How imported values map to a X.509 certificate

During a POST Certificates/Import API call, Trust Protection Platform maps the certificate attributes to a X.509 Certificate. For more information about attributes, see Parent class—X509 Certificate Base.

The imported certificate appears in the Policy folder. Based on certificate settings, the corresponding certificate type is User, Server, or Device.

How imported certificate values map to a X.509 certificate

Certificate information

Maps to X.509 Certificate attribute name

Common Name (CN) The X.509 Subject attribute.
DNS SANs* The X.509 SubjectAltName DNS attribute.
IP Address SANs The X.509 SubjectAltName IPAddress attribute.
Email SANs The X.509 SubjectAltName RFC822 attribute.
URI SANs The X.509 SubjectAltName URI attribute.
UPN SANs The X.509 SubjectAltName OtherName UPN attribute.

Organization (O),

Organizational Units (OUs),

City/Locality (L) ,

State/Province (ST),

Country (C)

The corresponding X.509 Certificate attribute. If the value differs from the policy, Trust Protection Platform uses the imported certificate value instead.
Key size The Key Bit Strength attribute. If a certificate key size differs from the 2048 character default, Trust Protection Platform uses the imported key size.

Certificate key algorithm

The Key Algorithm attribute. If the certificate key algorithm is Elliptic Curve Digital Signature Algorithm (ECDSA), the Key Algorithm attribute is ECC. The elliptic curve is assigned to the Elliptic Curve attribute. The P-256, P-384, or P-521 values are supported.

* Domain Name System (DNS) Subject Alternative Names (SAN)s