OpenTrust Request Objects
OpenTrust
caConnectorInfo| Name | Mandatory | Description | Field Type | Constraints |
|---|---|---|---|---|
certificateAuthority |
Yes | Name of the certificateAuthority that will issue the certificate | String |
Value should be OpenTrust. |
isAutoRenewal |
No | If enabled, renewal will be triggered before expiry based on renewBefore days | Boolean |
Should be disabled if autoRegenerateEnabled is true. |
renewBefore |
No | Specifies the no of days prior to expiry for triggering the renewal request | Integer |
Value must be provided if isAutoRenewal is true |
autoRegenerateEnabled |
No | If enabled, renewal will be triggered before expiry based on renewBefore days | Boolean |
Should be disabled if isAutoRenewal is true. |
regenerateBeforeInDays |
No | Specifies the no of days prior to expiry for triggering the regenerate request | Integer |
Value must be provided if autoRegenerateEnabled is true |
caSettingName |
Yes | Name of the CASetting that has been created in AppViewX for the chosen Certificate Authority | String |
NA |
description |
No | Note about the certificate | String |
NA |
csrParameters |
Yes | Parameters that are necessary for generating the CSR | OpenTrust csrParameters |
NA |
vendorSpecificDetails |
Yes | Data specific to the Sectigo vendor | OpenTrust vendor Specific Details |
NA |
name |
No | Specifies the name for the caConnector | String |
NA |
certificateProfileName |
Yes | Name of the certificate profile configured in the CA portal | String |
Certificate profiles will be fetched while saving the CA setting. One of those profiles must be chosen for enrollment. |
OpenTrust
csrParameters| Name | Mandatory | Description | Field Type | Constraints |
|---|---|---|---|---|
commonName
|
Yes | Fully qualified domain name (FQDN) of the server for which certificate is requested. |
String
|
Must be compliant with the common name specified in the policy, if the policy is set as ‘Strict’. |
organization
|
No | Legal name of the organization. |
String
|
Default value - Value configured in the policy. |
organizationUnit
|
No | Division or department of the organization handling the certificate. |
String
|
Default value - Value configured in the policy. |
streetAddress
|
No | Street address where the organization is located. |
String
|
NA |
locality
|
No |
City where the organization is located. This shouldn't be abbreviated. |
String
|
Default value - Value configured in the policy. |
state
|
No | State or region where the organization is located.This shouldn't be abbreviated. |
String
|
Default value - Value configured in the policy. |
country
|
No | The two-letter code for the country where your organization is located. |
String
|
Default value - Value configured in the policy. |
postalCode
|
No | Postal code for the organization address. |
String
|
NA |
mailAddress
|
No | Email address of the organization. |
String
|
Default value - Value configured in the policy. |
hashFunction
|
No |
Hash function to be used in the Certificate. For example, SHA160. Should be chosen from the possible values configured in the Certificate Policy. |
String
|
Default value - the first value will be chosen from the policy. |
keyType
|
No | Algorithm to be used for Key generation. For example, RSA, DSA, EC. Should be chosen from the possible values configured in the Certificate Policy. |
String
|
Default value - the first value will be chosen from the policy. |
bitLength
|
No | Bit length for the key is dependent on the key type chosen. Should be chosen from the possible values configured in the Certificate Policy. |
String
|
Default value - the first value will be chosen from the policy. |
certificateCategories
|
Yes | Purpose for which the generated certificate will be used. |
Array
|
Possible values - Server, Client, Code Signing, Email. |
ellipticCurve
|
No | If the keyType chosen is EC,
then the ellipticCurve must be specified depending
on the bitlength selected. Should be chosen from
the possible values configured in the Certificate Policy. |
String
|
Default value - the first value will be chosen from the policy. |
| Name | Mandatory | Description | Field Type | Constraints |
commonName |
Yes | Fully qualified domain name (FQDN) of the server for which certificate is requested. | String |
Must be compliant with the common name specified in the policy, if the policy is set as ‘Strict’. |
organization |
No | Legal name of the organization. | String |
Default value - Value configured in the policy. |
organizationUnit |
No | Division or department of the organization handling the certificate. | String |
Default value - Value configured in the policy. |
locality |
No |
City where the organization is located. This shouldn't be abbreviated. |
String |
Default value - Value configured in the policy. |
state |
No | State or region where the organization is located.This shouldn't be abbreviated. | String |
Default value - Value configured in the policy. |
country |
No | The two-letter code for the country where your organization is located. | String |
Default value - Value configured in the policy. |
mailAddress |
No | Email address of the organization. | String |
Default value - Value configured in the policy. |
hashFunction |
No |
Hash function to be used in the Certificate. For example, SHA160. Should be chosen from the possible values configured in the Certificate Policy. |
String |
Default value - the first value will be chosen from the policy. |
keyType |
No | Algorithm to be used for Key generation. For example, RSA, DSA, EC. Should be chosen from the possible values configured in the Certificate Policy. | String |
Default value - the first value will be chosen from the policy. |
bitLength |
No | Bit length for the key is dependent on the key type chosen. Should be chosen from the possible values configured in the Certificate Policy. | String |
Default value - the first value will be chosen from the policy. |
certificateCategories |
Yes | Purpose for which the generated certificate will be used. | Array |
Possible values - Server, Client, Code Signing, |
ellipticCurve |
No | If the keyType chosen is EC,
then the ellipticCurve must be specified depending
on the bitlength selected. Should be chosen from
the possible values configured in the Certificate Policy. |
String |
Default value - the first value will be chosen from the policy. |
| Name | Mandatory | Description | Field Type | Constraints |
commonName |
Yes | Fully qualified domain name (FQDN) of the server for which certificate is requested. | String |
Must be compliant with the common name specified in the policy, if the policy is set as ‘Strict’ |
hashFunction |
No |
Hash function to be used in the Certificate. For example, SHA160. Should be chosen from the possible values configured in the Certificate Policy. |
String |
Default value - the first value will be chosen from the policy |
keyType |
No | Algorithm to be used for Key generation. For example, RSA, DSA, EC. Should be chosen from the possible values configured in the Certificate Policy. | String |
Default value - the first value will be chosen from the policy |
bitLength |
No | Bit length for the key is dependent on the key type chosen. Should be chosen from the possible values configured in the Certificate Policy. | String |
Default value - the first value will be chosen from the policy |
certificateCategories |
Yes | Purpose for which the generated certificate will be used. | Array of String |
Possible values - Server, Client, Code Signing, |
ellipticCurve |
No | If the keyType chosen is EC, then the ellipticCurve must be specified depending on the bitlength selected. Should be chosen from the possible values configured in the Certificate Policy. | String |
Default value - the first value will be chosen from the policy |
enhancedSANTypes |
No | Subject alternative names for the certificate. | OpenTrust enhancedSANTypes |
NA |
OpenTrust vendorSpecificDetails
| Name | Mandatory | Description | Field Type | Constraints |
|---|---|---|---|---|
| formFields | Yes |
Certificate parameters that are configured in the chosen certificate profile. Parameters can be identified in the CA portal or the certificate enrollment page in the AppViewX UI. |
OpenTrust formFields | CA settings must have been saved after choosing the required certificate profile. |
OpenTrust formFields
There could be any number of parameters configured in the Certificate Management Profile in the OpenTrust CA portal. One sample parameter has been specified in the below table.
| Name | Mandatory | Description | Field Type | Constraints |
commonName1 |
Mandatory constraint depends on the profile configuration in the CA portal. | Fully qualified domain name (FQDN) of the server for which certificate is requested. | String |
NA |
OpenTrust enhancedSANTypes
| Name | Mandatory | Description | Field Type | Constraints |
|---|---|---|---|---|
dNSNames |
No | List of Subject Alternative names for the Certificate. | Array of String |
NA |
iPAddresses |
No | IP addresses to be considered as Subject Alternative Names. | Array of String |
Must be valid ip addresses. |
| Name | Mandatory | Description | Field Type | Constraints |
dNSNames |
Depends on the profile configuration in the CA portal. | List of Subject Alternative names for the Certificate | Array of String |
AlternativeName (DNS) must have been enabled in the CA Portal |
iPAddresses |
Depends on the profile configuration in the CA portal. | IP addresses to be considered as Subject Alternative Names | Array of Sting |
AlternativeName (IP) must have been enabled in the CA Portal |
uniformResourceIdentifiers |
Depends on the profile configuration in the CA portal. | URIs to be considered as Subject Alternative Names | Array of String |
AlternativeName (URI) must have been enabled in the CA Portal |
rfc822Names |
Depends on the profile configuration in the CA portal. | Email addresses to be considered as Subject Alternative Names | Array of Sting |
Email as subject alternative name must have been enabled in the CA Portal |