pki scep-cert

SCEP Certificate enrollment object.

scep-cert Specification

Type Collection
Object Key(s) name
Collection Name scep-cert-list
Collection URI /axapi/v3/pki/scep-cert/
Element Name scep-cert
Element URI /axapi/v3/pki/scep-cert/{name}
Element Attributes scep-cert_attributes
Schema scep-cert schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/pki/scep-cert/

scep-cert Attributes

Create List

POST

/axapi/v3/pki/scep-cert/

scep-cert Attributes

Get Object

GET

/axapi/v3/pki/scep-cert/{name}

scep-cert Attributes

Get List

GET

/axapi/v3/pki/scep-cert/

scep-cert-list

Modify Object

POST

/axapi/v3/pki/scep-cert/{name}

scep-cert Attributes

Replace Object

PUT

/axapi/v3/pki/scep-cert/{name}

scep-cert Attributes

Replace List

PUT

/axapi/v3/pki/scep-cert/

scep-cert-list

Delete Object

DELETE

/axapi/v3/pki/scep-cert/{name}

scep-cert Attributes

scep-cert-list

scep-cert-list is JSON List of scep-cert Attributes

scep-cert-list : [

scep-cert Attributes

dn

Description: Specify the Distinguished-Name to use while enrolling the certificate (Format: “cn=user, dc=example, dc=com”)

Type: string

Format: string-rlx

encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

enroll

Description: Initiates enrollment of device with the CA

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

interval

Description: Interval time in seconds to poll when SCEP response is PENDING (default 5)

Type: number

Range: 1-3600

Default: 5

key-length

Description: ‘1024’: Key size 1024 bits; ‘2048’: Key size 2048 bits(default); ‘4096’: Key size 4096 bits; ‘8192’: Key size 8192 bits;

Type: string

Supported Values: 1024, 2048, 4096, 8192

Default: 2048

log-level

Description: level for logging output of scepclient commands(default 1 and detailed 4)

Type: number

Range: 1-4

Default: 1

max-polltime

Description: Maximum time in seconds to poll when SCEP response is PENDING (default 180)

Type: number

Range: 15-432000

method

Description: ‘GET’: GET request; ‘POST’: POST request;

Type: string

Supported Values: GET, POST

Default: GET

minute

Description: Periodic interval in minutes

Type: number

Range: 2-255

Mutual Exclusion: minute and renew-every-type are mutually exclusive

name

Description: Specify Certificate name to be enrolled

Type: string

Required: Yes

password

Description: Specify the password used to enroll the device’s certificate

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

renew-before

Description: Specify interval before certificate expiry to renew the certificate

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: renew-before and renew-every are mutually exclusive

renew-before-type

Description: ‘hour’: Number of hours before cert expiry; ‘day’: Number of days before cert expiry; ‘week’: Number of weeks before cert expiry; ‘month’: Number of months before cert expiry;

Type: string

Supported Values: hour, day, week, month

renew-before-value

Description: Value of renewal period

Type: number

Range: 1-255

renew-every

Description: Specify periodic interval in which to renew the certificate

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: renew-every and renew-before are mutually exclusive

renew-every-type

Description: ‘hour’: Periodic interval in hours; ‘day’: Periodic interval in days; ‘week’: Periodic interval in weeks; ‘month’: Periodic interval in months;

Type: string

Supported Values: hour, day, week, month

Mutual Exclusion: renew-every-type and minute are mutually exclusive

renew-every-value

Description: Value of renewal period

Type: number

Range: 1-255

secret-string

Description: secret password

Type: string

Format: password

subject-alternate-name

Description: subject-alternate-name is a JSON Block . Please see below for subject-alternate-name

Type: Object

url

Description: Specify the Enrollment Agent’s absolute URL (Format: http://host/path )

Type: string

Format: string-rlx

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

subject-alternate-name

Specification
Type object

san-type

Description: ‘email’: Enter e-mail address of the subject; ‘dns’: Enter hostname of the subject; ‘ip’: Enter IP address of the subject;

Type: string

Supported Values: email, dns, ip

san-value

Description: Value of subject-alternate-name

Type: string

Format: string-rlx