.. _pki_cmp_cert:

pki cmp-cert
============

CMP Certificate enrollment object


cmp-cert Specification
----------------------

	===================================== ============================================================
	 **Parameter**                         **Value** 

	===================================== ============================================================
	 **Type**                              *Collection*

	 **Object Key(s)**                     *name*

	 **Collection Name**                   :ref:`2435_cmp-cert_list`

	 **Collection URI**                    /axapi/v3/pki/cmp-cert

	                                       

	 **Element Name**                      cmp-cert

	 **Element URI**                       /axapi/v3/pki/cmp-cert/{name}

	 **Element Attributes**                cmp-cert_attributes

	 **Partition Visibility**              shared

	 **Schema**                             :download:`cmp-cert schema <pki-cmp-cert/pki-cmp-cert.txt>`
	===================================== ============================================================





	**Operations Allowed:**




.. raw:: html

   <script type="text/javascript">
 function showExample(a,b) { document.getElementById(a+'_div').style.display = 'block'; document.getElementById(a+'_cl').style.display = 'block'; document.getElementById(a+'_eg').style.display = 'none';}
   function closeExample(a,b) { document.getElementById(a+'_div').style.display = 'none'; document.getElementById(a+'_cl').style.display = 'none'; document.getElementById(a+'_eg').style.display = 'block';}
 </script>
   <table width='90%' style='margin-left:5%'>



.. raw:: html

   <tr style='border-bottom: thin solid; border-top: thin solid'><th width=15%>Operation</th><th width=10%>Method</th><th>URI</th><th width=15%>Payload</th><th width=10%></th></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Create Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/pki/cmp-cert



.. raw:: html

   </td><td valign = 'top'>


:ref:`2435_cmp-cert_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Create List



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/pki/cmp-cert



.. raw:: html

   </td><td valign = 'top'>


:ref:`2435_cmp-cert_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Get Object



.. raw:: html

   </td><td valign = 'top'>


GET



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/pki/cmp-cert/{name}



.. raw:: html

   </td><td valign = 'top'>


:ref:`2435_cmp-cert_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Get List



.. raw:: html

   </td><td valign = 'top'>


GET



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/pki/cmp-cert



.. raw:: html

   </td><td valign = 'top'>


:ref:`2435_cmp-cert_list`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Modify Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/pki/cmp-cert/{name}



.. raw:: html

   </td><td valign = 'top'>


:ref:`2435_cmp-cert_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Replace Object



.. raw:: html

   </td><td valign = 'top'>


PUT



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/pki/cmp-cert/{name}



.. raw:: html

   </td><td valign = 'top'>


:ref:`2435_cmp-cert_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Replace List



.. raw:: html

   </td><td valign = 'top'>


PUT



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/pki/cmp-cert



.. raw:: html

   </td><td valign = 'top'>


:ref:`2435_cmp-cert_list`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Delete Object



.. raw:: html

   </td><td valign = 'top'>


DELETE



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/pki/cmp-cert/{name}



.. raw:: html

   </td><td valign = 'top'>


:ref:`2435_cmp-cert_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   </table>

.. _2435_cmp-cert_list:

cmp-cert-list
-------------


    cmp-cert-list is **JSON List** of :ref:`2435_cmp-cert_attributes` 

        cmp-cert-list : [

             { :ref:`2435_cmp-cert_attributes` },

             { :ref:`2435_cmp-cert_attributes` },

             ...

         ]

.. _2435_cmp-cert_attributes:

cmp-cert attributes
-------------------

    **allow-unprotected-errors**

        **Description** Accept missing or invalid protection of negative responses(CA likes EJCBA tends to not protect negative responses)

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **cert-type**

        **Description** Specify the type of certificate

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **cmp-trusted-ca**

        **Description** The specific CA to trust while verifying signature of CMP response message

        **Type:** string

        **Maximum Length:** 245 characters

        **Maximum Length:** 1 characters

    **cmp-trusted-cert**

        **Description** The specific CMP server certificate to use and directly trust when verifying signature of CMP response message

        **Type:** string

        **Maximum Length:** 245 characters

        **Maximum Length:** 1 characters

    **ec-key-length**

        **Description** '256': Key size 256 bits; '384': Key size 384 bits(default); 

        **Type:** string

        **Supported Values:** 256, 384

        **Default:** 384

    **ecdsa-type**

        **Description** ECDSA certificate

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

        **Mutual Exclusion:** ecdsa-type and rsa-type are mutually exclusive

    **encrypted**

        **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

    **enroll**

        **Description** Initiates enrollment of device with the CA

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **log-level**

        **Description** Level for logging output of CMP commands(default 1 and detailed 2)

        **Type:** number

        **Range:** 1-2

        **Default:** 1

    **max-polltime**

        **Description** Maximum time in seconds a(n) enrollment/key update may take (default 120)

        **Type:** number

        **Range:** 5-1024

        **Default:** 120

    **minute**

        **Description** Periodic interval in minutes

        **Type:** number

        **Range:** 2-255

        **Mutual Exclusion:** minute and renew-every-type are mutually exclusive

    **name**

        **Description** Specify Certificate name to be enrolled

        **Type:** string

        **Maximum Length:** 63 characters

        **Maximum Length:** 1 characters

    **recipient-dn**

        **Description** Distinguished Name of the CMP message recipient, i.e., the CMP server (usually a CA or RA entity)) (DN OIDis case sensitive)

        **Type:** string

        **Format:** string-rlx

        **Maximum Length:** 127 characters

        **Maximum Length:** 2 characters

    **renew-before**

        **Description** Specify interval before certificate expiry to renew the certificate

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

        **Mutual Exclusion:** renew-before and renew-every are mutually exclusive

    **renew-before-type**

        **Description** 'hour': Number of hours before cert expiry; 'day': Number of days before cert expiry; 'week': Number of weeks before cert expiry; 'month': Number of months before cert expiry(1 month=30 days); 

        **Type:** string

        **Supported Values:** hour, day, week, month

    **renew-before-value**

        **Description** Value of renewal period

        **Type:** number

        **Range:** 1-255

    **renew-every**

        **Description** Specify periodic interval in which to renew the certificate

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

        **Mutual Exclusion:** renew-every and renew-before are mutually exclusive

    **renew-every-type**

        **Description** 'hour': Periodic interval in hours; 'day': Periodic interval in days; 'week': Periodic interval in weeks; 'month': Periodic interval in months(1 month=30 days); 

        **Type:** string

        **Supported Values:** hour, day, week, month

        **Mutual Exclusion:** renew-every-type and minute are mutually exclusive

    **renew-every-value**

        **Description** Value of renewal period

        **Type:** number

        **Range:** 1-255

    **rsa-key-length**

        **Description** '1024': Key size 1024 bits; '2048': Key size 2048 bits(default); '4096': Key size 4096 bits; '8192': Key size 8192 bits; 

        **Type:** string

        **Supported Values:** 1024, 2048, 4096, 8192

        **Default:** 2048

    **rsa-type**

        **Description** RSA certificate (default)

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

        **Mutual Exclusion:** rsa-type and ecdsa-type are mutually exclusive

    **secret**

        **Description** Specify the pre-shared secret used to enroll the device's certificate

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **secret-string**

        **Description** pre-shared secret

        **Type:** string

        **Format:** password

        **Maximum Length:** 127 characters

        **Maximum Length:** 1 characters

    **subject-alternate-name**

        **Description:** subject-alternate-name is a **JSON Block**.  Please see below for :ref:`2435_subject-alternate-name` 

        **Type:** Object

    **subject-dn**

        **Description** Distinguished Name to use while enrolling the certificate(For EJBCA CA, this is the subject DN of an End Entity) (DN OID is case sensitive)

        **Type:** string

        **Format:** string-rlx

        **Maximum Length:** 127 characters

        **Maximum Length:** 2 characters

    **url**

        **Description** CMP server's absolute URL(http(s)://host:[port]/path), path is the location to use for the CMP server(aka CMP alias)

        **Type:** string

        **Format:** string-rlx

        **Maximum Length:** 255 characters

        **Maximum Length:** 1 characters

    **user-tag**

        **Description** Customized tag

        **Type:** string

        **Format:** string-rlx

        **Maximum Length:** 127 characters

        **Maximum Length:** 1 characters

    **uuid**

        **Description** uuid of the object

        **Type:** string

        **Maximum Length:** 64 characters

        **Maximum Length:** 1 characters

.. _2435_subject-alternate-name:

subject-alternate-name
^^^^^^^^^^^^^^^^^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *object*

	=============================== ===================================================

    **san-type**

        **Description** 'email': Enter e-mail address of the subject; 'dns': Enter hostname of the subject; 'ip': Enter IP address of the subject; 

        **Type:** string

        **Supported Values:** email, dns, ip

    **san-value**

        **Description** Value of subject-alternate-name

        **Type:** string

        **Format:** string-rlx

        **Maximum Length:** 127 characters

        **Maximum Length:** 1 characters