certificate.create

Create a new Certificate

Certificates are classified under following types and the necessary keywords to be passed for create_type attribute to create the respective type of certificate

  1. Imported Certificate - CERTIFICATE_CREATE_IMPORTED

  2. Certificate Signing Request - CERTIFICATE_CREATE_CSR

  3. Imported Certificate Signing Request - CERTIFICATE_CREATE_IMPORTED_CSR

  4. ACME Certificate - CERTIFICATE_CREATE_ACME

By default, created CSRs use RSA keys. If an Elliptic Curve Key is desired, it can be specified with the key_type attribute. If the ec_curve attribute is not specified for the Elliptic Curve Key, then default to using “SECP384R1” curve.

A type is selected by the Certificate Service based on create_type. The rest of the values in data are validated accordingly and finally a certificate is made based on the selected type.

cert_extensions can be specified to set X509v3 extensions.

Type: object

Type: array
No Additional Items

Tuple Validation

Parameter 1: certificate_create

certificate_create

Type: object
No Additional Properties

Name

Type: string

Must be at least 1 characters long

Must be at most 120 characters long

Create Type

Type: enum (of string)
Must be one of:
  • "CERTIFICATE_CREATE_IMPORTED"
  • "CERTIFICATE_CREATE_CSR"
  • "CERTIFICATE_CREATE_IMPORTED_CSR"
  • "CERTIFICATE_CREATE_ACME"

Add To Trusted Store

Type: boolean Default: false

Certificate

Default: null

Type: string

Must be at least 1 characters long

Type: null

Privatekey

Default: null

Type: string

Must be at least 1 characters long

Type: null

Csr

Default: null

Type: string

Must be at least 1 characters long

Type: null

Key Length

Default: null

Type: enum (of integer)
Must be one of:
  • 2048
  • 4096
Type: null

Key Type

Type: enum (of string) Default: "RSA"
Must be one of:
  • "RSA"
  • "EC"

Ec Curve

Type: enum (of string) Default: "SECP384R1"
Must be one of:
  • "SECP256R1"
  • "SECP384R1"
  • "SECP521R1"
  • "ed25519"

Passphrase

Default: null

Type: string

Must be at least 1 characters long

Type: null

City

Default: null

Type: string

Must be at least 1 characters long

Type: null

Common

Default: null

Type: string

Must be at least 1 characters long

Type: null

Country

Default: null

Type: string

Must be at least 1 characters long

Type: null

Email

Default: null

Type: stringFormat: email
Type: null

Organization

Default: null

Type: string

Must be at least 1 characters long

Type: null

Organizational Unit

Default: null

Type: string

Must be at least 1 characters long

Type: null

State

Default: null

Type: string

Must be at least 1 characters long

Type: null

Digest Algorithm

Type: enum (of string) Default: "SHA256"
Must be one of:
  • "SHA224"
  • "SHA256"
  • "SHA384"
  • "SHA512"

San

Type: array of string
No Additional Items
Each item of this array must be:
Type: string

Must be at least 1 characters long

CertificateExtensions

Type: object
No Additional Properties

BasicConstraintsModel

Type: object
Default:
{ "ca": false, "enabled": false, "path_length": null, "extension_critical": false }

No Additional Properties

Ca

Type: boolean Default: false

Enabled

Type: boolean Default: false

Path Length

Default: null

Type: integer
Type: null

Extension Critical

Type: boolean Default: false

ExtendedKeyUsageModel

Type: object
Default:
{ "usages": [], "enabled": false, "extension_critical": false }

No Additional Properties

Usages

Type: array of enum (of string)
No Additional Items
Each item of this array must be:
Type: enum (of string)
Must be one of:
  • "ANY_EXTENDED_KEY_USAGE"
  • "CERTIFICATE_TRANSPARENCY"
  • "CLIENT_AUTH"
  • "CODE_SIGNING"
  • "EMAIL_PROTECTION"
  • "IPSEC_IKE"
  • "KERBEROS_PKINIT_KDC"
  • "OCSP_SIGNING"
  • "SERVER_AUTH"
  • "SMARTCARD_LOGON"
  • "TIME_STAMPING"

Enabled

Type: boolean Default: false

Extension Critical

Type: boolean Default: false

KeyUsageModel

Type: object
Default:
{ "enabled": false, "digital_signature": false, "content_commitment": false, "key_encipherment": false, "data_encipherment": false, "key_agreement": false, "key_cert_sign": false, "crl_sign": false, "encipher_only": false, "decipher_only": false, "extension_critical": false }

No Additional Properties

Enabled

Type: boolean Default: false

Digital Signature

Type: boolean Default: false

Content Commitment

Type: boolean Default: false

Key Encipherment

Type: boolean Default: false

Data Encipherment

Type: boolean Default: false

Key Agreement

Type: boolean Default: false

Key Cert Sign

Type: boolean Default: false

Crl Sign

Type: boolean Default: false

Encipher Only

Type: boolean Default: false

Decipher Only

Type: boolean Default: false

Extension Critical

Type: boolean Default: false

Acme Directory Uri

Default: null

ACME directory URI to be used for ACME certificate creation.

Type: string

Must be at least 1 characters long

Type: null

Csr Id

Default: null

CSR to be used for ACME certificate creation.

Type: integer
Type: null

Tos

Default: null

Set this when creating an ACME certificate to accept terms of service of the ACME service.

Type: boolean
Type: null

Dns Mapping

Type: object

A mapping of domain to ACME DNS Authenticator ID for each domain listed in SAN or common name of the CSR.

Each additional property must conform to the following schema

Type: integer

Renew Days

Type: integer Default: 10

Number of days before the certificate expiration date to attempt certificate renewal. If certificate renewal fails,
renewal will be reattempted every day until expiration.

Value must be greater or equal to 1 and lesser or equal to 30

CertificateEntry

Type: object
No Additional Properties

Id

Type: integer

Type

Type: integer

Name

Type: string

Must be at least 1 characters long

Certificate


Type: string
Type: null

Privatekey


Type: string
Type: null

Csr


Type: string
Type: null

Acme Uri


Type: string
Type: null

Domains Authenticators


Type: object
Type: null

Renew Days


Type: integer
Type: null

Acme


Type: object
Type: null

Add To Trusted Store

Type: boolean

Root Path

Type: string

Must be at least 1 characters long

Certificate Path


Type: string

Must be at least 1 characters long

Type: null

Privatekey Path


Type: string

Must be at least 1 characters long

Type: null

Csr Path


Type: string

Must be at least 1 characters long

Type: null

Cert Type

Type: string

Must be at least 1 characters long

Cert Type Existing

Type: boolean

Cert Type Csr

Type: boolean

Chain List

Type: array of string
No Additional Items
Each item of this array must be:
Type: string

Key Length


Type: integer
Type: null

Key Type


Type: string

Must be at least 1 characters long

Type: null

Country


Type: string
Type: null

State


Type: string
Type: null

City


Type: string
Type: null

Organization


Type: string
Type: null

Organizational Unit


Type: string
Type: null

Common


Type: string
Type: null

San


Type: array of string
No Additional Items
Each item of this array must be:
Type: string
Type: null

Email


Type: string
Type: null

Dn


Type: string
Type: null

Subject Name Hash


Type: integer
Type: null

Extensions

Type: object

Digest Algorithm


Type: string
Type: null

Lifetime


Type: integer
Type: null

From


Type: string
Type: null

Until


Type: string
Type: null

Serial


Type: integer
Type: null

Chain


Type: boolean
Type: null

Fingerprint


Type: string
Type: null

Expired


Type: boolean
Type: null

Parsed

Type: boolean


Required roles: CERTIFICATE_WRITE