</Syntax> <Description>Criticality</Description> <DefaultValue>false</DefaultValue> </Descriptor> </policyAttribute> <policyAttribute name="keyUsageDigitalSignature"> <Value>true</Value> <Descriptor> <Syntax>boolean</Syntax> <Description>Digital Signature</Description> <DefaultValue>false</DefaultValue> </Descriptor> </policyAttribute> <policyAttribute name="keyUsageNonRepudiation"> <Value>true</Value> <Descriptor> <Syntax>boolean</Syntax> <Description>Non-Repudiation</Description> <DefaultValue>false</DefaultValue> </Descriptor> </policyAttribute> <policyAttribute name="keyUsageKeyEncipherment"> <Value>true</Value> <Descriptor> <Syntax>boolean</Syntax> <Description>Key Encipherment</Description> <DefaultValue>false</DefaultValue> </Descriptor> </policyAttribute> <policyAttribute name="keyUsageDataEncipherment"> <Value>false</Value> <Descriptor> <Syntax>boolean</Syntax> <Description>Data Encipherment</Description> <DefaultValue>false</DefaultValue> </Descriptor> </policyAttribute> <policyAttribute name="keyUsageKeyAgreement"> <Value>false</Value> <Descriptor> <Syntax>boolean</Syntax> <Description>Key Agreement</Description> <DefaultValue>false</DefaultValue> </Descriptor> </policyAttribute> <policyAttribute name="keyUsageKeyCertSign"> <Value>false</Value> <Descriptor> <Syntax>boolean</Syntax> <Description>Key CertSign</Description> <DefaultValue>false</DefaultValue> </Descriptor> </policyAttribute> <policyAttribute name="keyUsageCrlSign"> <Value>false</Value> <Descriptor> <Syntax>boolean</Syntax> <Description>CRL Sign</Description> <DefaultValue>false</DefaultValue> </Descriptor> </policyAttribute> <policyAttribute name="keyUsageEncipherOnly"> <Value>false</Value> <Descriptor> <Syntax>boolean</Syntax> <Description>Encipher Only</Description> <DefaultValue>false</DefaultValue> </Descriptor> </policyAttribute> <policyAttribute name="keyUsageDecipherOnly"> <Value>false</Value> <Descriptor> <Syntax>boolean</Syntax> <Description>Decipher Only</Description> <DefaultValue>false</DefaultValue> </Descriptor> </policyAttribute> </def> <constraint id="Key Usage Extension Constraint"> <description>This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false</description> <classId>KeyUsageExtConstraint</classId> <constraint id="keyUsageCritical"> <descriptor> <Syntax>choice</Syntax> <Constraint>true,false,-</Constraint> <Description>Criticality</Description> <DefaultValue>-</DefaultValue> </descriptor> <value>true</value> </constraint> <constraint id="keyUsageDigitalSignature"> <descriptor> <Syntax>choice</Syntax> <Constraint>true,false,-</Constraint> <Description>Digital Signature</Description> <DefaultValue>-</DefaultValue> </descriptor> <value>true</value> </constraint> <constraint id="keyUsageNonRepudiation"> <descriptor> <Syntax>choice</Syntax> <Constraint>true,false,-</Constraint> <Description>Non-Repudiation</Description> <DefaultValue>-</DefaultValue> </descriptor> <value>true</value> </constraint> <constraint id="keyUsageKeyEncipherment"> <descriptor> <Syntax>choice</Syntax> <Constraint>true,false,-</Constraint> <Description>Key Encipherment</Description> <DefaultValue>-</DefaultValue> </descriptor> <value>true</value> </constraint> <constraint id="keyUsageDataEncipherment"> <descriptor> <Syntax>choice</Syntax> <Constraint>true,false,-</Constraint> <Description>Data Encipherment</Description> <DefaultValue>-</DefaultValue> </descriptor> <value>false</value> </constraint> <constraint id="keyUsageKeyAgreement"> <descriptor> <Syntax>choice</Syntax> <Constraint>true,false,-</Constraint> <Description>Key Agreement</Description> <DefaultValue>-</DefaultValue> </descriptor> <value>false</value> </constraint> <constraint id="keyUsageKeyCertSign"> <descriptor> <Syntax>choice</Syntax> <Constraint>true,false,-</Constraint> <Description>Key CertSign</Description> <DefaultValue>-</DefaultValue> </descriptor> <value>false</value> </constraint> <constraint id="keyUsageCrlSign"> <descriptor> <Syntax>choice</Syntax> <Constraint>true,false,-</Constraint> <Description>CRL Sign</Description> <DefaultValue>-</DefaultValue> </descriptor> <value>false</value> </constraint> <constraint id="keyUsageEncipherOnly"> <descriptor> <Syntax>choice</Syntax> <Constraint>true,false,-</Constraint> <Description>Encipher Only</Description> <DefaultValue>-</DefaultValue> </descriptor> <value>false</value> </constraint> <constraint id="keyUsageDecipherOnly"> <descriptor> <Syntax>choice</Syntax> <Constraint>true,false,-</Constraint> <Description>Decipher Only</Description> <DefaultValue>-</DefaultValue> </descriptor> <value>false</value> </constraint> </constraint> </policies> <policies> <def id="Extended Key Usage Extension Default"> <description>This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4</description> <policyAttribute name="exKeyUsageCritical"> <Value>false</Value> <Descriptor> <Syntax>boolean</Syntax> <Description>Criticality</Description> <DefaultValue>false</DefaultValue> </Descriptor> </policyAttribute> <policyAttribute name="exKeyUsageOIDs"> <Value>1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4</Value> <Descriptor> <Syntax>string_list</Syntax> <Description>Comma-Separated list of Object Identifiers</Description> </Descriptor> </policyAttribute> </def> <constraint id="No Constraint"> <description>No Constraint</description> <classId>NoConstraint</classId> </constraint> </policies> <policies> <def id="Subject Alt Name Constraint"> <description>This default populates a Subject Alternative Name Extension (2.5.29.17) to the request. The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}</description> <policyAttribute name="subjAltNameExtCritical"> <Descriptor> <Syntax>boolean</Syntax> <Description>Criticality</Description> <DefaultValue>false</DefaultValue> </Descriptor> </policyAttribute> <policyAttribute name="subjAltNames"> <Descriptor> <Syntax>string_list</Syntax> <Description>General Names</Description> </Descriptor> </policyAttribute> </def> <constraint id="No Constraint"> <description>No Constraint</description> <classId>NoConstraint</classId> </constraint> </policies> <policies> <def id="Signing Alg"> <description>This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA</description> <policyAttribute name="signingAlg"> <Value>SHA256withRSA</Value> <Descriptor> <Syntax>choice</Syntax> <Constraint>SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS</Constraint> <Description>Signing Algorithm</Description> </Descriptor> </policyAttribute> </def> <constraint id="No Constraint"> <description>This constraint accepts only the Signing Algorithms of SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS</description> <classId>SigningAlgConstraint</classId> <constraint id="signingAlgsAllowed"> <descriptor> <Syntax>string</Syntax> <Description>Allowed Signing Algorithms</Description> <DefaultValue>SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withRSA,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS,SHA256withEC,SHA384withEC,SHA512withEC,SHA1withEC</DefaultValue> </descriptor> <value>SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS</value> </constraint> </constraint> </policies> </ProfilePolicySet> <nonce>-6869883827433549091</nonce> <requestId>20</requestId> <requestType>enrollment</requestType> <requestStatus>pending</requestStatus> <requestOwner/> <requestCreationTime>Mon Aug 23 22:21:49 CDT 2021</requestCreationTime> <requestModificationTime>Mon Aug 23 22:21:49 CDT 2021</requestModificationTime> <requestNotes/> <profileApprovedBy>admin</profileApprovedBy> <profileSetId>userCertSet</profileSetId> <profileIsVisible>true</profileIsVisible> <profileName>Manual User Dual-Use Certificate Enrollment</profileName> <profileDescription>This certificate profile is for enrolling user certificates.</profileDescription> <profileRemoteHost>127.0.0.1</profileRemoteHost> <profileRemoteAddr>127.0.0.1</profileRemoteAddr> </certReviewResponse>
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |