Retrieve a specific certificate profile
Retrieve a specific certificate profile based on its name
|
name
string
required |
-
200 The certificate profile
application/json_idstring (Internal ID) requiredObject internal ID
modulestring requiredValueacmenamestring requiredenabledboolean requiredtimeoutstring requiredpkiConnectorstring requiredauthorizeShortNameboolean requiredauthorizeEmptyContactboolean requiredverifyRetryCountinteger requiredverifyRetryDelaystring requiredrequireTermsOfServiceboolean requiredauthorizationLevelsobject (CertificateProfileAuthorizationLevels) requiredrevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
searchobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
updateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
migrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
auditRequestobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestsPolicyobject (RequestsPolicy) requiredenrollstring | nullrevokestring | nullrecoverstring | nullupdatestring | nullmigratestring | nullrenewstring | nullselfPermissionsobject (CertificateProfileSelfPermissions) requiredselfRecoverboolean | nullselfUpdateboolean | nullselfRevokeboolean | nullselfRenewboolean | nullselfPopRenewboolean | nullselfPopRevokeboolean | nullselfPopUpdateboolean | nullcryptoPolicyobject (Certificate profile crypto policy) requiredcentralizedboolean | nullWhether this profile supports centralized enrollment
decentralizedboolean | nullWhether this profile supports decentralized enrollment
defaultKeyTypestring | null (Keytype)Default key type used for centralized enrollment
authorizedKeyTypesarray of string | null (Keytype)List of authorized key types for enrollment
preferredEnrollmentModestring | nullIf both centralized and decentralized enrollment are supported, this is the preferred mode
Enumcentralizeddecentralizedescrowboolean | nullWhether this profile will escrow the certificate private keys
p12passwordPolicystring | nullPassword policy for the P12 file
p12passwordModestring | nullWhether the user will be required to input their PKCS#12 password upon enrollment
Enumrandommanualp12storeEncryptionTypestring | nullEncryption type for the P12 file
showP12PasswordOnEnrollboolean | nullWhether the PKCS#12 password will be displayed to the user upon enrollment
showP12OnEnrollboolean | nullWhether the PKCS#12 file will be displayed to the user upon enrollment
showP12PasswordOnRecoverboolean | nullWhether the PKCS#12 password will be displayed to the user upon recovery
showP12OnRecoverboolean | nullWhether the PKCS#12 file will be displayed to the user upon recovery
displayNamearray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
metaobject | null (DirectoryMeta)termsOfServicestring | nullwebsitestring | nullcaaIdentitiesarray of string | nullexternalAccountRequiredboolean | nullconstraintsobject | null (CertificateRequestConstraints)allowedDomainsstring | nullallowedEmailDomainsstring | nullallowedDnsDomainsstring | nullauthorizationMethodsarray of string | nullhttp01Portinteger | nulltlsAlpn01Portinteger | nulldefaultContactsarray of string | nullrenewalPeriodstring | nullcsrDataMappingobject | nullproperty name*stringadditional propertymaxCertificatePerHolderPolicyobject | null (MaxCertificatePerHolderPolicy)maxinteger requiredbehaviorstring requiredEnumrevokerejectrevocationReasonstring | null (Revocation Reason)One of: unspecified, keycompromise, cacompromise, affiliationchange, superseded, cessationofoperation
maxDnsNameinteger | nullproxystring | nulltriggersobject | null (CertificateProfileTriggers)onEnrollarray of string | nullonSubmitEnrollarray of string | nullonCancelEnrollarray of string | nullonApproveEnrollarray of string | nullonDenyEnrollarray of string | nullonPendingEnrollarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRevokearray of string | nullonSubmitRevokearray of string | nullonCancelRevokearray of string | nullonApproveRevokearray of string | nullonDenyRevokearray of string | nullonPendingRevokearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onUpdatearray of string | nullonSubmitUpdatearray of string | nullonCancelUpdatearray of string | nullonApproveUpdatearray of string | nullonDenyUpdatearray of string | nullonPendingUpdatearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRecoverarray of string | nullonSubmitRecoverarray of string | nullonCancelRecoverarray of string | nullonApproveRecoverarray of string | nullonDenyRecoverarray of string | nullonPendingRecoverarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onMigratearray of string | nullonSubmitMigratearray of string | nullonCancelMigratearray of string | nullonApproveMigratearray of string | nullonDenyMigratearray of string | nullonPendingMigratearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onExpirearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRenewarray of string | nullonSubmitRenewarray of string | nullonCancelRenewarray of string | nullonApproveRenewarray of string | nullonDenyRenewarray of string | nullonPendingRenewarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
certificateTemplateobject | null (CertificateTemplate)subjectarray of objects | null (DNElement)Array [
typestring requiredmandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
sansarray of objects | null (SANElement)Array [
typestring requiredEnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullmininteger | nullmaxinteger | null]
extensionsarray of objects | null (ExtensionElement)Array [
typestring requiredEnumms_sidms_templatemandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
ownerPolicyobject | null (OwnerPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
teamPolicyobject | null (TeamPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredregexstring | nullwhitelistarray of string | nullvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
metadataPoliciesarray of objects | null (MetadataPolicy)Array [
metadatastring requiredEnumgs_order_idrenewed_certificate_idmetapki_idpki_connectordigicert_identrust_idscep_transidfcms_idprevious_certificate_idgsatlas_idcerteurope_iddigicert_order_idautomation_policycontact_emaileditableByRequesterboolean requirededitableByApproverboolean required]
labelsarray of objects | null (Label)Array [
labelstring requiredThe name of the label
valuestring | nullThe default value of the label element
computationRulestring | null (Computation Rule)The computation rule of the label element
mandatoryboolean | nullWhether the label element is mandatory to submit a request
editableByRequesterboolean | nullWhether the label element is editable by the requester
editableByApproverboolean | nullWhether the label element is editable by the approver
regexstring | nullThe regex used to validate the label element
enumarray of string | nullThe whitelist used to validate the label element
suggestionsarray of string | nullThe suggestions used to recommend the label element values
]
contactEmailPolicyobject | null (ContactEmailPolicy)mandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullwhitelistarray of string | nulldescriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
gradingPoliciesarray of string | nulldsFlowarray of object | null (Datasource Flow)Representation of a datasource execution flow
Array [
dsstring requiredName of the datasource to execute for this step
inputsarray of object | null (Datasource Input)List of inputs to use for this datasource
Array [
keystring requiredName of the datasource to execute for this step
valuestring (Computation Rule)Value for this input
]
stopOnSuccessbooleanStop the flow if this datasource is successfully executed
]
_idstring (Internal ID) requiredObject internal ID
modulestring requiredValueestnamestring requiredenabledboolean requiredcastring requiredpkiConnectorstring requiredauthorizationModestring requiredEnumauthorizedx509challengeauto-validationdnWhitelistboolean requiredauthorizationLevelsobject (CertificateProfileAuthorizationLevels) requiredrevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
searchobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
updateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
migrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
auditRequestobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestsPolicyobject (RequestsPolicy) requiredenrollstring | nullrevokestring | nullrecoverstring | nullupdatestring | nullmigratestring | nullrenewstring | nullcryptoPolicyobject (Certificate profile crypto policy) requiredcentralizedboolean | nullWhether this profile supports centralized enrollment
decentralizedboolean | nullWhether this profile supports decentralized enrollment
defaultKeyTypestring | null (Keytype)Default key type used for centralized enrollment
authorizedKeyTypesarray of string | null (Keytype)List of authorized key types for enrollment
preferredEnrollmentModestring | nullIf both centralized and decentralized enrollment are supported, this is the preferred mode
Enumcentralizeddecentralizedescrowboolean | nullWhether this profile will escrow the certificate private keys
p12passwordPolicystring | nullPassword policy for the P12 file
p12passwordModestring | nullWhether the user will be required to input their PKCS#12 password upon enrollment
Enumrandommanualp12storeEncryptionTypestring | nullEncryption type for the P12 file
showP12PasswordOnEnrollboolean | nullWhether the PKCS#12 password will be displayed to the user upon enrollment
showP12OnEnrollboolean | nullWhether the PKCS#12 file will be displayed to the user upon enrollment
showP12PasswordOnRecoverboolean | nullWhether the PKCS#12 password will be displayed to the user upon recovery
showP12OnRecoverboolean | nullWhether the PKCS#12 file will be displayed to the user upon recovery
selfPermissionsobject (CertificateProfileSelfPermissions) requiredselfRecoverboolean | nullselfUpdateboolean | nullselfRevokeboolean | nullselfRenewboolean | nullselfPopRenewboolean | nullselfPopRevokeboolean | nullselfPopUpdateboolean | nulldisplayNamearray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
constraintsobject | null (CertificateRequestConstraints)allowedDomainsstring | nullallowedEmailDomainsstring | nullallowedDnsDomainsstring | nullcsrDataMappingobject | nullproperty name*stringadditional propertymaxCertificatePerHolderPolicyobject | null (MaxCertificatePerHolderPolicy)maxinteger requiredbehaviorstring requiredEnumrevokerejectrevocationReasonstring | null (Revocation Reason)One of: unspecified, keycompromise, cacompromise, affiliationchange, superseded, cessationofoperation
enrollAuthorizedCasarray of string | nullrenewalAuthorizedCasarray of string | nullrenewalPeriodstring | nulltriggersobject | null (CertificateProfileTriggers)onEnrollarray of string | nullonSubmitEnrollarray of string | nullonCancelEnrollarray of string | nullonApproveEnrollarray of string | nullonDenyEnrollarray of string | nullonPendingEnrollarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRevokearray of string | nullonSubmitRevokearray of string | nullonCancelRevokearray of string | nullonApproveRevokearray of string | nullonDenyRevokearray of string | nullonPendingRevokearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onUpdatearray of string | nullonSubmitUpdatearray of string | nullonCancelUpdatearray of string | nullonApproveUpdatearray of string | nullonDenyUpdatearray of string | nullonPendingUpdatearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRecoverarray of string | nullonSubmitRecoverarray of string | nullonCancelRecoverarray of string | nullonApproveRecoverarray of string | nullonDenyRecoverarray of string | nullonPendingRecoverarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onMigratearray of string | nullonSubmitMigratearray of string | nullonCancelMigratearray of string | nullonApproveMigratearray of string | nullonDenyMigratearray of string | nullonPendingMigratearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onExpirearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRenewarray of string | nullonSubmitRenewarray of string | nullonCancelRenewarray of string | nullonApproveRenewarray of string | nullonDenyRenewarray of string | nullonPendingRenewarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
passwordPolicystring | nullcertificateTemplateobject | null (CertificateTemplate)subjectarray of objects | null (DNElement)Array [
typestring requiredmandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
sansarray of objects | null (SANElement)Array [
typestring requiredEnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullmininteger | nullmaxinteger | null]
extensionsarray of objects | null (ExtensionElement)Array [
typestring requiredEnumms_sidms_templatemandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
ownerPolicyobject | null (OwnerPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
teamPolicyobject | null (TeamPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredregexstring | nullwhitelistarray of string | nullvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
metadataPoliciesarray of objects | null (MetadataPolicy)Array [
metadatastring requiredEnumgs_order_idrenewed_certificate_idmetapki_idpki_connectordigicert_identrust_idscep_transidfcms_idprevious_certificate_idgsatlas_idcerteurope_iddigicert_order_idautomation_policycontact_emaileditableByRequesterboolean requirededitableByApproverboolean required]
labelsarray of objects | null (Label)Array [
labelstring requiredThe name of the label
valuestring | nullThe default value of the label element
computationRulestring | null (Computation Rule)The computation rule of the label element
mandatoryboolean | nullWhether the label element is mandatory to submit a request
editableByRequesterboolean | nullWhether the label element is editable by the requester
editableByApproverboolean | nullWhether the label element is editable by the approver
regexstring | nullThe regex used to validate the label element
enumarray of string | nullThe whitelist used to validate the label element
suggestionsarray of string | nullThe suggestions used to recommend the label element values
]
contactEmailPolicyobject | null (ContactEmailPolicy)mandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullwhitelistarray of string | nulldescriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
gradingPoliciesarray of string | nullvalidationRulesetobject | null (Validation Ruleset)The validation ruleset used for auto validation
rulesarray of string requiredThe validation rules for this ruleset
thresholdinteger requiredNumber of rules to validation in order to allow enrollment
dsFlowarray of object | null (Datasource Flow)Representation of a datasource execution flow
Array [
dsstring requiredName of the datasource to execute for this step
inputsarray of object | null (Datasource Input)List of inputs to use for this datasource
Array [
keystring requiredName of the datasource to execute for this step
valuestring (Computation Rule)Value for this input
]
stopOnSuccessbooleanStop the flow if this datasource is successfully executed
]
_idstring (Internal ID) requiredObject internal ID
modulestring requiredValueintunenamestring requiredenabledboolean requiredmodestring requiredEnumcarathirdPartyConnectorstring requiredpkiConnectorstring requiredscepRAstring requiredcapsarray of string requiredencryptionAlgorithmstring requiredauthorizationLevelsobject (CertificateProfileAuthorizationLevels) requiredrevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
searchobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
updateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
migrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
auditRequestobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestsPolicyobject (RequestsPolicy) requiredenrollstring | nullrevokestring | nullrecoverstring | nullupdatestring | nullmigratestring | nullrenewstring | nullselfPermissionsobject (CertificateProfileSelfPermissions) requiredselfRecoverboolean | nullselfUpdateboolean | nullselfRevokeboolean | nullselfRenewboolean | nullselfPopRenewboolean | nullselfPopRevokeboolean | nullselfPopUpdateboolean | nullcryptoPolicyobject (Certificate profile crypto policy) requiredcentralizedboolean | nullWhether this profile supports centralized enrollment
decentralizedboolean | nullWhether this profile supports decentralized enrollment
defaultKeyTypestring | null (Keytype)Default key type used for centralized enrollment
authorizedKeyTypesarray of string | null (Keytype)List of authorized key types for enrollment
preferredEnrollmentModestring | nullIf both centralized and decentralized enrollment are supported, this is the preferred mode
Enumcentralizeddecentralizedescrowboolean | nullWhether this profile will escrow the certificate private keys
p12passwordPolicystring | nullPassword policy for the P12 file
p12passwordModestring | nullWhether the user will be required to input their PKCS#12 password upon enrollment
Enumrandommanualp12storeEncryptionTypestring | nullEncryption type for the P12 file
showP12PasswordOnEnrollboolean | nullWhether the PKCS#12 password will be displayed to the user upon enrollment
showP12OnEnrollboolean | nullWhether the PKCS#12 file will be displayed to the user upon enrollment
showP12PasswordOnRecoverboolean | nullWhether the PKCS#12 password will be displayed to the user upon recovery
showP12OnRecoverboolean | nullWhether the PKCS#12 file will be displayed to the user upon recovery
displayNamearray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
renewalPeriodstring | nullconstraintsobject | null (CertificateRequestConstraints)allowedDomainsstring | nullallowedEmailDomainsstring | nullallowedDnsDomainsstring | nullcsrDataMappingobject | nullproperty name*stringadditional propertypostPKIOperationboolean | nulldeviceIdFieldstring | nulldeviceIdSeparatorstring | nullmaxCertificatePerHolderPolicyobject | null (MaxCertificatePerHolderPolicy)maxinteger requiredbehaviorstring requiredEnumrevokerejectrevocationReasonstring | null (Revocation Reason)One of: unspecified, keycompromise, cacompromise, affiliationchange, superseded, cessationofoperation
triggersobject | null (CertificateProfileTriggers)onEnrollarray of string | nullonSubmitEnrollarray of string | nullonCancelEnrollarray of string | nullonApproveEnrollarray of string | nullonDenyEnrollarray of string | nullonPendingEnrollarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRevokearray of string | nullonSubmitRevokearray of string | nullonCancelRevokearray of string | nullonApproveRevokearray of string | nullonDenyRevokearray of string | nullonPendingRevokearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onUpdatearray of string | nullonSubmitUpdatearray of string | nullonCancelUpdatearray of string | nullonApproveUpdatearray of string | nullonDenyUpdatearray of string | nullonPendingUpdatearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRecoverarray of string | nullonSubmitRecoverarray of string | nullonCancelRecoverarray of string | nullonApproveRecoverarray of string | nullonDenyRecoverarray of string | nullonPendingRecoverarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onMigratearray of string | nullonSubmitMigratearray of string | nullonCancelMigratearray of string | nullonApproveMigratearray of string | nullonDenyMigratearray of string | nullonPendingMigratearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onExpirearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRenewarray of string | nullonSubmitRenewarray of string | nullonCancelRenewarray of string | nullonApproveRenewarray of string | nullonDenyRenewarray of string | nullonPendingRenewarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
certificateTemplateobject | null (CertificateTemplate)subjectarray of objects | null (DNElement)Array [
typestring requiredmandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
sansarray of objects | null (SANElement)Array [
typestring requiredEnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullmininteger | nullmaxinteger | null]
extensionsarray of objects | null (ExtensionElement)Array [
typestring requiredEnumms_sidms_templatemandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
ownerPolicyobject | null (OwnerPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
teamPolicyobject | null (TeamPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredregexstring | nullwhitelistarray of string | nullvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
metadataPoliciesarray of objects | null (MetadataPolicy)Array [
metadatastring requiredEnumgs_order_idrenewed_certificate_idmetapki_idpki_connectordigicert_identrust_idscep_transidfcms_idprevious_certificate_idgsatlas_idcerteurope_iddigicert_order_idautomation_policycontact_emaileditableByRequesterboolean requirededitableByApproverboolean required]
labelsarray of objects | null (Label)Array [
labelstring requiredThe name of the label
valuestring | nullThe default value of the label element
computationRulestring | null (Computation Rule)The computation rule of the label element
mandatoryboolean | nullWhether the label element is mandatory to submit a request
editableByRequesterboolean | nullWhether the label element is editable by the requester
editableByApproverboolean | nullWhether the label element is editable by the approver
regexstring | nullThe regex used to validate the label element
enumarray of string | nullThe whitelist used to validate the label element
suggestionsarray of string | nullThe suggestions used to recommend the label element values
]
contactEmailPolicyobject | null (ContactEmailPolicy)mandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullwhitelistarray of string | nulldescriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
gradingPoliciesarray of string | nulldsFlowarray of object | null (Datasource Flow)Representation of a datasource execution flow
Array [
dsstring requiredName of the datasource to execute for this step
inputsarray of object | null (Datasource Input)List of inputs to use for this datasource
Array [
keystring requiredName of the datasource to execute for this step
valuestring (Computation Rule)Value for this input
]
stopOnSuccessbooleanStop the flow if this datasource is successfully executed
]
_idstring (Internal ID) requiredObject internal ID
modulestring requiredValuejamfnamestring requiredenabledboolean requiredmodestring requiredEnumcarathirdPartyConnectorstring requiredpkiConnectorstring requiredscepRAstring requiredcapsarray of string requiredencryptionAlgorithmstring requiredauthorizationLevelsobject (CertificateProfileAuthorizationLevels) requiredrevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
searchobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
updateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
migrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
auditRequestobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestsPolicyobject (RequestsPolicy) requiredenrollstring | nullrevokestring | nullrecoverstring | nullupdatestring | nullmigratestring | nullrenewstring | nullselfPermissionsobject (CertificateProfileSelfPermissions) requiredselfRecoverboolean | nullselfUpdateboolean | nullselfRevokeboolean | nullselfRenewboolean | nullselfPopRenewboolean | nullselfPopRevokeboolean | nullselfPopUpdateboolean | nullcryptoPolicyobject (Certificate profile crypto policy) requiredcentralizedboolean | nullWhether this profile supports centralized enrollment
decentralizedboolean | nullWhether this profile supports decentralized enrollment
defaultKeyTypestring | null (Keytype)Default key type used for centralized enrollment
authorizedKeyTypesarray of string | null (Keytype)List of authorized key types for enrollment
preferredEnrollmentModestring | nullIf both centralized and decentralized enrollment are supported, this is the preferred mode
Enumcentralizeddecentralizedescrowboolean | nullWhether this profile will escrow the certificate private keys
p12passwordPolicystring | nullPassword policy for the P12 file
p12passwordModestring | nullWhether the user will be required to input their PKCS#12 password upon enrollment
Enumrandommanualp12storeEncryptionTypestring | nullEncryption type for the P12 file
showP12PasswordOnEnrollboolean | nullWhether the PKCS#12 password will be displayed to the user upon enrollment
showP12OnEnrollboolean | nullWhether the PKCS#12 file will be displayed to the user upon enrollment
showP12PasswordOnRecoverboolean | nullWhether the PKCS#12 password will be displayed to the user upon recovery
showP12OnRecoverboolean | nullWhether the PKCS#12 file will be displayed to the user upon recovery
displayNamearray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
renewalPeriodstring | nullconstraintsobject | null (CertificateRequestConstraints)allowedDomainsstring | nullallowedEmailDomainsstring | nullallowedDnsDomainsstring | nullcsrDataMappingobject | nullproperty name*stringadditional propertypostPKIOperationboolean | nulldeviceIdFieldstring | nullmaxCertificatePerHolderPolicyobject | null (MaxCertificatePerHolderPolicy)maxinteger requiredbehaviorstring requiredEnumrevokerejectrevocationReasonstring | null (Revocation Reason)One of: unspecified, keycompromise, cacompromise, affiliationchange, superseded, cessationofoperation
triggersobject | null (CertificateProfileTriggers)onEnrollarray of string | nullonSubmitEnrollarray of string | nullonCancelEnrollarray of string | nullonApproveEnrollarray of string | nullonDenyEnrollarray of string | nullonPendingEnrollarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRevokearray of string | nullonSubmitRevokearray of string | nullonCancelRevokearray of string | nullonApproveRevokearray of string | nullonDenyRevokearray of string | nullonPendingRevokearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onUpdatearray of string | nullonSubmitUpdatearray of string | nullonCancelUpdatearray of string | nullonApproveUpdatearray of string | nullonDenyUpdatearray of string | nullonPendingUpdatearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRecoverarray of string | nullonSubmitRecoverarray of string | nullonCancelRecoverarray of string | nullonApproveRecoverarray of string | nullonDenyRecoverarray of string | nullonPendingRecoverarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onMigratearray of string | nullonSubmitMigratearray of string | nullonCancelMigratearray of string | nullonApproveMigratearray of string | nullonDenyMigratearray of string | nullonPendingMigratearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onExpirearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRenewarray of string | nullonSubmitRenewarray of string | nullonCancelRenewarray of string | nullonApproveRenewarray of string | nullonDenyRenewarray of string | nullonPendingRenewarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
passwordPolicystring | nullcertificateTemplateobject | null (CertificateTemplate)subjectarray of objects | null (DNElement)Array [
typestring requiredmandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
sansarray of objects | null (SANElement)Array [
typestring requiredEnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullmininteger | nullmaxinteger | null]
extensionsarray of objects | null (ExtensionElement)Array [
typestring requiredEnumms_sidms_templatemandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
ownerPolicyobject | null (OwnerPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
teamPolicyobject | null (TeamPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredregexstring | nullwhitelistarray of string | nullvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
metadataPoliciesarray of objects | null (MetadataPolicy)Array [
metadatastring requiredEnumgs_order_idrenewed_certificate_idmetapki_idpki_connectordigicert_identrust_idscep_transidfcms_idprevious_certificate_idgsatlas_idcerteurope_iddigicert_order_idautomation_policycontact_emaileditableByRequesterboolean requirededitableByApproverboolean required]
labelsarray of objects | null (Label)Array [
labelstring requiredThe name of the label
valuestring | nullThe default value of the label element
computationRulestring | null (Computation Rule)The computation rule of the label element
mandatoryboolean | nullWhether the label element is mandatory to submit a request
editableByRequesterboolean | nullWhether the label element is editable by the requester
editableByApproverboolean | nullWhether the label element is editable by the approver
regexstring | nullThe regex used to validate the label element
enumarray of string | nullThe whitelist used to validate the label element
suggestionsarray of string | nullThe suggestions used to recommend the label element values
]
contactEmailPolicyobject | null (ContactEmailPolicy)mandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullwhitelistarray of string | nulldescriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
gradingPoliciesarray of string | nulldsFlowarray of object | null (Datasource Flow)Representation of a datasource execution flow
Array [
dsstring requiredName of the datasource to execute for this step
inputsarray of object | null (Datasource Input)List of inputs to use for this datasource
Array [
keystring requiredName of the datasource to execute for this step
valuestring (Computation Rule)Value for this input
]
stopOnSuccessbooleanStop the flow if this datasource is successfully executed
]
_idstring (Internal ID) requiredObject internal ID
modulestring requiredValuescepnamestring requiredenabledboolean requiredmodestring requiredEnumcarascepRAstring requiredcapsarray of string requiredencryptionAlgorithmstring requiredpkiConnectorstring requireddnWhitelistboolean requiredauthorizationModestring requiredThe authorization mode for this profile:
- challenge: a SCEP challenge must be used when submitting a request.
- authorized: the challenge does not come from the challenge but are credentials 'login:password' hex encoded of an account with enroll permissions.
- ndes: challenge requests are automatically generated by an account with enroll permissions.
Enumchallengeauthorizedndesauto-validationauthorizationLevelsobject (CertificateProfileAuthorizationLevels) requiredrevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
searchobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
updateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
migrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
auditRequestobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestsPolicyobject (RequestsPolicy) requiredenrollstring | nullrevokestring | nullrecoverstring | nullupdatestring | nullmigratestring | nullrenewstring | nullselfPermissionsobject (CertificateProfileSelfPermissions) requiredselfRecoverboolean | nullselfUpdateboolean | nullselfRevokeboolean | nullselfRenewboolean | nullselfPopRenewboolean | nullselfPopRevokeboolean | nullselfPopUpdateboolean | nullcryptoPolicyobject (Certificate profile crypto policy) requiredcentralizedboolean | nullWhether this profile supports centralized enrollment
decentralizedboolean | nullWhether this profile supports decentralized enrollment
defaultKeyTypestring | null (Keytype)Default key type used for centralized enrollment
authorizedKeyTypesarray of string | null (Keytype)List of authorized key types for enrollment
preferredEnrollmentModestring | nullIf both centralized and decentralized enrollment are supported, this is the preferred mode
Enumcentralizeddecentralizedescrowboolean | nullWhether this profile will escrow the certificate private keys
p12passwordPolicystring | nullPassword policy for the P12 file
p12passwordModestring | nullWhether the user will be required to input their PKCS#12 password upon enrollment
Enumrandommanualp12storeEncryptionTypestring | nullEncryption type for the P12 file
showP12PasswordOnEnrollboolean | nullWhether the PKCS#12 password will be displayed to the user upon enrollment
showP12OnEnrollboolean | nullWhether the PKCS#12 file will be displayed to the user upon enrollment
showP12PasswordOnRecoverboolean | nullWhether the PKCS#12 password will be displayed to the user upon recovery
showP12OnRecoverboolean | nullWhether the PKCS#12 file will be displayed to the user upon recovery
displayNamearray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
postPKIOperationboolean | nullconstraintsobject | null (CertificateRequestConstraints)allowedDomainsstring | nullallowedEmailDomainsstring | nullallowedDnsDomainsstring | nullrenewalPeriodstring | nullcsrDataMappingobject | nullproperty name*stringadditional propertymaxCertificatePerHolderPolicyobject | null (MaxCertificatePerHolderPolicy)maxinteger requiredbehaviorstring requiredEnumrevokerejectrevocationReasonstring | null (Revocation Reason)One of: unspecified, keycompromise, cacompromise, affiliationchange, superseded, cessationofoperation
triggersobject | null (CertificateProfileTriggers)onEnrollarray of string | nullonSubmitEnrollarray of string | nullonCancelEnrollarray of string | nullonApproveEnrollarray of string | nullonDenyEnrollarray of string | nullonPendingEnrollarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRevokearray of string | nullonSubmitRevokearray of string | nullonCancelRevokearray of string | nullonApproveRevokearray of string | nullonDenyRevokearray of string | nullonPendingRevokearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onUpdatearray of string | nullonSubmitUpdatearray of string | nullonCancelUpdatearray of string | nullonApproveUpdatearray of string | nullonDenyUpdatearray of string | nullonPendingUpdatearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRecoverarray of string | nullonSubmitRecoverarray of string | nullonCancelRecoverarray of string | nullonApproveRecoverarray of string | nullonDenyRecoverarray of string | nullonPendingRecoverarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onMigratearray of string | nullonSubmitMigratearray of string | nullonCancelMigratearray of string | nullonApproveMigratearray of string | nullonDenyMigratearray of string | nullonPendingMigratearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onExpirearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRenewarray of string | nullonSubmitRenewarray of string | nullonCancelRenewarray of string | nullonApproveRenewarray of string | nullonDenyRenewarray of string | nullonPendingRenewarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
passwordPolicystring | nullcertificateTemplateobject | null (CertificateTemplate)subjectarray of objects | null (DNElement)Array [
typestring requiredmandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
sansarray of objects | null (SANElement)Array [
typestring requiredEnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullmininteger | nullmaxinteger | null]
extensionsarray of objects | null (ExtensionElement)Array [
typestring requiredEnumms_sidms_templatemandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
ownerPolicyobject | null (OwnerPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
teamPolicyobject | null (TeamPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredregexstring | nullwhitelistarray of string | nullvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
metadataPoliciesarray of objects | null (MetadataPolicy)Array [
metadatastring requiredEnumgs_order_idrenewed_certificate_idmetapki_idpki_connectordigicert_identrust_idscep_transidfcms_idprevious_certificate_idgsatlas_idcerteurope_iddigicert_order_idautomation_policycontact_emaileditableByRequesterboolean requirededitableByApproverboolean required]
labelsarray of objects | null (Label)Array [
labelstring requiredThe name of the label
valuestring | nullThe default value of the label element
computationRulestring | null (Computation Rule)The computation rule of the label element
mandatoryboolean | nullWhether the label element is mandatory to submit a request
editableByRequesterboolean | nullWhether the label element is editable by the requester
editableByApproverboolean | nullWhether the label element is editable by the approver
regexstring | nullThe regex used to validate the label element
enumarray of string | nullThe whitelist used to validate the label element
suggestionsarray of string | nullThe suggestions used to recommend the label element values
]
contactEmailPolicyobject | null (ContactEmailPolicy)mandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullwhitelistarray of string | nulldescriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
gradingPoliciesarray of string | nullvalidationRulesetobject | null (Validation Ruleset)The validation ruleset used for auto validation
rulesarray of string requiredThe validation rules for this ruleset
thresholdinteger requiredNumber of rules to validation in order to allow enrollment
dsFlowarray of object | null (Datasource Flow)Representation of a datasource execution flow
Array [
dsstring requiredName of the datasource to execute for this step
inputsarray of object | null (Datasource Input)List of inputs to use for this datasource
Array [
keystring requiredName of the datasource to execute for this step
valuestring (Computation Rule)Value for this input
]
stopOnSuccessbooleanStop the flow if this datasource is successfully executed
]
_idstring (Internal ID) requiredObject internal ID
modulestring requiredValuewccenamestring requiredenabledboolean requiredpkiConnectorstring requiredauthorizationLevelsobject (CertificateProfileAuthorizationLevels) requiredrevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
searchobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
updateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
migrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
auditRequestobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestsPolicyobject (RequestsPolicy) requiredenrollstring | nullrevokestring | nullrecoverstring | nullupdatestring | nullmigratestring | nullrenewstring | nullselfPermissionsobject (CertificateProfileSelfPermissions) requiredselfRecoverboolean | nullselfUpdateboolean | nullselfRevokeboolean | nullselfRenewboolean | nullselfPopRenewboolean | nullselfPopRevokeboolean | nullselfPopUpdateboolean | nullcryptoPolicyobject (Certificate profile crypto policy) requiredcentralizedboolean | nullWhether this profile supports centralized enrollment
decentralizedboolean | nullWhether this profile supports decentralized enrollment
defaultKeyTypestring | null (Keytype)Default key type used for centralized enrollment
authorizedKeyTypesarray of string | null (Keytype)List of authorized key types for enrollment
preferredEnrollmentModestring | nullIf both centralized and decentralized enrollment are supported, this is the preferred mode
Enumcentralizeddecentralizedescrowboolean | nullWhether this profile will escrow the certificate private keys
p12passwordPolicystring | nullPassword policy for the P12 file
p12passwordModestring | nullWhether the user will be required to input their PKCS#12 password upon enrollment
Enumrandommanualp12storeEncryptionTypestring | nullEncryption type for the P12 file
showP12PasswordOnEnrollboolean | nullWhether the PKCS#12 password will be displayed to the user upon enrollment
showP12OnEnrollboolean | nullWhether the PKCS#12 file will be displayed to the user upon enrollment
showP12PasswordOnRecoverboolean | nullWhether the PKCS#12 password will be displayed to the user upon recovery
showP12OnRecoverboolean | nullWhether the PKCS#12 file will be displayed to the user upon recovery
displayNamearray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
constraintsobject | null (CertificateRequestConstraints)allowedDomainsstring | nullallowedEmailDomainsstring | nullallowedDnsDomainsstring | nullcsrDataMappingobject | nullproperty name*stringadditional propertymaxCertificatePerHolderPolicyobject | null (MaxCertificatePerHolderPolicy)maxinteger requiredbehaviorstring requiredEnumrevokerejectrevocationReasonstring | null (Revocation Reason)One of: unspecified, keycompromise, cacompromise, affiliationchange, superseded, cessationofoperation
triggersobject | null (CertificateProfileTriggers)onEnrollarray of string | nullonSubmitEnrollarray of string | nullonCancelEnrollarray of string | nullonApproveEnrollarray of string | nullonDenyEnrollarray of string | nullonPendingEnrollarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRevokearray of string | nullonSubmitRevokearray of string | nullonCancelRevokearray of string | nullonApproveRevokearray of string | nullonDenyRevokearray of string | nullonPendingRevokearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onUpdatearray of string | nullonSubmitUpdatearray of string | nullonCancelUpdatearray of string | nullonApproveUpdatearray of string | nullonDenyUpdatearray of string | nullonPendingUpdatearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRecoverarray of string | nullonSubmitRecoverarray of string | nullonCancelRecoverarray of string | nullonApproveRecoverarray of string | nullonDenyRecoverarray of string | nullonPendingRecoverarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onMigratearray of string | nullonSubmitMigratearray of string | nullonCancelMigratearray of string | nullonApproveMigratearray of string | nullonDenyMigratearray of string | nullonPendingMigratearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onExpirearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRenewarray of string | nullonSubmitRenewarray of string | nullonCancelRenewarray of string | nullonApproveRenewarray of string | nullonDenyRenewarray of string | nullonPendingRenewarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
certificateTemplateobject | null (CertificateTemplate)subjectarray of objects | null (DNElement)Array [
typestring requiredmandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
sansarray of objects | null (SANElement)Array [
typestring requiredEnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullmininteger | nullmaxinteger | null]
extensionsarray of objects | null (ExtensionElement)Array [
typestring requiredEnumms_sidms_templatemandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
ownerPolicyobject | null (OwnerPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
teamPolicyobject | null (TeamPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredregexstring | nullwhitelistarray of string | nullvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
metadataPoliciesarray of objects | null (MetadataPolicy)Array [
metadatastring requiredEnumgs_order_idrenewed_certificate_idmetapki_idpki_connectordigicert_identrust_idscep_transidfcms_idprevious_certificate_idgsatlas_idcerteurope_iddigicert_order_idautomation_policycontact_emaileditableByRequesterboolean requirededitableByApproverboolean required]
labelsarray of objects | null (Label)Array [
labelstring requiredThe name of the label
valuestring | nullThe default value of the label element
computationRulestring | null (Computation Rule)The computation rule of the label element
mandatoryboolean | nullWhether the label element is mandatory to submit a request
editableByRequesterboolean | nullWhether the label element is editable by the requester
editableByApproverboolean | nullWhether the label element is editable by the approver
regexstring | nullThe regex used to validate the label element
enumarray of string | nullThe whitelist used to validate the label element
suggestionsarray of string | nullThe suggestions used to recommend the label element values
]
contactEmailPolicyobject | null (ContactEmailPolicy)mandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullwhitelistarray of string | nulldescriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
gradingPoliciesarray of string | nullexchangeCertificatestring | nulldsFlowarray of object | null (Datasource Flow)Representation of a datasource execution flow
Array [
dsstring requiredName of the datasource to execute for this step
inputsarray of object | null (Datasource Input)List of inputs to use for this datasource
Array [
keystring requiredName of the datasource to execute for this step
valuestring (Computation Rule)Value for this input
]
stopOnSuccessbooleanStop the flow if this datasource is successfully executed
]
_idstring (Internal ID) requiredObject internal ID
modulestring requiredValuewebranamestring requiredauthorizationModestring requiredThe authorization mode to use. authorized uses permissions to allow enrollment, auto-validation uses the validation ruleset, auto-validation-authorized uses the validation ruleset, and if enrollment is denied, uses the permissions
Enumauthorizedauto-validationauto-validation-authorizedenabledboolean requiredpkiConnectorstring requiredauthorizationLevelsobject (CertificateProfileAuthorizationLevels) requiredrevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
searchobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
updateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
migrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
auditRequestobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestsPolicyobject (RequestsPolicy) requiredenrollstring | nullrevokestring | nullrecoverstring | nullupdatestring | nullmigratestring | nullrenewstring | nullcryptoPolicyobject (Certificate profile crypto policy) requiredcentralizedboolean | nullWhether this profile supports centralized enrollment
decentralizedboolean | nullWhether this profile supports decentralized enrollment
defaultKeyTypestring | null (Keytype)Default key type used for centralized enrollment
authorizedKeyTypesarray of string | null (Keytype)List of authorized key types for enrollment
preferredEnrollmentModestring | nullIf both centralized and decentralized enrollment are supported, this is the preferred mode
Enumcentralizeddecentralizedescrowboolean | nullWhether this profile will escrow the certificate private keys
p12passwordPolicystring | nullPassword policy for the P12 file
p12passwordModestring | nullWhether the user will be required to input their PKCS#12 password upon enrollment
Enumrandommanualp12storeEncryptionTypestring | nullEncryption type for the P12 file
showP12PasswordOnEnrollboolean | nullWhether the PKCS#12 password will be displayed to the user upon enrollment
showP12OnEnrollboolean | nullWhether the PKCS#12 file will be displayed to the user upon enrollment
showP12PasswordOnRecoverboolean | nullWhether the PKCS#12 password will be displayed to the user upon recovery
showP12OnRecoverboolean | nullWhether the PKCS#12 file will be displayed to the user upon recovery
selfPermissionsobject (CertificateProfileSelfPermissions) requiredselfRecoverboolean | nullselfUpdateboolean | nullselfRevokeboolean | nullselfRenewboolean | nullselfPopRenewboolean | nullselfPopRevokeboolean | nullselfPopUpdateboolean | nulldisplayNamearray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
csrDataMappingobject | nullproperty name*stringadditional propertymaxCertificatePerHolderPolicyobject | null (MaxCertificatePerHolderPolicy)maxinteger requiredbehaviorstring requiredEnumrevokerejectrevocationReasonstring | null (Revocation Reason)One of: unspecified, keycompromise, cacompromise, affiliationchange, superseded, cessationofoperation
triggersobject | null (CertificateProfileTriggers)onEnrollarray of string | nullonSubmitEnrollarray of string | nullonCancelEnrollarray of string | nullonApproveEnrollarray of string | nullonDenyEnrollarray of string | nullonPendingEnrollarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRevokearray of string | nullonSubmitRevokearray of string | nullonCancelRevokearray of string | nullonApproveRevokearray of string | nullonDenyRevokearray of string | nullonPendingRevokearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onUpdatearray of string | nullonSubmitUpdatearray of string | nullonCancelUpdatearray of string | nullonApproveUpdatearray of string | nullonDenyUpdatearray of string | nullonPendingUpdatearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRecoverarray of string | nullonSubmitRecoverarray of string | nullonCancelRecoverarray of string | nullonApproveRecoverarray of string | nullonDenyRecoverarray of string | nullonPendingRecoverarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onMigratearray of string | nullonSubmitMigratearray of string | nullonCancelMigratearray of string | nullonApproveMigratearray of string | nullonDenyMigratearray of string | nullonPendingMigratearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onExpirearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRenewarray of string | nullonSubmitRenewarray of string | nullonCancelRenewarray of string | nullonApproveRenewarray of string | nullonDenyRenewarray of string | nullonPendingRenewarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
certificateTemplateobject | null (CertificateTemplate)subjectarray of objects | null (DNElement)Array [
typestring requiredmandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
sansarray of objects | null (SANElement)Array [
typestring requiredEnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullmininteger | nullmaxinteger | null]
extensionsarray of objects | null (ExtensionElement)Array [
typestring requiredEnumms_sidms_templatemandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
ownerPolicyobject | null (OwnerPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
teamPolicyobject | null (TeamPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredregexstring | nullwhitelistarray of string | nullvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
metadataPoliciesarray of objects | null (MetadataPolicy)Array [
metadatastring requiredEnumgs_order_idrenewed_certificate_idmetapki_idpki_connectordigicert_identrust_idscep_transidfcms_idprevious_certificate_idgsatlas_idcerteurope_iddigicert_order_idautomation_policycontact_emaileditableByRequesterboolean requirededitableByApproverboolean required]
labelsarray of objects | null (Label)Array [
labelstring requiredThe name of the label
valuestring | nullThe default value of the label element
computationRulestring | null (Computation Rule)The computation rule of the label element
mandatoryboolean | nullWhether the label element is mandatory to submit a request
editableByRequesterboolean | nullWhether the label element is editable by the requester
editableByApproverboolean | nullWhether the label element is editable by the approver
regexstring | nullThe regex used to validate the label element
enumarray of string | nullThe whitelist used to validate the label element
suggestionsarray of string | nullThe suggestions used to recommend the label element values
]
contactEmailPolicyobject | null (ContactEmailPolicy)mandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullwhitelistarray of string | nulldescriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
renewalPeriodstring | nullgradingPoliciesarray of string | nullvalidationRulesetobject | null (Validation Ruleset)The validation ruleset used for auto validation
rulesarray of string requiredThe validation rules for this ruleset
thresholdinteger requiredNumber of rules to validation in order to allow enrollment
dsFlowarray of object | null (Datasource Flow)Representation of a datasource execution flow
Array [
dsstring requiredName of the datasource to execute for this step
inputsarray of object | null (Datasource Input)List of inputs to use for this datasource
Array [
keystring requiredName of the datasource to execute for this step
valuestring (Computation Rule)Value for this input
]
stopOnSuccessbooleanStop the flow if this datasource is successfully executed
]
_idstring (Internal ID) requiredObject internal ID
modulestring requiredValueintunepkcsnamestring requiredenabledboolean requiredpkiConnectorstring requiredthirdPartyConnectorstring requiredauthorizationLevelsobject (CertificateProfileAuthorizationLevels) requiredrevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
searchobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
updateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
migrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
auditRequestobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestsPolicyobject (RequestsPolicy) requiredenrollstring | nullrevokestring | nullrecoverstring | nullupdatestring | nullmigratestring | nullrenewstring | nullcryptoPolicyobject (Certificate profile crypto policy) requiredcentralizedboolean | nullWhether this profile supports centralized enrollment
decentralizedboolean | nullWhether this profile supports decentralized enrollment
defaultKeyTypestring | null (Keytype)Default key type used for centralized enrollment
authorizedKeyTypesarray of string | null (Keytype)List of authorized key types for enrollment
preferredEnrollmentModestring | nullIf both centralized and decentralized enrollment are supported, this is the preferred mode
Enumcentralizeddecentralizedescrowboolean | nullWhether this profile will escrow the certificate private keys
p12passwordPolicystring | nullPassword policy for the P12 file
p12passwordModestring | nullWhether the user will be required to input their PKCS#12 password upon enrollment
Enumrandommanualp12storeEncryptionTypestring | nullEncryption type for the P12 file
showP12PasswordOnEnrollboolean | nullWhether the PKCS#12 password will be displayed to the user upon enrollment
showP12OnEnrollboolean | nullWhether the PKCS#12 file will be displayed to the user upon enrollment
showP12PasswordOnRecoverboolean | nullWhether the PKCS#12 password will be displayed to the user upon recovery
showP12OnRecoverboolean | nullWhether the PKCS#12 file will be displayed to the user upon recovery
selfPermissionsobject (CertificateProfileSelfPermissions) requiredselfRecoverboolean | nullselfUpdateboolean | nullselfRevokeboolean | nullselfRenewboolean | nullselfPopRenewboolean | nullselfPopRevokeboolean | nullselfPopUpdateboolean | nulldisplayNamearray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
constraintsobject | null (CertificateRequestConstraints)allowedDomainsstring | nullallowedEmailDomainsstring | nullallowedDnsDomainsstring | nullcsrDataMappingobject | nullproperty name*stringadditional propertymaxCertificatePerHolderPolicyobject | null (MaxCertificatePerHolderPolicy)maxinteger requiredbehaviorstring requiredEnumrevokerejectrevocationReasonstring | null (Revocation Reason)One of: unspecified, keycompromise, cacompromise, affiliationchange, superseded, cessationofoperation
triggersobject | null (CertificateProfileTriggers)onEnrollarray of string | nullonSubmitEnrollarray of string | nullonCancelEnrollarray of string | nullonApproveEnrollarray of string | nullonDenyEnrollarray of string | nullonPendingEnrollarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRevokearray of string | nullonSubmitRevokearray of string | nullonCancelRevokearray of string | nullonApproveRevokearray of string | nullonDenyRevokearray of string | nullonPendingRevokearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onUpdatearray of string | nullonSubmitUpdatearray of string | nullonCancelUpdatearray of string | nullonApproveUpdatearray of string | nullonDenyUpdatearray of string | nullonPendingUpdatearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRecoverarray of string | nullonSubmitRecoverarray of string | nullonCancelRecoverarray of string | nullonApproveRecoverarray of string | nullonDenyRecoverarray of string | nullonPendingRecoverarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onMigratearray of string | nullonSubmitMigratearray of string | nullonCancelMigratearray of string | nullonApproveMigratearray of string | nullonDenyMigratearray of string | nullonPendingMigratearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onExpirearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRenewarray of string | nullonSubmitRenewarray of string | nullonCancelRenewarray of string | nullonApproveRenewarray of string | nullonDenyRenewarray of string | nullonPendingRenewarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
certificateTemplateobject | null (CertificateTemplate)subjectarray of objects | null (DNElement)Array [
typestring requiredmandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
sansarray of objects | null (SANElement)Array [
typestring requiredEnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullmininteger | nullmaxinteger | null]
extensionsarray of objects | null (ExtensionElement)Array [
typestring requiredEnumms_sidms_templatemandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
ownerPolicyobject | null (OwnerPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
teamPolicyobject | null (TeamPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredregexstring | nullwhitelistarray of string | nullvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
metadataPoliciesarray of objects | null (MetadataPolicy)Array [
metadatastring requiredEnumgs_order_idrenewed_certificate_idmetapki_idpki_connectordigicert_identrust_idscep_transidfcms_idprevious_certificate_idgsatlas_idcerteurope_iddigicert_order_idautomation_policycontact_emaileditableByRequesterboolean requirededitableByApproverboolean required]
labelsarray of objects | null (Label)Array [
labelstring requiredThe name of the label
valuestring | nullThe default value of the label element
computationRulestring | null (Computation Rule)The computation rule of the label element
mandatoryboolean | nullWhether the label element is mandatory to submit a request
editableByRequesterboolean | nullWhether the label element is editable by the requester
editableByApproverboolean | nullWhether the label element is editable by the approver
regexstring | nullThe regex used to validate the label element
enumarray of string | nullThe whitelist used to validate the label element
suggestionsarray of string | nullThe suggestions used to recommend the label element values
]
contactEmailPolicyobject | null (ContactEmailPolicy)mandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullwhitelistarray of string | nulldescriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
gradingPoliciesarray of string | nulldsFlowarray of object | null (Datasource Flow)Representation of a datasource execution flow
Array [
dsstring requiredName of the datasource to execute for this step
inputsarray of object | null (Datasource Input)List of inputs to use for this datasource
Array [
keystring requiredName of the datasource to execute for this step
valuestring (Computation Rule)Value for this input
]
stopOnSuccessbooleanStop the flow if this datasource is successfully executed
]
_idstring (Internal ID) requiredObject internal ID
modulestring requiredValueacme-externalnamestring requiredenabledboolean requiredauthorizationMethodsarray of string | null requiredpkiConnectorstring requiredrequireEABboolean requiredauthorizedCasarray of string | null requiredauthorizationLevelsobject (CertificateProfileAuthorizationLevels) requiredrevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRevokeobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
searchobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
updateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveUpdateobject (AuthorizationLevel) requiredaccessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
enrollApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveEnrollobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
recoverApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRecoverobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
migrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveMigrateobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
renewApiobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
approveRenewobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
auditRequestobject | null (AuthorizationLevel)accessLevelstring requiredThe access level required to perform the action
EnumeveryoneauthenticatedauthorizedenforcedIdentityProvidersarray of objects | null (Enforced identity providers)The different identity providers that can be enforced to perform the action
Array [
typestring requiredThe type of identity provider to be enforced
EnumLocalOpenIdX509Popnamestring requiredThe name of the identity provider to be enforced
]
requestsPolicyobject (RequestsPolicy) requiredenrollstring | nullrevokestring | nullrecoverstring | nullupdatestring | nullmigratestring | nullrenewstring | nullselfPermissionsobject (CertificateProfileSelfPermissions) requiredselfRecoverboolean | nullselfUpdateboolean | nullselfRevokeboolean | nullselfRenewboolean | nullselfPopRenewboolean | nullselfPopRevokeboolean | nullselfPopUpdateboolean | nullcryptoPolicyobject (Certificate profile crypto policy) requiredcentralizedboolean | nullWhether this profile supports centralized enrollment
decentralizedboolean | nullWhether this profile supports decentralized enrollment
defaultKeyTypestring | null (Keytype)Default key type used for centralized enrollment
authorizedKeyTypesarray of string | null (Keytype)List of authorized key types for enrollment
preferredEnrollmentModestring | nullIf both centralized and decentralized enrollment are supported, this is the preferred mode
Enumcentralizeddecentralizedescrowboolean | nullWhether this profile will escrow the certificate private keys
p12passwordPolicystring | nullPassword policy for the P12 file
p12passwordModestring | nullWhether the user will be required to input their PKCS#12 password upon enrollment
Enumrandommanualp12storeEncryptionTypestring | nullEncryption type for the P12 file
showP12PasswordOnEnrollboolean | nullWhether the PKCS#12 password will be displayed to the user upon enrollment
showP12OnEnrollboolean | nullWhether the PKCS#12 file will be displayed to the user upon enrollment
showP12PasswordOnRecoverboolean | nullWhether the PKCS#12 password will be displayed to the user upon recovery
showP12OnRecoverboolean | nullWhether the PKCS#12 file will be displayed to the user upon recovery
displayNamearray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
constraintsobject | null (CertificateRequestConstraints)allowedDomainsstring | nullallowedEmailDomainsstring | nullallowedDnsDomainsstring | nullacmeUrlstringmaxCertificatePerHolderPolicyobject | null (MaxCertificatePerHolderPolicy)maxinteger requiredbehaviorstring requiredEnumrevokerejectrevocationReasonstring | null (Revocation Reason)One of: unspecified, keycompromise, cacompromise, affiliationchange, superseded, cessationofoperation
renewalPeriodstring | nulltriggersobject | null (CertificateProfileTriggers)onEnrollarray of string | nullonSubmitEnrollarray of string | nullonCancelEnrollarray of string | nullonApproveEnrollarray of string | nullonDenyEnrollarray of string | nullonPendingEnrollarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRevokearray of string | nullonSubmitRevokearray of string | nullonCancelRevokearray of string | nullonApproveRevokearray of string | nullonDenyRevokearray of string | nullonPendingRevokearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onUpdatearray of string | nullonSubmitUpdatearray of string | nullonCancelUpdatearray of string | nullonApproveUpdatearray of string | nullonDenyUpdatearray of string | nullonPendingUpdatearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRecoverarray of string | nullonSubmitRecoverarray of string | nullonCancelRecoverarray of string | nullonApproveRecoverarray of string | nullonDenyRecoverarray of string | nullonPendingRecoverarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onMigratearray of string | nullonSubmitMigratearray of string | nullonCancelMigratearray of string | nullonApproveMigratearray of string | nullonDenyMigratearray of string | nullonPendingMigratearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onExpirearray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
onRenewarray of string | nullonSubmitRenewarray of string | nullonCancelRenewarray of string | nullonApproveRenewarray of string | nullonDenyRenewarray of string | nullonPendingRenewarray of objects | null (CertificateProfileAsynchronousTrigger)Array [
namestring requiredactivationDateinteger | null]
certificateTemplateobject | null (CertificateTemplate)subjectarray of objects | null (DNElement)Array [
typestring requiredmandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
sansarray of objects | null (SANElement)Array [
typestring requiredEnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullmininteger | nullmaxinteger | null]
extensionsarray of objects | null (ExtensionElement)Array [
typestring requiredEnumms_sidms_templatemandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | null]
ownerPolicyobject | null (OwnerPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
teamPolicyobject | null (TeamPolicy)editableByRequesterboolean requirededitableByApproverboolean requiredmandatoryboolean requiredregexstring | nullwhitelistarray of string | nullvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
descriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
metadataPoliciesarray of objects | null (MetadataPolicy)Array [
metadatastring requiredEnumgs_order_idrenewed_certificate_idmetapki_idpki_connectordigicert_identrust_idscep_transidfcms_idprevious_certificate_idgsatlas_idcerteurope_iddigicert_order_idautomation_policycontact_emaileditableByRequesterboolean requirededitableByApproverboolean required]
labelsarray of objects | null (Label)Array [
labelstring requiredThe name of the label
valuestring | nullThe default value of the label element
computationRulestring | null (Computation Rule)The computation rule of the label element
mandatoryboolean | nullWhether the label element is mandatory to submit a request
editableByRequesterboolean | nullWhether the label element is editable by the requester
editableByApproverboolean | nullWhether the label element is editable by the approver
regexstring | nullThe regex used to validate the label element
enumarray of string | nullThe whitelist used to validate the label element
suggestionsarray of string | nullThe suggestions used to recommend the label element values
]
contactEmailPolicyobject | null (ContactEmailPolicy)mandatoryboolean requiredvaluestring | nullcomputationRulestring | null (Computation Rule)A computation rule that will dynamically generate a string value from the request's context
editableByRequesterboolean | nulleditableByApproverboolean | nullregexstring | nullwhitelistarray of string | nulldescriptionarray of objects | null (LocalizedString)Array [
langstring requiredThe ISO 3166-1 (2-letters) code of the language used for the value
valuestring requiredThe localized value
]
gradingPoliciesarray of string | nulldsFlowarray of object | null (Datasource Flow)Representation of a datasource execution flow
Array [
dsstring requiredName of the datasource to execute for this step
inputsarray of object | null (Datasource Input)List of inputs to use for this datasource
Array [
keystring requiredName of the datasource to execute for this step
valuestring (Computation Rule)Value for this input
]
stopOnSuccessbooleanStop the flow if this datasource is successfully executed
]
-
401 Unauthorized request
application/problem+jsonerrorstring requiredThe error code of the problem
ValueSEC-AUTH-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected Errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected Errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-002messagestring requiredA short, human-readable summary of the problem type
ValueInvalid credentials or principal does not existtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid credentials or principal does not existdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-003messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is not trustedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is not trusteddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-004messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is expiredtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is expireddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-005messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is revokedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is revokeddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-006messagestring requiredA short, human-readable summary of the problem type
ValuePrincipal not authenticatedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValuePrincipal not authenticateddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-007messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Identity Providertitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Identity Providerdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-008messagestring requiredA short, human-readable summary of the problem type
ValueInvalid redirect pathtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid redirect pathdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-009messagestring requiredA short, human-readable summary of the problem type
ValuePrincipal not authenticated or authentication expiredtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValuePrincipal not authenticated or authentication expireddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
403 Forbidden action
application/problem+jsonerrorstring requiredThe error code of the problem
ValueSEC-PERM-001messagestring requiredA short, human-readable summary of the problem type
ValueInsufficient privilegestitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInsufficient privilegesdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueLIC-002messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Licensetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Licensedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueLIC-004messagestring requiredA short, human-readable summary of the problem type
ValueExpired Licensetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueExpired Licensedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
404 Not Found
application/problem+jsonerrorstring requiredThe error code of the problem
ValueCERT-PROFILE-003messagestring requiredA short, human-readable summary of the problem type
ValueCertificate Profile not foundtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate Profile not founddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
500 Internal Server error
application/problem+jsonerrorstring requiredThe error code of the problem
ValueCERT-PROFILE-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected Errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected Errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected Errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected Errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueLIC-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807