Use this endpoint to assign an authentication certificate to an enrollment profile.
You can only assign an authentication certificate to an enrollment profile that uses the EST, SCEP, or CMPv2 enrollment methods.
curl -X POST 'https://one.digicert.com/iot/api/v1/enrollment-profile/{{enrollment_profile_id}}/authentication-certificate' \
-H 'x-api-key: {{api_key}}' \
-H 'Content-Type: application/json' \
--data-raw '{
"pem": {{auth_cert_pem}},
"start_date": "2020-01-01",
"end_date": "2021-01-01",
"registered_values": [
{
"certificate_field": "subject.common_name",
"matcher": "equals",
"value": "common name registered value"
},
{
"certificate_field": "subject.organization_unit",
"matcher": "equals",
"value": ["Unit 1", "Unit 2"]
}
]
}'
{
"id": "a876d305-713c-4f0e-93c1-855a518f885e",
"certificate": {
"id": "0dd83c6a-63c2-4d52-acc9-7140e0fb0332",
"name": "AuthCert-001"
},
"enrollment_profile": {
"id": "IOT_c1ac3d12-c2cb-46f0-808e-d0110c280c77",
"name": "EST"
},
"start_date": "2020-01-01",
"end_date": "2021-01-01",
"usage_limit": 100,
"registered_values": [
{
"certificate_field": "subject.common_name",
"matcher": "equals",
"value": "common name registered value",
"multiple": false
},
{
"certificate_field": "subject.organization_unit",
"matcher": "equals",
"value": [
"Unit 1",
"Unit 2"
],
"multiple": true
}
],
"number_of_usage": 0,
"status": "ACTIVE",
"created_at": "2020-09-29T12:05:37.519512Z",
"pem": {{auth_cert_pem}},
"certificate_expires_on": "2021-03-03T10:19:17Z",
"certificate_serial_number": "57db86ca2713c7060aa43971ef32f598c1521c56",
"certificate_issuer_common_name": "IoT Predemo Company Issuing CA",
"certificate_thumbprint": "f99a9e95b9b7c40b985b36ea7a444801ed177ad5bd9aa4464f53694df2b98143",
"certificate_organization": "DigiCert",
"certificate_organization_units": []
}
Name | Description |
---|---|
enrollment_profile_id | ID of the enrollment profile to assign the authentication certificate. |
Name | Req/Opt | Type | Description |
---|---|---|---|
pem | required | string | Certificate body of the authentication certificate, in PEM format. |
start_date | optional | string |
Start date for the period of time during which the enrollment profile can use the authentication certificate. Format: YYYY-MM-DD Can be earlier than the certificate’s “valid from” date. If not provided, there is no start date limitation. |
end_date | optional | string |
End date for the period of time during which the enrollment profile can use the authentication certificate. Format: YYYY-MM-DD Can be later than the certificate’s “valid to” date. If not provided, there is no end date limitation. |
usage_limit | optional | int |
Number of times the authentication certificate can be used. If not provided, the authentication certificate does not have a usage limit. |
registered_values | optional | object |
List of objects with details about the certificate fields to validate when using this authentication certificate. If you don't need to validate certificate fields for this authentication certificate, omit the registered_values object from your request.
|
.. certificate_field | required | string |
Name of a certificate field to validate when using this authentication certificate. Allowed values: See Certificate fields that support registered values. |
.. matcher | optional | string |
Operator to use when comparing the value of the certificate field to the registered value. Allowed values: equals
|
.. value | required | string/array |
A value or list of values to compare with the value of the chosen certificate_field .Use a string to validate certificate fields that contain a string. Use an array to validate certificate fields that contain an array. |
Name | Type | Description |
---|---|---|
id | string | Authentication certificate ID. |
certificate | object | Object with information about the certificate. |
.. id | string | Certificate ID. |
.. name | string | Certificate common name. |
enrollment_profile | object | Object with enrollment profile details. |
.. id | string | Enrollment profile ID. |
.. name | string | Enrollment profile name. |
number_of_usage | int | Number of times the authentication certificate has been used. |
usage_limit | int | Number of times the authentication certificate can be used for enrollment. |
start_date | string |
Start date for the period of time during which the enrollment profile can use the authentication certificate. Format: YYYY-MM-DD
|
end_date | string |
End date for the period of time during which the enrollment profile can use the authentication certificate. Format: YYYY-MM-DD
|
status | string |
Authentication certificate status. Possible values: ACTIVE , DISABLED , or DELETED . Newly assigned authentication certificates are expected to have a status of ACTIVE .
|
created_at | string | Date and time (UTC) the authentication certificate was assigned. |
pem | object | Certificate body, in PEM format. |
certificate_expires_on | string | Date and time the certificate expires. |
certificate_serial_number | string | Certificate serial number. |
certificate_issuer_common_name | string | Common name of the certificate issuer. |
certificate_thumbprint | string | Thumbprint of the certificate. |
certificate_organization | string | Organization associated with the certificate. |
certificate_organization_units | array | List of organization units associated with the certificate. |
registered_values | object |
List of objects with details about the certificate fields that are validated when using this authentication certificate. Only returned for requests that include the registered_values request parameter.
|
.. certificate_field | string |
Name of a certificate field that is validated when using this passcode. Possible values: See Certificate fields that support registered values. |
.. matcher | string |
Operator used when comparing the value of the certificate field to the registered values. Possible values: equals
|
.. value | string/array |
The value or list of values that are compared with the value of the chosen certificate_field .
|
.. multiple | bool |
Returns true when the data type of the certificate field is an array. Otherwise, false .
|
Field | Type |
---|---|
subject.common_name | string |
subject.organization_name | string |
subject.organization_unit | array |
subject.country | string |
subject.state | string |
subject.locality | string |
subject.street_address | array |
subject.postal_code | string |
subject.email | string |
challenge_password | string |