HashiCorpVault PKI application object

Defines attributes that allow the HashiCorp Vault to act as a subordinate Certificate Authority (sub CA). You can only create this appliction object via API calls. For more information, see Web SDK methods for the HashiCorp Vault PKI

Class Name: HashiCorp Vault PKI
Inheritance: Parent class—Application Base

Group attributes
Attribute	Description
Create Certificate Authority UI: NA Required: No	Policy Definable: No. Default: 0 The setting to renew, replace or provision the CA certificate: 0: Use the existing CA certificate. During role creation, if the CA certificate is missing from the PKI Path, an error states that the CA could not be created. 1: Default. Create or replace the CA certificate at the PKI Path.
Create PKI Role UI: NA Required: No	Policy Definable: No. Default: 0 The setting to control role creation in the HashiCorp vault: 0: Default. Use the existing role in HashiCorp. If the role is missing, a Validation error states that the PKI role could not be created. 1: Create the role in the HashiCorp vault.
CRL Address UI: NA Required: No	Policy Definable: No. Default: NA The IP address and port of the HashiCorp vault.
Enhanced Key Usage UI: NA Required: No	Policy Definable: Yes. Default: NA Applies to all HashiCorpVault PKI application objects, not individual objects. The method of enforcing the public key of a certificate for a pre-determined set of key purposes. Enforce the public key of a certificate: client_flag: This role can generate CSRs for client certificates. code_signing_flag: This role can generate CSRs for code signing certificates. email_protection_flag: This role can generate CSRs for email protection certificates. server_flag: This role can generate CSRs for server certificates.
Network Validation Disabled UI: NA Required: No	Policy Definable: Yes. Default: False The setting for SSL/TLS validation of the certificate using settings from this application object: 0 = Enable validation. Recommended for device certificates. 1 = Disable validation. Recommended for all other non-device certificates because the Blue Coat SSL Visibility Appliance is using certificates/keys for decrypting network traffic, not for securing client-server communications
OCSP Address UI: NA Required: No	Policy Definable: No. Default: NA The Fully Qualified Domain Name (FQDN) or IP address of the Online Certificate Status Protocol (OCSP) service that manages the intermediate CA certificate.
PolicyDN UI: NA Required: No	Policy Definable: No. Default: NA The Distinguished Names (DNs) of the PKI Role policy folders that will be enforced by Validation.
Role Name UI: NA Required: Yes	Policy Definable: Yes. Default: NA Applies only to HashiCorp Vault PKI application policy, not individual objects. Required for PKI Role policy folders that are referenced by the PolicyDN.