Register a new Certificate Authority
Register a new Certificate Authority
Certificate Authority to register
|
type
string
requiredThe type of Certificate Authority
Value
external
|
|
outdatedRevocationStatusPolicy
string
requiredDefined the behavior when the revocation information is not up to date. revoked considers all certificates to be revoked even if they were not revoked on the last know status. unknown considers their status as unknown, and lastavailablestatus will consider them revoked if they were revoked, and valid otherwise
Enum
revoked
unknown
lastavailablestatus
|
|
id
string (Internal ID)
requiredObject internal ID |
|
name
string
requiredThe name of the Certificate Authority |
|
trustedForClientAuthentication
boolean
requiredIf true, certificates emitted by this Certificate Authority can be used for client authentication on Stream |
|
trustedForServerAuthentication
boolean
requiredIf true, certificates emitted by this Certificate Authority can be used for server authentication by Stream |
|
crlUrls
array of string | null
URLs on which to find this Certificate Authority's CRL |
|
refresh
string | null
The refresh period of this Certificate Authority's CRL |
|
timeout
string | null
HTTP Request timeouts to fetch this Certificate Authority's CRL |
|
proxy
string | null
HTTP Proxy to access this Certificate Authority's CRL |
|
certificate
string | null
The certificate of the Certificate Authority |
|
revoked
boolean | null
If true, the Certificate Authority is revoked |
|
revocationDate
string | null
The revocation date of this Certificate Authority |
|
revocationReason
string | null
The revocation reason of this Certificate Authority
Enum
UNSPECIFIED
KEYCOMPROMISE
CACOMPROMISE
AFFILIATIONCHANGE
SUPERSEDED
CESSATIONOFOPERATION
|
|
externalCrlStorages
array of string | null
CRL Storages on which to send the CRL for this Certificate Authority |
|
type
string
requiredThe type of Certificate Authority
Value
managed
|
||||||||||||||||
|
enroll
boolean
requiredIf true, this Certificate Authority can emit certificates |
||||||||||||||||
|
privateKey
object (Certificate Authority Private Key)
required
This certificate Authority's private key |
||||||||||||||||
|
||||||||||||||||
|
enforceKeyUnicity
boolean
requiredIf true, each enrollment request must have a unique key |
||||||||||||||||
|
id
string (Internal ID)
requiredObject internal ID |
||||||||||||||||
|
name
string
requiredThe name of the Certificate Authority |
||||||||||||||||
|
trustedForClientAuthentication
boolean
requiredIf true, certificates emitted by this Certificate Authority can be used for client authentication on Stream |
||||||||||||||||
|
trustedForServerAuthentication
boolean
requiredIf true, certificates emitted by this Certificate Authority can be used for server authentication by Stream |
||||||||||||||||
|
dn
string | null
This Certificate Authority's Distinguished Name |
||||||||||||||||
|
hashAlgorithm
string | null
The Hash Algorithm of this Certificate Authority's emitted certificates
Enum
SHA1
SHA224
SHA256
SHA384
SHA512
SHA3_224
SHA3_256
SHA3_384
SHA3_512
|
||||||||||||||||
|
queue
string | null
The queue to apply on this Certificate Authority's operations |
||||||||||||||||
|
crldps
array of string | null
The urls of this Certificate Authority's CRL Distribution Points |
||||||||||||||||
|
aia
object | null (Authority Information Access)
AIAs to add to the certificate |
||||||||||||||||
|
||||||||||||||||
|
policy
object | null (Certificate Policy)
Certificate Policy to add to the certificate |
||||||||||||||||
|
||||||||||||||||
|
qcStatement
object | null (Qualified Certificate Statements)
The Qualified Certificate Statements to add to the emitted certificates |
||||||||||||||||
|
||||||||||||||||
|
overridePermissions
object | null (Override Permissions)
This indicates which properties can be overriden in the enrollment request |
||||||||||||||||
|
||||||||||||||||
|
crlPolicy
object | null (CRL Generation Policy)
Define how to generate the CRL fot his Certificate Authority |
||||||||||||||||
|
||||||||||||||||
|
certificate
string | null
The certificate of the Certificate Authority |
||||||||||||||||
|
revoked
boolean | null
If true, the Certificate Authority is revoked |
||||||||||||||||
|
revocationDate
string | null
The revocation date of this Certificate Authority |
||||||||||||||||
|
revocationReason
string | null
The revocation reason of this Certificate Authority
Enum
UNSPECIFIED
KEYCOMPROMISE
CACOMPROMISE
AFFILIATIONCHANGE
SUPERSEDED
CESSATIONOFOPERATION
|
||||||||||||||||
|
externalCrlStorages
array of string | null
CRL Storages on which to send the CRL for this Certificate Authority |
||||||||||||||||
-
201 Certificate Authority successfully registered
application/jsontypestring requiredThe type of Certificate Authority
ValueexternaloutdatedRevocationStatusPolicystring requiredDefined the behavior when the revocation information is not up to date. revoked considers all certificates to be revoked even if they were not revoked on the last know status. unknown considers their status as unknown, and lastavailablestatus will consider them revoked if they were revoked, and valid otherwise
Enumrevokedunknownlastavailablestatusidstring (Internal ID) requiredObject internal ID
namestring requiredThe name of the Certificate Authority
trustedForClientAuthenticationboolean requiredIf true, certificates emitted by this Certificate Authority can be used for client authentication on Stream
trustedForServerAuthenticationboolean requiredIf true, certificates emitted by this Certificate Authority can be used for server authentication by Stream
crlUrlsarray of string | nullURLs on which to find this Certificate Authority's CRL
refreshstring | nullThe refresh period of this Certificate Authority's CRL
timeoutstring | nullHTTP Request timeouts to fetch this Certificate Authority's CRL
proxystring | nullHTTP Proxy to access this Certificate Authority's CRL
certificatestring | nullThe certificate of the Certificate Authority
revokedboolean | nullIf true, the Certificate Authority is revoked
revocationDatestring | nullThe revocation date of this Certificate Authority
revocationReasonstring | nullThe revocation reason of this Certificate Authority
EnumUNSPECIFIEDKEYCOMPROMISECACOMPROMISEAFFILIATIONCHANGESUPERSEDEDCESSATIONOFOPERATIONexternalCrlStoragesarray of string | nullCRL Storages on which to send the CRL for this Certificate Authority
typestring requiredThe type of Certificate Authority
Valuemanagedenrollboolean requiredIf true, this Certificate Authority can emit certificates
privateKeyobject (Certificate Authority Private Key) requiredThis certificate Authority's private key
keystorestring requiredThe Keystore in which the key is stored
namestring requiredThe name of the key in the keystore
usePSSboolean | nullFor RSA Keys in PKCS11 Keystores only: use the PSS signature algorithm
enforceKeyUnicityboolean requiredIf true, each enrollment request must have a unique key
idstring (Internal ID) requiredObject internal ID
namestring requiredThe name of the Certificate Authority
trustedForClientAuthenticationboolean requiredIf true, certificates emitted by this Certificate Authority can be used for client authentication on Stream
trustedForServerAuthenticationboolean requiredIf true, certificates emitted by this Certificate Authority can be used for server authentication by Stream
dnstring | nullThis Certificate Authority's Distinguished Name
hashAlgorithmstring | nullThe Hash Algorithm of this Certificate Authority's emitted certificates
EnumSHA1SHA224SHA256SHA384SHA512SHA3_224SHA3_256SHA3_384SHA3_512queuestring | nullThe queue to apply on this Certificate Authority's operations
crldpsarray of string | nullThe urls of this Certificate Authority's CRL Distribution Points
aiaobject | null (Authority Information Access)AIAs to add to the certificate
certificatearray of string | nullList of URIs on which the Certificate Authority certificate can be found
ocsparray of string | nullList of URIs on which the OCSP Responder of the Certificate Authority can be accessed
policyobject | null (Certificate Policy)Certificate Policy to add to the certificate
oidstring requiredObject Identifier of the Policy
cpsPointerstring | nullURI to a Certification Practice Statement document
qcStatementobject | null (Qualified Certificate Statements)The Qualified Certificate Statements to add to the emitted certificates
eTSIQCComplianceboolean requiredIf true, the certificate is a Qualified Certificate
eTSIQCSSCDboolean requiredIf true, the private key of the certificate resides in a Secure Signature Creation Device
eTSIRetentionPeriodinteger requiredThis indicates the duration of the retention period of material information in years
eTSIQCTypeobject requiredThis indicates which type of document can be signed by the certificate
EnumESEALESIGNWEBNONEeTSIPDSobject | nullThe PKI Disclosure Statements URI for a specified language
property name*stringadditional propertyeTSITransactionLimitobject | null (Transaction Limit Statement)This indicates the limits of the transactions the certificate is qualified for. The maximum amount is calculated by: valueLimit * 10^(valueLimitExp)
valueLimitinteger requiredThe maximum amount this certificate is qualified for simplified to the lowest power of 10
valueLimitExpinteger requiredThe exponent of the power of 10 to multiply with valueLimit to get the maximum amount
currencyCodestring requiredThe ISO-4217 currency code for this limit
eTSILegislationarray of string | nullThe alpha-2 ISO-3166 country codes where the certificate is qualified
overridePermissionsobject | null (Override Permissions)This indicates which properties can be overriden in the enrollment request
kuboolean | nullIf true, the Key Usages can be redefined in the enrollment request
ekuboolean | nullIf true, the Extended Key Usages can be redefined in the enrollment request
emptyExtensionsboolean | nullIf true, the Empty Extensions can be redefined in the enrollment request
crldpsboolean | nullIf true, the CRL Distribution Points can be redefined in the enrollment request
aiaboolean | nullIf true, the Authority Information Access can be redefined in the enrollment request
policyboolean | nullIf true, the Certificate Policy can be redefined in the enrollment request
pathlenboolean | nullIf true, the length of the certification path can be redefined in the enrollment request
lifetimeboolean | nullIf true, the certificate's lifetime can be redefined in the enrollment request
backdateboolean | nullIf true, the certificate's backdate can be redefined in the enrollment request
checkPoPboolean | nullIf true, the need to check the proof of possession can be redefined in the enrollment request
crlPolicyobject | null (CRL Generation Policy)Define how to generate the CRL fot his Certificate Authority
validitystring requiredThe duration of the CRL's validity
eidasboolean requiredIf true, the CRL will be EIDAS compliant
hardGenerationstring | nullThe CRL will be generated at each period
lazyGenerationstring | nullThe CRL will be checked at each period and generated if a new entry was added
certificatestring | nullThe certificate of the Certificate Authority
revokedboolean | nullIf true, the Certificate Authority is revoked
revocationDatestring | nullThe revocation date of this Certificate Authority
revocationReasonstring | nullThe revocation reason of this Certificate Authority
EnumUNSPECIFIEDKEYCOMPROMISECACOMPROMISEAFFILIATIONCHANGESUPERSEDEDCESSATIONOFOPERATIONexternalCrlStoragesarray of string | nullCRL Storages on which to send the CRL for this Certificate Authority
-
400 Bad Request
application/jsonerrorstring requiredThe error code of the problem
ValueCA-002messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Certificate Authoritytitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Certificate Authoritydetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
401 Unauthorized request
application/jsonerrorstring requiredThe error code of the problem
ValueSEC-AUTH-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-002messagestring requiredA short, human-readable summary of the problem type
ValueInvalid credentials or account does not existtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid credentials or account does not existdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-003messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is not trustedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is not trusteddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-004messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is expiredtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is expireddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-005messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is revokedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is revokeddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-009messagestring requiredA short, human-readable summary of the problem type
ValueAuthentication expiredtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueAuthentication expireddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-010messagestring requiredA short, human-readable summary of the problem type
ValuePrincipal not authenticated or authentication expiredtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValuePrincipal not authenticated or authentication expireddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
403 Forbidden action
application/jsonerrorstring requiredThe error code of the problem
ValueCA-004messagestring requiredA short, human-readable summary of the problem type
ValueCertificate Authority already existstitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate Authority already existsdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueLIC-001messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Licensetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Licensedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueLIC-002messagestring requiredA short, human-readable summary of the problem type
ValueExpired Licensetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueExpired Licensedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-PERM-001messagestring requiredA short, human-readable summary of the problem type
ValueInsufficient privilegestitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInsufficient privilegesdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
500 Internal Server error
application/jsonerrorstring requiredThe error code of the problem
ValueCA-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807