ADM NITRO APIs

certificate_policy

Configuration for Venafi certificate policy resource.

Properties

(click to see Operations )

Name Data Type Permissions Description
wildcards_allowed Read-write Indicates if wild cards is allowed.
state Read-write State.
management_type Read-write Management Type.
is_ca_locked Read-write Indicates if the CA value is locked in the policy.
is_city_locked Read-write Indicates if the city value is locked.
policy Read-write Policy folder path which determines the certificate attributes..
keypair_algorithm Read-write Algorithm for generating the key. Possible values: ECC, RSA.
key_generation Read-write Key generation value.
subjaltname_ip_allowed Read-write Indicates if IP subject alternative names allowed.
org Read-write Organization.
name Read-write Name of the Venafi server configured..
is_key_value_locked Read-write Indicates if the algorithm property value is locked in the policy.
subjaltname_upn_allowed Read-write Indicates if UPN subject alternative names allowed.
org_unit <String[]> Read-write Organization Unit.
subjaltname_uri_allowed Read-write Indicates if URI subject alternative names allowed.
key_value Read-write Key strength if algorithm is RSA. EllipticCurve ,if the algorithm is ECC .
is_key_generation_locked Read-write Indicates if the key generation value is locked in the policy.
tp_renewal_locked Read-write Indicates if TpRenewal is locked.
is_org_locked Read-write Indicates if the organization value is locked.
is_org_unit_locked Read-write Indicates if the organization unit value is locked.
subjaltname_email_allowed Read-write Indicates if Email subject alternative names allowed.
tp_renewal Read-write set to True, if automatic renewal is enabled in Venafi.
is_keypair_algorithm_locked Read-write Indicates if the key pair algorithm value is locked in the policy.
city Read-write city.
is_state_locked Read-write Indicates if the state value is locked.
is_csr_generation_locked Read-write Indicates if the CsrGeneration value is locked in the policy.
country Read-write country.
subjaltname_dns_allowed Read-write Indicates if DNS subject alternative names allowed.
is_management_type_locked Read-write Indicates if management type is locked.
ca Read-write Certificate Authority.
csr_generation Read-write CSR generation.Possible values: ServiceGenerated, UserGenerated.
is_country_locked Read-write Indicates if the country value is locked.

Operations

(click to see Properties )

  • GET (ALL)

Some options that you can use for each operations:

  • Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the 'warning' query parameter as 'yes'. For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:

    http:// <netscaler-ip-address> /nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code '209 X-NITRO-WARNING'.

  • Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER: <username>

    X-NITRO-PASS: <password>

    Note: In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

*Note: * Mandatory parameters are marked in red and placeholder content is marked in green

The following parameters can be used in the nitro request : onerror <String_value>

Use this parameter to set the onerror status for nitro request. Applicable only for bulk requests.

Default value: EXIT

Possible values = EXIT, CONTINUE

get (all)

URL: https://<MGMT-IP>/nitro/v2/config/certificate_policy Query-parameters:

filter https://<MGMT-IP>/nitro/v2/config/certificate_policy ?filter=property-name1:property-value1,property-name2:property-value2 Use this query-parameter to get the filtered set of certificate_policy resources configured on the system. You can set a filter on any property of the resource.

pagesize=#no;pageno=#no https://<MGMT-IP>/nitro/v2/config/certificate_policy ?pagesize=#no;pageno=#no Use this query-parameter to get the certificate_policy resources in chunks.

count https://<MGMT-IP>/nitro/v2/config/certificate_policy ?count=yes Use this query-parameter to get the count of certificate_policy resources.

HTTPS Method: GET

Request Headers: Accept: application/json

X-NITRO-USER:username_value<String>

X-NITRO-PASS:password_value<String>

or

Cookie:NITRO_AUTH_TOKEN=token_value<String>

Response: HTTPS Status Code on Success: 200 OK HTTPS Status Code on Failure: 4xx (for general HTTPS errors) or 5xx (for NetScaler-MAS-specific errors). The response payload provides details of the error

Response Headers:

Content-Type:application/json

Response Payload:

{ "errorcode": 0, "message": "Done", "severity": ;ltString_value;gt, "certificate_policy":[{
"wildcards_allowed":<Boolean_value>,
"state":<String_value>,
"management_type":<String_value>,
"is_ca_locked":<Boolean_value>,
"is_city_locked":<Boolean_value>,
"policy":<String_value>,
"keypair_algorithm":<String_value>,
"key_generation":<String_value>,
"subjaltname_ip_allowed":<Boolean_value>,
"org":<String_value>,
"name":<String_value>,
"is_key_value_locked":<Boolean_value>,
"subjaltname_upn_allowed":<Boolean_value>,
"org_unit":<String_value>,
"subjaltname_uri_allowed":<Boolean_value>,
"key_value":<String_value>,
"is_key_generation_locked":<Boolean_value>,
"tp_renewal_locked":<Boolean_value>,
"is_org_locked":<Boolean_value>,
"is_org_unit_locked":<Boolean_value>,
"subjaltname_email_allowed":<Boolean_value>,
"tp_renewal":<Boolean_value>,
"is_keypair_algorithm_locked":<Boolean_value>,
"city":<String_value>,
"is_state_locked":<Boolean_value>,
"is_csr_generation_locked":<Boolean_value>,
"country":<String_value>,
"subjaltname_dns_allowed":<Boolean_value>,
"is_management_type_locked":<Boolean_value>,
"ca":<String_value>,
"csr_generation":<String_value>,
"is_country_locked":<Boolean_value>}]}

<!--NeedCopy-->
certificate_policy