pki cmp-cert¶
CMP Certificate enrollment object
cmp-cert Specification¶
Parameter Value Type Collection Object Key(s) name Collection Name cmp-cert-list Collection URI /axapi/v3/pki/cmp-cert Element Name cmp-cert Element URI /axapi/v3/pki/cmp-cert/{name} Element Attributes cmp-cert_attributes Partition Visibility shared Schema cmp-cert schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/pki/cmp-cert | ||
Create List | POST | /axapi/v3/pki/cmp-cert | ||
Get Object | GET | /axapi/v3/pki/cmp-cert/{name} | ||
Get List | GET | /axapi/v3/pki/cmp-cert | ||
Modify Object | POST | /axapi/v3/pki/cmp-cert/{name} | ||
Replace Object | PUT | /axapi/v3/pki/cmp-cert/{name} | ||
Replace List | PUT | /axapi/v3/pki/cmp-cert | ||
Delete Object | DELETE | /axapi/v3/pki/cmp-cert/{name} |
cmp-cert-list¶
cmp-cert-list is JSON List of cmp-cert attributes
cmp-cert-list : [
]
cmp-cert attributes¶
allow-unprotected-errors
Description Accept missing or invalid protection of negative responses(CA likes EJCBA tends to not protect negative responses)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cert-type
Description Specify the type of certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cmp-trusted-ca
Description The specific CA to trust while verifying signature of CMP response message
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
cmp-trusted-cert
Description The specific CMP server certificate to use and directly trust when verifying signature of CMP response message
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
ec-key-length
Description ‘256’: Key size 256 bits; ‘384’: Key size 384 bits(default);
Type: string
Supported Values: 256, 384
Default: 384
ecdsa-type
Description ECDSA certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: ecdsa-type and rsa-type are mutually exclusive
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)enroll
Description Initiates enrollment of device with the CA
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-level
Description Level for logging output of CMP commands(default 1 and detailed 2)
Type: number
Range: 1-2
Default: 1
max-polltime
Description Maximum time in seconds a(n) enrollment/key update may take (default 120)
Type: number
Range: 5-1024
Default: 120
minute
Description Periodic interval in minutes
Type: number
Range: 2-255
Mutual Exclusion: minute and renew-every-type are mutually exclusive
name
Description Specify Certificate name to be enrolled
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
recipient-dn
Description Distinguished Name of the CMP message recipient, i.e., the CMP server (usually a CA or RA entity)) (DN OIDis case sensitive)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 2 characters
renew-before
Description Specify interval before certificate expiry to renew the certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: renew-before and renew-every are mutually exclusive
renew-before-type
Description ‘hour’: Number of hours before cert expiry; ‘day’: Number of days before cert expiry; ‘week’: Number of weeks before cert expiry; ‘month’: Number of months before cert expiry(1 month=30 days);
Type: string
Supported Values: hour, day, week, month
renew-before-value
Description Value of renewal period
Type: number
Range: 1-255
renew-every
Description Specify periodic interval in which to renew the certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: renew-every and renew-before are mutually exclusive
renew-every-type
Description ‘hour’: Periodic interval in hours; ‘day’: Periodic interval in days; ‘week’: Periodic interval in weeks; ‘month’: Periodic interval in months(1 month=30 days);
Type: string
Supported Values: hour, day, week, month
Mutual Exclusion: renew-every-type and minute are mutually exclusive
renew-every-value
Description Value of renewal period
Type: number
Range: 1-255
rsa-key-length
Description ‘1024’: Key size 1024 bits; ‘2048’: Key size 2048 bits(default); ‘4096’: Key size 4096 bits; ‘8192’: Key size 8192 bits;
Type: string
Supported Values: 1024, 2048, 4096, 8192
Default: 2048
rsa-type
Description RSA certificate (default)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: rsa-type and ecdsa-type are mutually exclusive
secret
Description Specify the pre-shared secret used to enroll the device’s certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
secret-string
Description pre-shared secret
Type: string
Format: password
Maximum Length: 127 characters
Maximum Length: 1 characters
subject-alternate-name
Description: subject-alternate-name is a JSON Block. Please see below for subject-alternate-name
Type: Object
subject-dn
Description Distinguished Name to use while enrolling the certificate(For EJBCA CA, this is the subject DN of an End Entity) (DN OID is case sensitive)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 2 characters
url
Description CMP server’s absolute URL(http(s)://host:[port]/path), path is the location to use for the CMP server(aka CMP alias)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
subject-alternate-name¶
Specification Value Type object san-type
Description ‘email’: Enter e-mail address of the subject; ‘dns’: Enter hostname of the subject; ‘ip’: Enter IP address of the subject;
Type: string
Supported Values: email, dns, ip
san-value
Description Value of subject-alternate-name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters