Submit a request
Submit a new request
The Request to submit
|
profile
string
requiredThe WebRA profile name |
||||||||||||||||||||||||||||||||||||||||
|
module
string
requiredThe module that will be used to process this request. For a WebRA request, this is always webra
Value
webra
|
||||||||||||||||||||||||||||||||||||||||
|
workflow
string
requiredWhat this request will do. For an enrollment request, this is always enroll
Value
enroll
|
||||||||||||||||||||||||||||||||||||||||
|
template
object (WebRA Enroll Request Template)
required
The user-data that will be used to generate the certificate |
||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||
|
password
object (SecretString)
The password to decrypt the PKCS12 file. Must be set if password mode is manual |
||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||
|
requesterComment
string | null
Free-text field editable by the requester to provider more context on the request |
||||||||||||||||||||||||||||||||||||||||
|
dryRun
boolean | null
If true, the request is validated, but will not result in an enrollment |
||||||||||||||||||||||||||||||||||||||||
|
workflow
string
requiredWhat this request will do. For a revocation request, this is always revoke
Value
revoke
|
||
|
template
object (WebRA Revoke Request Template)
required
The user-data that will be used to revoke the certificate |
||
|
||
|
certificateId
string | null (Internal ID)
The id of the certificate to revoke |
||
|
certificatePem
string | null
The PEM encoded certificate to revoke |
||
|
dryRun
boolean | null
If true, the request is validated, but will not result in an enrollment |
||
|
workflow
string
requiredWhat this request will do. For an update request, this is always update
Value
update
|
|||||||||||||||||||||||
|
template
object (WebRA Update Request Template)
required
The user-data that will be used to update the certificate |
|||||||||||||||||||||||
|
|||||||||||||||||||||||
|
certificateId
string | null (Internal ID)
The id of the certificate to update |
|||||||||||||||||||||||
|
certificatePem
string | null
The PEM encoded certificate to update |
|||||||||||||||||||||||
|
requesterComment
string | null
Free-text field editable by the requester to provider more context on the request |
|||||||||||||||||||||||
|
dryRun
boolean | null
If true, the request is validated, but will not result in an enrollment |
|||||||||||||||||||||||
|
workflow
object
requiredWhat this request will do. For a recovery request, this is always recover
Value
recover
|
||
|
password
object | null (SecretString)
The password to decrypt the PKCS12 file. Must be set if password mode is manual |
||
|
||
|
certificateId
string | null (Internal ID)
The id of the certificate to renew |
||
|
certificatePem
string | null
The PEM encoded certificate to renew |
||
|
requesterComment
string | null
Free-text field editable by the requester to provider more context on the request |
||
|
dryRun
boolean | null
If true, the request is validated, but will not result in an enrollment |
||
|
profile
string
requiredThe target profile name |
|||||||||||||||||||||||
|
module
string
requiredThe module that will be used to process this request. For a WebRA request, this is always webra
Value
webra
|
|||||||||||||||||||||||
|
workflow
string
requiredWhat this request will do. For a migration request, this is always migrate
Value
migrate
|
|||||||||||||||||||||||
|
template
object (WebRA Migrate Request Template)
required
The user-data that will be used to migrate the certificate |
|||||||||||||||||||||||
|
|||||||||||||||||||||||
|
certificateId
string | null (Internal ID)
The id of the certificate to renew |
|||||||||||||||||||||||
|
certificatePem
string | null
The PEM encoded certificate to renew |
|||||||||||||||||||||||
|
requesterComment
string | null
Free-text field editable by the requester to provider more context on the request |
|||||||||||||||||||||||
|
dryRun
boolean | null
If true, the request is validated, but will not result in a migration |
|||||||||||||||||||||||
|
module
string
requiredThe module that will be used to process this request. For a WebRA request, this is always webra
Value
webra
|
|||
|
workflow
object
requiredWhat this request will do. For a renewal request, this is always renew
Value
renew
|
|||
|
password
object | null (SecretString)
The password to decrypt the PKCS12 file. Must be set if password mode is manual |
|||
|
|||
|
certificateId
string | null (Internal ID)
The id of the certificate to renew |
|||
|
certificatePem
string | null
The PEM encoded certificate to renew |
|||
|
requesterComment
string | null
Free-text field editable by the requester to provider more context on the request |
|||
|
template
object (WebRA Renew Request Template)
The user-data that will be used to generate the certificate |
|||
|
|||
|
dryRun
boolean | null
If true, the request is validated, but will not result in an enrollment |
|||
|
module
string
requiredThe module that will be used to process this request. For a WebRA request, this is always webra
Value
webra
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
workflow
object
requiredWhat this request will do. For an import request, this is always import
Value
import
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
profile
string | null
The profile name on which to import |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
certificateId
string | null (Internal ID)
The id of the certificate to import |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
certificatePem
string | null
The PEM encoded certificate to import |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
requesterComment
string | null
Free-text field editable by the requester to provider more context on the request |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
template
object (WebRA Import Request Template)
The user-data that will be added on certificate import |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
dryRun
boolean | null
If true, the request is validated, but will not result in an enrollment |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
profile
string
requiredThe EST profile name |
|||||||||||||||||||||||||||||||||
|
module
string
requiredThe module that will be used to process this request. For an EST request, this is always est
Value
est
|
|||||||||||||||||||||||||||||||||
|
workflow
string
requiredWhat this request will do. For an enrollment request, this is always enroll
Value
enroll
|
|||||||||||||||||||||||||||||||||
|
dn
object
Fill the DN if DN whitelist is enabled. Contains the DN of the challenge |
|||||||||||||||||||||||||||||||||
|
password
object | null (SecretString)
The password of the challenge. Must be set if password mode is manual |
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
requesterComment
string | null
Free-text field editable by the requester to provider more context on the request |
|||||||||||||||||||||||||||||||||
|
template
object (EST Enroll Request Template)
The user-data that will be used to generate the certificate |
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
dryRun
boolean | null
If true, the request is validated, but will not result in an enrollment |
|||||||||||||||||||||||||||||||||
|
profile
object
requiredThe SCEP profile name |
|||||||||||||||||||||||||||||||||
|
module
string
requiredThe module that will be used to process this request. For a SCEP request, this is always scep
Value
scep
|
|||||||||||||||||||||||||||||||||
|
workflow
string
requiredWhat this request will do. For an enrollment request, this is always enroll
Value
enroll
|
|||||||||||||||||||||||||||||||||
|
dn
object
Fill the DN if DN whitelist is enabled. Contains the DN of the challenge |
|||||||||||||||||||||||||||||||||
|
password
object (SecretString)
The password of the challenge. Must be set if password mode is manual |
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
requesterComment
string | null
Free-text field editable by the requester to provider more context on the request |
|||||||||||||||||||||||||||||||||
|
template
object (SCEP Enroll Request Template)
The user-data that will be used to generate the challenge |
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
dryRun
boolean | null
If true, the request is validated, but will not result in an enrollment |
|||||||||||||||||||||||||||||||||
-
201 Request successfully submitted
application/jsonmodulestring requiredThe module that will be used to process this request. For a WebRA request, this is always webra
Valuewebraworkflowstring requiredWhat this request will do. For an enrollment request, this is always enroll
Valueenrolltemplateobject (WebRA Enroll Request Template) requiredThe user-data that will be used to generate the certificate
keyTypestring | null (Keytype)The type of key that will be used to generate the certificate, if in centralized mode
csrstring | nullIf decentralized enrollment is enabled, this field will contain the CSR that will be used to generate the certificate
subjectarray of objects | null (IndexedDNElement)List of DN elements that will be used to build the certificate's Distinguished Name
Array [
elementstring requiredThe element type and index. Indexes start at 1! Available elements are: cn, e, ou, st, l, o, c, dc, uid, serialNumber, surname, givenName, unstructuredAddress, unstructuredName, organizationIdentifier, uniqueIdentifier, street, description, t
valuestring | nullThe element value
]
sansarray of objects | null (SAN Element)List of SAN elements that will be used to build the certificate's Subject Alternative Name
Array [
typestring | null requiredSAN type
EnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDvaluearray of string | nullSAN value
]
extensionsarray of objects | null (Certificate Extension)Information about the certificate's extensions and how to edit them
Array [
typestring requiredThe type of the extension element
Enumms_sidms_templatevaluestring | nullThe value of the extension element
]
labelsarray of objects | null (Label)List of labels used internally to tag and group certificates
Array [
labelstring requiredThe name of the label
valuestring | nullThe value of the label element
]
contactEmailobject | null (Contact email)Information about the certificate's contact email and how to edit it
valuestring | nullThe contact email
ownerobject | null (Certificate Owner)Information about the certificate's owner and how to edit it
valuestring | nullThe value of the owner element. This should be a principal identifier
teamobject | null (Certificate Team)Information about the certificate's team and how to edit it
valuestring | nullThe value of the team element. This should be a team identifier
metadataarray of objects | null (Certificate Metadata)The technical metadata for this certificate
Array [
metadatastring requiredTechnical metadata related to the certificate
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring | nullThe value of the metadata element
]
_idstring (Internal ID) requiredObject internal ID
statusstring (Request Status) requiredThe request status
Enumdeniedapprovedpendingcanceledcompletedprofilestring requiredThe associated profile name
registrationDateinteger requiredThe date the request was created. This is set by the system
lastModificationDateinteger requiredThe date the request was last modified. This is set by the system
removeAtinteger requiredThe date the requested will be deleted. This is set by the system
holderIdstring (Holder ID) requiredThe computed holderID for this request. This is set by the system based on DN and SANs
pkcs12object | null (SecretString)The generated PKCS#12 for this request. This is only available after the request has been approved in centralized mode
valuestring | nullValue of the secret that will be passed to Horizon
passwordobject | null (SecretString)The password to decrypt the PKCS12 file.
valuestring | nullValue of the secret that will be passed to Horizon
certificateobject | null (Certificate)The certificate that was generated for this request. This is only available after the request has been approved
_idstring (Internal ID) requiredObject internal ID
metadataarray of objects (Certificate Metadata) requiredThe certificate's technical metadata used internally
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
notAfterinteger requiredThe certificate's expiration date in milliseconds since the epoch
thumbprintstring requiredThe certificate's thumbprint
certificatestring requiredThe certificate's PEM-encoded content
dnstring requiredThe certificate's Distinguished Name
revokedboolean requiredWhether the certificate is revoked
escrowedboolean requiredWhether the certificate is escrowed
issuerstring requiredThe certificate's issuer Distinguished Name
notBeforeinteger requiredThe certificate's start date in milliseconds since the epoch
selfSignedboolean requiredWhether the certificate is self-signed
keyTypestring (Keytype) requiredThe certificate's key type
publicKeyThumbprintstring requiredThe certificate's public key thumbprint
modulestring requiredThe certificate's module
holderIdstring requiredThe certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder
subjectAlternateNamesarray of objects (SubjectAlternateName) requiredThe certificate's Subject Alternate Names
Array [
sanTypestring requiredThe type of the SAN
EnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDvaluestring requiredThe value of the SAN
]
serialstring requiredThe certificate's serial number
signingAlgorithmstring requiredThe certificate's signing algorithm
revocationDateinteger | nullThe certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked
gradesarray of objects | null (GradingPolicyResult)The certificate's grades for the enabled grading policies
Array [
namestring requiredThe name of the grading policy
gradestring requiredThe grade awarded by the grading policy
]
crlSynchronizedboolean | nullWhether the certificate's revocation status is synchronized with a CRL
discoveredTrustedboolean | nullIf the certificate was discovered and is found to be issued by an existing trusted CA, this field will be set to true. If the certificate was discovered and is not found to be issued by an existing trusted CA, this field will be set to false. If the certificate was not discovered, this field will be null
thirdPartyDataarray of objects | null (ThirdPartyItem)The certificate's information about synchronization with Horizon supported third parties
Array [
connectorstring requiredThe third party connector name on which this certificate is synchronized
idstring requiredThe Id of this certificate on the third party
fingerprintstring | nullThe fingerprint of this certificate on the third party
pushDateinteger | nullThe date when the certificate was pushed to this third party
removeDateinteger | nullThe date when the certificate was removed from this third party (in case of revocation)
]
ownerstring | nullThe certificate's owner. This is a reference to a local identity identifier
contactEmailstring | nullThe certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation
profilestring | nullThe certificate's profile
teamstring | nullThe certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications
labelsarray of objects | null (LabelData)The certificate's labels
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
discoveryInfoarray of objects | null (DiscoveryInfo)A list of metadata containing information on how and when the certificate was discovered
Array [
campaignstring requiredThe discovery campaign's name
lastDiscoveryDateinteger requiredWhen this certificate was discovered for the last time
identifierstring | nullIdentifier of the user that discovered this certificate
]
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this certificate
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
extensionsarray of objects (CertificateExtension)The certificate's extensions
Array [
keystring requiredThe extension's type
Enumms_sidms_templatevaluestring requiredThe extension's value
]
discoveryDataarray of objects | null (HostDiscoveryData)A list of metadata containing information on where the certificate was discovered
Array [
ipstring | nullThe certificate's host ip
sourcesarray of string | nullInformation on the type of discovery that discovered this certificate
hostnamesarray of string | nullThe certificate's host hostnames (netscan only)
operatingSystemsarray of string | nullThe certificate's host operating system (localscan only)
pathsarray of string | nullThe path to the certificate on the host machine (localscan only)
usagesarray of string | nullThe path of the configuration files that were used to find the certificates
tlsPortsarray of objects | null (TlsPort)The ports on which the certificate is exposed for https connexion
Array [
portinteger requiredThe number of the port
versionstring requiredProtocol version used
]
]
revocationReasonstring | null (Revocation Reason)The certificate's revocation reason
dnstringCertificate's Distinguished Name
requesterstring | nullThe requester's principal identifier
teamstring | nullThe team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them
approverstring | nullThe approver's principal identifier
contactstring | nullThe request's contact email
requesterCommentstring | nullFree-text field editable by the requester to provider more context on the request
approverCommentstring | nullFree-text field editable by the approver to provider more context on the request
expirationDateintegerThe date the request will expire. This is set by the system
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this request
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
globalHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the Horizon database
profileHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile
labelsarray of objects | null (LabelData)The labels set in this request
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
metadataarray of objects | null (Certificate Metadata)The metadata set in this request
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
dryRunboolean | nullIf true, the request is validated, but will not result in an enrollment
modulestring (Module) requiredThe module of the certificate revoked.
Enumwebraestscepacmecrmpacme-externalintunejamfintunepkcsworkflowstring requiredWhat this request will do. For a revocation request, this is always revoke
Valuerevoketemplateobject (WebRA Revoke Request Template) requiredThe user-data that was used to revoke the certificate
revocationReasonstring | null (Revocation Reason)One of: unspecified, keycompromise, cacompromise, affiliationchange, superseded, cessationofoperation
_idstring (Internal ID) requiredObject internal ID
statusstring (Request Status) requiredThe request status
Enumdeniedapprovedpendingcanceledcompletedprofilestring requiredThe associated profile name
registrationDateinteger requiredThe date the request was created. This is set by the system
lastModificationDateinteger requiredThe date the request was last modified. This is set by the system
removeAtinteger requiredThe date the requested will be deleted. This is set by the system
holderIdstring (Holder ID) requiredThe computed holderID for this request. This is set by the system based on DN and SANs
certificateobject | null (Certificate)The certificate that was revoked for this request. This is only available after the request has been approved
_idstring (Internal ID) requiredObject internal ID
metadataarray of objects (Certificate Metadata) requiredThe certificate's technical metadata used internally
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
notAfterinteger requiredThe certificate's expiration date in milliseconds since the epoch
thumbprintstring requiredThe certificate's thumbprint
certificatestring requiredThe certificate's PEM-encoded content
dnstring requiredThe certificate's Distinguished Name
revokedboolean requiredWhether the certificate is revoked
escrowedboolean requiredWhether the certificate is escrowed
issuerstring requiredThe certificate's issuer Distinguished Name
notBeforeinteger requiredThe certificate's start date in milliseconds since the epoch
selfSignedboolean requiredWhether the certificate is self-signed
keyTypestring (Keytype) requiredThe certificate's key type
publicKeyThumbprintstring requiredThe certificate's public key thumbprint
modulestring requiredThe certificate's module
holderIdstring requiredThe certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder
subjectAlternateNamesarray of objects (SubjectAlternateName) requiredThe certificate's Subject Alternate Names
Array [
sanTypestring requiredThe type of the SAN
EnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDvaluestring requiredThe value of the SAN
]
serialstring requiredThe certificate's serial number
signingAlgorithmstring requiredThe certificate's signing algorithm
revocationDateinteger | nullThe certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked
gradesarray of objects | null (GradingPolicyResult)The certificate's grades for the enabled grading policies
Array [
namestring requiredThe name of the grading policy
gradestring requiredThe grade awarded by the grading policy
]
crlSynchronizedboolean | nullWhether the certificate's revocation status is synchronized with a CRL
discoveredTrustedboolean | nullIf the certificate was discovered and is found to be issued by an existing trusted CA, this field will be set to true. If the certificate was discovered and is not found to be issued by an existing trusted CA, this field will be set to false. If the certificate was not discovered, this field will be null
thirdPartyDataarray of objects | null (ThirdPartyItem)The certificate's information about synchronization with Horizon supported third parties
Array [
connectorstring requiredThe third party connector name on which this certificate is synchronized
idstring requiredThe Id of this certificate on the third party
fingerprintstring | nullThe fingerprint of this certificate on the third party
pushDateinteger | nullThe date when the certificate was pushed to this third party
removeDateinteger | nullThe date when the certificate was removed from this third party (in case of revocation)
]
ownerstring | nullThe certificate's owner. This is a reference to a local identity identifier
contactEmailstring | nullThe certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation
profilestring | nullThe certificate's profile
teamstring | nullThe certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications
labelsarray of objects | null (LabelData)The certificate's labels
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
discoveryInfoarray of objects | null (DiscoveryInfo)A list of metadata containing information on how and when the certificate was discovered
Array [
campaignstring requiredThe discovery campaign's name
lastDiscoveryDateinteger requiredWhen this certificate was discovered for the last time
identifierstring | nullIdentifier of the user that discovered this certificate
]
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this certificate
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
extensionsarray of objects (CertificateExtension)The certificate's extensions
Array [
keystring requiredThe extension's type
Enumms_sidms_templatevaluestring requiredThe extension's value
]
discoveryDataarray of objects | null (HostDiscoveryData)A list of metadata containing information on where the certificate was discovered
Array [
ipstring | nullThe certificate's host ip
sourcesarray of string | nullInformation on the type of discovery that discovered this certificate
hostnamesarray of string | nullThe certificate's host hostnames (netscan only)
operatingSystemsarray of string | nullThe certificate's host operating system (localscan only)
pathsarray of string | nullThe path to the certificate on the host machine (localscan only)
usagesarray of string | nullThe path of the configuration files that were used to find the certificates
tlsPortsarray of objects | null (TlsPort)The ports on which the certificate is exposed for https connexion
Array [
portinteger requiredThe number of the port
versionstring requiredProtocol version used
]
]
revocationReasonstring | null (Revocation Reason)The certificate's revocation reason
dnstringCertificate's Distinguished Name
requesterstring | nullThe requester's principal identifier
teamstring | nullThe team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them
approverstring | nullThe approver's principal identifier
contactstring | nullThe request's contact email
requesterCommentstring | nullFree-text field editable by the requester to provider more context on the request
approverCommentstring | nullFree-text field editable by the approver to provider more context on the request
expirationDateintegerThe date the request will expire. This is set by the system
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this request
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
globalHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the Horizon database
profileHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile
labelsarray of objects | null (LabelData)The labels set in this request
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
metadataarray of objects | null (Certificate Metadata)The metadata set in this request
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
dryRunboolean | nullIf true, the request is validated, but will not result in an enrollment
modulestring (Module) requiredThe module of the certificate updated.
Enumwebraestscepacmecrmpacme-externalintunejamfintunepkcsworkflowstring requiredWhat this request will do. For an update request, this is always update
Valueupdatetemplateobject (WebRA Update Request Template) requiredThe user-data that will be used to generate the certificate
labelsarray of objects | null (Label)Information about the certificate's labels and how to edit them
Array [
labelstring requiredThe name of the label
valuestring | nullThe value of the label element
]
metadataarray of objects | null (Certificate Metadata)Information about the certificate's metadata and how to edit them
Array [
metadatastring requiredTechnical metadata related to the certificate
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring | nullThe value of the metadata element
]
ownerobject | null (Certificate Owner)Information about the certificate's owner and how to edit it
valuestring | nullThe value of the owner element. This should be a principal identifier
teamobject | null (Certificate Team)Information about the certificate's team and how to edit it
valuestring | nullThe value of the team element. This should be a team identifier
contactEmailobject | null (Contact email)Information about the certificate's contact email and how to edit it
valuestring | nullThe contact email
_idstring (Internal ID) requiredObject internal ID
statusstring (Request Status) requiredThe request status
Enumdeniedapprovedpendingcanceledcompletedprofilestring requiredThe associated profile name
registrationDateinteger requiredThe date the request was created. This is set by the system
lastModificationDateinteger requiredThe date the request was last modified. This is set by the system
removeAtinteger requiredThe date the requested will be deleted. This is set by the system
holderIdstring (Holder ID) requiredThe computed holderID for this request. This is set by the system based on DN and SANs
certificateobject | null (Certificate)The certificate that was updated for this request. This is only available after the request has been approved
_idstring (Internal ID) requiredObject internal ID
metadataarray of objects (Certificate Metadata) requiredThe certificate's technical metadata used internally
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
notAfterinteger requiredThe certificate's expiration date in milliseconds since the epoch
thumbprintstring requiredThe certificate's thumbprint
certificatestring requiredThe certificate's PEM-encoded content
dnstring requiredThe certificate's Distinguished Name
revokedboolean requiredWhether the certificate is revoked
escrowedboolean requiredWhether the certificate is escrowed
issuerstring requiredThe certificate's issuer Distinguished Name
notBeforeinteger requiredThe certificate's start date in milliseconds since the epoch
selfSignedboolean requiredWhether the certificate is self-signed
keyTypestring (Keytype) requiredThe certificate's key type
publicKeyThumbprintstring requiredThe certificate's public key thumbprint
modulestring requiredThe certificate's module
holderIdstring requiredThe certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder
subjectAlternateNamesarray of objects (SubjectAlternateName) requiredThe certificate's Subject Alternate Names
Array [
sanTypestring requiredThe type of the SAN
EnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDvaluestring requiredThe value of the SAN
]
serialstring requiredThe certificate's serial number
signingAlgorithmstring requiredThe certificate's signing algorithm
revocationDateinteger | nullThe certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked
gradesarray of objects | null (GradingPolicyResult)The certificate's grades for the enabled grading policies
Array [
namestring requiredThe name of the grading policy
gradestring requiredThe grade awarded by the grading policy
]
crlSynchronizedboolean | nullWhether the certificate's revocation status is synchronized with a CRL
discoveredTrustedboolean | nullIf the certificate was discovered and is found to be issued by an existing trusted CA, this field will be set to true. If the certificate was discovered and is not found to be issued by an existing trusted CA, this field will be set to false. If the certificate was not discovered, this field will be null
thirdPartyDataarray of objects | null (ThirdPartyItem)The certificate's information about synchronization with Horizon supported third parties
Array [
connectorstring requiredThe third party connector name on which this certificate is synchronized
idstring requiredThe Id of this certificate on the third party
fingerprintstring | nullThe fingerprint of this certificate on the third party
pushDateinteger | nullThe date when the certificate was pushed to this third party
removeDateinteger | nullThe date when the certificate was removed from this third party (in case of revocation)
]
ownerstring | nullThe certificate's owner. This is a reference to a local identity identifier
contactEmailstring | nullThe certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation
profilestring | nullThe certificate's profile
teamstring | nullThe certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications
labelsarray of objects | null (LabelData)The certificate's labels
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
discoveryInfoarray of objects | null (DiscoveryInfo)A list of metadata containing information on how and when the certificate was discovered
Array [
campaignstring requiredThe discovery campaign's name
lastDiscoveryDateinteger requiredWhen this certificate was discovered for the last time
identifierstring | nullIdentifier of the user that discovered this certificate
]
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this certificate
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
extensionsarray of objects (CertificateExtension)The certificate's extensions
Array [
keystring requiredThe extension's type
Enumms_sidms_templatevaluestring requiredThe extension's value
]
discoveryDataarray of objects | null (HostDiscoveryData)A list of metadata containing information on where the certificate was discovered
Array [
ipstring | nullThe certificate's host ip
sourcesarray of string | nullInformation on the type of discovery that discovered this certificate
hostnamesarray of string | nullThe certificate's host hostnames (netscan only)
operatingSystemsarray of string | nullThe certificate's host operating system (localscan only)
pathsarray of string | nullThe path to the certificate on the host machine (localscan only)
usagesarray of string | nullThe path of the configuration files that were used to find the certificates
tlsPortsarray of objects | null (TlsPort)The ports on which the certificate is exposed for https connexion
Array [
portinteger requiredThe number of the port
versionstring requiredProtocol version used
]
]
revocationReasonstring | null (Revocation Reason)The certificate's revocation reason
dnstringCertificate's Distinguished Name
requesterstring | nullThe requester's principal identifier
teamstring | nullThe team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them
approverstring | nullThe approver's principal identifier
contactstring | nullThe request's contact email
requesterCommentstring | nullFree-text field editable by the requester to provider more context on the request
approverCommentstring | nullFree-text field editable by the approver to provider more context on the request
expirationDateintegerThe date the request will expire. This is set by the system
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this request
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
globalHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the Horizon database
profileHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile
labelsarray of objects | null (LabelData)The labels set in this request
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
metadataarray of objects | null (Certificate Metadata)The metadata set in this request
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
dryRunboolean | nullIf true, the request is validated, but will not result in an enrollment
modulestring (Module) requiredThe module of the certificate recovered.
Enumwebraestscepacmecrmpacme-externalintunejamfintunepkcsworkflowstring requiredWhat this request will do. For a recovery request, this is always recover
Valuerecover_idstring (Internal ID) requiredObject internal ID
statusstring (Request Status) requiredThe request status
Enumdeniedapprovedpendingcanceledcompletedprofilestring requiredThe associated profile name
registrationDateinteger requiredThe date the request was created. This is set by the system
lastModificationDateinteger requiredThe date the request was last modified. This is set by the system
removeAtinteger requiredThe date the requested will be deleted. This is set by the system
holderIdstring (Holder ID) requiredThe computed holderID for this request. This is set by the system based on DN and SANs
pkcs12object | null (SecretString)The generated PKCS#12 for this request. This is only available after the request has been approved.
valuestring | nullValue of the secret that will be passed to Horizon
passwordobject | null (SecretString)The password to decrypt the PKCS12 file.
valuestring | nullValue of the secret that will be passed to Horizon
certificateobject | null (Certificate)The certificate that was recovered.
_idstring (Internal ID) requiredObject internal ID
metadataarray of objects (Certificate Metadata) requiredThe certificate's technical metadata used internally
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
notAfterinteger requiredThe certificate's expiration date in milliseconds since the epoch
thumbprintstring requiredThe certificate's thumbprint
certificatestring requiredThe certificate's PEM-encoded content
dnstring requiredThe certificate's Distinguished Name
revokedboolean requiredWhether the certificate is revoked
escrowedboolean requiredWhether the certificate is escrowed
issuerstring requiredThe certificate's issuer Distinguished Name
notBeforeinteger requiredThe certificate's start date in milliseconds since the epoch
selfSignedboolean requiredWhether the certificate is self-signed
keyTypestring (Keytype) requiredThe certificate's key type
publicKeyThumbprintstring requiredThe certificate's public key thumbprint
modulestring requiredThe certificate's module
holderIdstring requiredThe certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder
subjectAlternateNamesarray of objects (SubjectAlternateName) requiredThe certificate's Subject Alternate Names
Array [
sanTypestring requiredThe type of the SAN
EnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDvaluestring requiredThe value of the SAN
]
serialstring requiredThe certificate's serial number
signingAlgorithmstring requiredThe certificate's signing algorithm
revocationDateinteger | nullThe certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked
gradesarray of objects | null (GradingPolicyResult)The certificate's grades for the enabled grading policies
Array [
namestring requiredThe name of the grading policy
gradestring requiredThe grade awarded by the grading policy
]
crlSynchronizedboolean | nullWhether the certificate's revocation status is synchronized with a CRL
discoveredTrustedboolean | nullIf the certificate was discovered and is found to be issued by an existing trusted CA, this field will be set to true. If the certificate was discovered and is not found to be issued by an existing trusted CA, this field will be set to false. If the certificate was not discovered, this field will be null
thirdPartyDataarray of objects | null (ThirdPartyItem)The certificate's information about synchronization with Horizon supported third parties
Array [
connectorstring requiredThe third party connector name on which this certificate is synchronized
idstring requiredThe Id of this certificate on the third party
fingerprintstring | nullThe fingerprint of this certificate on the third party
pushDateinteger | nullThe date when the certificate was pushed to this third party
removeDateinteger | nullThe date when the certificate was removed from this third party (in case of revocation)
]
ownerstring | nullThe certificate's owner. This is a reference to a local identity identifier
contactEmailstring | nullThe certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation
profilestring | nullThe certificate's profile
teamstring | nullThe certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications
labelsarray of objects | null (LabelData)The certificate's labels
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
discoveryInfoarray of objects | null (DiscoveryInfo)A list of metadata containing information on how and when the certificate was discovered
Array [
campaignstring requiredThe discovery campaign's name
lastDiscoveryDateinteger requiredWhen this certificate was discovered for the last time
identifierstring | nullIdentifier of the user that discovered this certificate
]
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this certificate
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
extensionsarray of objects (CertificateExtension)The certificate's extensions
Array [
keystring requiredThe extension's type
Enumms_sidms_templatevaluestring requiredThe extension's value
]
discoveryDataarray of objects | null (HostDiscoveryData)A list of metadata containing information on where the certificate was discovered
Array [
ipstring | nullThe certificate's host ip
sourcesarray of string | nullInformation on the type of discovery that discovered this certificate
hostnamesarray of string | nullThe certificate's host hostnames (netscan only)
operatingSystemsarray of string | nullThe certificate's host operating system (localscan only)
pathsarray of string | nullThe path to the certificate on the host machine (localscan only)
usagesarray of string | nullThe path of the configuration files that were used to find the certificates
tlsPortsarray of objects | null (TlsPort)The ports on which the certificate is exposed for https connexion
Array [
portinteger requiredThe number of the port
versionstring requiredProtocol version used
]
]
revocationReasonstring | null (Revocation Reason)The certificate's revocation reason
dnstringCertificate's Distinguished Name
requesterstring | nullThe requester's principal identifier
teamstring | nullThe team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them
approverstring | nullThe approver's principal identifier
contactstring | nullThe request's contact email
requesterCommentstring | nullFree-text field editable by the requester to provider more context on the request
approverCommentstring | nullFree-text field editable by the approver to provider more context on the request
expirationDateintegerThe date the request will expire. This is set by the system
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this request
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
globalHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the Horizon database
profileHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile
labelsarray of objects | null (LabelData)The labels set in this request
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
metadataarray of objects | null (Certificate Metadata)The metadata set in this request
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
dryRunboolean | nullIf true, the request is validated, but will not result in an enrollment
modulestring (Module) requiredThe module of the certificate migrated.
Enumwebraestscepacmecrmpacme-externalintunejamfintunepkcsworkflowstring requiredWhat this request will do. For a migration request, this is always migrate
Valuemigrateprofilestring requiredThe target profile name
templateobject (WebRA Migrate Request Template) requiredThe user-data that will be used to generate the certificate
labelsarray of objects | null (Label)Array [
labelstring requiredThe name of the label
valuestring | nullThe value of the label element
]
ownerobject | null (Certificate Owner)valuestring | nullThe value of the owner element. This should be a principal identifier
teamobject | null (Certificate Team)valuestring | nullThe value of the team element. This should be a team identifier
metadataarray of objects | null (Certificate Metadata)Array [
metadatastring requiredTechnical metadata related to the certificate
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring | nullThe value of the metadata element
]
contactEmailobject | null (Contact email)valuestring | nullThe contact email
_idstring (Internal ID) requiredObject internal ID
statusstring (Request Status) requiredThe request status
EnumdeniedapprovedpendingcanceledcompletedregistrationDateinteger requiredThe date the request was created. This is set by the system
lastModificationDateinteger requiredThe date the request was last modified. This is set by the system
removeAtinteger requiredThe date the requested will be deleted. This is set by the system
holderIdstring (Holder ID) requiredThe computed holderID for this request. This is set by the system based on DN and SANs
certificateobject | null (Certificate)The certificate that was updated for this request. This is only available after the request has been approved
_idstring (Internal ID) requiredObject internal ID
metadataarray of objects (Certificate Metadata) requiredThe certificate's technical metadata used internally
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
notAfterinteger requiredThe certificate's expiration date in milliseconds since the epoch
thumbprintstring requiredThe certificate's thumbprint
certificatestring requiredThe certificate's PEM-encoded content
dnstring requiredThe certificate's Distinguished Name
revokedboolean requiredWhether the certificate is revoked
escrowedboolean requiredWhether the certificate is escrowed
issuerstring requiredThe certificate's issuer Distinguished Name
notBeforeinteger requiredThe certificate's start date in milliseconds since the epoch
selfSignedboolean requiredWhether the certificate is self-signed
keyTypestring (Keytype) requiredThe certificate's key type
publicKeyThumbprintstring requiredThe certificate's public key thumbprint
modulestring requiredThe certificate's module
holderIdstring requiredThe certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder
subjectAlternateNamesarray of objects (SubjectAlternateName) requiredThe certificate's Subject Alternate Names
Array [
sanTypestring requiredThe type of the SAN
EnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDvaluestring requiredThe value of the SAN
]
serialstring requiredThe certificate's serial number
signingAlgorithmstring requiredThe certificate's signing algorithm
revocationDateinteger | nullThe certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked
gradesarray of objects | null (GradingPolicyResult)The certificate's grades for the enabled grading policies
Array [
namestring requiredThe name of the grading policy
gradestring requiredThe grade awarded by the grading policy
]
crlSynchronizedboolean | nullWhether the certificate's revocation status is synchronized with a CRL
discoveredTrustedboolean | nullIf the certificate was discovered and is found to be issued by an existing trusted CA, this field will be set to true. If the certificate was discovered and is not found to be issued by an existing trusted CA, this field will be set to false. If the certificate was not discovered, this field will be null
thirdPartyDataarray of objects | null (ThirdPartyItem)The certificate's information about synchronization with Horizon supported third parties
Array [
connectorstring requiredThe third party connector name on which this certificate is synchronized
idstring requiredThe Id of this certificate on the third party
fingerprintstring | nullThe fingerprint of this certificate on the third party
pushDateinteger | nullThe date when the certificate was pushed to this third party
removeDateinteger | nullThe date when the certificate was removed from this third party (in case of revocation)
]
ownerstring | nullThe certificate's owner. This is a reference to a local identity identifier
contactEmailstring | nullThe certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation
profilestring | nullThe certificate's profile
teamstring | nullThe certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications
labelsarray of objects | null (LabelData)The certificate's labels
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
discoveryInfoarray of objects | null (DiscoveryInfo)A list of metadata containing information on how and when the certificate was discovered
Array [
campaignstring requiredThe discovery campaign's name
lastDiscoveryDateinteger requiredWhen this certificate was discovered for the last time
identifierstring | nullIdentifier of the user that discovered this certificate
]
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this certificate
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
extensionsarray of objects (CertificateExtension)The certificate's extensions
Array [
keystring requiredThe extension's type
Enumms_sidms_templatevaluestring requiredThe extension's value
]
discoveryDataarray of objects | null (HostDiscoveryData)A list of metadata containing information on where the certificate was discovered
Array [
ipstring | nullThe certificate's host ip
sourcesarray of string | nullInformation on the type of discovery that discovered this certificate
hostnamesarray of string | nullThe certificate's host hostnames (netscan only)
operatingSystemsarray of string | nullThe certificate's host operating system (localscan only)
pathsarray of string | nullThe path to the certificate on the host machine (localscan only)
usagesarray of string | nullThe path of the configuration files that were used to find the certificates
tlsPortsarray of objects | null (TlsPort)The ports on which the certificate is exposed for https connexion
Array [
portinteger requiredThe number of the port
versionstring requiredProtocol version used
]
]
revocationReasonstring | null (Revocation Reason)The certificate's revocation reason
dryRunboolean | nullIf true, the request is validated, but will not result in a migration
dnstringCertificate's Distinguished Name
requesterstring | nullThe requester's principal identifier
teamstring | nullThe team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them
approverstring | nullThe approver's principal identifier
contactstring | nullThe request's contact email
requesterCommentstring | nullFree-text field editable by the requester to provider more context on the request
approverCommentstring | nullFree-text field editable by the approver to provider more context on the request
expirationDateintegerThe date the request will expire. This is set by the system
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this request
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
globalHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the Horizon database
profileHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile
labelsarray of objects | null (LabelData)The labels set in this request
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
metadataarray of objects | null (Certificate Metadata)The metadata set in this request
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
modulestring requiredThe module that will be used to process this request. For a WebRA request, this is always webra
Valuewebraworkflowstring requiredWhat this request will do. For a renewal request, this is always renew
Valuerenew_idstring (Internal ID) requiredObject internal ID
statusstring (Request Status) requiredThe request status
Enumdeniedapprovedpendingcanceledcompletedprofilestring requiredThe associated profile name
registrationDateinteger requiredThe date the request was created. This is set by the system
lastModificationDateinteger requiredThe date the request was last modified. This is set by the system
removeAtinteger requiredThe date the requested will be deleted. This is set by the system
holderIdstring (Holder ID) requiredThe computed holderID for this request. This is set by the system based on DN and SANs
templateobject (WebRA Renew Request Template)The user-data that will be used to generate the certificate
csrstring | nullThe CSR used to renew the certificate, if in decentralized mode
keyTypestring | null (Keytype)The key type of the certificate, if in centralized mode
pkcs12object | null (SecretString)The generated PKCS#12 for this request. This is only available after the request has been approved in centralized mode
valuestring | nullValue of the secret that will be passed to Horizon
passwordobject | null (SecretString)The password to decrypt the PKCS12 file.
valuestring | nullValue of the secret that will be passed to Horizon
certificateobject | null (Certificate)The certificate that was generated for this request. This is only available after the request has been approved
_idstring (Internal ID) requiredObject internal ID
metadataarray of objects (Certificate Metadata) requiredThe certificate's technical metadata used internally
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
notAfterinteger requiredThe certificate's expiration date in milliseconds since the epoch
thumbprintstring requiredThe certificate's thumbprint
certificatestring requiredThe certificate's PEM-encoded content
dnstring requiredThe certificate's Distinguished Name
revokedboolean requiredWhether the certificate is revoked
escrowedboolean requiredWhether the certificate is escrowed
issuerstring requiredThe certificate's issuer Distinguished Name
notBeforeinteger requiredThe certificate's start date in milliseconds since the epoch
selfSignedboolean requiredWhether the certificate is self-signed
keyTypestring (Keytype) requiredThe certificate's key type
publicKeyThumbprintstring requiredThe certificate's public key thumbprint
modulestring requiredThe certificate's module
holderIdstring requiredThe certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder
subjectAlternateNamesarray of objects (SubjectAlternateName) requiredThe certificate's Subject Alternate Names
Array [
sanTypestring requiredThe type of the SAN
EnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDvaluestring requiredThe value of the SAN
]
serialstring requiredThe certificate's serial number
signingAlgorithmstring requiredThe certificate's signing algorithm
revocationDateinteger | nullThe certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked
gradesarray of objects | null (GradingPolicyResult)The certificate's grades for the enabled grading policies
Array [
namestring requiredThe name of the grading policy
gradestring requiredThe grade awarded by the grading policy
]
crlSynchronizedboolean | nullWhether the certificate's revocation status is synchronized with a CRL
discoveredTrustedboolean | nullIf the certificate was discovered and is found to be issued by an existing trusted CA, this field will be set to true. If the certificate was discovered and is not found to be issued by an existing trusted CA, this field will be set to false. If the certificate was not discovered, this field will be null
thirdPartyDataarray of objects | null (ThirdPartyItem)The certificate's information about synchronization with Horizon supported third parties
Array [
connectorstring requiredThe third party connector name on which this certificate is synchronized
idstring requiredThe Id of this certificate on the third party
fingerprintstring | nullThe fingerprint of this certificate on the third party
pushDateinteger | nullThe date when the certificate was pushed to this third party
removeDateinteger | nullThe date when the certificate was removed from this third party (in case of revocation)
]
ownerstring | nullThe certificate's owner. This is a reference to a local identity identifier
contactEmailstring | nullThe certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation
profilestring | nullThe certificate's profile
teamstring | nullThe certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications
labelsarray of objects | null (LabelData)The certificate's labels
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
discoveryInfoarray of objects | null (DiscoveryInfo)A list of metadata containing information on how and when the certificate was discovered
Array [
campaignstring requiredThe discovery campaign's name
lastDiscoveryDateinteger requiredWhen this certificate was discovered for the last time
identifierstring | nullIdentifier of the user that discovered this certificate
]
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this certificate
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
extensionsarray of objects (CertificateExtension)The certificate's extensions
Array [
keystring requiredThe extension's type
Enumms_sidms_templatevaluestring requiredThe extension's value
]
discoveryDataarray of objects | null (HostDiscoveryData)A list of metadata containing information on where the certificate was discovered
Array [
ipstring | nullThe certificate's host ip
sourcesarray of string | nullInformation on the type of discovery that discovered this certificate
hostnamesarray of string | nullThe certificate's host hostnames (netscan only)
operatingSystemsarray of string | nullThe certificate's host operating system (localscan only)
pathsarray of string | nullThe path to the certificate on the host machine (localscan only)
usagesarray of string | nullThe path of the configuration files that were used to find the certificates
tlsPortsarray of objects | null (TlsPort)The ports on which the certificate is exposed for https connexion
Array [
portinteger requiredThe number of the port
versionstring requiredProtocol version used
]
]
revocationReasonstring | null (Revocation Reason)The certificate's revocation reason
dnstringCertificate's Distinguished Name
requesterstring | nullThe requester's principal identifier
teamstring | nullThe team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them
approverstring | nullThe approver's principal identifier
contactstring | nullThe request's contact email
requesterCommentstring | nullFree-text field editable by the requester to provider more context on the request
approverCommentstring | nullFree-text field editable by the approver to provider more context on the request
expirationDateintegerThe date the request will expire. This is set by the system
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this request
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
globalHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the Horizon database
profileHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile
labelsarray of objects | null (LabelData)The labels set in this request
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
metadataarray of objects | null (Certificate Metadata)The metadata set in this request
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
dryRunboolean | nullIf true, the request is validated, but will not result in an enrollment
modulestring (Module) requiredThe module of the certificate imported.
Enumwebraestscepacmecrmpacme-externalintunejamfintunepkcsworkflowstring requiredWhat this request will do. For an import request, this is always import
Valueimportcertificateobject | null (Certificate) requiredThe certificate that was generated for this request.
_idstring (Internal ID) requiredObject internal ID
metadataarray of objects (Certificate Metadata) requiredThe certificate's technical metadata used internally
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
notAfterinteger requiredThe certificate's expiration date in milliseconds since the epoch
thumbprintstring requiredThe certificate's thumbprint
certificatestring requiredThe certificate's PEM-encoded content
dnstring requiredThe certificate's Distinguished Name
revokedboolean requiredWhether the certificate is revoked
escrowedboolean requiredWhether the certificate is escrowed
issuerstring requiredThe certificate's issuer Distinguished Name
notBeforeinteger requiredThe certificate's start date in milliseconds since the epoch
selfSignedboolean requiredWhether the certificate is self-signed
keyTypestring (Keytype) requiredThe certificate's key type
publicKeyThumbprintstring requiredThe certificate's public key thumbprint
modulestring requiredThe certificate's module
holderIdstring requiredThe certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder
subjectAlternateNamesarray of objects (SubjectAlternateName) requiredThe certificate's Subject Alternate Names
Array [
sanTypestring requiredThe type of the SAN
EnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDvaluestring requiredThe value of the SAN
]
serialstring requiredThe certificate's serial number
signingAlgorithmstring requiredThe certificate's signing algorithm
revocationDateinteger | nullThe certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked
gradesarray of objects | null (GradingPolicyResult)The certificate's grades for the enabled grading policies
Array [
namestring requiredThe name of the grading policy
gradestring requiredThe grade awarded by the grading policy
]
crlSynchronizedboolean | nullWhether the certificate's revocation status is synchronized with a CRL
discoveredTrustedboolean | nullIf the certificate was discovered and is found to be issued by an existing trusted CA, this field will be set to true. If the certificate was discovered and is not found to be issued by an existing trusted CA, this field will be set to false. If the certificate was not discovered, this field will be null
thirdPartyDataarray of objects | null (ThirdPartyItem)The certificate's information about synchronization with Horizon supported third parties
Array [
connectorstring requiredThe third party connector name on which this certificate is synchronized
idstring requiredThe Id of this certificate on the third party
fingerprintstring | nullThe fingerprint of this certificate on the third party
pushDateinteger | nullThe date when the certificate was pushed to this third party
removeDateinteger | nullThe date when the certificate was removed from this third party (in case of revocation)
]
ownerstring | nullThe certificate's owner. This is a reference to a local identity identifier
contactEmailstring | nullThe certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation
profilestring | nullThe certificate's profile
teamstring | nullThe certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications
labelsarray of objects | null (LabelData)The certificate's labels
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
discoveryInfoarray of objects | null (DiscoveryInfo)A list of metadata containing information on how and when the certificate was discovered
Array [
campaignstring requiredThe discovery campaign's name
lastDiscoveryDateinteger requiredWhen this certificate was discovered for the last time
identifierstring | nullIdentifier of the user that discovered this certificate
]
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this certificate
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
extensionsarray of objects (CertificateExtension)The certificate's extensions
Array [
keystring requiredThe extension's type
Enumms_sidms_templatevaluestring requiredThe extension's value
]
discoveryDataarray of objects | null (HostDiscoveryData)A list of metadata containing information on where the certificate was discovered
Array [
ipstring | nullThe certificate's host ip
sourcesarray of string | nullInformation on the type of discovery that discovered this certificate
hostnamesarray of string | nullThe certificate's host hostnames (netscan only)
operatingSystemsarray of string | nullThe certificate's host operating system (localscan only)
pathsarray of string | nullThe path to the certificate on the host machine (localscan only)
usagesarray of string | nullThe path of the configuration files that were used to find the certificates
tlsPortsarray of objects | null (TlsPort)The ports on which the certificate is exposed for https connexion
Array [
portinteger requiredThe number of the port
versionstring requiredProtocol version used
]
]
revocationReasonstring | null (Revocation Reason)The certificate's revocation reason
_idstring (Internal ID) requiredObject internal ID
statusstring (Request Status) requiredThe request status
Enumdeniedapprovedpendingcanceledcompletedprofilestring requiredThe associated profile name
registrationDateinteger requiredThe date the request was created. This is set by the system
lastModificationDateinteger requiredThe date the request was last modified. This is set by the system
removeAtinteger requiredThe date the requested will be deleted. This is set by the system
holderIdstring (Holder ID) requiredThe computed holderID for this request. This is set by the system based on DN and SANs
templateobject (WebRA Import Request Template)The user-data that will be added on certificate import
privateKeystring | nullThe PEM-encoded private key associated with the certificate. Mandatory if target profile has escrow enabled, forbidden otherwise
ownerobject | null (Certificate Owner)The owner for this certificate
valuestring | nullThe value of the owner element. This should be a principal identifier
teamobject | null (Certificate Team)The team for this certificate
valuestring | nullThe value of the team element. This should be a team identifier
contactEmailobject | null (Contact email)The contact email for this certificate
valuestring | nullThe contact email
labelsarray of objects | null (Label)The labels for this certificate
Array [
labelstring requiredThe name of the label
valuestring | nullThe value of the label element
]
metadataarray of objects | null (Certificate Metadata)The technical metadata for this certificate
Array [
metadatastring requiredTechnical metadata related to the certificate
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring | nullThe value of the metadata element
]
thirdPartyDataarray of objects | null (ThirdPartyItem)The third party data associated with the certificate
Array [
connectorstring requiredThe third party connector name on which this certificate is synchronized
idstring requiredThe Id of this certificate on the third party
fingerprintstring | nullThe fingerprint of this certificate on the third party
pushDateinteger | nullThe date when the certificate was pushed to this third party
removeDateinteger | nullThe date when the certificate was removed from this third party (in case of revocation)
]
discoveryInfoobject | null (DiscoveryInfo)Information about the discovery of this certificate
campaignstring requiredThe discovery campaign's name
lastDiscoveryDateinteger requiredWhen this certificate was discovered for the last time
identifierstring | nullIdentifier of the user that discovered this certificate
discoveryDataobject (HostDiscoveryData)The host discovery data associated with the certificate (discovery metadata)
ipstring | nullThe certificate's host ip
sourcesarray of string | nullInformation on the type of discovery that discovered this certificate
hostnamesarray of string | nullThe certificate's host hostnames (netscan only)
operatingSystemsarray of string | nullThe certificate's host operating system (localscan only)
pathsarray of string | nullThe path to the certificate on the host machine (localscan only)
usagesarray of string | nullThe path of the configuration files that were used to find the certificates
tlsPortsarray of objects | null (TlsPort)The ports on which the certificate is exposed for https connexion
Array [
portinteger requiredThe number of the port
versionstring requiredProtocol version used
]
dryRunboolean | nullIf true, the request is validated, but will not result in an import
dnstringCertificate's Distinguished Name
requesterstring | nullThe requester's principal identifier
teamstring | nullThe team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them
approverstring | nullThe approver's principal identifier
contactstring | nullThe request's contact email
requesterCommentstring | nullFree-text field editable by the requester to provider more context on the request
approverCommentstring | nullFree-text field editable by the approver to provider more context on the request
expirationDateintegerThe date the request will expire. This is set by the system
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this request
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
globalHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the Horizon database
profileHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile
labelsarray of objects | null (LabelData)The labels set in this request
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
metadataarray of objects | null (Certificate Metadata)The metadata set in this request
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
modulestring requiredThe module that will be used to process this request. For an EST request, this is always est
Valueestworkflowstring requiredWhat this request will do. For an enrollment request, this is always enroll
Valueenroll_idstring (Internal ID) requiredObject internal ID
statusstring (Request Status) requiredThe request status
Enumdeniedapprovedpendingcanceledcompletedprofilestring requiredThe associated profile name
registrationDateinteger requiredThe date the request was created. This is set by the system
lastModificationDateinteger requiredThe date the request was last modified. This is set by the system
removeAtinteger requiredThe date the requested will be deleted. This is set by the system
dnstringThe DN of the challenge
templateobject (EST Enroll Request Template)The user-data that will be used to generate the challenge
subjectarray of objects | null (IndexedDNElement)List of DN elements that will be used to build the certificate's Distinguished Name
Array [
elementstring requiredThe element type and index. Indexes start at 1! Available elements are: cn, e, ou, st, l, o, c, dc, uid, serialNumber, surname, givenName, unstructuredAddress, unstructuredName, organizationIdentifier, uniqueIdentifier, street, description, t
valuestring | nullThe element value
]
sansarray of objects | null (SAN Element)List of SAN elements that will be used to build the certificate's Subject Alternative Name
Array [
typestring | null requiredSAN type
EnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDvaluearray of string | nullSAN value
]
extensionsarray of objects | null (Certificate Extension)Information about the certificate's extensions and how to edit them
Array [
typestring requiredThe type of the extension element
Enumms_sidms_templatevaluestring | nullThe value of the extension element
]
labelsarray of objects | null (Label)List of labels used internally to tag and group certificates
Array [
labelstring requiredThe name of the label
valuestring | nullThe value of the label element
]
contactEmailobject | null (Contact email)Information about the certificate's contact email and how to edit it
valuestring | nullThe contact email
ownerobject | null (Certificate Owner)Information about the certificate's owner and how to edit it
valuestring | nullThe value of the owner element. This should be a principal identifier
teamobject | null (Certificate Team)Information about the certificate's team and how to edit it
valuestring | nullThe value of the team element. This should be a team identifier
passwordobject | null (SecretString)The password of the challenge.
valuestring | nullValue of the secret that will be passed to Horizon
requesterstring | nullThe requester's principal identifier
teamstring | nullThe team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them
approverstring | nullThe approver's principal identifier
contactstring | nullThe request's contact email
requesterCommentstring | nullFree-text field editable by the requester to provider more context on the request
approverCommentstring | nullFree-text field editable by the approver to provider more context on the request
expirationDateintegerThe date the request will expire. This is set by the system
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this request
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
holderIdstring (Holder ID)The computed holderID for this request. This is set by the system based on DN and SANs
globalHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the Horizon database
profileHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile
labelsarray of objects | null (LabelData)The labels set in this request
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
metadataarray of objects | null (Certificate Metadata)The metadata set in this request
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
dryRunboolean | nullIf true, the request is validated, but will not result in an enrollment
modulestring requiredThe module that will be used to process this request. For a SCEP request, this is always scep
Valuescepworkflowstring requiredWhat this request will do. For an enrollment request, this is always enroll
Valueenroll_idstring (Internal ID) requiredObject internal ID
statusstring (Request Status) requiredThe request status
Enumdeniedapprovedpendingcanceledcompletedprofilestring requiredThe associated profile name
registrationDateinteger requiredThe date the request was created. This is set by the system
lastModificationDateinteger requiredThe date the request was last modified. This is set by the system
removeAtinteger requiredThe date the requested will be deleted. This is set by the system
dnstringThe DN of the challenge
templateobject (SCEP Enroll Request Template)The user-data that will be used to generate the certificate
subjectarray of objects | null (IndexedDNElement)List of DN elements that will be used to build the certificate's Distinguished Name
Array [
elementstring requiredThe element type and index. Indexes start at 1! Available elements are: cn, e, ou, st, l, o, c, dc, uid, serialNumber, surname, givenName, unstructuredAddress, unstructuredName, organizationIdentifier, uniqueIdentifier, street, description, t
valuestring | nullThe element value
]
sansarray of objects | null (SAN Element)List of SAN elements that will be used to build the certificate's Subject Alternative Name
Array [
typestring | null requiredSAN type
EnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDvaluearray of string | nullSAN value
]
extensionsarray of objects | null (Certificate Extension)Information about the certificate's extensions and how to edit them
Array [
typestring requiredThe type of the extension element
Enumms_sidms_templatevaluestring | nullThe value of the extension element
]
labelsarray of objects | null (Label)List of labels used internally to tag and group certificates
Array [
labelstring requiredThe name of the label
valuestring | nullThe value of the label element
]
contactEmailobject | null (Contact email)Information about the certificate's contact email and how to edit it
valuestring | nullThe contact email
ownerobject | null (Certificate Owner)Information about the certificate's owner and how to edit it
valuestring | nullThe value of the owner element. This should be a principal identifier
teamobject | null (Certificate Team)Information about the certificate's team and how to edit it
valuestring | nullThe value of the team element. This should be a team identifier
passwordobject | null (SecretString)The password of the challenge. Must be set if password mode is manual
valuestring | nullValue of the secret that will be passed to Horizon
requesterstring | nullThe requester's principal identifier
teamstring | nullThe team that will be assigned to this certificate. Teams are used to link certificates to people and to assign permissions to them
approverstring | nullThe approver's principal identifier
contactstring | nullThe request's contact email
requesterCommentstring | nullFree-text field editable by the requester to provider more context on the request
approverCommentstring | nullFree-text field editable by the approver to provider more context on the request
expirationDateintegerThe date the request will expire. This is set by the system
triggerResultsarray of objects | null (TriggerResult)The result of the execution of triggers on this request
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
holderIdstring (Holder ID)The computed holderID for this request. This is set by the system based on DN and SANs
globalHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the Horizon database
profileHolderIdCountinteger | nullThe number of certificates that are currently valid and have the same DN and SANs in the same enrollment profile
labelsarray of objects | null (LabelData)The labels set in this request
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
metadataarray of objects | null (Certificate Metadata)The metadata set in this request
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
dryRunboolean | nullIf true, the request is validated, but will not result in an enrollment
-
400 Invalid request
application/problem+jsonerrorstring requiredThe error code of the problem
ValueCERT-TEAM-001messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Team Elementtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Team Elementdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueCERT-ELEM-001messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Certificate Elementtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Certificate Elementdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueREQ-002messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueREQ-004messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Request statustitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Request statusdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueREQ-005messagestring requiredA short, human-readable summary of the problem type
ValueExpired Requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueExpired Requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-007messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Identity Providertitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Identity Providerdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-008messagestring requiredA short, human-readable summary of the problem type
ValueInvalid redirect pathtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid redirect pathdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-010messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Jwt Tokentitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Jwt Tokendetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueEST-ENROLL-001messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Authorization Mode as DN whitelisting is not enabled on profiletitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Authorization Mode as DN whitelisting is not enabled on profiledetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueEST-ENROLL-002messagestring requiredA short, human-readable summary of the problem type
ValueDN is required as DN whitelisting is enabled on EST profiletitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueDN is required as DN whitelisting is enabled on EST profiledetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueEST-ENROLL-003messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Distinguished Nametitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Distinguished Namedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueEST-ENROLL-004messagestring requiredA short, human-readable summary of the problem type
ValueInvalid EST Enroll Requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid EST Enroll Requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueEST-ENROLL-005messagestring requiredA short, human-readable summary of the problem type
ValueInvalid EST Profiletitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid EST Profiledetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSCEP-ENROLL-001messagestring requiredA short, human-readable summary of the problem type
ValueSCEP pre-validation is not enabled on SCEP profiletitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueSCEP pre-validation is not enabled on SCEP profiledetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSCEP-ENROLL-002messagestring requiredA short, human-readable summary of the problem type
ValueDN is required as DN whitelisting is enabled on SCEP profiletitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueDN is required as DN whitelisting is enabled on SCEP profiledetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSCEP-ENROLL-003messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Distinguished Nametitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Distinguished Namedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSCEP-ENROLL-004messagestring requiredA short, human-readable summary of the problem type
ValueInvalid SCEP Enroll Requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid SCEP Enroll Requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSCEP-ENROLL-005messagestring requiredA short, human-readable summary of the problem type
ValueInvalid SCEP Profiletitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid SCEP Profiledetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-001messagestring requiredA short, human-readable summary of the problem type
ValueInvalid enrollment modetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid enrollment modedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-002messagestring requiredA short, human-readable summary of the problem type
ValueInvalid key typetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid key typedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-003messagestring requiredA short, human-readable summary of the problem type
ValueInvalid certificate requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid certificate requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-004messagestring requiredA short, human-readable summary of the problem type
ValueInvalid subject parameter(s)titlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid subject parameter(s)detailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-005messagestring requiredA short, human-readable summary of the problem type
ValueInvalid subject alternate name parameter(s)titlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid subject alternate name parameter(s)detailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-006messagestring requiredA short, human-readable summary of the problem type
ValueInvalid label parameter(s)titlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid label parameter(s)detailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-009messagestring requiredA short, human-readable summary of the problem type
ValueMissing Web Registration Authority Enrollment Request Template on approved requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueMissing Web Registration Authority Enrollment Request Template on approved requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-012messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Web Registration Authority Enroll Requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Web Registration Authority Enroll Requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-RECOVER-001messagestring requiredA short, human-readable summary of the problem type
ValueNo certificateId specifiedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueNo certificateId specifieddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-RECOVER-002messagestring requiredA short, human-readable summary of the problem type
ValueWeb Registration Authority recovery failedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueWeb Registration Authority recovery faileddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-RECOVER-003messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Web Registration Authority Recover Requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Web Registration Authority Recover Requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-RECOVER-004messagestring requiredA short, human-readable summary of the problem type
ValueCertificate does not existtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate does not existdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-REVOKE-001messagestring requiredA short, human-readable summary of the problem type
ValueNo certificate specifiedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueNo certificate specifieddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-REVOKE-003messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Web Registration Authority revocation requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Web Registration Authority revocation requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-REVOKE-004messagestring requiredA short, human-readable summary of the problem type
ValueCertificate does not existtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate does not existdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-REVOKE-005messagestring requiredA short, human-readable summary of the problem type
ValueInvalid certificatetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid certificatedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-REVOKE-006messagestring requiredA short, human-readable summary of the problem type
ValueMissing Web Registration Authority Revoke Request Templatetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueMissing Web Registration Authority Revoke Request Templatedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-MIGRATE-001messagestring requiredA short, human-readable summary of the problem type
ValueNo certificate specifiedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueNo certificate specifieddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-MIGRATE-007messagestring requiredA short, human-readable summary of the problem type
ValueInvalid migration profiletitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid migration profiledetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-RENEW-001messagestring requiredA short, human-readable summary of the problem type
ValueInvalid requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-RENEW-003messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Web Registration Authority Profiletitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Web Registration Authority Profiledetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-RENEW-004messagestring requiredA short, human-readable summary of the problem type
ValueRenewal not enabled on Web Registration Authority Profiletitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueRenewal not enabled on Web Registration Authority Profiledetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-RENEW-005messagestring requiredA short, human-readable summary of the problem type
ValueCertificate not in its renewal periodtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate not in its renewal perioddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-RENEW-006messagestring requiredA short, human-readable summary of the problem type
ValueCertificate status does not allow renewaltitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate status does not allow renewaldetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-IMPORT-001messagestring requiredA short, human-readable summary of the problem type
ValueInvalid requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-IMPORT-003messagestring requiredA short, human-readable summary of the problem type
ValueCertificate key is already escrowedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate key is already escroweddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-IMPORT-004messagestring requiredA short, human-readable summary of the problem type
ValueImport request does not contain certificatetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueImport request does not contain certificatedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
401 Unauthorized request
application/problem+jsonerrorstring requiredThe error code of the problem
ValueSEC-AUTH-002messagestring requiredA short, human-readable summary of the problem type
ValueInvalid credentials or principal does not existtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid credentials or principal does not existdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-009messagestring requiredA short, human-readable summary of the problem type
ValuePrincipal not authenticated or authentication expiredtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValuePrincipal not authenticated or authentication expireddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
403 Forbidden action
application/problem+jsonerrorstring requiredThe error code of the problem
ValueSEC-PERM-001messagestring requiredA short, human-readable summary of the problem type
ValueInsufficient privilegestitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInsufficient privilegesdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-003messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is not trustedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is not trusteddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-004messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is expiredtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is expireddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-005messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is revokedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is revokeddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-006messagestring requiredA short, human-readable summary of the problem type
ValuePrincipal not authenticatedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValuePrincipal not authenticateddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueLIC-002messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Licensetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Licensedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueLIC-003messagestring requiredA short, human-readable summary of the problem type
ValueMaximum number of holders reachedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueMaximum number of holders reacheddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueLIC-004messagestring requiredA short, human-readable summary of the problem type
ValueExpired Licensetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueExpired Licensedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
404 Not found
application/problem+jsonerrorstring requiredThe error code of the problem
ValueREQ-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected Errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected Errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueREQ-003messagestring requiredA short, human-readable summary of the problem type
ValueRequest not foundtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueRequest not founddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueREQ-009messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Certificatetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Certificatedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueREQ-010messagestring requiredA short, human-readable summary of the problem type
ValueProfile does not exist or is disabledtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueProfile does not exist or is disableddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
500 Internal server error
application/problem+jsonerrorstring requiredThe error code of the problem
ValueREQ-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected Errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected Errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueREQ-003messagestring requiredA short, human-readable summary of the problem type
ValueRequest not foundtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueRequest not founddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueREQ-010messagestring requiredA short, human-readable summary of the problem type
ValueProfile does not exist or is disabledtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueProfile does not exist or is disableddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueEST-ENROLL-006messagestring requiredA short, human-readable summary of the problem type
ValueMissing profile EST Enrollment Request Templatetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueMissing profile EST Enrollment Request Templatedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueEST-ENROLL-007messagestring requiredA short, human-readable summary of the problem type
ValueMissing approved EST Enrollment Request Templatetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueMissing approved EST Enrollment Request Templatedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueEST-ENROLL-008messagestring requiredA short, human-readable summary of the problem type
ValueMissing pending EST Enrollment Request Templatetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueMissing pending EST Enrollment Request Templatedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueEST-ENROLL-009messagestring requiredA short, human-readable summary of the problem type
ValueUnable to validate pending request. The EST profile was modified and the request can only be canceled or deniedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnable to validate pending request. The EST profile was modified and the request can only be canceled or denieddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSCEP-ENROLL-006messagestring requiredA short, human-readable summary of the problem type
ValueMissing profile SCEP Enrollment Request Templatetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueMissing profile SCEP Enrollment Request Templatedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSCEP-ENROLL-007messagestring requiredA short, human-readable summary of the problem type
ValueMissing approved SCEP Enrollment Request Templatetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueMissing approved SCEP Enrollment Request Templatedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSCEP-ENROLL-008messagestring requiredA short, human-readable summary of the problem type
ValueMissing pending SCEP Enrollment Request Templatetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueMissing pending SCEP Enrollment Request Templatedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSCEP-ENROLL-009messagestring requiredA short, human-readable summary of the problem type
ValueUnable to validate pending request. The EST profile was modified and the request can only be canceled or deniedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnable to validate pending request. The EST profile was modified and the request can only be canceled or denieddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-007messagestring requiredA short, human-readable summary of the problem type
ValueMissing Web Registration Authority Enrollment Request Template on profiletitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueMissing Web Registration Authority Enrollment Request Template on profiledetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-008messagestring requiredA short, human-readable summary of the problem type
ValueMissing Web Registration Authority Enrollment Request Template on pending requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueMissing Web Registration Authority Enrollment Request Template on pending requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-010messagestring requiredA short, human-readable summary of the problem type
ValueUnable to validate pending enroll request. The Web Registration Authority profile was modified and the request can only be canceled or deniedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnable to validate pending enroll request. The Web Registration Authority profile was modified and the request can only be canceled or denieddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-011messagestring requiredA short, human-readable summary of the problem type
ValueWeb Registration Authority enrollment failedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueWeb Registration Authority enrollment faileddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-012messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Web Registration Authority Enroll Requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Web Registration Authority Enroll Requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-013messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Web Registration Authority Profiletitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Web Registration Authority Profiledetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-ENROLL-014messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Web Registration Authoritytitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Web Registration Authoritydetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-RECOVER-002messagestring requiredA short, human-readable summary of the problem type
ValueWeb Registration Authority recovery failedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueWeb Registration Authority recovery faileddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-REVOKE-002messagestring requiredA short, human-readable summary of the problem type
ValueWeb Registration Authority revocation failedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueWeb Registration Authority revocation faileddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-MIGRATE-005messagestring requiredA short, human-readable summary of the problem type
ValueMissing Web Registration Authority Migrate Request Template on submitted requesttitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueMissing Web Registration Authority Migrate Request Template on submitted requestdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueWEBRA-RENEW-002messagestring requiredA short, human-readable summary of the problem type
ValueWeb Registration Authority renewal failedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueWeb Registration Authority renewal faileddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807