When requesting a certificate using DigiCert ONE® IoT Device Manager, you can use the subject directory attributes (SDA) certificate extension to store information supplemental to the certificate’s standard fields and extensions. To use the SDA extension, create a JSON-formatted object describing the attributes and information you want to store. You must include this JSON object as part of your certificate request.
To store data in the SDA extension, you must request a certificate using an enrollment profile that supports subject directory attributes. This enrollment profile must use a certificate profile created with a template that includes the subject directory field. To get a certificate template that supports the SDA extension, contact your DigiCert ONE account representative.
The SDA JSON object contains a sequence of elements, where each element describes a non-standard attribute you want to add to the certificate. There is no limit to the number of elements this sequence can contain.
Each element in the SDA JSON object requires these two fields:
type
– Data type of the content in the corresponding value
field.type
corresponds with an ASN.1 type under the DER serialization format. Case-sensitive.value
– Value of the element. Must match the defined type
for the element.The structure of the SDA JSON object is the same for both REST API and UI console requests.
certificate_profile_attributes
section of the Request certificate payload.id
is extensions.subject_directory
.value
is the SDA data, formatted as a JSON string.{
"certificate_profile_attributes": [
...
{
"id": "extensions.subject_directory",
"value": "{\"type\": \"SEQUENCE\", \"value\": [{\"type\": \"SEQUENCE\", \"value\": [{\"type\": \"OBJECT_IDENTIFIER\", \"value\": \"1.3.6.1.4.1.51552.9.1\"}, {\"type\": \"SET\", \"value\": [{\"type\": \"INTEGER\", \"value\": \"614\"},{\"type\": \"INTEGER\", \"value\": \"202\"}]}]}]}"
}
...
],
...
}
{
"type": "SEQUENCE",
"value": [
{
"type": "SEQUENCE",
"value": [
{
"type": "OBJECT_IDENTIFIER",
"value": "1.3.6.1.4.1.51552.9.1"
},
{
"type": "SET",
"value": [
{
"type": "INTEGER",
"value": "202"
}
]
}
]
}, {
"type": "SEQUENCE",
"value": [
{
"type": "OBJECT_IDENTIFIER",
"value": "1.3.6.1.4.1.51552.92.5"
},
{
"type": "BOOLEAN",
"value": true
},
{
"type": "STRING",
"value": "Example string"
}
]
}
]
}
Name | Type | Req/Opt | Description |
---|---|---|---|
type | string | required |
Data type of the content in the corresponding value field.Note: The type value for the top-level object should be SEQUENCE (case-sensitive).
|
value | array | required | Ordered list of objects. Each object contains a sequence with details about a specific attribute. Include as many elements as needed. |
.. type | string | required |
Data type of the content in the value field.Note: The type value for each element in the top-level sequence should also be SEQUENCE (case sensitive).
|
.. value | array | required |
Ordered list of objects that describe the SDA data structure and information to store for the attribute.
|
.. .. type | string | required |
Data type of the content in the corresponding value field. Allowed values: See the SDA data types table below. Each allowed value corresponds with an ASN.1 type under the DER serialization format. Case-sensitive. |
.. .. value |
Set by type value
|
required | Value to store in the SDA. |
Type | ASN.1 Type | Description |
---|---|---|
SEQUENCE | DERSequence | Ordered collection of one or more elements. |
SET | DERSet | Unordered collection of one or more elements. |
OBJECT_IDENTIFIER | DERObjectIdentifier | String of positive integers, separated by dots, that identifies an object. |
STRING | DERUTF8String | UTF-8 encoded string. |
INTEGER | DERInteger | Positive or negative integer. |
BOOLEAN | DERBoolean |
Boolean value (true or false ).
|