Update an existing certificate template

Body required

application/json

The certificate template to update

name

string required

Name of the certificate template

crldpsFromCA

boolean required

If true, will retrieve the crldps from the issuing Certificate Authority

aiaFromCA

boolean required

If true, will retrieve the aia from the issuing Certificate Authority

policyFromCA

boolean required

If true, will retrieve the policy from the issuing Certificate Authority

qcStatementFromCA

boolean required

If true, will retrieve the qcStatement from the issuing Certificate Authority

enabled

boolean required

If true, this template can be used for certificate enrollment

object | null (Key Usage)

Key usages for the issued certificate

critical

boolean required

Make the Key Usages of the certificate critical

values

array of string required

eku

object | null (Extended Key Usages)

Extended key usages for the issued certificate

critical

boolean required

Make the Extended Key Usages of the certificate critical

values

array of objects (Extended Key Usage Element) required

Selected Extended Key Usages (standard or custom)

emptyExtensions

array of string | null

Additional extensions for the issued certificate (key values only)

crldps

array of string | null

CRL Distribution Points for the issued certificate

aia

object | null (Authority Information Access)

Authority Information Access for the issued certificate

certificate

array of string | null

List of URIs on which the Certificate Authority certificate can be found

ocsp

array of string | null

List of URIs on which the OCSP Responder of the Certificate Authority can be accessed

policy

array of objects | null (Certificate Policy)

Policies for the issued certificate

Array [

oid

string required

Object Identifier of the Policy

cpsPointer

string | null

URI to a Certification Practice Statement document

organization

string | null

Organization of the user notice. Introduced in 2.0.12

noticeNumbers

array of integer | null

Notice numbers of the policy. Introduced in 2.0.12

explicitText

string | null

The text of the user notice. Introduced in 2.0.12

]

pathLen

integer | null

The pathlen for the issued certificate

lifetime

string | null

Duration of validity for the issued certificate

backdate

string | null

Backdate to apply to set the start period value of the issued certificate

checkPoP

boolean | null

If true, check that the CSR signature matches the CSR Public Key

qcStatement

object | null (Qualified Certificate Statements)

The Qualified Certificate Statements to add to the emitted certificates

eTSIQCCompliance

boolean required

If true, the certificate is a Qualified Certificate

eTSIQCSSCD

boolean required

If true, the private key of the certificate resides in a Secure Signature Creation Device

eTSIRetentionPeriod

integer required

This indicates the duration of the retention period of material information in years

eTSIQCType

object required

This indicates which type of document can be signed by the certificate. One of eseal, esign, web or none

eTSIPDS

object | null

The PKI Disclosure Statements URI for a specified language

eTSITransactionLimit

object | null (Transaction Limit Statement)

This indicates the limits of the transactions the certificate is qualified for. The maximum amount is calculated by: valueLimit * 10^(valueLimitExp)

eTSILegislation

array of string | null

The alpha-2 ISO-3166 country codes where the certificate is qualified

privateKeyUsagePeriod

object (Private Key Usage Period)

notBefore

string required

The private key can be used after this date

notAfter

string required

The private key cannot be used after this date

subject

array of objects | null (DN Element)

Configuration of the allowed subject elements. If null, all subject elements are allowed, otherwise at lease one element must be configured

Array [

type

string required

Type of DN element

Enum CN E OU ST L O C DC UID SERIALNUMBER SURNAME GIVENNAME UNSTRUCTUREDADDRESS UNSTRUCTUREDNAME ORGANIZATIONIDENTIFIER UNIQUEIDENTIFIER STREET DESCRIPTION T

mandatory

boolean required

If true, this element must be in the request or the request will be rejected

editable

boolean required

If true, this element can be provided in the request to be modified

value

string | null

The default value of this element

regex

string | null

If set, the element value must match this regex or the request will be rejected. This cannot be set with a whitelist

whitelist

array of string | null

A list of allowed values. If set, all requests containing an element not in this whitelist will be rejected. This cannot be set with a regex

]

sans

array of objects | null (SAN Element)

Configuration of the allowed SAN elements. If null, all SAN elements are allowed. If the array is empty, no SAN elements are allowed, otherwise the configured elements are allowed.

Array [

type

string required

Type of SAN element

Enum RFC822NAME DNSNAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID REGISTERED_ID

min

integer | null

If set, the request must provide a minimal number of SAN from this type or it will be rejected

max

integer | null

If set, the request must provide a maximal number of SAN from this type or it will be rejected

regex

string | null

If set, the element values must match this regex or the request will be rejected

]

extensions

array of objects | null (Extension Element)

Configuration of the allowed extension elements. If null, all extension elements are allowed. If the array is empty, no extension elements are allowed, otherwise the configured elements are allowed.

Array [

type

string required

Type of Extension element

Enum ms_template ms_sid

mandatory

boolean required

If true, this element must be in the request or the request will be rejected

editable

boolean required

If true, this element can be provided in the request to be modified

value

string | null

The default value of this element

]

extraCsrExtensions

array of string | null

List of OIDs to copy as is from the CSR into the certificate. Introduced in 2.0.10

removeBasicConstraints

boolean | null

If true, do not set the BasicConstraints field

Responses

200 Certificate template successfully updated

string (Internal ID) required

Object internal ID

name

string required

Name of the certificate template

crldpsFromCA

boolean required

If true, will retrieve the crldps from the issuing Certificate Authority

aiaFromCA

boolean required

If true, will retrieve the aia from the issuing Certificate Authority

policyFromCA

boolean required

If true, will retrieve the policy from the issuing Certificate Authority

qcStatementFromCA

boolean required

If true, will retrieve the qcStatement from the issuing Certificate Authority

enabled

boolean required

If true, this template can be used for certificate enrollment

object | null (Key Usage)

Key usages for the issued certificate

critical

boolean required

Make the Key Usages of the certificate critical

values

array of string required

eku

object | null (Extended Key Usages)

Extended key usages for the issued certificate

critical

boolean required

Make the Extended Key Usages of the certificate critical

values

array of objects (Extended Key Usage Element) required

Selected Extended Key Usages (standard or custom)

emptyExtensions

array of string | null

Additional extensions for the issued certificate (key values only)

crldps

array of string | null

CRL Distribution Points for the issued certificate

aia

object | null (Authority Information Access)

Authority Information Access for the issued certificate

certificate

array of string | null

List of URIs on which the Certificate Authority certificate can be found

ocsp

array of string | null

List of URIs on which the OCSP Responder of the Certificate Authority can be accessed

policy

array of objects | null (Certificate Policy)

Policies for the issued certificate

Array [

oid

string required

Object Identifier of the Policy

cpsPointer

string | null

URI to a Certification Practice Statement document

organization

string | null

Organization of the user notice. Introduced in 2.0.12

noticeNumbers

array of integer | null

Notice numbers of the policy. Introduced in 2.0.12

explicitText

string | null

The text of the user notice. Introduced in 2.0.12

]

pathLen

integer | null

The pathlen for the issued certificate

lifetime

string | null

Duration of validity for the issued certificate

backdate

string | null

Backdate to apply to set the start period value of the issued certificate

checkPoP

boolean | null

If true, check that the CSR signature matches the CSR Public Key

qcStatement

object | null (Qualified Certificate Statements)

The Qualified Certificate Statements to add to the emitted certificates

eTSIQCCompliance

boolean required

If true, the certificate is a Qualified Certificate

eTSIQCSSCD

boolean required

If true, the private key of the certificate resides in a Secure Signature Creation Device

eTSIRetentionPeriod

integer required

This indicates the duration of the retention period of material information in years

eTSIQCType

object required

This indicates which type of document can be signed by the certificate. One of eseal, esign, web or none

eTSIPDS

object | null

The PKI Disclosure Statements URI for a specified language

eTSITransactionLimit

object | null (Transaction Limit Statement)

This indicates the limits of the transactions the certificate is qualified for. The maximum amount is calculated by: valueLimit * 10^(valueLimitExp)

eTSILegislation

array of string | null

The alpha-2 ISO-3166 country codes where the certificate is qualified

privateKeyUsagePeriod

object (Private Key Usage Period)

notBefore

string required

The private key can be used after this date

notAfter

string required

The private key cannot be used after this date

subject

array of objects | null (DN Element)

Configuration of the allowed subject elements. If null, all subject elements are allowed, otherwise at lease one element must be configured

Array [

type

string required

Type of DN element

Enum CN E OU ST L O C DC UID SERIALNUMBER SURNAME GIVENNAME UNSTRUCTUREDADDRESS UNSTRUCTUREDNAME ORGANIZATIONIDENTIFIER UNIQUEIDENTIFIER STREET DESCRIPTION T

mandatory

boolean required

If true, this element must be in the request or the request will be rejected

editable

boolean required

If true, this element can be provided in the request to be modified

value

string | null

The default value of this element

regex

string | null

If set, the element value must match this regex or the request will be rejected. This cannot be set with a whitelist

whitelist

array of string | null

A list of allowed values. If set, all requests containing an element not in this whitelist will be rejected. This cannot be set with a regex

]

sans

array of objects | null (SAN Element)

Configuration of the allowed SAN elements. If null, all SAN elements are allowed. If the array is empty, no SAN elements are allowed, otherwise the configured elements are allowed.

Array [

type

string required

Type of SAN element

Enum RFC822NAME DNSNAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID REGISTERED_ID

min

integer | null

If set, the request must provide a minimal number of SAN from this type or it will be rejected

max

integer | null

If set, the request must provide a maximal number of SAN from this type or it will be rejected

regex

string | null

If set, the element values must match this regex or the request will be rejected

]

extensions

array of objects | null (Extension Element)

Configuration of the allowed extension elements. If null, all extension elements are allowed. If the array is empty, no extension elements are allowed, otherwise the configured elements are allowed.

Array [

type

string required

Type of Extension element

Enum ms_template ms_sid

mandatory

boolean required

If true, this element must be in the request or the request will be rejected

editable

boolean required

If true, this element can be provided in the request to be modified

value

string | null

The default value of this element

]

extraCsrExtensions

array of string | null

List of OIDs to copy as is from the CSR into the certificate. Introduced in 2.0.10

removeBasicConstraints

boolean | null

If true, do not set the BasicConstraints field

400 Bad Request

401 Unauthorized request

403 Forbidden action

404 Not Found

500 Internal Server error

put

/api/v1/templates

{

"name": "Server" ,

"ku":

{ ... } ,

"eku":

{ ... } ,

"emptyExtensions":

[ ... ] ,

"crldps":

[ ... ] ,

"crldpsFromCA": true ,

"aia":

{ ... } ,

"aiaFromCA": true ,

"policy":

[ ... ] ,

"policyFromCA": true ,

"pathLen": 1 ,

"lifetime": "5 seconds" ,

"backdate": "5 seconds" ,

"checkPoP": true ,

"qcStatement":

{ ... } ,

"qcStatementFromCA": true ,

"privateKeyUsagePeriod":

{ ... } ,

"subject":

[ ... ] ,

"sans":

[ ... ] ,

"extensions":

[ ... ] ,

"enabled": true ,

"extraCsrExtensions":

[ ... ] ,

"removeBasicConstraints": true

}

{

"id": "6448d56b310000400063f014" ,

"name": "Server" ,

"ku":

{ ... } ,

"eku":

{ ... } ,

"emptyExtensions":

[ ... ] ,

"crldps":

[ ... ] ,

"crldpsFromCA": true ,

"aia":

{ ... } ,

"aiaFromCA": true ,

"policy":

[ ... ] ,

"policyFromCA": true ,

"pathLen": 1 ,

"lifetime": "5 seconds" ,

"backdate": "5 seconds" ,

"checkPoP": true ,

"qcStatement":

{ ... } ,

"qcStatementFromCA": true ,

"privateKeyUsagePeriod":

{ ... } ,

"subject":

[ ... ] ,

"sans":

[ ... ] ,

"extensions":

[ ... ] ,

"enabled": true ,

"extraCsrExtensions":

[ ... ] ,

"removeBasicConstraints": true

}