Subject directory attributes (SDA)
3 minute read
When requesting a certificate using DigiCert® IoT Trust Manager, you can use the subject directory attributes (SDA) certificate extension to store information supplemental to the certificate’s standard fields and extensions. To use the SDA extension, create a JSON-formatted object describing the attributes and information you want to store. You must include this JSON object as part of your certificate request.
Note
To store data in the SDA extension, you must request a certificate using an enrollment profile that supports subject directory attributes. This enrollment profile must use a certificate profile created with a template that includes the subject directory field. To get a certificate template that supports the SDA extension, contact your DigiCert ONE account representative.SDA JSON object
The SDA JSON object contains a sequence of elements, where each element describes a non-standard attribute you want to add to the certificate. There is no limit to the number of elements this sequence can contain.
- Each element in the top-level sequence contains another sequence of objects.
- The first element in each sub-sequence describes the object identifier (OID) of a supplemental attribute.
- The elements following the OID describe the SDA data structure and the information you want it to contain.
Each element in the SDA JSON object requires these two fields:
type: Data type of the content in the correspondingvaluefield. Allowed values: See the SDA data types table below. Eachtypecorresponds with an ASN.1 type under the DER serialization format. Case-sensitive.value: Value of the element. Must match the definedtypefor the element.
Examples
The structure of the SDA JSON object is the same for both REST API and UI console requests.
- REST API: Submit the JSON data in the
certificate_profile_attributessection of the Request certificate payload.- The
idisextensions.subject_directory. - The
valueis the SDA data, formatted as a JSON string.
- The
- UI console: Submit the JSON object in the Subject directory field of the certificate request form.
{
"certificate_profile_attributes": [
...
{
"id": "extensions.subject_directory",
"value": "{\"type\": \"SEQUENCE\", \"value\": [{\"type\": \"SEQUENCE\", \"value\": [{\"type\": \"OBJECT_IDENTIFIER\", \"value\": \"1.3.6.1.4.1.51552.9.1\"}, {\"type\": \"SET\", \"value\": [{\"type\": \"INTEGER\", \"value\": \"614\"},{\"type\": \"INTEGER\", \"value\": \"202\"}]}]}]}"
}
...
],
...
}{
"type": "SEQUENCE",
"value": [
{
"type": "SEQUENCE",
"value": [
{
"type": "OBJECT_IDENTIFIER",
"value": "1.3.6.1.4.1.51552.9.1"
},
{
"type": "SET",
"value": [
{
"type": "INTEGER",
"value": "202"
}
]
}
]
}, {
"type": "SEQUENCE",
"value": [
{
"type": "OBJECT_IDENTIFIER",
"value": "1.3.6.1.4.1.51552.92.5"
},
{
"type": "BOOLEAN",
"value": true
},
{
"type": "STRING",
"value": "Example string"
}
]
}
]
}Properties
| Name | Type | Req/Opt | Description |
|---|---|---|---|
| type | string | required | Data type of the content in the corresponding value field.Note: The type value for the top-level object should be SEQUENCE (case-sensitive). |
| value | array | required | Ordered list of objects. Each object contains a sequence with details about a specific attribute. Include as many elements as needed. |
| .. type | string | required | Data type of the content in the value field.Note: The type value for each element in the top-level sequence should also be SEQUENCE (case sensitive). |
| .. value | array | required | Ordered list of objects that describe the SDA data structure and information to store for the attribute. |
| .. .. type | string | required | Data type of the content in the corresponding value field.Allowed values: See the SDA data types table below. Each allowed value corresponds with an ASN.1 type under the DER serialization format. Case-sensitive. |
| .. .. value | Set by type value | required | Value to store in the SDA. |
SDA data types
| Type | ASN.1 Type | Description |
|---|---|---|
| SEQUENCE | DERSequence | Ordered collection of one or more elements. |
| SET | DERSet | Unordered collection of one or more elements. |
| OBJECT_IDENTIFIER | DERObjectIdentifier | String of positive integers, separated by dots, that identifies an object. |
| STRING | DERUTF8String | UTF-8 encoded string. |
| INTEGER | DERInteger | Positive or negative integer. |
| BOOLEAN | DERBoolean | Boolean value (true or false). |
Was this page helpful?
Provide feedback