Skip to content

CA Get Profile REST API

Endi S. Dewata edited this page Oct 25, 2023 · 7 revisions

Request

JSON Request

  • Operation: GET /ca/rest/profiles/{id}

  • Authentication: required

Raw Request

  • Operation: GET /ca/rest/profiles/{id}/raw

  • Authentication: required

Response

JSON
$ curl \
    -k \
    -s \
    -H "Accept: application/json" \
    --cookie cookies \
    https://localhost.localdomain:8443/ca/rest/profiles/caUserCert | python -m json.tool
{
    "id": "caUserCert",
    "classId": "caEnrollImpl",
    "name": "Manual User Dual-Use Certificate Enrollment",
    "description": "This certificate profile is for enrolling user certificates.",
    "enabled": true,
    "visible": false,
    "enabledBy": "admin",
    "authzAcl": "",
    "renewal": false,
    "inputs": [
        {
            "id": "i1",
            "ClassID": "keyGenInputImpl",
            "Name": "Key Generation",
            "ConfigAttribute": [],
            "Attribute": [
                {
                    "name": "cert_request_type",
                    "Descriptor": {
                        "Syntax": "keygen_request_type",
                        "Description": "Key Generation Request Type"
                    }
                },
                ...
            ]
        },
        {
            "id": "i2",
            "ClassID": "subjectNameInputImpl",
            "Name": "Subject Name",
            "ConfigAttribute": [],
            "Attribute": [
                {
                    "name": "sn_uid",
                    "Descriptor": {
                        "Syntax": "string",
                        "Description": "UID"
                    }
                },
                ...
            ]
        },
        {
            "id": "i3",
            "ClassID": "submitterInfoInputImpl",
            "Name": "Requestor Information",
            "ConfigAttribute": [],
            "Attribute": [
                {
                    "name": "requestor_name",
                    "Descriptor": {
                        "Syntax": "string",
                        "Description": "Requestor Name"
                    }
                },
                ...
            ]
        }
    ],
    "outputs": [
        {
            "id": "o1",
            "name": "Certificate Output",
            "classId": "certOutputImpl",
            "attributes": [
                {
                    "name": "pretty_cert",
                    "Descriptor": {
                        "Syntax": "pretty_print",
                        "Description": "Certificate Pretty Print"
                    }
                },
                ...
            ]
        }
    ],
    "policySets": {
        "userCertSet": [
            {
                "id": "1",
                "def": {
                    "name": "Subject Name Default",
                    "classId": "userSubjectNameDefaultImpl",
                    "text": "This default populates a User-Supplied Certificate Subject Name to the request.",
                    "attributes": [
                        {
                            "name": "name",
                            "Descriptor": {
                                "Syntax": "string",
                                "Description": "Subject Name"
                            }
                        }
                    ],
                    "params": [
                        {
                            "name": "useSysEncoding",
                            "value": ""
                        }
                    ]
                },
                "constraint": {
                    "name": "Subject Name Constraint",
                    "text": "This constraint accepts the subject name that matches UID=.*",
                    "classId": "subjectNameConstraintImpl",
                    "constraints": [
                        {
                            "name": "pattern",
                            "descriptor": {
                                "Syntax": "string",
                                "Description": "Subject Name Pattern"
                            },
                            "value": "UID=.*"
                        }
                    ]
                }
            },
            ...
        ]
    },
    "xmloutput": false
}
Raw
$ curl \
    -k \
    -s \
    --cookie cookies \
    https://localhost.localdomain:8443/ca/rest/profiles/caUserCert/raw
auth.class_id=
classId=caEnrollImpl
desc=This certificate profile is for enrolling user certificates.
enable=true
enableBy=admin
input.i1.class_id=keyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
input.list=i1,i2,i3
name=Manual User Dual-Use Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=userCertSet
policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.accept=true
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.userCertSet.1.default.name=Subject Name Default
policyset.userCertSet.1.default.params.name=
policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl
policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint
policyset.userCertSet.10.constraint.params.renewal.graceAfter=30
policyset.userCertSet.10.constraint.params.renewal.graceBefore=30
policyset.userCertSet.10.default.class_id=noDefaultImpl
policyset.userCertSet.10.default.name=No Default
policyset.userCertSet.2.constraint.class_id=validityConstraintImpl
policyset.userCertSet.2.constraint.name=Validity Constraint
policyset.userCertSet.2.constraint.params.notAfterCheck=false
policyset.userCertSet.2.constraint.params.notBeforeCheck=false
policyset.userCertSet.2.constraint.params.range=365
policyset.userCertSet.2.default.class_id=validityDefaultImpl
policyset.userCertSet.2.default.name=Validity Default
policyset.userCertSet.2.default.params.range=180
policyset.userCertSet.2.default.params.startTime=0
policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
policyset.userCertSet.3.constraint.name=Key Constraint
policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.userCertSet.3.constraint.params.keyType=RSA
policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
policyset.userCertSet.3.default.name=Key Default
policyset.userCertSet.4.constraint.class_id=noConstraintImpl
policyset.userCertSet.4.constraint.name=No Constraint
policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.userCertSet.4.default.name=Authority Key Identifier Default
policyset.userCertSet.5.constraint.class_id=noConstraintImpl
policyset.userCertSet.5.constraint.name=No Constraint
policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.userCertSet.5.default.name=AIA Extension Default
policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.userCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.userCertSet.5.default.params.authInfoAccessCritical=false
policyset.userCertSet.5.default.params.authInfoAccessNumADs=1
policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.userCertSet.6.constraint.params.keyUsageCritical=true
policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.userCertSet.6.default.name=Key Usage Default
policyset.userCertSet.6.default.params.keyUsageCritical=true
policyset.userCertSet.6.default.params.keyUsageCrlSign=false
policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.userCertSet.7.constraint.class_id=noConstraintImpl
policyset.userCertSet.7.constraint.name=No Constraint
policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.userCertSet.7.default.name=Extended Key Usage Extension Default
policyset.userCertSet.7.default.params.exKeyUsageCritical=false
policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.userCertSet.8.constraint.class_id=noConstraintImpl
policyset.userCertSet.8.constraint.name=No Constraint
policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.userCertSet.8.default.name=Subject Alt Name Constraint
policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.userCertSet.8.default.params.subjAltNameExtCritical=false
policyset.userCertSet.8.default.params.subjAltNameNumGNs=1
policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name=No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS
policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.userCertSet.9.default.name=Signing Alg
policyset.userCertSet.9.default.params.signingAlg=-
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
profileId=caUserCert
visible=false
Clone this wiki locally