Certificate Environment

The CertificateSignEnvironment object shows certificate information that originates from a signing project. The values describe signing certificates.

Information can originate from a VCC environment template. You can set these values via POST Codesign/GetEnvironment.

CertificateEnvironment has these values:

  • AllowUserKeyImport: Applies only to PerUser templates. The setting for key import: true: users can import their own signing keys. false: no key import.

  • CustomFieldAttributes: An Items array:

    • FieldName: A defined Custom Field name. In the UI, the definition is a Code Signing Environment with a Field Type of List or String . For example:

      Always specify the Project and/or ENV for your Custom Field

    • Values: An array of Custom Field values.

  • Dn: The Distinguished Name (DN) of the environment.
  • Guid: The GUID that uniquely identifies the environment.
  • IPAddressRestriction: An Items array of untrusted IP addresses.
  • Id: The project environment ID.
  • KeyTimeConstraints: An Items array of signing Time Constraints from VCC.
  • KeyUseFlowDN: The Distinguished Name (DN) location of the Code Signing Flow. In VCC, the flow shows required approvals, checks, and actions that enable key usage.
  • PerUser:  Only appears if the value is true. The mode that supports multiple cryptographic objects and macros to use for signing. This field determines how objects are created for the Environment.
  • Status: 1.
  • TemplateDN:The DN location that contains template information.
  • Type: The environment category: Code Signing Certificate Environment, Code Signing CSP Environment, Code Signing DotNet Environment, Code Signing GPG Environment

  • CASpecificAttributes: An Items array of additional values to pass to the Certificate Authority (CA) upon certificate enrollment and renewal. For example, X509 Certificate CA Specific Attributes.

  • CertificateAuthorityDN: CA template settings. The environment template can control this value. See Environment details.
  • CertificateSubject: The Common Name field for every certificate that will use this envrionment.
  • CertificateTemplate : The X509 Certificate environment template.
    • AllowUserKeyImport:true: allow the user to supply a public key. Otherwise, false.
    • DN: The Distinguished Name (DN) that stores Environment Template information.
    • Guid: The GUID that uniquely identifies the environment template.
    • Id: The certificate template identifier.
    • KeyUseFlowDN: The DN location of the Code Signing Flow. In VCC, the flow shows required approvals, checks, and actions that enable key usage.
    • ObjectNamingPattern: Only appears if PerUser is true. The macros that make the Certificate object unique to the signer's identity. The default is $Sign.Project$\$Sign.Environment$\$Sign.User$.
    • PerUser:  Only appears if the value is true. The mode that supports multiple cryptographic objects and macros to use for signing. This field determines how objects are created for the Environment.
    • ReadOnlytrue = Template is read only or false = Template allows updates.
    • Type: The Environment Template name.
    • VisibleTo:An Items array of identities that can view the template in VCC. If empty, everyone can see this template. Otherwise, it is a restricted array of identities that can use the template to create new Environments. For example: This is useful to limit exposure to templates pointing at public CAs, as those certificates can be very expensive and may not be required.
    • CertificateStage: Appears only when the certificate is in the renewal process or when a workflow has a pause for renewal. One of the following Certificate object statuses:
      • 0: Zero or omitted: Certificate object is valid.
      • 1: Warning, Certificate object may need attention. See CertificateStatusText.
      • 2: Error, Certificate object is has an error. See CertificateStatusText.
      • 3: Out of sync. Certificate object is valid but the configuration differs from the existing certificate.
    • CertificateAuthorityDN: CA template settings. The environment template can control this value. See Environment details.
    • CertificateSubject: The Common Name field for every certificate.
    • CertificateStatusText: Appears only when the certificate is in the renewal process or when a workflow has a pause for renewaThe status of the certificate object.
    • City: The valid City or Locality (L) field for the certificate Subject DN. The environment template can control this value. See Environment details.
    • Country: The Country (C) field for the certificate Subject DN. See Environment details.
    • KeyAlgorithm: Acceptable key algorithms for the certificate. Info: Suggests or locks this value as mandatory. Value: When value originated from the template, the Dirty flag is true. Also includes an Items array of acceptable values.
    • KeyStorageLocation: The location of the private key. Software or HSM. See Environment details.
    • Organization: A set of acceptable Organization (O) values from the environment template. See Environment details.
    • OrganizationUnit: A set of acceptable OrganizationUnit (OU) values from the environment template. See Environment details.
    • SANEmail: A set of acceptable Subject Alternate Name (SAN) email addresses from the environment template. See Environment details.
    • State: A set of acceptable State (ST) names. See Environment details.
  • City: The valid City or Locality (L) field for the certificate Subject DN. The environment template can control this value. See Environment details.

  • KeyAlgorithm: Acceptable key algorithms for the certificate. Info: Suggests or locks this value as mandatory. Value: When value originated from the template, the Dirty flag is true. Also includes an Items array of acceptable values.

  • KeyStorageLocation: The location of the private key. Software or HSM. See Environment details.
  • Organization: A set of acceptable Organization (O) values from the environment template. See Environment details.
  • OrganizationUnit: A set of acceptable OrganizationUnit (OU) values from the environment template. See Environment details.
  • SANEmail: A set of acceptable Subject Alternate Name (SAN) email addresses from the environment template. See Environment details.
  • State: A set of acceptable State (ST) names. See Environment details.
  • TargetStore: The location of the certificate store. See Environment details.
  • Country: The Country (C) field for the certificate Subject DN. See Environment details.
{
   "CertificateEnvironment":{
      "AllowUserKeyImport":true,
      "CustomFieldAttributes":{
         "Items":[
            
         ]
      },
      "Dirty":true,
      "Disabled":true,
      "Dn":"\\VED\\Code Signing\\Projects\\Sample\\CertEnv",
      "Guid":"{2fc3629c-d177-4017-bf54-74d9d976118b}",
      "IPAddressRestriction":{
         "Items":[
            
         ]
      },
      "Id":1526,
      "KeyTimeConstraints":{
         "Items":[
            
         ]
      },
      "PerUser":true,
      "TemplateDN":"\\VED\\Code Signing\\Environment Templates\\Development",
      "Type":"Code Signing Certificate Environment",
      "CASpecificAttributes":{
         "Items":[
            
         ]
      },
      "CertificateAuthorityDN":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "CertificateSubject":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "CertificateTemplate":{
         "AllowUserKeyImport":true,
         "Dirty":true,
         "Dn":"\\VED\\Code Signing\\Environment Templates\\Development",
         "Guid":"{d703dd3d-6c2a-4d43-b544-c6a626659b0d}",
         "Id":1453,
         "ObjectNamingPattern":"$Sign.Project$\\$Sign.Environment$\\$Sign.User$",
         "PerUser":true,
         "Type":"Code Signing Certificate Environment Template",
         "VisibleTo":{
            "Dirty":true,
            "Items":[
               
            ]
         },
         "CertificateAuthorityDN":{
            "Info":1,
            "Value":{
               "Dirty":true,
               "Items":[
                  
               ]
            }
         },
         "CertificateSubject":{
            "Info":1,
            "Value":{
               "Dirty":true,
               "Items":[
                  
               ]
            }
         },
         "City":{
            "Info":1,
            "Value":{
               "Dirty":true,
               "Items":[
                  
               ]
            }
         },
         "Country":{
            "Info":1,
            "Value":{
               "Dirty":true,
               "Items":[
                  
               ]
            }
         },
         "KeyAlgorithm":{
            "Info":1,
            "Value":{
               "Dirty":true,
               "Items":[
                  
               ]
            }
         },
         "KeyStorageLocation":{
            "Info":1,
            "Value":{
               "Dirty":true,
               "Items":[
                  
               ]
            }
         },
         "Organization":{
            "Info":1,
            "Value":{
               "Dirty":true,
               "Items":[
                  
               ]
            }
         },
         "OrganizationalUnit":{
            "Info":1,
            "Value":{
               "Dirty":true,
               "Items":[
                  
               ]
            }
         },
         "SANEmail":{
            "Info":1,
            "Value":{
               "Dirty":true,
               "Items":[
                  
               ]
            }
         },
         "State":{
            "Info":1,
            "Value":{
               "Dirty":true,
               "Items":[
                  
               ]
            }
         }
      },
      "City":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "KeyAlgorithm":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "KeyStorageLocation":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "Organization":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "OrganizationalUnit":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "SANEmail":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "State":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "TargetStore":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      },
      "country":{
         "Info":1,
         "TemplateValues":null,
         "Value":null
      }
   }
}