Parent class—X509 Certificate Base
Contains X.509 fields and attributes that describe a certificate.
- Class Name: X509 Certificate Base
- Inheritance: Parent class—Driver Base and Parent class—Monitoring Base
Attribute |
Description |
---|---|
Policy Definable: NA. Default: NA |
|
Adaptable Workflow Approvers UI: Specified Approvers
Required: Yes
|
Policy Definable: No. Default: NA One or more identities that can approve the workflow. |
Adaptable Workflow Reference ID UI: NA
Required: No
|
Policy Definable: No. Default: NA For internal use. |
Adaptable Workflow Stage UI: If Stage is
Required: Yes
|
Policy Definable: No. Default: NA Applies the workflow actions at the designated stage of the object lifecycle. |
Address UI: Address
Required: No
|
Policy Definable: Yes. Default: NA The street address that appears as part of the Subject DN of the certificate. |
Allow Private Key Reuse UI: Reuse Private Keys for Service Generated CSRs
Required: No
|
Policy Definable: Yes. Default: 0 While renewing a X509 certificate, manage the private key:
|
Policy Definable: No. Default: NA |
|
Approved Issuer UI: NA
Required: No
|
Policy Definable: Yes. Default: NA A list of DNs that show which CAs are allowed to issue certificates. |
Approver UI: Approver(s)
Required: No
|
Policy Definable: Yes. Default: NA One or more user or group identities who are authorized to approve a workflow related to the object. Values are prefixed universals with one of the following formats:
|
Certificate Authority UI: CA Template
Required: No
|
Policy Definable: Yes. Default: NA The DN of the Certificate Authority (CA) template object to enroll the next version of the certificate. |
Certificate Download: PBES2 Algorithm UI: Private Key PBE (password-based encryption) Algorithm
Required: No
|
Policy Definable: Yes. Default: NA The download format of the private key. One of the following Password-Based Cryptography Specification Version 2.0 (PBES2) values:
|
Certificate Process Validator UI: NA
Required: No
|
Policy Definable: No. Default: NA The driver name that performs additional CSR actions before and after certificate enrollment. |
Certificate Vault Id UI: NA
Required: Yes
|
Policy Definable: No. Default: NA A number that uniquely identifies the current version of the certificate that is in the vault. |
City UI: City
Required: No
|
Policy Definable: Yes. Default: NA The city name that appears as part of the Subject DN of the certificate. This field is also known as the locale. |
Policy Definable: NA. Default: NA Formerly Commodo |
|
Consumers UI: Associations
Required: No
|
Policy Definable: No. Default: NA The DN of the Application object that is associated with the certificate. If the certificate has multiple Application objects, more than one value is present. When updating the value, be sure to change the Certificate attribute of the associated Application object. |
Country UI: Country
Required: No
|
Policy Definable: Yes. Default: NA The two character country code that appears as part of the Subject DN of the certificate. For a list of valid country codes see Country codes. |
Created By UI: Created By
Required: No
|
Policy Definable: No. Default: NA The process or application that added the Certificate object to Trust Protection Platform. The certificate originated from:
|
CSR Thumbprint UI: NA
Required: No
|
Policy Definable: No. Default: NA Confirms that the CSR was successfully created. |
CSR Vault Id UI: NA
Required: No
|
Policy Definable: No. Default: NA A number that uniquely identifies the CSR in the vault that Trust Protection Platform used (or will use) to enroll the certificate. |
Policy Definable: NA. Default: NA |
|
Disable Automatic Renewal UI: Disable Automatic Renewal
Required: No
|
Policy Definable: Yes. Default: 0 Applies when the Management Type is Enrollment or Provisioning. The means for renewing a certificate:
|
Disable Password Complexity UI: Disable Password Complexity
Required: No
|
Policy Definable: Yes. Default: 0 Password complexity for private key downloads. For an example of complexity requirements, see
|
Discovered BY DN UI: NA
Required: No
|
Policy Definable: No. Default: NA The Distinguished Name (DN) of the device that ran discovery. |
Discovered On UI: NA
Required: No
|
Policy Definable: No. Default: NA For internal discovery placement use only. A string that maps to a unique instance and describes where the certificate was discovered. |
Domain Suffix Whitelist UI: Allowed Domains
Required: No
|
Policy Definable: Yes. Default: NA The allowed list of domain suffixes that are acceptable in new certificate requests. For example, mydomain.com sales.usa.com. |
Elliptic Curve UI: NA
Required: No
|
Policy Definable: Yes. Default: NA The National Institute of Standards and Technology (NIST) curve algorithm. For example, 256P. |
Encryption Driver UI: Key Generation
Required: No
|
Policy Definable: Yes. Default: Software The key name that Trust Protection Platform will use when generating encryption keys for certificates. Software is currently the only value allowed. |
Enforce Unique Subject UI: Allow duplicate Common and Subject Alternate Names
Required: No
|
Policy Definable: Yes. Default: 0 Determines whether the certificate can use the Common Name (CN) as the SAN Domain Name Server (DNS) name. For new or renewed certificates:
|
Entrust PKI Gateway:Early Private Key Vault ID UI: NA
Required: No
|
Policy Definable: No. Default: NA Internal |
Entrust PKI Gateway:Early X509 Vault ID UI: NA
Required: No
|
Policy Definable: No. Default: NA Internal |
Policy Definable: NA. Default: NA |
|
Escalation Notice Interval UI: Send event every (days)
Required: No
|
Policy Definable: Yes. Default: 1 The number of elapsed days between sending escalated expiration events for the certificate. |
Escalation Notice Start UI: Start escalating events (days)
Required: No
|
Policy Definable: Yes. Default: 15 The number of days, prior to the expiration date of a certificate, to begin logging escalated expiration events. |
EST ReEnrollment In Progress UI: NA
Required: No
|
Policy Definable: No. Default: NA The status of a certificate re-enrollment that occurred via an Enrollment over Secure Transport (EST). |
Expiration Notice Interval UI: Send event every (days)
Required: No
|
Policy Definable: Yes. Default: 1 The number of days that elapse between sending expiration events for the certificate. |
Expiration Notice Start UI: Start generating events (days)
Required: No
|
Policy Definable: Yes. Default: 30 The number of days, prior to the expiration date of a certificate, to begin logging expiration events. |
Fields UI: Custom Fields
Required: No
|
Policy Definable: Yes. Default: NA An identifier-value pair for a custom field. |
Generate Keypair on Application UI: Generate Key/CSR on Application
Required: No
|
Policy Definable: Yes. Default: 0 The location where the CSR and the private key generate:
|
GeoTrust CA: UI: (All fields)
Required: No
|
Policy Definable: No. Default: NA Deprecated. |
Given Name UI: NA
Required: No
|
Policy Definable: No. Default: NA The certificate approver's first name. |
Policy Definable: NA. Default: NA |
|
Grouping Id UI: Group Id
Required: No
|
Policy Definable: Yes. Default: No The identifier that groups related log events together. |
In Error UI: NA
Required: No
|
Policy Definable: No. Default: 0 Set internally by Trust Protection Platform:
|
In Process UI: NA
Required: No
|
Policy Definable: No. Default: NA The process state of the CSR. |
Internet Email Address UI: Email
Required: No
|
Policy Definable: No. Default: NA The email address that appears as part of the Subject DN of the certificate. |
Issued to UI: NA
Required: No
|
Policy Definable: No. Default: NA The name or company who received the certificate. |
Key Algorithm UI: Hash Algorithm
Required: No
|
Policy Definable: Yes. Default: NA For the CSR, choose SHA-1or SHA-256. |
Key Bit Strength UI: Key Strength (Bits)
Required: No
|
Policy Definable: Yes. Default: NA The bit length of the key to be generated for the next version of the certificate. Valid values are: 512, 1024, 2048, and 4096. |
Key Storage Location UI: NA
Required: Yes
|
Policy Definable: No. Default: NA The HSM connector name in CodeSign Protect. |
Keynectis Sequoia CA:Fields UI: NA
Required: No
|
Policy Definable: No. Default: NA Deprecated |
Last Evaluated On UI: Last Check
Required: No
|
Policy Definable: No. Default: NA The date and time of the most recent SSL/TLS certificate validation. |
Last Notification UI: NA
Required: No
|
Policy Definable: No. Default: NA The date and time of the most recent Trust Protection Platform notification for this certificate. |
Last Renewed By UI: NA
Required: No
|
Policy Definable: No. Default: NA The Trust Protection Platform identity who made the most recent certificate change. |
Last Renewed On UI: NA
Required: No
|
Policy Definable: No. Default: NA The date and time of the most recent certificate renewal. |
Last Validation State Update UI: NA
Required: No
|
Policy Definable: No. Default: NA The date and time of the most recent certificate change. |
License Count UI: NA
Required: Yes
|
Policy Definable: No. Default: NA The number of servers that can host the certificate. If a CA requires a license for each installed instance, this value must match the number of instances. Applies to Comodo, Entrust Certificate Services CAs. |
Management Type Management Type No UI: NA
Required: No
|
Policy Definable: Yes. Default: Monitoring The management type of the certificate. Valid values are: Monitoring, Enrollment, and Provisioning. |
Manual Approval UI: Manual Approval
Required: No
|
Policy Definable: Yes. Default: 0 The setting to manage approvals for issuing new or renewed certificates:
|
Manual Csr UI: CSR Generation
Required: No
|
Policy Definable: Yes. Default: 0 The setting to manage Certificate Signing Request (CSR)s:
|
Policy Definable: NA. Default: NA |
|
Network Validation Disabled UI: Disable Network Validation
Required: No
|
Policy Definable: Yes. Default: 0 The setting for network validation:
|
Policy Definable: NA. Default: NA |
|
Options UI: NA
Required: No
|
Policy Definable: Yes. Default: NA The source of the CSR on this certificate:
|
Organization UI: Organization
Required: No
|
Policy Definable: Yes. Default: NA The Organization (O) name that appears as part of the Subject DN of the certificate. |
Organizational Unit UI: Organizational Unit
Required: No
|
Policy Definable: Yes. Default: NA The Organizational Unit (OU) name that appears as part of the Subject DN of the certificate. |
Origin UI: NA
Required: No
|
Policy Definable: No. Default: NA The friendly name of the system requesting the certificate. |
PKCS10 Hash Algorithm
UI: PKCS10 Hash Algorithm Required: No |
Policy Definable: Yes. Default: NA The algorithm used to sign and create the CSR. The certificate algorithm is finalized by the CA when it signs the CSR: Sha1, Sha256, Sha384, or Sha512. |
Postal Code UI: Postal Code
Required: Yes
|
Policy Definable: Yes. Default: NA The postal or zip code of the certificate. |
Private Key Vault Id UI: NA
Required: No*
|
Policy Definable: No. Default: NA A number that uniquely identifies the private key stored in the vault and corresponds to the current version of the certificate. Required when the certificate provisioning mode is:
|
Prohibit Wildcard UI: Prohibit Wildcard
Required: No
|
Policy Definable: Yes. Default: 0 The setting to control the use of the asterisk (*) for wild cards on a CN:
|
Prohibited Subject Attributes UI: Prohibited Subject Attributes
Required: Yes
|
Policy Definable: Yes. Default: NA The set of prohibited certificate Subject attributes. |
Protection Key UI: NA
Required: Yes
|
Policy Definable: No. Default: Software The key name to secure the private key in Secret Store. |
Public Key Vault Id UI: NA
Required: No
|
Policy Definable: No. Default: NA The Vault ID of the public key. |
Renewal Window UI: Renewal Window
Required: No
|
Policy Definable: Yes. Default: 30 The number of days, prior certificate expiration, when automatic renewal should begin. This attribute is ignored when Disable Automatic Renewal is 1. |
Reverse DC Order UI: NA
Required: No
|
Policy Definable: Yes. Default: NA Sets the order of the domain component (DC) association for the Secret Store. |
Revocation Check Disabled UI: Revocation Check Disabled
Required: No
|
Policy Definable: Yes. Default: NA Monitor for revoked certificates:
|
Revocation Check In Error UI: Revocation Check In Error
Required: No
|
Policy Definable: Yes. Default: 0 Set internally by Trust Protection Platform
|
Revocation Check Last Checked UI: Revocation Check Last Checked
Required: No
|
Policy Definable: Yes. Default: NA The date at time of Trust Protection Platform verified that this certificate is active and not revoked. |
Revocation Check Status UI: Revocation Check Status
Required: No
|
Policy Definable: Yes. Default: NA The status of a revoked certificate:
|
Revocation Original Request UI: Revocation Original Request
Required: No
|
Policy Definable: Yes. Default: NA The ability to show the certificate revocation request. |
Revocation Request UI: NA
Required: No
|
Policy Definable: No. Default: NA The Vault ID of the certificate that Trust Protection Platform should revoke as soon as the engine is able to do so. Also includes the Revocation Reason and Comments to send to the CA at the time of revocation. Syntax: <Vault ID>|<Revocation Reason>|<Comment> Example: 12345|Superceded|Replaced by new cert |
Scep Transaction Id UI: NA
Required: Yes
|
Policy Definable: No. Default: NA The Simple Certificate Enrollment Protocol (SCEP) for a mobile device certificate. |
Server Type UI: Server Type
Required: Yes
|
Policy Definable: Yes. Default: NA The CA specific attribute for renewal or enrollment. A predefined server type. |
Signing Request Subject UI: NA
Required: No
|
Policy Definable: No. Default: NA Set internally by Trust Protection Platform. Used internally to store the Subject DN of the last CSR that was used to enroll with the CA. |
Specific End Date UI: Expiration
Required: No
|
Policy Definable: No. Default: NA The certificate validity period. |
Stage UI: NA
Required: No
|
Policy Definable: No. Default: NA Set internally by Trust Protection Platform. The current lifecycle process stage of the certificate. |
State UI: State/Province
Required: No
|
Policy Definable: Yes. Default: NA
The state (ST) name that appears as part of the Subject DN of the certificate. |
Status UI: NA
Required: No
|
Policy Definable: No. Default: NA Set internally by Trust Protection Platform. The current status of processing for the application. Values may include an error message, an indication that processing has stopped pending workflow approval, or some other status. The absence of this attribute indicates an OK status. |
SID Extension:Value UI: AD Security Identifier source
- Look up SID from AD Identity - Enter SID manually Required: No
|
Policy Definable: Yes. Default: NA Contains SID (AD Security Identifier) value or AD identity (prefixed universal) to resolve the SID value from. This attribute is used for service-generated CSRs. |
SID Extension:Effective Value UI: NA
Required: No
|
Policy Definable: Yes. Default: NA Is set when certificate issuance is in progress and contains effective SID (AD Security Identifier) value. Format is: |
Surname UI: Last Name
Required: No
|
Policy Definable: Yes. Default: NA The last name of a person that is collected by the CA at the time of enrollment. |
Symantec LHK CA UI: NA
Required: No
|
Policy Definable: No. Default: NA Deprecated as of 21.3. However the database column may still be present. in the database. |
Symantec MPKI CA specific attributes |
Policy Definable: No. Default: NA Deprecated as of 21.3. However the database column may still be present. in the database. |
Telephone UI: Telephone
Required: No
|
Policy Definable: Yes. Default: NA The contact's telephone number for this certificate. |
Thawte CA UI: NA
Required: No
|
Policy Definable: No. Default: NA Deprecated |
Transaction Id UI: NA
Required: No
|
Policy Definable: No. Default: NA Set internally by Trust Protection Platform. The identifier that the CA issued during the last CSR. |
Trusted Status UI: NA
Required: No
|
Policy Definable: No. Default: NA The status of the certificate trust bundle. |
Policy Definable: NA. Default: NA |
|
Validation State UI: Validation State
Required: No
|
Policy Definable: No. Default: NA For more information, see Certificates File validation states. |
Validity Period UI: Validity Period
Required: Yes
|
Policy Definable: No. Default: NA The number of years between issuance and expiration dates of the certificate. When setting this attribute, the valid periods must be read from the assigned CA template object. |
Verizon CA UI: NA
Required: No
|
Policy Definable: No. Default: NA Deprecated |
Want Renewal UI: Reuse Private Key
Required: No
|
Policy Definable: Yes. Default: NA A value of 1 reuses the private key upon renewal. |
X509 Extension Fields UI: NA
Required: No
|
Policy Definable: No. Default: NA The custom fields on the user certificate. |
X509 D UI: NA
Required: No
|
Policy Definable: No. Default: NA The description on user certificate. |
X509 DC UI: NA
Required: No
|
Policy Definable: No. Default: NA The DN qualifier on the user certificate. |
X509 DNQ UI: NA
Required: No
|
Policy Definable: No. Default: NA The DN email address on the user certificate. |
X509 E UI: NA
Required: No
|
Policy Definable: No. Default: NA The DN email address on the user certificate. |
X509 Extension Fields UI: NA
Required: No
|
Policy Definable: No. Default: NA The additional certificate extension fields on the user certificate. |
X509 GN UI: NA
Required: No
|
Policy Definable: No. Default: NA The given name on the user certificate. |
X509 GQ UI: NA
Required: No
|
Policy Definable: No. Default: NA The generation qualifier on the user certificate. |
X509 I UI: NA
Required: No
|
Policy Definable: No. Default: NA The initials on the user certificate. |
X509 P UI: NA
Required: No
|
Policy Definable: No. Default: NA The pseudonym on the user certificate. |
X509 PA UI: NA
Required: No
|
Policy Definable: No. Default: NA The postal address on the user certificate. |
X509 PC UI: NA
Required: No
|
Policy Definable: No. Default: NA The postal code on the user certificate. |
X509 SA UI: NA
Required: No
|
Policy Definable: No. Default: NA The street address on the user certificate. |
X509 SN UI: NA
Required: No
|
Policy Definable: No. Default: NA The surname on the user certificate. |
X509 SNO UI: NA
Required: No
|
Policy Definable: No. Default: NA The serial number on the user certificate. |
|
|
X509 Subject UI: Common Name
Required: No
|
Policy Definable: No. Default: NA
The common name (CN) that appears as part of the Subject DN of the certificate. |
X509 SubjectAltName UI: NA
Required: No
|
Policy Definable: No. Default: NA One or more certificate names .to provide to the CA at the time of enrollment. |
X509 SubjectAltName DNS UI: Subject Alt Name (SAN)
Required: No
|
Policy Definable: No. Default: NA One or more DNS Name Subject Alternative Name (SAN)s to provide to the CA at the time of enrollment. The maximum number allowed is specific to each CA. When the value is missing, SANs can only be added to externally generated CSRs. |
X509 SubjectAltName IPAddress UI: NA
Required: No
|
Policy Definable: No. Default: NA The IP Address to use as a SAN on the certificate. |
X509 SubjectAltName OtherName UPN UI: NA
Required: No
|
Policy Definable: No. Default: NA NA The UPN to use as a SAN on the certificate. |
X509 SubjectAltName RFC822 UI: NA
Required: No
|
Policy Definable: No. Default: NA
The email address to use as a SAN on the certificate. |
X509 SubjectAltName URI UI: NA
Required: No
|
Policy Definable: No. Default: NA The URI to use as a SAN on the certificate. |
X509 T UI: NA
Required: No
|
Policy Definable: No. Default: NA The title on the user certificate. |
X509 TN UI: NA
Required: No
|
Policy Definable: No. Default: NA The telephone number on the user certificate. |
X509 UA UI: NA
Required: No
|
Policy Definable: No. Default: NA The unstructured address on the user certificate. |
X509 UID UI: NA
Required: No
|
Policy Definable: No. Default: NA The user Id on the user certificate. |
X509 UN UI: NA
Required: No
|
Policy Definable: No. Default: NA The unstructured name on the user certificate. |
Xolphin CA:(fields) UI: NA
Required: No
|
Policy Definable: No. Default: NA Deprecated |