Certificate profile fields
See the table below for a description of the profile configuration fields
ℹ Some fields support both UI and JSON configuration, some do not.
| UI field | JSON | Value | Mandatory | |
|---|---|---|---|---|
| Profile ID | – | The unique identifier of the certificate profile, as a string of 2 to 64 characters consisting of lowercase letters and numbers. | Yes | |
| Profile Group | – | The name of the group to which the certificate profile belongs, as a string of 2 to 64 characters consisting of lowercase letters and numbers. | Every profile must be associated with one, and only one, group. | |
| Default CA Types | allowedCATypes |
The type of certificate authorities the profile supports, as a list of Type identifiers. | Select at least one type. | |
| Validity period | validity_period |
The validity period for the issued certificates, as a time interval in ISO 8601 format. | Yes | |
| Key Usages | usages |
The key usages permitted for certificates issued using the profile, as a list of key usage object identifiers. Use the JSON field to add key usages not included in the drop-down list. | Yes | |
| Extended key Usages | usages |
The extended key usages permitted for certificates issued using the profile, as a list of key usage object identifiers. Use the JSON field to add key usages not included in the drop-down list. | No | |
| – | allowed_extensions |
The X.509 extensions permitted on request, as a list of the extension object identifiers. | No | |
| – | ignore_unknown_extensions |
true to ignore unknown extensions on request; false to reject requests with unknown extensions. |
No, defaults to true. |
|
| – | ca_constraint |
The basic constraints for the issued certificates, as the sequence described in Section 4.2.1.9 of the RFC 5280. | No |