webui.crypto.csr_profiles¶

Return predefined CSR profiles for common certificate types.

Each profile provides recommended defaults for key type, key length or curve, lifetime, digest algorithm, and X.509 extensions (basic constraints, key usage, extended key usage).

Type: object

Type: array
No Additional Items

CSRProfilesModel

Type: object

Default:

{ "HTTPS RSA Certificate": { "cert_extensions": { "BasicConstraints": { "ca": false, "enabled": true, "extension_critical": true }, "ExtendedKeyUsage": { "enabled": true, "extension_critical": true, "usages": [ "SERVER_AUTH", "CLIENT_AUTH" ] }, "KeyUsage": { "digital_signature": true, "enabled": true, "extension_critical": true, "key_agreement": true, "key_encipherment": true } }, "digest_algorithm": "SHA256", "key_length": 2048, "key_type": "RSA", "lifetime": 397 }, "HTTPS ECC Certificate": { "cert_extensions": { "BasicConstraints": { "ca": false, "enabled": true, "extension_critical": true }, "ExtendedKeyUsage": { "enabled": true, "extension_critical": true, "usages": [ "SERVER_AUTH", "CLIENT_AUTH" ] }, "KeyUsage": { "digital_signature": true, "enabled": true, "extension_critical": true } }, "digest_algorithm": "SHA256", "ec_curve": "SECP384R1", "key_type": "EC", "lifetime": 397 } }

Predefined certificate profiles for common use cases.

No Additional Properties

RSACSRExtensions

Type: object

Certificate profile configuration for HTTPS RSA certificates.

No Additional Properties

RSACSRExtensionsModel

Type: object

Default:

{ "BasicConstraints": { "ca": false, "enabled": true, "extension_critical": true }, "ExtendedKeyUsage": { "enabled": true, "extension_critical": true, "usages": [ "SERVER_AUTH", "CLIENT_AUTH" ] }, "KeyUsage": { "digital_signature": true, "enabled": true, "extension_critical": true, "key_agreement": true, "key_encipherment": true } }

Certificate extensions configuration for RSA certificates.

No Additional Properties

BasicConstraintsModel

Type: object

Default:

{ "enabled": true, "ca": false, "extension_critical": true }

Basic constraints extension configuration.

No Additional Properties

Enabled

Type: boolean Default: true

Whether the basic constraints extension is enabled.

Ca

Type: boolean Default: false

Whether this certificate can act as a certificate authority.

Extension Critical

Type: boolean Default: true

Whether this extension is marked as critical.

ExtendedKeyUsageModel

Type: object

Default:

{ "enabled": true, "extension_critical": true, "usages": [ "SERVER_AUTH", "CLIENT_AUTH" ] }

Extended key usage extension configuration.

No Additional Properties

Enabled

Type: boolean Default: true

Whether the extended key usage extension is enabled.

Extension Critical

Type: boolean Default: true

Whether this extension is marked as critical.

Usages

Type: array of string Default: ["SERVER_AUTH", "CLIENT_AUTH"]

Array of extended key usage purposes for the certificate.

No Additional Items

Each item of this array must be:

Type: string

RSAKeyUsageModel

Type: object

Default:

{ "enabled": true, "extension_critical": true, "digital_signature": true, "key_encipherment": true, "key_agreement": true }

Key usage extension configuration for RSA certificates.

No Additional Properties

Enabled

Type: boolean Default: true

Whether the key usage extension is enabled.

Extension Critical

Type: boolean Default: true

Whether this extension is marked as critical.

Digital Signature

Type: boolean Default: true

Whether the key can be used for digital signatures.

Key Encipherment

Type: boolean Default: true

Whether the key can be used for key encipherment.

Key Agreement

Type: boolean Default: true

Whether the key can be used for key agreement.

Key Length

Type: integer Default: 2048

RSA key length in bits.

Key Type

Type: string Default: "RSA"

Type of cryptographic key (RSA).

Lifetime

Type: integer Default: 397

Certificate validity period in days.

Digest Algorithm

Type: string Default: "SHA256"

Hash algorithm for certificate signing.

ECCCSRExtensions

Type: object

Certificate profile configuration for HTTPS ECC certificates.

No Additional Properties

ECCCSRExtensionsModel

Type: object

Default:

{ "BasicConstraints": { "ca": false, "enabled": true, "extension_critical": true }, "ExtendedKeyUsage": { "enabled": true, "extension_critical": true, "usages": [ "SERVER_AUTH", "CLIENT_AUTH" ] }, "KeyUsage": { "digital_signature": true, "enabled": true, "extension_critical": true } }

Certificate extensions configuration for ECC certificates.

No Additional Properties

BasicConstraintsModel

Type: object

Default:

{ "enabled": true, "ca": false, "extension_critical": true }

Basic constraints extension configuration.

No Additional Properties

Enabled

Type: boolean Default: true

Whether the basic constraints extension is enabled.

Ca

Type: boolean Default: false

Whether this certificate can act as a certificate authority.

Extension Critical

Type: boolean Default: true

Whether this extension is marked as critical.

ExtendedKeyUsageModel

Type: object

Default:

{ "enabled": true, "extension_critical": true, "usages": [ "SERVER_AUTH", "CLIENT_AUTH" ] }

Extended key usage extension configuration.

No Additional Properties

Enabled

Type: boolean Default: true

Whether the extended key usage extension is enabled.

Extension Critical

Type: boolean Default: true

Whether this extension is marked as critical.

Usages

Type: array of string Default: ["SERVER_AUTH", "CLIENT_AUTH"]

Array of extended key usage purposes for the certificate.

No Additional Items

Each item of this array must be:

Type: string

ECCKeyUsageModel

Type: object

Default:

{ "enabled": true, "extension_critical": true, "digital_signature": true }

Key usage extension configuration for ECC certificates.

No Additional Properties

Enabled

Type: boolean Default: true

Whether the key usage extension is enabled.

Extension Critical

Type: boolean Default: true

Whether this extension is marked as critical.

Digital Signature

Type: boolean Default: true

Whether the key can be used for digital signatures.

Ec Curve

Type: string Default: "SECP384R1"

Elliptic curve to use for key generation.

Key Type

Type: string Default: "EC"

Type of cryptographic key (ECC).

Lifetime

Type: integer Default: 397

Certificate validity period in days.

Digest Algorithm

Type: string Default: "SHA256"

Hash algorithm for certificate signing.

Required roles: CERTIFICATE_READ

Table Of Contents

Previous topic

Next topic

webui.crypto.csr_profiles¶

Call parameters

Return value

CSRProfilesModel

HTTPS RSA Certificate

RSACSRExtensions

cert_extensions

RSACSRExtensionsModel

BasicConstraints

BasicConstraintsModel

enabled

Enabled

ca

Ca

extension_critical

Extension Critical

ExtendedKeyUsage

ExtendedKeyUsageModel

enabled

Enabled

extension_critical

Extension Critical

usages

Usages

Each item of this array must be:

KeyUsage

RSAKeyUsageModel

enabled

Enabled

extension_critical

Extension Critical

digital_signature

Digital Signature

key_encipherment

Key Encipherment

key_agreement

Key Agreement

key_length

Key Length

key_type

Key Type

lifetime

Lifetime

digest_algorithm

Digest Algorithm

HTTPS ECC Certificate

ECCCSRExtensions

cert_extensions

ECCCSRExtensionsModel

BasicConstraints

BasicConstraintsModel

enabled

Enabled

ca

Ca

extension_critical

Extension Critical

ExtendedKeyUsage

ExtendedKeyUsageModel

enabled

Enabled

extension_critical

Extension Critical

usages

Usages

Each item of this array must be:

KeyUsage

ECCKeyUsageModel

enabled

Enabled

extension_critical

Extension Critical

digital_signature

Digital Signature

ec_curve

Ec Curve

key_type