{ "id":"/axapi/v3/pki/cmp-cert/{name}", "type":"object", "node-type":"list", "title":"cmp-cert", "partition-visibility":"shared", "description":"CMP Certificate enrollment object", "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify Certificate name to be enrolled", "optional":false }, "url":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"CMP server's absolute URL(http(s)://host:[port]/path), path is the location to use for the CMP server(aka CMP alias)", "optional":true }, "subject-dn":{ "type":"string", "format":"string-rlx", "minLength":2, "maxLength":127, "partition-visibility":"shared", "description":"Distinguished Name to use while enrolling the certificate(For EJBCA CA, this is the subject DN of an End Entity) (DN OID is case sensitive)", "optional":true }, "recipient-dn":{ "type":"string", "format":"string-rlx", "minLength":2, "maxLength":127, "partition-visibility":"shared", "description":"Distinguished Name of the CMP message recipient, i.e., the CMP server (usually a CA or RA entity)) (DN OIDis case sensitive)", "optional":true }, "subject-alternate-name":{ "type":"object", "properties":{ "san-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'email': Enter e-mail address of the subject; 'dns': Enter hostname of the subject; 'ip': Enter IP address of the subject; ", "enum":[ "email", "dns", "ip" ] }, "san-value":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Value of subject-alternate-name" } } }, "enroll":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Initiates enrollment of device with the CA", "optional":true }, "log-level":{ "type":"number", "format":"number", "minimum":1, "maximum":2, "default":1, "partition-visibility":"shared", "description":"Level for logging output of CMP commands(default 1 and detailed 2)", "optional":true }, "secret":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Specify the pre-shared secret used to enroll the device's certificate", "optional":true }, "secret-string":{ "type":"string", "format":"password", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"pre-shared secret", "optional":true }, "encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)", "optional":true }, "renew-before":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"renew-every", "description":"Specify interval before certificate expiry to renew the certificate", "optional":true }, "renew-before-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'hour': Number of hours before cert expiry; 'day': Number of days before cert expiry; 'week': Number of weeks before cert expiry; 'month': Number of months before cert expiry(1 month=30 days); ", "enum":[ "hour", "day", "week", "month" ], "optional":true }, "renew-before-value":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Value of renewal period", "optional":true }, "renew-every":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"renew-before", "description":"Specify periodic interval in which to renew the certificate", "optional":true }, "minute":{ "type":"number", "format":"number", "minimum":2, "maximum":255, "partition-visibility":"shared", "not":"renew-every-type", "description":"Periodic interval in minutes", "optional":true }, "renew-every-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"minute", "description":"'hour': Periodic interval in hours; 'day': Periodic interval in days; 'week': Periodic interval in weeks; 'month': Periodic interval in months(1 month=30 days); ", "enum":[ "hour", "day", "week", "month" ], "optional":true }, "renew-every-value":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Value of renewal period", "optional":true }, "cert-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Specify the type of certificate", "optional":true }, "rsa-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"ecdsa-type", "description":"RSA certificate (default)", "optional":true }, "ecdsa-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"rsa-type", "description":"ECDSA certificate", "optional":true }, "rsa-key-length":{ "type":"string", "format":"enum", "default":"2048", "partition-visibility":"shared", "description":"'1024': Key size 1024 bits; '2048': Key size 2048 bits(default); '4096': Key size 4096 bits; '8192': Key size 8192 bits; ", "enum":[ "1024", "2048", "4096", "8192" ], "optional":true }, "ec-key-length":{ "type":"string", "format":"enum", "default":"384", "partition-visibility":"shared", "description":"'256': Key size 256 bits; '384': Key size 384 bits(default); ", "enum":[ "256", "384" ], "optional":true }, "max-polltime":{ "type":"number", "format":"number", "minimum":5, "maximum":1024, "default":120, "partition-visibility":"shared", "description":"Maximum time in seconds a(n) enrollment/key update may take (default 120)", "optional":true }, "cmp-trusted-ca":{ "type":"string", "format":"string", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"The specific CA to trust while verifying signature of CMP response message", "optional":true }, "cmp-trusted-cert":{ "type":"string", "format":"string", "minLength":1, "maxLength":245, "partition-visibility":"shared", "description":"The specific CMP server certificate to use and directly trust when verifying signature of CMP response message", "optional":true }, "allow-unprotected-errors":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Accept missing or invalid protection of negative responses(CA likes EJCBA tends to not protect negative responses)", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "object-keys":[ "name" ], "required":[ "name" ] }