addInternalCACertificate
The addInternalCACertificate operation handles configuration related to InternalCACertificate model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| name | True | string | A mandatory UTF string containing the name for the certificate. The string can be up to 128 characters. The name is used in the configuration as an object name only, it is not part of the certificate itself. | |||
| cert | False | string | PEM formatted X.509v3 certificate. | |||
| privateKey | False | string | PEM formatted private key. Only unencrypted keys are supported. | |||
| passPhrase | False | string | Password used for encrypted private key. Encrypted keys are not supported yet. | |||
| issuerCommonName | False | string | Common Name, typically product name/brand, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerCountry | False | string | An ISO3166 two character country code of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerLocality | False | string | Locality, city name, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerOrganization | False | string | Organization, company name, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerOrganizationUnit | False | string | The Organization Unit, division or unit, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerState | False | string | State or the province of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectCommonName | False | string | An Unicode alphanumeric string containing the Common Name, typically product name/brand, of the entity (subject) being certified or authenticated in the given certificate. This is mandatory input value for Self-Signed certificate and extracted from an uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectCountry | False | string | An ISO3166 two character country code of the Authority (issuer) that signed and issued the certificate. This is mandatory input value for Self-Signed certificate and extracted from an uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectDistinguishedName | False | string | A DN (Distinguished Name) defining the entity (subject) being certified or authenticated in the given certificate. For a root certificate the issuer and subject will be the same DN. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectLocality | False | string | An Unicode alphanumeric string containing the locality, city name, of the entity (subject) being certified or authenticated in the given certificate. This is mandatory input value for self-signed certificate and extracted from an uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectOrganization | False | string | An Unicode alphanumeric string containing the organization, company name, of the entity (subject) being certified or authenticated in the given certificate. This is mandatory input value for Self-Signed certificate and extracted from an uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectOrganizationUnit | False | string | An Unicode alphanumeric string containing the Organization Unit, division or unit, of the entity (subject) being certified or authenticated in the given certificate. This is mandatory input value for Self-Signed certificate and extracted from an uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectState | False | string | An Unicode alphanumeric string containing the state or the province of the entity (subject) being certified or authenticated in the given certificate. This is mandatory input value for Self-Signed certificate and extracted from an uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| validityStartDate | False | string | Certificate validity start date in "MMM dd HH:mm:ss yyyy z" format. This is READ ONLY value, defaulted to current date and time in GMT zone at the self-sign certification generation. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| validityEndDate | False | string | Certificate validity end date in "MMM dd HH:mm:ss yyyy z", format. This field is optional for a new self-signed certificate. A future date can be provided in "MMM dd HH:mm:ss yyyy VV" format. Note VV represents the time-zone ID in IANA Time Zone Database (TZDB). Date will be converted to GMT zone before calculating certificate validity duration. If no value is provided, self-signed certificate will be generated with default validity duration of 825 days. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| validationUsage | False | [object] | ||||
| isSystemDefined | False | boolean | A boolean value, TRUE and FALSE (the default). The TRUE value indicates that certificate is created by system and cannot be deleted. FALSE indicates that the certificate can be deleted. | |||
| keyType | False | string | A enum which can take values either RSA, ECDSA, EdDSA. Default will be RSA Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| keySize | False | integer | Values depend on key type. For RSA available key sizes are 1024, 2048, 3072, 4096. For ECDSA 256, 384, 521. For EdDSA 256 | |||
| allowWeakCert | False | boolean | This is used for the case where customer is using a weak Key size and Key type, however he needs to upload the internal cert. Defaults to false. | |||
| signatureHashType | False | string | ||||
| certType | False | string | An mandatory enum value that specifies the type of internal certificate. Values can be one of the following. UPLOAD - Certificate is already defined and certificate and private string will be uploaded. SELFSIGNED - Generate an internal certificate using the provided values. |
|||
| weakCertificate | False | boolean | ||||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||
Example
- name: Execute 'addInternalCACertificate' operation
ftd_configuration:
operation: "addInternalCACertificate"
data:
name: "{{ name }}"
cert: "{{ cert }}"
privateKey: "{{ private_key }}"
passPhrase: "{{ pass_phrase }}"
issuerCommonName: "{{ issuer_common_name }}"
issuerCountry: "{{ issuer_country }}"
issuerLocality: "{{ issuer_locality }}"
issuerOrganization: "{{ issuer_organization }}"
issuerOrganizationUnit: "{{ issuer_organization_unit }}"
issuerState: "{{ issuer_state }}"
subjectCommonName: "{{ subject_common_name }}"
subjectCountry: "{{ subject_country }}"
subjectDistinguishedName: "{{ subject_distinguished_name }}"
subjectLocality: "{{ subject_locality }}"
subjectOrganization: "{{ subject_organization }}"
subjectOrganizationUnit: "{{ subject_organization_unit }}"
subjectState: "{{ subject_state }}"
validityStartDate: "{{ validity_start_date }}"
validityEndDate: "{{ validity_end_date }}"
validationUsage: "{{ validation_usage }}"
isSystemDefined: "{{ is_system_defined }}"
keyType: "{{ key_type }}"
keySize: "{{ key_size }}"
allowWeakCert: "{{ allow_weak_cert }}"
signatureHashType: "{{ signature_hash_type }}"
certType: "{{ cert_type }}"
weakCertificate: "{{ weak_certificate }}"
type: "{{ type }}"