End-Entity Interface#

URL: /ca/ee/ca/profileList

General Enrollment/Renewal#

Profile ID

Profile Name

Description

caUs erCert

Manual User Dual-Use Certificate Enrollment

This certificate profile is for enrolling user certificates.

` caUserSMIMEcapCert < https://git.fedoraho sted.org/cgit/pki.gi t/tree/base/ca/share d/profiles/ca/caUser SMIMEcapCert.cfg>`__

Manual User Dual-Use S/MIME capabilities Certificate Enrollment

This certificate profile is for enrolling user certificates with S/MIME capabilities extension - OID: 1 .2.840.113549.1.9.15

Ad minCert

Manual Administrator Certificate Enrollment

This certificate profile is for enrolling Administrator’s certificates suitable for use by clients such as browsers.

caSignedLogCer t

Manual Log Signing Certificate Enrollment

This profile is for enrolling audit log signing certificates

ca TPSCert

Manual TPS Server Certificate Enrollment

This certificate profile is for enrolling TPS server certificates.

caServer Cert

Manual Server Certificate Enrollment

This certificate profile is for enrolling server certificates.

caSubsystemCer t

Manual Subsystem Certificate Enrollment

This certificate profile is for enrolling subsystem certificates.

caOthe rCert

Other Certificate Enrollment

This certificate profile is for enrolling other certificates.

` caCACert <https://gi t.fedorahosted.org/c git/pki.git/tree/bas e/ca/shared/profiles /ca/caCACert.cfg>`__

Manual Certificate Manager Signing Certificate Enrollment

This certificate profile is for enrolling Certificate Authority certificates.

caInstallCACer t

Manual Security Domain Certificate Authority Signing Certificate Enrollment

This certificate profile is for enrolling Security Domain Certificate Authority certificates.

caOC SPCert

Manual OCSP Manager Signing Certificate Enrollment

This certificate profile is for enrolling OCSP Manager certificates.

caStorageC ert

Manual Data Recovery Manager Storage Certificate Enrollment

This certificate profile is for enrolling Data Recovery Manager storage certificates.

caTransportCer t

Manual Data Recovery Manager Transport Certificate Enrollment

This certificate profile is for enrolling Data Recovery Manager transport certificates.

caCMCUserC ert

Signed CMC-Authenticated User Certificate Enrollment

This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.

caManualRenewa l

Renewal: Renew certificate to be manually approved by agents

This certificate profile is for renewing certificates to be approved manually by agents.

User Certificate-authenticated Renewal#

Profile ID

Profile Name

Description

caSSLCli entSelfRenewal

Renewal: Self-renew user SSL client certificates

This certificate profile is for renewing SSL client certificates.

Directory-authenticated Enrollment/Renewal#

Profile ID

Profile Name

Description

` caDirBasedDualCert < https://git.fedoraho sted.org/cgit/pki.gi t/tree/base/ca/share d/profiles/ca/caDirB asedDualCert.cfg>`__

Dir ectory-authenticated User Signing & Encryption Certificates Enrollment

This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.

caDirUserC ert

Dir ectory-authenticated User Dual-Use Certificate Enrollment

This certificate profile is for enrolling user certificates with directory-based authentication.

caECDirUserCer t

Dir ectory-authenticated User Dual-Use ECC Certificate Enrollment

This certificate profile is for enrolling user certificates with directory-based authentication.

`caDirUserRenewal

<https://git.fedora

hosted.org/cgit/pki. git/tree/base/ca/sha red/profiles/ca/caDi rUserRenewal.cfg>`__

Renewal: Dir ectory-authenticated User Certificate Self-Renew profile

This certificate profile is for renewing a certificate by serial number by using directory based authentication.

Agent-authenticated Enrollment/Renewal#

Profile ID

Profile Name

Description

caAgentServerCert

Agent-Authenticated Server Certificate Enrollment

This certificate profile is for enrolling server certificates with agent authentication.

` caAgentFileSigning < https://git.fedoraho sted.org/cgit/pki.gi t/tree/base/ca/share d/profiles/ca/caAgen tFileSigning.cfg>`__

Agent-Authenticated File Signing

This certificate profile is for getting file signing certificate with agent authentication.

`DomainController

<https://git.fedora

hosted.org/cgit/pki. git/tree/base/ca/sha red/profiles/ca/Doma inController.cfg>`__

Domain Controller

This profile is for enrolling Domain Controller Certificate

Revocation#

User Certificate Revocation#

URL: /ca/ee/ca/UserRevocation.html

CMC Certificate Revocation#

URL: /ca/ee/ca/CMCRevReq.html

Retrieval#

  • Check Request Status

  • List Certificates

  • Search Certificates

  • Import CA Certificate Chain

  • Import Certificate Revocation List

Agent Interface#

  • List Requests

  • Search for Requests

  • List Certificates

  • Search for Certificates

  • Revoke Certificates

  • Display Revocation List

  • Update Revocation List

  • Update Directory Server

  • OCSP Service

  • Manage Certificate Profiles

  • View Server Statistics

References#