Apple environment template
This template provides control around Environment creation. Any Environment that is created from this template must follow all the rules outlined. Otherwise, certificate creation will fail. To see your template, call POST Codesign/GetTemplate.
-
Type: Code Signing Apple Environment Template
-
Object: AppleSignEnvironmentTemplate
AppleTemplate has these values:
-
AllowUserKeyImport: Applies only to PerUser templates. The setting for key import: true: users can import their own signing keys. false: no key import.
- Description:Appears only if there is a template description.
-
Dn:The Distinguished Name (DN) of the template.
-
Guid: The GUID that uniquely identifies the template.
-
Id: The certificate template identifier.
- KeyUseFlowDN: The Distinguished Name (DN) location of the Code Signing Flow. In VCC, the flow shows required approvals, checks, and actions that enable key usage.
- ObjectNamingPattern: Only appears if PerUser is true. The macros that make the Certificate object unique to the signer's identity. The default is $Sign.Project$\$Sign.Environment$\$Sign.User$.
- PerUser: Only appears if the value is true. The mode that supports multiple cryptographic objects and macros to use for signing. This field determines how objects are created for the Environment.
-
KeyTimeConstraints: An Items array of signing Time Constraints from VCC.
-
ReadOnly: Appears only when the template is does not allow updates, true.
-
Type:This user-defined template originated from the Code Signing Certificate Environment Template.
-
VisibleTo: An Items array of identities that can view the template in VCC. If empty, everyone can see this template. Otherwise, it is a restricted array of identities that can use the template to create new Environments. This is useful to limit exposure to templates pointing at public CAs, as those certificates can be very expensive and may not be required. See Template details.
-
CNPattern: The template for naming certificates. Contains a regular expression that must match the CN of the certificate being imported. If a user attempts to import a certificate that does not match then the import will not be allowed. See Template details.
- CertificateAuthorityDN: CA template settings. The environment template can control this value. See Environment details.
- CertificateSubject: The Common Name field for every certificate that will use this envrionment.
- City: The valid City or Locality (L) field for the certificate Subject DN. The environment template can control this value. See Environment details.
- Country: The Country (C) field for the certificate Subject DN. See Environment details.
- KeyStorageLocation: The location of the private key. Software or HSM. See Template details.
- KeyAlgorithm: Acceptable key algorithms for the certificate. Info: Suggests or locks this value as mandatory. Value: When value originated from the template, the Dirty flag is true. Also includes an Items array of acceptable values.
- Organization: A set of acceptable Organization (O) values from the environment template. See Environment details.
- OrganizationUnit: A set of acceptable OrganizationUnit (OU) values from the environment template. See Environment details.
- State: A set of acceptable State (ST) names. See Environment details.
{ "AppleTemplate":{ "AllowUserKeyImport":true, "Dn":"\\VED\\Code Signing\\Environment Templates\\MyAppleTemplate", "Guid":"{623a4560-e19c-4bc8-be95-41d06acd7739}", "Id":540, "ObjectNamingPattern":"$Sign.Project$\\$Sign.Environment$\\$Sign.User$", "PerUser":true, "Type":"Code Signing Apple Environment Template", "VisibleTo":{ "Items":[ ] }, "CNPattern":{ "Info":1, "Value":{ "Items":[ ] } }, "CertificateAuthorityDN":{ "Info":1, "Value":{ "Items":[ ] } }, "CertificateSubject":{ "Info":1, "Value":{ "Items":[ ] } }, "City":{ "Info":1, "Value":{ "Items":[ ] } }, "Country":{ "Info":1, "Value":{ "Items":[ ] } }, "KeyAlgorithm":{ "Info":1, "Value":{ "Items":[ ] } }, "KeyStorageLocation":{ "Info":1, "Value":{ "Items":[ ] } }, "Organization":{ "Info":1, "Value":{ "Items":[ ] } }, "OrganizationalUnit":{ "Info":1, "Value":{ "Items":[ ] } }, "State":{ "Info":1, "Value":{ "Items":[ ] } } }