Submit a request

Submit a new request

Body required

application/json

The Request to submit

module

string required

The module that will be used to process this request. For a WebRA request, this is always webra

Value webra

workflow

string required

What this request will do. For an enrollment request, this is always enroll

Value enroll

profile

string required

The WebRA profile name

template

object (WebRA Enroll Request Template) required

The user-data that will be used to generate the certificate

keyType

string | null (Keytype)

The type of key that will be used to generate the certificate, if in centralized mode

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

csr

string | null

If decentralized enrollment is enabled, this field will contain the CSR that will be used to generate the certificate

subject

array of objects | null (IndexedDNElement)

List of DN elements that will be used to build the certificate's Distinguished Name

Array [

element

string required

The element type and index. Indexes start at 1 !

Enum cn e ou st l o c dc uid serialNumber surname givenName unstructuredAddress unstructuredName organizationIdentifier uniqueIdentifier street description

type

string | null

The formatted element type

Enum CN E OU ST L O C DC UID SERIALNUMBER SURNAME GIVENNAME unstructuredAddress unstructuredName organizationIdentifier UniqueIdentifier STREET DESCRIPTION

value

string | null

The element value

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

mandatory

boolean | null

Whether the field is mandatory or not

editable

boolean | null

Whether the field is editable or not for the currently authenticated user

regex

string | null

A regular expression that will be used to validate the element's value

]

sans

array of objects | null (SAN Element)

List of SAN elements that will be used to build the certificate's Subject Alternative Name

Array [

type

string | null required

SAN type

Enum RFC822NAME DNSNAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

array of string | null

SAN value

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

editable

boolean | null

Whether this SAN element is editable by the user

regex

string | null

The regex that will be used to validate the SAN value

min

integer | null

The minimum number of SAN elements that must be provided

max

integer | null

The maximum number of SAN elements that can be provided

]

extensions

array of objects | null (Certificate Extension)

Information about the certificate's extensions and how to edit them

Array [

type

string required

The type of the extension element

Enum ms_sid ms_template

value

string | null

The value of the extension element

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

editable

boolean | null

Whether the extension element is editable by the requester

regex

string | null

The regular expression to validate the extension element

mandatory

boolean | null

Whether the extension element is mandatory to submit this request

]

labels

array of objects | null (Label)

List of labels used internally to tag and group certificates

Array [

label

string required

The name of the label

displayName

array of objects | null (LocalizedString)

The display name of the label element

description

array of objects | null (LocalizedString)

The description of the label element

value

string | null

The value of the label element

computationRule

object | null (TemplateString)

The computation rule of the label element

mandatory

boolean | null

Whether the label element is mandatory to submit this request

editable

boolean | null

Whether the label element is editable

regex

string | null

The regex used to validate the label element

enum

array of string | null

The enum used to validate the label element

suggestions

array of string | null

The suggestions used to recommend the label element values

]

contactEmail

object | null (Contact email)

Information about the certificate's contact email and how to edit it

value

string | null

The contact email

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the contact email is editable by the requester

mandatory

boolean | null

Whether the contact email is mandatory to submit this request

regex

string | null

The regular expression to validate the contact email

whitelist

array of string | null

The list of allowed contact emails

description

array of objects | null (LocalizedString)

The description of the contact email

owner

object | null (Certificate Owner)

Information about the certificate's owner and how to edit it

value

string | null

The value of the owner element. This should be a principal identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the owner element is editable by the requester

mandatory

boolean | null

Whether the owner element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the owner element

team

object | null (Certificate Team)

Information about the certificate's team and how to edit it

value

string | null

The value of the team element. This should be a team identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

authorized

array of string | null

The list of authorized teams

editable

boolean | null

Whether the team element is editable by the requester

mandatory

boolean | null

Whether the team element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the team element

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

pkcs12

object | null (models.secret.SecretString)

The generated PKCS#12 for this request. This is only available after the request has been approved in centralized mode

value

string | null

Value of the secret that will be passed to Horizon

password

object | null (models.secret.SecretString)

The password to decrypt the PKCS12 file. Must be set if password mode is manual

value

string | null

Value of the secret that will be passed to Horizon

certificate

object | null (Certificate)

The certificate that was generated for this request. This is only available after the request has been approved

metadata

array of objects (Certificate Metadata) required

The certificate's technical metadata used internally

Array [

key

string required

The metadata name

Enum pki_connector previous_certificate_id renewed_certificate_id automation_policy gs_order_id metapki_id digicert_id entrust_id scep_transid fcms_id gsatlas_id certeurope_id digicert_order_id

value

string required

The metadata value

]

notAfter

integer required

The certificate's expiration date in milliseconds since the epoch

thumbprint

string required

The certificate's thumbprint

certificate

string required

The certificate's PEM-encoded content

string required

The certificate's Distinguished Name

revoked

boolean required

Whether the certificate is revoked

issuer

string required

The certificate's issuer Distinguished Name

notBefore

integer required

The certificate's start date in milliseconds since the epoch

selfSigned

boolean required

Whether the certificate is self-signed

keyType

string (Keytype) required

The certificate's key type

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

publicKeyThumbprint

string required

The certificate's public key thumbprint

module

string required

The certificate's module

holderId

string required

The certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder

subjectAlternateNames

array of objects (models.certificate.SubjectAlternateName) required

The certificate's Subject Alternate Names

Array [

sanType

string required

The type of the SAN

Enum DNSNAME RFC822NAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

string required

The value of the SAN

]

serial

string required

The certificate's serial number

signingAlgorithm

string required

The certificate's signing algorithm

_id

string required

Internal ID

revocationDate

integer | null

The certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked

grades

array of objects | null (models.certificate.grading.policy.GradingPolicyResult)

The certificate's grades for the enabled grading policies

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

crlSynchronized

boolean | null

Whether the certificate's revocation status is synchronized with a CRL

discoveredTrusted

boolean | null

If the certificate was discovered and is found to be issued by an existing trusted CA, this field will be set to true. If the certificate was discovered and is not found to be issued by an existing trusted CA, this field will be set to false. If the certificate was not discovered, this field will be null

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The certificate's information about synchronization with Horizon supported third parties

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

owner

string | null

The certificate's owner. This is a reference to a local identity identifier

contactEmail

string | null

The certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation

profile

string | null

The certificate's profile

team

string | null

The certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications

labels

array of objects | null (models.certificate.label.LabelData)

The certificate's labels

Array [

key

string required

The label's name

value

string required

The label's value

]

discoveryInfo

array of objects | null (models.discovery.DiscoveryInfo)

A list of metadata containing information on how and when the certificate was discovered

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this certificate

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

Enum on_deny_update on_cancel_migrate on_pending_renew on_submit_migrate on_cancel_update on_approve_migrate on_pending_recover on_pending_enroll on_deny_revoke on_cancel_renew on_submit_recover on_submit_enroll on_cancel_recover on_approve_revoke on_pending_update on_deny_recover on_approve_renew on_deny_migrate on_revoke on_approve_recover on_expire on_enroll on_deny_renew on_approve_update on_recover on_deny_enroll on_submit_renew on_update on_approve_enroll on_cancel_enroll on_pending_migrate on_pending_revoke on_submit_update on_submit_revoke on_migrate on_cancel_revoke on_renew

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

extensions

array of objects (models.certificate.extension.CertificateExtension)

The certificate's extensions

Array [

key

string required

The extension's type

Enum ms_sid ms_template

value

string required

The extension's value

]

discoveryData

array of objects | null (models.discovery.HostDiscoveryData)

A list of metadata containing information on where the certificate was discovered

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

]

revocationReason

string | null

The certificate's revocation reason

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

dryRun

boolean | null

If true, the request is validated, but will not result in an enrollment

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string (RequestModule) required

The module of the certificate revoked.

Enum webra est scep acme acme-external

workflow

string required

What this request will do. For a revocation request, this is always revoke

Value revoke

template

object (WebRA Revoke Request Template) required

The user-data that will be used to revoke the certificate

revocationReason

string | null

The reason for revoking the certificate

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

profile

string required

The Requested profile name

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

certificateId

string | null (Internal ID)

The id of the certificate to revoke

certificatePem

string | null

The PEM encoded certificate to revoke

certificate

object | null (Certificate)

The certificate that was revoked for this request. This is only available after the request has been approved

metadata

array of objects (Certificate Metadata) required

The certificate's technical metadata used internally

Array [

key

string required

The metadata name

value

string required

The metadata value

]

notAfter

integer required

The certificate's expiration date in milliseconds since the epoch

thumbprint

string required

The certificate's thumbprint

certificate

string required

The certificate's PEM-encoded content

string required

The certificate's Distinguished Name

revoked

boolean required

Whether the certificate is revoked

issuer

string required

The certificate's issuer Distinguished Name

notBefore

integer required

The certificate's start date in milliseconds since the epoch

selfSigned

boolean required

Whether the certificate is self-signed

keyType

string (Keytype) required

The certificate's key type

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

publicKeyThumbprint

string required

The certificate's public key thumbprint

module

string required

The certificate's module

holderId

string required

The certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder

subjectAlternateNames

array of objects (models.certificate.SubjectAlternateName) required

The certificate's Subject Alternate Names

Array [

sanType

string required

The type of the SAN

Enum DNSNAME RFC822NAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

string required

The value of the SAN

]

serial

string required

The certificate's serial number

signingAlgorithm

string required

The certificate's signing algorithm

_id

string required

Internal ID

revocationDate

integer | null

The certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked

grades

array of objects | null (models.certificate.grading.policy.GradingPolicyResult)

The certificate's grades for the enabled grading policies

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

crlSynchronized

boolean | null

Whether the certificate's revocation status is synchronized with a CRL

discoveredTrusted

boolean | null

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The certificate's information about synchronization with Horizon supported third parties

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

owner

string | null

The certificate's owner. This is a reference to a local identity identifier

contactEmail

string | null

The certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation

profile

string | null

The certificate's profile

team

string | null

The certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications

labels

array of objects | null (models.certificate.label.LabelData)

The certificate's labels

Array [

key

string required

The label's name

value

string required

The label's value

]

discoveryInfo

array of objects | null (models.discovery.DiscoveryInfo)

A list of metadata containing information on how and when the certificate was discovered

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this certificate

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

extensions

array of objects (models.certificate.extension.CertificateExtension)

The certificate's extensions

Array [

key

string required

The extension's type

Enum ms_sid ms_template

value

string required

The extension's value

]

discoveryData

array of objects | null (models.discovery.HostDiscoveryData)

A list of metadata containing information on where the certificate was discovered

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

]

revocationReason

string | null

The certificate's revocation reason

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string (RequestModule) required

The module of the certificate updated.

Enum webra est scep acme acme-external

workflow

string required

What this request will do. For an update request, this is always update

Value update

template

object (WebRA Update Request Template) required

The user-data that will be used to generate the certificate

labels

array of objects | null (Label)

Information about the certificate's labels and how to edit them

Array [

label

string required

The name of the label

displayName

array of objects | null (LocalizedString)

The display name of the label element

description

array of objects | null (LocalizedString)

The description of the label element

value

string | null

The value of the label element

computationRule

object | null (TemplateString)

The computation rule of the label element

mandatory

boolean | null

Whether the label element is mandatory to submit this request

editable

boolean | null

Whether the label element is editable

regex

string | null

The regex used to validate the label element

enum

array of string | null

The enum used to validate the label element

suggestions

array of string | null

The suggestions used to recommend the label element values

]

metadata

array of objects | null (Certificate Metadata)

Information about the certificate's metadata and how to edit them

Array [

metadata

string required

Technical metadata related to the certificate

value

string | null

The value of the metadata element

editable

boolean | null

Whether the metadata element is editable by the requester

]

owner

object | null (Certificate Owner)

Information about the certificate's owner and how to edit it

value

string | null

The value of the owner element. This should be a principal identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the owner element is editable by the requester

mandatory

boolean | null

Whether the owner element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the owner element

team

object | null (Certificate Team)

Information about the certificate's team and how to edit it

value

string | null

The value of the team element. This should be a team identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

authorized

array of string | null

The list of authorized teams

editable

boolean | null

Whether the team element is editable by the requester

mandatory

boolean | null

Whether the team element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the team element

contactEmail

object | null (Contact email)

Information about the certificate's contact email and how to edit it

value

string | null

The contact email

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the contact email is editable by the requester

mandatory

boolean | null

Whether the contact email is mandatory to submit this request

regex

string | null

The regular expression to validate the contact email

whitelist

array of string | null

The list of allowed contact emails

description

array of objects | null (LocalizedString)

The description of the contact email

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

profile

string required

The Requested profile name

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

certificateId

string | null (Internal ID)

The id of the certificate to update

certificatePem

string | null

The PEM encoded certificate to update

certificate

object | null (Certificate)

The certificate that was updated for this request. This is only available after the request has been approved

metadata

array of objects (Certificate Metadata) required

The certificate's technical metadata used internally

Array [

key

string required

The metadata name

value

string required

The metadata value

]

notAfter

integer required

The certificate's expiration date in milliseconds since the epoch

thumbprint

string required

The certificate's thumbprint

certificate

string required

The certificate's PEM-encoded content

string required

The certificate's Distinguished Name

revoked

boolean required

Whether the certificate is revoked

issuer

string required

The certificate's issuer Distinguished Name

notBefore

integer required

The certificate's start date in milliseconds since the epoch

selfSigned

boolean required

Whether the certificate is self-signed

keyType

string (Keytype) required

The certificate's key type

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

publicKeyThumbprint

string required

The certificate's public key thumbprint

module

string required

The certificate's module

holderId

string required

The certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder

subjectAlternateNames

array of objects (models.certificate.SubjectAlternateName) required

The certificate's Subject Alternate Names

Array [

sanType

string required

The type of the SAN

Enum DNSNAME RFC822NAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

string required

The value of the SAN

]

serial

string required

The certificate's serial number

signingAlgorithm

string required

The certificate's signing algorithm

_id

string required

Internal ID

revocationDate

integer | null

The certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked

grades

array of objects | null (models.certificate.grading.policy.GradingPolicyResult)

The certificate's grades for the enabled grading policies

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

crlSynchronized

boolean | null

Whether the certificate's revocation status is synchronized with a CRL

discoveredTrusted

boolean | null

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The certificate's information about synchronization with Horizon supported third parties

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

owner

string | null

The certificate's owner. This is a reference to a local identity identifier

contactEmail

string | null

The certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation

profile

string | null

The certificate's profile

team

string | null

The certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications

labels

array of objects | null (models.certificate.label.LabelData)

The certificate's labels

Array [

key

string required

The label's name

value

string required

The label's value

]

discoveryInfo

array of objects | null (models.discovery.DiscoveryInfo)

A list of metadata containing information on how and when the certificate was discovered

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this certificate

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

extensions

array of objects (models.certificate.extension.CertificateExtension)

The certificate's extensions

Array [

key

string required

The extension's type

Enum ms_sid ms_template

value

string required

The extension's value

]

discoveryData

array of objects | null (models.discovery.HostDiscoveryData)

A list of metadata containing information on where the certificate was discovered

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

]

revocationReason

string | null

The certificate's revocation reason

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

dryRun

boolean | null

If true, the request is validated, but will not result in an update

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string (RequestModule) required

The module of the certificate recovered.

Enum webra est scep acme acme-external

workflow

string required

What this request will do. For a recovery request, this is always recover

Value recover

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

profile

string required

The Requested profile name

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

certificateId

string | null (Internal ID)

The id of the certificate to update

certificatePem

string | null

The PEM encoded certificate to update

pkcs12

object | null (models.secret.SecretString)

The generated PKCS#12 for this request. This is only available after the request has been approved in centralized mode

value

string | null

Value of the secret that will be passed to Horizon

password

object | null (models.secret.SecretString)

The password to decrypt the PKCS12 file. Must be set if password mode is manual

value

string | null

Value of the secret that will be passed to Horizon

certificate

object | null (Certificate)

The certificate that was generated for this request. This is only available after the request has been approved

metadata

array of objects (Certificate Metadata) required

The certificate's technical metadata used internally

Array [

key

string required

The metadata name

value

string required

The metadata value

]

notAfter

integer required

The certificate's expiration date in milliseconds since the epoch

thumbprint

string required

The certificate's thumbprint

certificate

string required

The certificate's PEM-encoded content

string required

The certificate's Distinguished Name

revoked

boolean required

Whether the certificate is revoked

issuer

string required

The certificate's issuer Distinguished Name

notBefore

integer required

The certificate's start date in milliseconds since the epoch

selfSigned

boolean required

Whether the certificate is self-signed

keyType

string (Keytype) required

The certificate's key type

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

publicKeyThumbprint

string required

The certificate's public key thumbprint

module

string required

The certificate's module

holderId

string required

The certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder

subjectAlternateNames

array of objects (models.certificate.SubjectAlternateName) required

The certificate's Subject Alternate Names

Array [

sanType

string required

The type of the SAN

Enum DNSNAME RFC822NAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

string required

The value of the SAN

]

serial

string required

The certificate's serial number

signingAlgorithm

string required

The certificate's signing algorithm

_id

string required

Internal ID

revocationDate

integer | null

The certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked

grades

array of objects | null (models.certificate.grading.policy.GradingPolicyResult)

The certificate's grades for the enabled grading policies

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

crlSynchronized

boolean | null

Whether the certificate's revocation status is synchronized with a CRL

discoveredTrusted

boolean | null

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The certificate's information about synchronization with Horizon supported third parties

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

owner

string | null

The certificate's owner. This is a reference to a local identity identifier

contactEmail

string | null

The certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation

profile

string | null

The certificate's profile

team

string | null

The certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications

labels

array of objects | null (models.certificate.label.LabelData)

The certificate's labels

Array [

key

string required

The label's name

value

string required

The label's value

]

discoveryInfo

array of objects | null (models.discovery.DiscoveryInfo)

A list of metadata containing information on how and when the certificate was discovered

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this certificate

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

extensions

array of objects (models.certificate.extension.CertificateExtension)

The certificate's extensions

Array [

key

string required

The extension's type

Enum ms_sid ms_template

value

string required

The extension's value

]

discoveryData

array of objects | null (models.discovery.HostDiscoveryData)

A list of metadata containing information on where the certificate was discovered

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

]

revocationReason

string | null

The certificate's revocation reason

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

dryRun

boolean | null

If true, the request is validated, but will not result in a recovery

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string (RequestModule) required

The module of the certificate migrated.

Enum webra est scep acme acme-external

workflow

string required

What this request will do. For a migration request, this is always migrate

Value migrate

profile

string required

The target profile name

template

object (models.webra.WebRAMigrateRequestTemplate) required

The user-data that will be used to generate the certificate

labels

array of objects | null (Label)

Array [

label

string required

The name of the label

displayName

array of objects | null (LocalizedString)

The display name of the label element

description

array of objects | null (LocalizedString)

The description of the label element

value

string | null

The value of the label element

computationRule

object | null (TemplateString)

The computation rule of the label element

mandatory

boolean | null

Whether the label element is mandatory to submit this request

editable

boolean | null

Whether the label element is editable

regex

string | null

The regex used to validate the label element

enum

array of string | null

The enum used to validate the label element

suggestions

array of string | null

The suggestions used to recommend the label element values

]

owner

object | null (Certificate Owner)

value

string | null

The value of the owner element. This should be a principal identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the owner element is editable by the requester

mandatory

boolean | null

Whether the owner element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the owner element

team

object | null (Certificate Team)

value

string | null

The value of the team element. This should be a team identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

authorized

array of string | null

The list of authorized teams

editable

boolean | null

Whether the team element is editable by the requester

mandatory

boolean | null

Whether the team element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the team element

metadata

array of objects | null (Certificate Metadata)

Array [

metadata

string required

Technical metadata related to the certificate

value

string | null

The value of the metadata element

editable

boolean | null

Whether the metadata element is editable by the requester

]

contactEmail

object | null (Contact email)

value

string | null

The contact email

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the contact email is editable by the requester

mandatory

boolean | null

Whether the contact email is mandatory to submit this request

regex

string | null

The regular expression to validate the contact email

whitelist

array of string | null

The list of allowed contact emails

description

array of objects | null (LocalizedString)

The description of the contact email

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

certificateId

string | null (Internal ID)

The id of the certificate to migrate

certificatePem

string | null

The PEM encoded certificate to migrate

certificate

object | null (Certificate)

The certificate that was updated for this request. This is only available after the request has been approved

metadata

array of objects (Certificate Metadata) required

The certificate's technical metadata used internally

Array [

key

string required

The metadata name

value

string required

The metadata value

]

notAfter

integer required

The certificate's expiration date in milliseconds since the epoch

thumbprint

string required

The certificate's thumbprint

certificate

string required

The certificate's PEM-encoded content

string required

The certificate's Distinguished Name

revoked

boolean required

Whether the certificate is revoked

issuer

string required

The certificate's issuer Distinguished Name

notBefore

integer required

The certificate's start date in milliseconds since the epoch

selfSigned

boolean required

Whether the certificate is self-signed

keyType

string (Keytype) required

The certificate's key type

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

publicKeyThumbprint

string required

The certificate's public key thumbprint

module

string required

The certificate's module

holderId

string required

The certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder

subjectAlternateNames

array of objects (models.certificate.SubjectAlternateName) required

The certificate's Subject Alternate Names

Array [

sanType

string required

The type of the SAN

Enum DNSNAME RFC822NAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

string required

The value of the SAN

]

serial

string required

The certificate's serial number

signingAlgorithm

string required

The certificate's signing algorithm

_id

string required

Internal ID

revocationDate

integer | null

The certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked

grades

array of objects | null (models.certificate.grading.policy.GradingPolicyResult)

The certificate's grades for the enabled grading policies

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

crlSynchronized

boolean | null

Whether the certificate's revocation status is synchronized with a CRL

discoveredTrusted

boolean | null

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The certificate's information about synchronization with Horizon supported third parties

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

owner

string | null

The certificate's owner. This is a reference to a local identity identifier

contactEmail

string | null

The certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation

profile

string | null

The certificate's profile

team

string | null

The certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications

labels

array of objects | null (models.certificate.label.LabelData)

The certificate's labels

Array [

key

string required

The label's name

value

string required

The label's value

]

discoveryInfo

array of objects | null (models.discovery.DiscoveryInfo)

A list of metadata containing information on how and when the certificate was discovered

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this certificate

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

extensions

array of objects (models.certificate.extension.CertificateExtension)

The certificate's extensions

Array [

key

string required

The extension's type

Enum ms_sid ms_template

value

string required

The extension's value

]

discoveryData

array of objects | null (models.discovery.HostDiscoveryData)

A list of metadata containing information on where the certificate was discovered

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

]

revocationReason

string | null

The certificate's revocation reason

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

dryRun

boolean | null

If true, the request is validated, but will not result in a migration

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string (RequestModule) required

The module of the certificate renew.

Enum webra est scep acme acme-external

workflow

string required

What this request will do. For a renewal request, this is always renew

Value renew

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

profile

string required

The Requested profile name

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

template

object (WebRA Renew Request Template)

The user-data that will be used to generate the certificate

csr

string | null

The CSR used to renew the certificate, if in decentralized mode

keyType

string | null (Keytype)

The key type of the certificate, if in centralized mode

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

pkcs12

object | null (models.secret.SecretString)

The generated PKCS#12 for this request. This is only available after the request has been approved in centralized mode

value

string | null

Value of the secret that will be passed to Horizon

password

object | null (models.secret.SecretString)

The password to decrypt the PKCS12 file. Must be set if password mode is manual

value

string | null

Value of the secret that will be passed to Horizon

certificateId

string | null (Internal ID)

The id of the certificate to renew

certificatePem

string | null

The PEM encoded certificate to renew

certificate

object | null (Certificate)

The certificate that was generated for this request. This is only available after the request has been approved

metadata

array of objects (Certificate Metadata) required

The certificate's technical metadata used internally

Array [

key

string required

The metadata name

value

string required

The metadata value

]

notAfter

integer required

The certificate's expiration date in milliseconds since the epoch

thumbprint

string required

The certificate's thumbprint

certificate

string required

The certificate's PEM-encoded content

string required

The certificate's Distinguished Name

revoked

boolean required

Whether the certificate is revoked

issuer

string required

The certificate's issuer Distinguished Name

notBefore

integer required

The certificate's start date in milliseconds since the epoch

selfSigned

boolean required

Whether the certificate is self-signed

keyType

string (Keytype) required

The certificate's key type

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

publicKeyThumbprint

string required

The certificate's public key thumbprint

module

string required

The certificate's module

holderId

string required

The certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder

subjectAlternateNames

array of objects (models.certificate.SubjectAlternateName) required

The certificate's Subject Alternate Names

Array [

sanType

string required

The type of the SAN

Enum DNSNAME RFC822NAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

string required

The value of the SAN

]

serial

string required

The certificate's serial number

signingAlgorithm

string required

The certificate's signing algorithm

_id

string required

Internal ID

revocationDate

integer | null

The certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked

grades

array of objects | null (models.certificate.grading.policy.GradingPolicyResult)

The certificate's grades for the enabled grading policies

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

crlSynchronized

boolean | null

Whether the certificate's revocation status is synchronized with a CRL

discoveredTrusted

boolean | null

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The certificate's information about synchronization with Horizon supported third parties

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

owner

string | null

The certificate's owner. This is a reference to a local identity identifier

contactEmail

string | null

The certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation

profile

string | null

The certificate's profile

team

string | null

The certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications

labels

array of objects | null (models.certificate.label.LabelData)

The certificate's labels

Array [

key

string required

The label's name

value

string required

The label's value

]

discoveryInfo

array of objects | null (models.discovery.DiscoveryInfo)

A list of metadata containing information on how and when the certificate was discovered

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this certificate

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

extensions

array of objects (models.certificate.extension.CertificateExtension)

The certificate's extensions

Array [

key

string required

The extension's type

Enum ms_sid ms_template

value

string required

The extension's value

]

discoveryData

array of objects | null (models.discovery.HostDiscoveryData)

A list of metadata containing information on where the certificate was discovered

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

]

revocationReason

string | null

The certificate's revocation reason

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string (RequestModule) required

The module of the certificate imported.

Enum webra est scep acme acme-external

workflow

string required

What this request will do. For an import request, this is always import

Value import

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

profile

string required

The Requested profile name

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

template

object (WebRA Import Request Template)

The user-data that will be added on certificate import

privateKey

string | null

The PEM-encoded private key associated with the certificate. Mandatory if target profile has escrow enabled, forbidden otherwise

owner

object | null (Certificate Owner)

The owner for this certificate

value

string | null

The value of the owner element. This should be a principal identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the owner element is editable by the requester

mandatory

boolean | null

Whether the owner element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the owner element

team

object | null (Certificate Team)

The team for this certificate

value

string | null

The value of the team element. This should be a team identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

authorized

array of string | null

The list of authorized teams

editable

boolean | null

Whether the team element is editable by the requester

mandatory

boolean | null

Whether the team element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the team element

contactEmail

object | null (Contact email)

The contact email for this certificate

value

string | null

The contact email

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the contact email is editable by the requester

mandatory

boolean | null

Whether the contact email is mandatory to submit this request

regex

string | null

The regular expression to validate the contact email

whitelist

array of string | null

The list of allowed contact emails

description

array of objects | null (LocalizedString)

The description of the contact email

labels

array of objects | null (Label)

The labels for this certificate

Array [

label

string required

The name of the label

displayName

array of objects | null (LocalizedString)

The display name of the label element

description

array of objects | null (LocalizedString)

The description of the label element

value

string | null

The value of the label element

computationRule

object | null (TemplateString)

The computation rule of the label element

mandatory

boolean | null

Whether the label element is mandatory to submit this request

editable

boolean | null

Whether the label element is editable

regex

string | null

The regex used to validate the label element

enum

array of string | null

The enum used to validate the label element

suggestions

array of string | null

The suggestions used to recommend the label element values

]

metadata

array of objects | null (Certificate Metadata)

The technical metadata for this certificate

Array [

metadata

string required

Technical metadata related to the certificate

value

string | null

The value of the metadata element

editable

boolean | null

Whether the metadata element is editable by the requester

]

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The third party data associated with the certificate

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

discoveryInfo

object | null (models.discovery.DiscoveryInfo)

Information about the discovery of this certificate

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

discoveryData

object (models.discovery.HostDiscoveryData)

The host discovery data associated with the certificate (discovery metadata)

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

certificateId

string | null (Internal ID)

The id of the certificate to import

certificatePem

string | null

The PEM encoded certificate to import

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string required

The module that will be used to process this request. For a EST request, this is always est

Value est

workflow

string required

What this request will do. For an enrollment request, this is always enroll

Value enroll

profile

string required

The EST profile name

template

object (EST Enroll Request Template) required

The user-data that will be used to generate the certificate

subject

array of objects | null (IndexedDNElement)

List of DN elements that will be used to build the certificate's Distinguished Name

Array [

element

string required

The element type and index. Indexes start at 1 !

Enum cn e ou st l o c dc uid serialNumber surname givenName unstructuredAddress unstructuredName organizationIdentifier uniqueIdentifier street description

type

string | null

The formatted element type

Enum CN E OU ST L O C DC UID SERIALNUMBER SURNAME GIVENNAME unstructuredAddress unstructuredName organizationIdentifier UniqueIdentifier STREET DESCRIPTION

value

string | null

The element value

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

mandatory

boolean | null

Whether the field is mandatory or not

editable

boolean | null

Whether the field is editable or not for the currently authenticated user

regex

string | null

A regular expression that will be used to validate the element's value

]

sans

array of objects | null (SAN Element)

List of SAN elements that will be used to build the certificate's Subject Alternative Name

Array [

type

string | null required

SAN type

Enum RFC822NAME DNSNAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

array of string | null

SAN value

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

editable

boolean | null

Whether this SAN element is editable by the user

regex

string | null

The regex that will be used to validate the SAN value

min

integer | null

The minimum number of SAN elements that must be provided

max

integer | null

The maximum number of SAN elements that can be provided

]

extensions

array of objects | null (Certificate Extension)

Information about the certificate's extensions and how to edit them

Array [

type

string required

The type of the extension element

Enum ms_sid ms_template

value

string | null

The value of the extension element

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

editable

boolean | null

Whether the extension element is editable by the requester

regex

string | null

The regular expression to validate the extension element

mandatory

boolean | null

Whether the extension element is mandatory to submit this request

]

labels

array of objects | null (Label)

List of labels used internally to tag and group certificates

Array [

label

string required

The name of the label

displayName

array of objects | null (LocalizedString)

The display name of the label element

description

array of objects | null (LocalizedString)

The description of the label element

value

string | null

The value of the label element

computationRule

object | null (TemplateString)

The computation rule of the label element

mandatory

boolean | null

Whether the label element is mandatory to submit this request

editable

boolean | null

Whether the label element is editable

regex

string | null

The regex used to validate the label element

enum

array of string | null

The enum used to validate the label element

suggestions

array of string | null

The suggestions used to recommend the label element values

]

contactEmail

object | null (Contact email)

Information about the certificate's contact email and how to edit it

value

string | null

The contact email

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the contact email is editable by the requester

mandatory

boolean | null

Whether the contact email is mandatory to submit this request

regex

string | null

The regular expression to validate the contact email

whitelist

array of string | null

The list of allowed contact emails

description

array of objects | null (LocalizedString)

The description of the contact email

owner

object | null (Certificate Owner)

Information about the certificate's owner and how to edit it

value

string | null

The value of the owner element. This should be a principal identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the owner element is editable by the requester

mandatory

boolean | null

Whether the owner element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the owner element

team

object | null (Certificate Team)

Information about the certificate's team and how to edit it

value

string | null

The value of the team element. This should be a team identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

authorized

array of string | null

The list of authorized teams

editable

boolean | null

Whether the team element is editable by the requester

mandatory

boolean | null

Whether the team element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the team element

dnWhitelist

boolean | null

DN whitelist is enabled on this request

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

string

Fill the DN if DN whitelist is enabled. Contains the DN of the challenge

password

object | null (models.secret.SecretString)

The password of the challenge. Must be set if password mode is manual

value

string | null

Value of the secret that will be passed to Horizon

dryRun

boolean | null

If true, the request is validated, but will not result in a challenge creation

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string required

The module that will be used to process this request. For a SCEP request, this is always scep

Value scep

workflow

string required

What this request will do. For an enrollment request, this is always enroll

Value enroll

profile

string required

The SCEP profile name

template

object (SCEP Enroll Request Template) required

The user-data that will be used to generate the certificate

subject

array of objects | null (IndexedDNElement)

List of DN elements that will be used to build the certificate's Distinguished Name

Array [

element

string required

The element type and index. Indexes start at 1 !

Enum cn e ou st l o c dc uid serialNumber surname givenName unstructuredAddress unstructuredName organizationIdentifier uniqueIdentifier street description

type

string | null

The formatted element type

Enum CN E OU ST L O C DC UID SERIALNUMBER SURNAME GIVENNAME unstructuredAddress unstructuredName organizationIdentifier UniqueIdentifier STREET DESCRIPTION

value

string | null

The element value

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

mandatory

boolean | null

Whether the field is mandatory or not

editable

boolean | null

Whether the field is editable or not for the currently authenticated user

regex

string | null

A regular expression that will be used to validate the element's value

]

sans

array of objects | null (SAN Element)

List of SAN elements that will be used to build the certificate's Subject Alternative Name

Array [

type

string | null required

SAN type

Enum RFC822NAME DNSNAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

array of string | null

SAN value

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

editable

boolean | null

Whether this SAN element is editable by the user

regex

string | null

The regex that will be used to validate the SAN value

min

integer | null

The minimum number of SAN elements that must be provided

max

integer | null

The maximum number of SAN elements that can be provided

]

extensions

array of objects | null (Certificate Extension)

Information about the certificate's extensions and how to edit them

Array [

type

string required

The type of the extension element

Enum ms_sid ms_template

value

string | null

The value of the extension element

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

editable

boolean | null

Whether the extension element is editable by the requester

regex

string | null

The regular expression to validate the extension element

mandatory

boolean | null

Whether the extension element is mandatory to submit this request

]

labels

array of objects | null (Label)

List of labels used internally to tag and group certificates

Array [

label

string required

The name of the label

displayName

array of objects | null (LocalizedString)

The display name of the label element

description

array of objects | null (LocalizedString)

The description of the label element

value

string | null

The value of the label element

computationRule

object | null (TemplateString)

The computation rule of the label element

mandatory

boolean | null

Whether the label element is mandatory to submit this request

editable

boolean | null

Whether the label element is editable

regex

string | null

The regex used to validate the label element

enum

array of string | null

The enum used to validate the label element

suggestions

array of string | null

The suggestions used to recommend the label element values

]

contactEmail

object | null (Contact email)

Information about the certificate's contact email and how to edit it

value

string | null

The contact email

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the contact email is editable by the requester

mandatory

boolean | null

Whether the contact email is mandatory to submit this request

regex

string | null

The regular expression to validate the contact email

whitelist

array of string | null

The list of allowed contact emails

description

array of objects | null (LocalizedString)

The description of the contact email

owner

object | null (Certificate Owner)

Information about the certificate's owner and how to edit it

value

string | null

The value of the owner element. This should be a principal identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the owner element is editable by the requester

mandatory

boolean | null

Whether the owner element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the owner element

team

object | null (Certificate Team)

Information about the certificate's team and how to edit it

value

string | null

The value of the team element. This should be a team identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

authorized

array of string | null

The list of authorized teams

editable

boolean | null

Whether the team element is editable by the requester

mandatory

boolean | null

Whether the team element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the team element

dnWhitelist

boolean | null

DN whitelist is enabled on this request

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

string

Fill the DN if DN whitelist is enabled. Contains the DN of the challenge

password

object | null (models.secret.SecretString)

The password of the challenge. Must be set if password mode is manual

value

string | null

Value of the secret that will be passed to Horizon

dryRun

boolean | null

If true, the request is validated, but will not result in a challenge creation

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

Responses

201 Request successfully submitted

module

string required

The module that will be used to process this request. For a WebRA request, this is always webra

Value webra

workflow

string required

What this request will do. For an enrollment request, this is always enroll

Value enroll

profile

string required

The WebRA profile name

template

object (WebRA Enroll Request Template) required

The user-data that will be used to generate the certificate

keyType

string | null (Keytype)

The type of key that will be used to generate the certificate, if in centralized mode

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

csr

string | null

If decentralized enrollment is enabled, this field will contain the CSR that will be used to generate the certificate

subject

array of objects | null (IndexedDNElement)

List of DN elements that will be used to build the certificate's Distinguished Name

Array [

element

string required

The element type and index. Indexes start at 1 !

Enum cn e ou st l o c dc uid serialNumber surname givenName unstructuredAddress unstructuredName organizationIdentifier uniqueIdentifier street description

type

string | null

The formatted element type

Enum CN E OU ST L O C DC UID SERIALNUMBER SURNAME GIVENNAME unstructuredAddress unstructuredName organizationIdentifier UniqueIdentifier STREET DESCRIPTION

value

string | null

The element value

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

mandatory

boolean | null

Whether the field is mandatory or not

editable

boolean | null

Whether the field is editable or not for the currently authenticated user

regex

string | null

A regular expression that will be used to validate the element's value

]

sans

array of objects | null (SAN Element)

List of SAN elements that will be used to build the certificate's Subject Alternative Name

Array [

type

string | null required

SAN type

Enum RFC822NAME DNSNAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

array of string | null

SAN value

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

editable

boolean | null

Whether this SAN element is editable by the user

regex

string | null

The regex that will be used to validate the SAN value

min

integer | null

The minimum number of SAN elements that must be provided

max

integer | null

The maximum number of SAN elements that can be provided

]

extensions

array of objects | null (Certificate Extension)

Information about the certificate's extensions and how to edit them

Array [

type

string required

The type of the extension element

Enum ms_sid ms_template

value

string | null

The value of the extension element

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

editable

boolean | null

Whether the extension element is editable by the requester

regex

string | null

The regular expression to validate the extension element

mandatory

boolean | null

Whether the extension element is mandatory to submit this request

]

labels

array of objects | null (Label)

List of labels used internally to tag and group certificates

Array [

label

string required

The name of the label

displayName

array of objects | null (LocalizedString)

The display name of the label element

description

array of objects | null (LocalizedString)

The description of the label element

value

string | null

The value of the label element

computationRule

object | null (TemplateString)

The computation rule of the label element

mandatory

boolean | null

Whether the label element is mandatory to submit this request

editable

boolean | null

Whether the label element is editable

regex

string | null

The regex used to validate the label element

enum

array of string | null

The enum used to validate the label element

suggestions

array of string | null

The suggestions used to recommend the label element values

]

contactEmail

object | null (Contact email)

Information about the certificate's contact email and how to edit it

value

string | null

The contact email

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the contact email is editable by the requester

mandatory

boolean | null

Whether the contact email is mandatory to submit this request

regex

string | null

The regular expression to validate the contact email

whitelist

array of string | null

The list of allowed contact emails

description

array of objects | null (LocalizedString)

The description of the contact email

owner

object | null (Certificate Owner)

Information about the certificate's owner and how to edit it

value

string | null

The value of the owner element. This should be a principal identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the owner element is editable by the requester

mandatory

boolean | null

Whether the owner element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the owner element

team

object | null (Certificate Team)

Information about the certificate's team and how to edit it

value

string | null

The value of the team element. This should be a team identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

authorized

array of string | null

The list of authorized teams

editable

boolean | null

Whether the team element is editable by the requester

mandatory

boolean | null

Whether the team element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the team element

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

pkcs12

object | null (models.secret.SecretString)

The generated PKCS#12 for this request. This is only available after the request has been approved in centralized mode

value

string | null

Value of the secret that will be passed to Horizon

password

object | null (models.secret.SecretString)

The password to decrypt the PKCS12 file. Must be set if password mode is manual

value

string | null

Value of the secret that will be passed to Horizon

certificate

object | null (Certificate)

The certificate that was generated for this request. This is only available after the request has been approved

metadata

array of objects (Certificate Metadata) required

The certificate's technical metadata used internally

Array [

key

string required

The metadata name

value

string required

The metadata value

]

notAfter

integer required

The certificate's expiration date in milliseconds since the epoch

thumbprint

string required

The certificate's thumbprint

certificate

string required

The certificate's PEM-encoded content

string required

The certificate's Distinguished Name

revoked

boolean required

Whether the certificate is revoked

issuer

string required

The certificate's issuer Distinguished Name

notBefore

integer required

The certificate's start date in milliseconds since the epoch

selfSigned

boolean required

Whether the certificate is self-signed

keyType

string (Keytype) required

The certificate's key type

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

publicKeyThumbprint

string required

The certificate's public key thumbprint

module

string required

The certificate's module

holderId

string required

The certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder

subjectAlternateNames

array of objects (models.certificate.SubjectAlternateName) required

The certificate's Subject Alternate Names

Array [

sanType

string required

The type of the SAN

Enum DNSNAME RFC822NAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

string required

The value of the SAN

]

serial

string required

The certificate's serial number

signingAlgorithm

string required

The certificate's signing algorithm

_id

string required

Internal ID

revocationDate

integer | null

The certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked

grades

array of objects | null (models.certificate.grading.policy.GradingPolicyResult)

The certificate's grades for the enabled grading policies

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

crlSynchronized

boolean | null

Whether the certificate's revocation status is synchronized with a CRL

discoveredTrusted

boolean | null

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The certificate's information about synchronization with Horizon supported third parties

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

owner

string | null

The certificate's owner. This is a reference to a local identity identifier

contactEmail

string | null

The certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation

profile

string | null

The certificate's profile

team

string | null

The certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications

labels

array of objects | null (models.certificate.label.LabelData)

The certificate's labels

Array [

key

string required

The label's name

value

string required

The label's value

]

discoveryInfo

array of objects | null (models.discovery.DiscoveryInfo)

A list of metadata containing information on how and when the certificate was discovered

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this certificate

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

extensions

array of objects (models.certificate.extension.CertificateExtension)

The certificate's extensions

Array [

key

string required

The extension's type

Enum ms_sid ms_template

value

string required

The extension's value

]

discoveryData

array of objects | null (models.discovery.HostDiscoveryData)

A list of metadata containing information on where the certificate was discovered

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

]

revocationReason

string | null

The certificate's revocation reason

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

dryRun

boolean | null

If true, the request is validated, but will not result in an enrollment

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string (RequestModule) required

The module of the certificate revoked.

Enum webra est scep acme acme-external

workflow

string required

What this request will do. For a revocation request, this is always revoke

Value revoke

template

object (WebRA Revoke Request Template) required

The user-data that will be used to revoke the certificate

revocationReason

string | null

The reason for revoking the certificate

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

profile

string required

The Requested profile name

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

certificateId

string | null (Internal ID)

The id of the certificate to revoke

certificatePem

string | null

The PEM encoded certificate to revoke

certificate

object | null (Certificate)

The certificate that was revoked for this request. This is only available after the request has been approved

metadata

array of objects (Certificate Metadata) required

The certificate's technical metadata used internally

Array [

key

string required

The metadata name

value

string required

The metadata value

]

notAfter

integer required

The certificate's expiration date in milliseconds since the epoch

thumbprint

string required

The certificate's thumbprint

certificate

string required

The certificate's PEM-encoded content

string required

The certificate's Distinguished Name

revoked

boolean required

Whether the certificate is revoked

issuer

string required

The certificate's issuer Distinguished Name

notBefore

integer required

The certificate's start date in milliseconds since the epoch

selfSigned

boolean required

Whether the certificate is self-signed

keyType

string (Keytype) required

The certificate's key type

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

publicKeyThumbprint

string required

The certificate's public key thumbprint

module

string required

The certificate's module

holderId

string required

The certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder

subjectAlternateNames

array of objects (models.certificate.SubjectAlternateName) required

The certificate's Subject Alternate Names

Array [

sanType

string required

The type of the SAN

Enum DNSNAME RFC822NAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

string required

The value of the SAN

]

serial

string required

The certificate's serial number

signingAlgorithm

string required

The certificate's signing algorithm

_id

string required

Internal ID

revocationDate

integer | null

The certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked

grades

array of objects | null (models.certificate.grading.policy.GradingPolicyResult)

The certificate's grades for the enabled grading policies

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

crlSynchronized

boolean | null

Whether the certificate's revocation status is synchronized with a CRL

discoveredTrusted

boolean | null

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The certificate's information about synchronization with Horizon supported third parties

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

owner

string | null

The certificate's owner. This is a reference to a local identity identifier

contactEmail

string | null

The certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation

profile

string | null

The certificate's profile

team

string | null

The certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications

labels

array of objects | null (models.certificate.label.LabelData)

The certificate's labels

Array [

key

string required

The label's name

value

string required

The label's value

]

discoveryInfo

array of objects | null (models.discovery.DiscoveryInfo)

A list of metadata containing information on how and when the certificate was discovered

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this certificate

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

extensions

array of objects (models.certificate.extension.CertificateExtension)

The certificate's extensions

Array [

key

string required

The extension's type

Enum ms_sid ms_template

value

string required

The extension's value

]

discoveryData

array of objects | null (models.discovery.HostDiscoveryData)

A list of metadata containing information on where the certificate was discovered

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

]

revocationReason

string | null

The certificate's revocation reason

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string (RequestModule) required

The module of the certificate updated.

Enum webra est scep acme acme-external

workflow

string required

What this request will do. For an update request, this is always update

Value update

template

object (WebRA Update Request Template) required

The user-data that will be used to generate the certificate

labels

array of objects | null (Label)

Information about the certificate's labels and how to edit them

Array [

label

string required

The name of the label

displayName

array of objects | null (LocalizedString)

The display name of the label element

description

array of objects | null (LocalizedString)

The description of the label element

value

string | null

The value of the label element

computationRule

object | null (TemplateString)

The computation rule of the label element

mandatory

boolean | null

Whether the label element is mandatory to submit this request

editable

boolean | null

Whether the label element is editable

regex

string | null

The regex used to validate the label element

enum

array of string | null

The enum used to validate the label element

suggestions

array of string | null

The suggestions used to recommend the label element values

]

metadata

array of objects | null (Certificate Metadata)

Information about the certificate's metadata and how to edit them

Array [

metadata

string required

Technical metadata related to the certificate

value

string | null

The value of the metadata element

editable

boolean | null

Whether the metadata element is editable by the requester

]

owner

object | null (Certificate Owner)

Information about the certificate's owner and how to edit it

value

string | null

The value of the owner element. This should be a principal identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the owner element is editable by the requester

mandatory

boolean | null

Whether the owner element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the owner element

team

object | null (Certificate Team)

Information about the certificate's team and how to edit it

value

string | null

The value of the team element. This should be a team identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

authorized

array of string | null

The list of authorized teams

editable

boolean | null

Whether the team element is editable by the requester

mandatory

boolean | null

Whether the team element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the team element

contactEmail

object | null (Contact email)

Information about the certificate's contact email and how to edit it

value

string | null

The contact email

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the contact email is editable by the requester

mandatory

boolean | null

Whether the contact email is mandatory to submit this request

regex

string | null

The regular expression to validate the contact email

whitelist

array of string | null

The list of allowed contact emails

description

array of objects | null (LocalizedString)

The description of the contact email

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

profile

string required

The Requested profile name

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

certificateId

string | null (Internal ID)

The id of the certificate to update

certificatePem

string | null

The PEM encoded certificate to update

certificate

object | null (Certificate)

The certificate that was updated for this request. This is only available after the request has been approved

metadata

array of objects (Certificate Metadata) required

The certificate's technical metadata used internally

Array [

key

string required

The metadata name

value

string required

The metadata value

]

notAfter

integer required

The certificate's expiration date in milliseconds since the epoch

thumbprint

string required

The certificate's thumbprint

certificate

string required

The certificate's PEM-encoded content

string required

The certificate's Distinguished Name

revoked

boolean required

Whether the certificate is revoked

issuer

string required

The certificate's issuer Distinguished Name

notBefore

integer required

The certificate's start date in milliseconds since the epoch

selfSigned

boolean required

Whether the certificate is self-signed

keyType

string (Keytype) required

The certificate's key type

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

publicKeyThumbprint

string required

The certificate's public key thumbprint

module

string required

The certificate's module

holderId

string required

The certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder

subjectAlternateNames

array of objects (models.certificate.SubjectAlternateName) required

The certificate's Subject Alternate Names

Array [

sanType

string required

The type of the SAN

Enum DNSNAME RFC822NAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

string required

The value of the SAN

]

serial

string required

The certificate's serial number

signingAlgorithm

string required

The certificate's signing algorithm

_id

string required

Internal ID

revocationDate

integer | null

The certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked

grades

array of objects | null (models.certificate.grading.policy.GradingPolicyResult)

The certificate's grades for the enabled grading policies

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

crlSynchronized

boolean | null

Whether the certificate's revocation status is synchronized with a CRL

discoveredTrusted

boolean | null

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The certificate's information about synchronization with Horizon supported third parties

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

owner

string | null

The certificate's owner. This is a reference to a local identity identifier

contactEmail

string | null

The certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation

profile

string | null

The certificate's profile

team

string | null

The certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications

labels

array of objects | null (models.certificate.label.LabelData)

The certificate's labels

Array [

key

string required

The label's name

value

string required

The label's value

]

discoveryInfo

array of objects | null (models.discovery.DiscoveryInfo)

A list of metadata containing information on how and when the certificate was discovered

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this certificate

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

extensions

array of objects (models.certificate.extension.CertificateExtension)

The certificate's extensions

Array [

key

string required

The extension's type

Enum ms_sid ms_template

value

string required

The extension's value

]

discoveryData

array of objects | null (models.discovery.HostDiscoveryData)

A list of metadata containing information on where the certificate was discovered

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

]

revocationReason

string | null

The certificate's revocation reason

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

dryRun

boolean | null

If true, the request is validated, but will not result in an update

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string (RequestModule) required

The module of the certificate recovered.

Enum webra est scep acme acme-external

workflow

string required

What this request will do. For a recovery request, this is always recover

Value recover

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

profile

string required

The Requested profile name

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

certificateId

string | null (Internal ID)

The id of the certificate to update

certificatePem

string | null

The PEM encoded certificate to update

pkcs12

object | null (models.secret.SecretString)

The generated PKCS#12 for this request. This is only available after the request has been approved in centralized mode

value

string | null

Value of the secret that will be passed to Horizon

password

object | null (models.secret.SecretString)

The password to decrypt the PKCS12 file. Must be set if password mode is manual

value

string | null

Value of the secret that will be passed to Horizon

certificate

object | null (Certificate)

The certificate that was generated for this request. This is only available after the request has been approved

metadata

array of objects (Certificate Metadata) required

The certificate's technical metadata used internally

Array [

key

string required

The metadata name

value

string required

The metadata value

]

notAfter

integer required

The certificate's expiration date in milliseconds since the epoch

thumbprint

string required

The certificate's thumbprint

certificate

string required

The certificate's PEM-encoded content

string required

The certificate's Distinguished Name

revoked

boolean required

Whether the certificate is revoked

issuer

string required

The certificate's issuer Distinguished Name

notBefore

integer required

The certificate's start date in milliseconds since the epoch

selfSigned

boolean required

Whether the certificate is self-signed

keyType

string (Keytype) required

The certificate's key type

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

publicKeyThumbprint

string required

The certificate's public key thumbprint

module

string required

The certificate's module

holderId

string required

The certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder

subjectAlternateNames

array of objects (models.certificate.SubjectAlternateName) required

The certificate's Subject Alternate Names

Array [

sanType

string required

The type of the SAN

Enum DNSNAME RFC822NAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

string required

The value of the SAN

]

serial

string required

The certificate's serial number

signingAlgorithm

string required

The certificate's signing algorithm

_id

string required

Internal ID

revocationDate

integer | null

The certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked

grades

array of objects | null (models.certificate.grading.policy.GradingPolicyResult)

The certificate's grades for the enabled grading policies

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

crlSynchronized

boolean | null

Whether the certificate's revocation status is synchronized with a CRL

discoveredTrusted

boolean | null

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The certificate's information about synchronization with Horizon supported third parties

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

owner

string | null

The certificate's owner. This is a reference to a local identity identifier

contactEmail

string | null

The certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation

profile

string | null

The certificate's profile

team

string | null

The certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications

labels

array of objects | null (models.certificate.label.LabelData)

The certificate's labels

Array [

key

string required

The label's name

value

string required

The label's value

]

discoveryInfo

array of objects | null (models.discovery.DiscoveryInfo)

A list of metadata containing information on how and when the certificate was discovered

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this certificate

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

extensions

array of objects (models.certificate.extension.CertificateExtension)

The certificate's extensions

Array [

key

string required

The extension's type

Enum ms_sid ms_template

value

string required

The extension's value

]

discoveryData

array of objects | null (models.discovery.HostDiscoveryData)

A list of metadata containing information on where the certificate was discovered

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

]

revocationReason

string | null

The certificate's revocation reason

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

dryRun

boolean | null

If true, the request is validated, but will not result in a recovery

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string (RequestModule) required

The module of the certificate migrated.

Enum webra est scep acme acme-external

workflow

string required

What this request will do. For a migration request, this is always migrate

Value migrate

profile

string required

The target profile name

template

object (models.webra.WebRAMigrateRequestTemplate) required

The user-data that will be used to generate the certificate

labels

array of objects | null (Label)

Array [

label

string required

The name of the label

displayName

array of objects | null (LocalizedString)

The display name of the label element

description

array of objects | null (LocalizedString)

The description of the label element

value

string | null

The value of the label element

computationRule

object | null (TemplateString)

The computation rule of the label element

mandatory

boolean | null

Whether the label element is mandatory to submit this request

editable

boolean | null

Whether the label element is editable

regex

string | null

The regex used to validate the label element

enum

array of string | null

The enum used to validate the label element

suggestions

array of string | null

The suggestions used to recommend the label element values

]

owner

object | null (Certificate Owner)

value

string | null

The value of the owner element. This should be a principal identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the owner element is editable by the requester

mandatory

boolean | null

Whether the owner element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the owner element

team

object | null (Certificate Team)

value

string | null

The value of the team element. This should be a team identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

authorized

array of string | null

The list of authorized teams

editable

boolean | null

Whether the team element is editable by the requester

mandatory

boolean | null

Whether the team element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the team element

metadata

array of objects | null (Certificate Metadata)

Array [

metadata

string required

Technical metadata related to the certificate

value

string | null

The value of the metadata element

editable

boolean | null

Whether the metadata element is editable by the requester

]

contactEmail

object | null (Contact email)

value

string | null

The contact email

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the contact email is editable by the requester

mandatory

boolean | null

Whether the contact email is mandatory to submit this request

regex

string | null

The regular expression to validate the contact email

whitelist

array of string | null

The list of allowed contact emails

description

array of objects | null (LocalizedString)

The description of the contact email

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

certificateId

string | null (Internal ID)

The id of the certificate to migrate

certificatePem

string | null

The PEM encoded certificate to migrate

certificate

object | null (Certificate)

The certificate that was updated for this request. This is only available after the request has been approved

metadata

array of objects (Certificate Metadata) required

The certificate's technical metadata used internally

Array [

key

string required

The metadata name

value

string required

The metadata value

]

notAfter

integer required

The certificate's expiration date in milliseconds since the epoch

thumbprint

string required

The certificate's thumbprint

certificate

string required

The certificate's PEM-encoded content

string required

The certificate's Distinguished Name

revoked

boolean required

Whether the certificate is revoked

issuer

string required

The certificate's issuer Distinguished Name

notBefore

integer required

The certificate's start date in milliseconds since the epoch

selfSigned

boolean required

Whether the certificate is self-signed

keyType

string (Keytype) required

The certificate's key type

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

publicKeyThumbprint

string required

The certificate's public key thumbprint

module

string required

The certificate's module

holderId

string required

The certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder

subjectAlternateNames

array of objects (models.certificate.SubjectAlternateName) required

The certificate's Subject Alternate Names

Array [

sanType

string required

The type of the SAN

Enum DNSNAME RFC822NAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

string required

The value of the SAN

]

serial

string required

The certificate's serial number

signingAlgorithm

string required

The certificate's signing algorithm

_id

string required

Internal ID

revocationDate

integer | null

The certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked

grades

array of objects | null (models.certificate.grading.policy.GradingPolicyResult)

The certificate's grades for the enabled grading policies

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

crlSynchronized

boolean | null

Whether the certificate's revocation status is synchronized with a CRL

discoveredTrusted

boolean | null

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The certificate's information about synchronization with Horizon supported third parties

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

owner

string | null

The certificate's owner. This is a reference to a local identity identifier

contactEmail

string | null

The certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation

profile

string | null

The certificate's profile

team

string | null

The certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications

labels

array of objects | null (models.certificate.label.LabelData)

The certificate's labels

Array [

key

string required

The label's name

value

string required

The label's value

]

discoveryInfo

array of objects | null (models.discovery.DiscoveryInfo)

A list of metadata containing information on how and when the certificate was discovered

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this certificate

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

extensions

array of objects (models.certificate.extension.CertificateExtension)

The certificate's extensions

Array [

key

string required

The extension's type

Enum ms_sid ms_template

value

string required

The extension's value

]

discoveryData

array of objects | null (models.discovery.HostDiscoveryData)

A list of metadata containing information on where the certificate was discovered

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

]

revocationReason

string | null

The certificate's revocation reason

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

dryRun

boolean | null

If true, the request is validated, but will not result in a migration

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string (RequestModule) required

The module of the certificate renew.

Enum webra est scep acme acme-external

workflow

string required

What this request will do. For a renewal request, this is always renew

Value renew

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

profile

string required

The Requested profile name

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

template

object (WebRA Renew Request Template)

The user-data that will be used to generate the certificate

csr

string | null

The CSR used to renew the certificate, if in decentralized mode

keyType

string | null (Keytype)

The key type of the certificate, if in centralized mode

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

pkcs12

object | null (models.secret.SecretString)

The generated PKCS#12 for this request. This is only available after the request has been approved in centralized mode

value

string | null

Value of the secret that will be passed to Horizon

password

object | null (models.secret.SecretString)

The password to decrypt the PKCS12 file. Must be set if password mode is manual

value

string | null

Value of the secret that will be passed to Horizon

certificateId

string | null (Internal ID)

The id of the certificate to renew

certificatePem

string | null

The PEM encoded certificate to renew

certificate

object | null (Certificate)

The certificate that was generated for this request. This is only available after the request has been approved

metadata

array of objects (Certificate Metadata) required

The certificate's technical metadata used internally

Array [

key

string required

The metadata name

value

string required

The metadata value

]

notAfter

integer required

The certificate's expiration date in milliseconds since the epoch

thumbprint

string required

The certificate's thumbprint

certificate

string required

The certificate's PEM-encoded content

string required

The certificate's Distinguished Name

revoked

boolean required

Whether the certificate is revoked

issuer

string required

The certificate's issuer Distinguished Name

notBefore

integer required

The certificate's start date in milliseconds since the epoch

selfSigned

boolean required

Whether the certificate is self-signed

keyType

string (Keytype) required

The certificate's key type

Enum rsa-<size> ec-secp256r1 ec-secp384r1 ec-secp521r1 ed-Ed448 ed-Ed25519

publicKeyThumbprint

string required

The certificate's public key thumbprint

module

string required

The certificate's module

holderId

string required

The certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder

subjectAlternateNames

array of objects (models.certificate.SubjectAlternateName) required

The certificate's Subject Alternate Names

Array [

sanType

string required

The type of the SAN

Enum DNSNAME RFC822NAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

string required

The value of the SAN

]

serial

string required

The certificate's serial number

signingAlgorithm

string required

The certificate's signing algorithm

_id

string required

Internal ID

revocationDate

integer | null

The certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked

grades

array of objects | null (models.certificate.grading.policy.GradingPolicyResult)

The certificate's grades for the enabled grading policies

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

crlSynchronized

boolean | null

Whether the certificate's revocation status is synchronized with a CRL

discoveredTrusted

boolean | null

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The certificate's information about synchronization with Horizon supported third parties

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

owner

string | null

The certificate's owner. This is a reference to a local identity identifier

contactEmail

string | null

The certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation

profile

string | null

The certificate's profile

team

string | null

The certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications

labels

array of objects | null (models.certificate.label.LabelData)

The certificate's labels

Array [

key

string required

The label's name

value

string required

The label's value

]

discoveryInfo

array of objects | null (models.discovery.DiscoveryInfo)

A list of metadata containing information on how and when the certificate was discovered

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this certificate

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

extensions

array of objects (models.certificate.extension.CertificateExtension)

The certificate's extensions

Array [

key

string required

The extension's type

Enum ms_sid ms_template

value

string required

The extension's value

]

discoveryData

array of objects | null (models.discovery.HostDiscoveryData)

A list of metadata containing information on where the certificate was discovered

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

]

revocationReason

string | null

The certificate's revocation reason

Enum UNSPECIFIED KEYCOMPROMISE CACOMPROMISE AFFILIATIONCHANGE SUPERSEDED CESSATIONOFOPERATION

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string (RequestModule) required

The module of the certificate imported.

Enum webra est scep acme acme-external

workflow

string required

What this request will do. For an import request, this is always import

Value import

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

profile

string required

The Requested profile name

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

template

object (WebRA Import Request Template)

The user-data that will be added on certificate import

privateKey

string | null

The PEM-encoded private key associated with the certificate. Mandatory if target profile has escrow enabled, forbidden otherwise

owner

object | null (Certificate Owner)

The owner for this certificate

value

string | null

The value of the owner element. This should be a principal identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the owner element is editable by the requester

mandatory

boolean | null

Whether the owner element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the owner element

team

object | null (Certificate Team)

The team for this certificate

value

string | null

The value of the team element. This should be a team identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

authorized

array of string | null

The list of authorized teams

editable

boolean | null

Whether the team element is editable by the requester

mandatory

boolean | null

Whether the team element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the team element

contactEmail

object | null (Contact email)

The contact email for this certificate

value

string | null

The contact email

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the contact email is editable by the requester

mandatory

boolean | null

Whether the contact email is mandatory to submit this request

regex

string | null

The regular expression to validate the contact email

whitelist

array of string | null

The list of allowed contact emails

description

array of objects | null (LocalizedString)

The description of the contact email

labels

array of objects | null (Label)

The labels for this certificate

Array [

label

string required

The name of the label

displayName

array of objects | null (LocalizedString)

The display name of the label element

description

array of objects | null (LocalizedString)

The description of the label element

value

string | null

The value of the label element

computationRule

object | null (TemplateString)

The computation rule of the label element

mandatory

boolean | null

Whether the label element is mandatory to submit this request

editable

boolean | null

Whether the label element is editable

regex

string | null

The regex used to validate the label element

enum

array of string | null

The enum used to validate the label element

suggestions

array of string | null

The suggestions used to recommend the label element values

]

metadata

array of objects | null (Certificate Metadata)

The technical metadata for this certificate

Array [

metadata

string required

Technical metadata related to the certificate

value

string | null

The value of the metadata element

editable

boolean | null

Whether the metadata element is editable by the requester

]

thirdPartyData

array of objects | null (models.thirdparty.ThirdPartyItem)

The third party data associated with the certificate

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

discoveryInfo

object | null (models.discovery.DiscoveryInfo)

Information about the discovery of this certificate

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

discoveryData

object (models.discovery.HostDiscoveryData)

The host discovery data associated with the certificate (discovery metadata)

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (models.discovery.TlsPort)

The ports on which the certificate is exposed for https connexion

certificateId

string | null (Internal ID)

The id of the certificate to import

certificatePem

string | null

The PEM encoded certificate to import

string

Certificate's Distinguished Name

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string required

The module that will be used to process this request. For a EST request, this is always est

Value est

workflow

string required

What this request will do. For an enrollment request, this is always enroll

Value enroll

profile

string required

The EST profile name

template

object (EST Enroll Request Template) required

The user-data that will be used to generate the certificate

subject

array of objects | null (IndexedDNElement)

List of DN elements that will be used to build the certificate's Distinguished Name

Array [

element

string required

The element type and index. Indexes start at 1 !

Enum cn e ou st l o c dc uid serialNumber surname givenName unstructuredAddress unstructuredName organizationIdentifier uniqueIdentifier street description

type

string | null

The formatted element type

Enum CN E OU ST L O C DC UID SERIALNUMBER SURNAME GIVENNAME unstructuredAddress unstructuredName organizationIdentifier UniqueIdentifier STREET DESCRIPTION

value

string | null

The element value

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

mandatory

boolean | null

Whether the field is mandatory or not

editable

boolean | null

Whether the field is editable or not for the currently authenticated user

regex

string | null

A regular expression that will be used to validate the element's value

]

sans

array of objects | null (SAN Element)

List of SAN elements that will be used to build the certificate's Subject Alternative Name

Array [

type

string | null required

SAN type

Enum RFC822NAME DNSNAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

array of string | null

SAN value

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

editable

boolean | null

Whether this SAN element is editable by the user

regex

string | null

The regex that will be used to validate the SAN value

min

integer | null

The minimum number of SAN elements that must be provided

max

integer | null

The maximum number of SAN elements that can be provided

]

extensions

array of objects | null (Certificate Extension)

Information about the certificate's extensions and how to edit them

Array [

type

string required

The type of the extension element

Enum ms_sid ms_template

value

string | null

The value of the extension element

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

editable

boolean | null

Whether the extension element is editable by the requester

regex

string | null

The regular expression to validate the extension element

mandatory

boolean | null

Whether the extension element is mandatory to submit this request

]

labels

array of objects | null (Label)

List of labels used internally to tag and group certificates

Array [

label

string required

The name of the label

displayName

array of objects | null (LocalizedString)

The display name of the label element

description

array of objects | null (LocalizedString)

The description of the label element

value

string | null

The value of the label element

computationRule

object | null (TemplateString)

The computation rule of the label element

mandatory

boolean | null

Whether the label element is mandatory to submit this request

editable

boolean | null

Whether the label element is editable

regex

string | null

The regex used to validate the label element

enum

array of string | null

The enum used to validate the label element

suggestions

array of string | null

The suggestions used to recommend the label element values

]

contactEmail

object | null (Contact email)

Information about the certificate's contact email and how to edit it

value

string | null

The contact email

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the contact email is editable by the requester

mandatory

boolean | null

Whether the contact email is mandatory to submit this request

regex

string | null

The regular expression to validate the contact email

whitelist

array of string | null

The list of allowed contact emails

description

array of objects | null (LocalizedString)

The description of the contact email

owner

object | null (Certificate Owner)

Information about the certificate's owner and how to edit it

value

string | null

The value of the owner element. This should be a principal identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the owner element is editable by the requester

mandatory

boolean | null

Whether the owner element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the owner element

team

object | null (Certificate Team)

Information about the certificate's team and how to edit it

value

string | null

The value of the team element. This should be a team identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

authorized

array of string | null

The list of authorized teams

editable

boolean | null

Whether the team element is editable by the requester

mandatory

boolean | null

Whether the team element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the team element

dnWhitelist

boolean | null

DN whitelist is enabled on this request

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

string

Fill the DN if DN whitelist is enabled. Contains the DN of the challenge

password

object | null (models.secret.SecretString)

The password of the challenge. Must be set if password mode is manual

value

string | null

Value of the secret that will be passed to Horizon

dryRun

boolean | null

If true, the request is validated, but will not result in a challenge creation

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

module

string required

The module that will be used to process this request. For a SCEP request, this is always scep

Value scep

workflow

string required

What this request will do. For an enrollment request, this is always enroll

Value enroll

profile

string required

The SCEP profile name

template

object (SCEP Enroll Request Template) required

The user-data that will be used to generate the certificate

subject

array of objects | null (IndexedDNElement)

List of DN elements that will be used to build the certificate's Distinguished Name

Array [

element

string required

The element type and index. Indexes start at 1 !

Enum cn e ou st l o c dc uid serialNumber surname givenName unstructuredAddress unstructuredName organizationIdentifier uniqueIdentifier street description

type

string | null

The formatted element type

Enum CN E OU ST L O C DC UID SERIALNUMBER SURNAME GIVENNAME unstructuredAddress unstructuredName organizationIdentifier UniqueIdentifier STREET DESCRIPTION

value

string | null

The element value

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

mandatory

boolean | null

Whether the field is mandatory or not

editable

boolean | null

Whether the field is editable or not for the currently authenticated user

regex

string | null

A regular expression that will be used to validate the element's value

]

sans

array of objects | null (SAN Element)

List of SAN elements that will be used to build the certificate's Subject Alternative Name

Array [

type

string | null required

SAN type

Enum RFC822NAME DNSNAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID

value

array of string | null

SAN value

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

editable

boolean | null

Whether this SAN element is editable by the user

regex

string | null

The regex that will be used to validate the SAN value

min

integer | null

The minimum number of SAN elements that must be provided

max

integer | null

The maximum number of SAN elements that can be provided

]

extensions

array of objects | null (Certificate Extension)

Information about the certificate's extensions and how to edit them

Array [

type

string required

The type of the extension element

Enum ms_sid ms_template

value

string | null

The value of the extension element

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

value

string required

A computation rule that will dynamically generate a string value from the request's context

editable

boolean | null

Whether the extension element is editable by the requester

regex

string | null

The regular expression to validate the extension element

mandatory

boolean | null

Whether the extension element is mandatory to submit this request

]

labels

array of objects | null (Label)

List of labels used internally to tag and group certificates

Array [

label

string required

The name of the label

displayName

array of objects | null (LocalizedString)

The display name of the label element

description

array of objects | null (LocalizedString)

The description of the label element

value

string | null

The value of the label element

computationRule

object | null (TemplateString)

The computation rule of the label element

mandatory

boolean | null

Whether the label element is mandatory to submit this request

editable

boolean | null

Whether the label element is editable

regex

string | null

The regex used to validate the label element

enum

array of string | null

The enum used to validate the label element

suggestions

array of string | null

The suggestions used to recommend the label element values

]

contactEmail

object | null (Contact email)

Information about the certificate's contact email and how to edit it

value

string | null

The contact email

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the contact email is editable by the requester

mandatory

boolean | null

Whether the contact email is mandatory to submit this request

regex

string | null

The regular expression to validate the contact email

whitelist

array of string | null

The list of allowed contact emails

description

array of objects | null (LocalizedString)

The description of the contact email

owner

object | null (Certificate Owner)

Information about the certificate's owner and how to edit it

value

string | null

The value of the owner element. This should be a principal identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

editable

boolean | null

Whether the owner element is editable by the requester

mandatory

boolean | null

Whether the owner element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the owner element

team

object | null (Certificate Team)

Information about the certificate's team and how to edit it

value

string | null

The value of the team element. This should be a team identifier

computationRule

object | null (TemplateString)

Computation rule input will be evaluated and will override all other inputs

authorized

array of string | null

The list of authorized teams

editable

boolean | null

Whether the team element is editable by the requester

mandatory

boolean | null

Whether the team element is mandatory to submit this request

description

array of objects | null (LocalizedString)

The description of the team element

dnWhitelist

boolean | null

DN whitelist is enabled on this request

_id

string (Internal ID) required

Object internal ID

status

string (Request Status) required

The request status

Enum denied approved pending canceled completed

requester

string required

The requester's principal identifier

registrationDate

integer required

The date the request was created. This is set by the system

lastModificationDate

integer required

The date the request was last modified. This is set by the system

expirationDate

integer required

The date the request will expire. This is set by the system

removeAt

integer required

The date the requested will be deleted. This is set by the system

holderId

string (Holder ID) required

The computed holderID for this request. This is set by the system based on DN and SANs

string

Fill the DN if DN whitelist is enabled. Contains the DN of the challenge

password

object | null (models.secret.SecretString)

The password of the challenge. Must be set if password mode is manual

value

string | null

Value of the secret that will be passed to Horizon

dryRun

boolean | null

If true, the request is validated, but will not result in a challenge creation

team

string | null

The team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them

approver

string | null

The approver's principal identifier

contact

string | null

The request's contact email

requesterComment

string | null

Free-text field editable by the requester to provider more context on the request

approverComment

string | null

Free-text field editable by the approver to provider more context on the request

triggerResults

array of objects | null (models.trigger.TriggerResult)

The result of the execution of triggers on this request

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

labels

array of objects | null (models.certificate.label.LabelData)

The labels set in this request

Array [

key

string required

The label's name

value

string required

The label's value

]

metadata

array of objects | null (Certificate Metadata)

The metadata set in this request

Array [

key

string required

The metadata name

value

string required

The metadata value

]

globalHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the Horizon database

profileHolderIdCount

integer | null

The number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile

400 Invalid request

401 Unauthorized request

403 Forbidden action

404 Not found

500 Internal server error

post

/api/v1/requests/submit

{

"module": "webra" ,

"workflow": "enroll" ,

"profile": "DefaultProfile" ,

"template":

{ ... } ,

"password":

{ ... } ,

"dryRun": false ,

"requesterComment": "I need this certificate to access the VPN."

}

{

"module": "webra" ,

"workflow": "enroll" ,

"profile": "DefaultProfile" ,

"template":

{ ... } ,

"password":

{ ... } ,

"dryRun": false ,

"requesterComment": "I need this certificate to access the VPN."

}

{

"error": "CERT-TEAM-001" ,

"message": "Invalid Team Element" ,

"title": "Invalid Team Element" ,

"detail": "Details about the error" ,

"status": 400

}

{

"error": "REQ-001" ,

"message": "Unexpected Error" ,

"title": "Unexpected Error" ,

"detail": "Details about the error" ,

"status": 400

}