Certificate environment template
This template provides control around Environment creation. Any Environment that is created from this template must follow all the rules outlined. Otherwise, certificate creation will fail.
TIP To see or add a CSP template in VCC, contact Support for license and registry key information. Otherwise, call POST Codesign/GetTemplate.
-
Type: Code Signing Certificate Environment Template
-
Object: CertificateSignEnvironmentTemplate
The CertificateTemplate has these values:
-
AllowUserKeyImport: Applies only to PerUser templates. The setting for key import: true: users can import their own signing keys. false: no key import.
- Description:Appears only if there is a template description.
-
Dn:The Distinguished Name (DN) of the template.
-
Guid: The GUID that uniquely identifies the template.
-
Id: The certificate template identifier.
- KeyUseFlowDN: The Distinguished Name (DN) location of the Code Signing Flow. In VCC, the flow shows required approvals, checks, and actions that enable key usage.
-
ObjectNamingPattern: Only appears if PerUser is true. The macros that make the Certificate object unique to the signer's identity. The rendered value appears in the Policy tree. The default is $Sign.Project$\$Sign.Environment$\$Sign.User$.
-
PerUser: Only appears if the value is true. The mode that supports multiple cryptographic objects and macros to use for signing. This field determines how objects are created for the Environment.
-
Type:This user-defined template originated from the Code Signing Certificate Environment Template.
-
VisibleTo: An Items array of identities that can view the template in VCC. If empty, everyone can see this template. Otherwise, it is a restricted array of identities that can use the template to create new Environments. This is useful to limit exposure to templates pointing at public CAs, as those certificates can be very expensive and may not be required.
-
CertificateAuthorityDN: Valid settings for CA templates that apply to the project. See Template details.
-
CertificateSubject: Valid settings for the Common Name field on certificates. See Template details.
-
City: Valid city names that can appear on the certificate. See Template details.
-
Country: Valid Country (C) names that can appear on the certificate. See Template details.
-
KeyAlgorithm: Valid key algorithms for the certificate. See Template details.
- KeyStorageLocation: The location of the private key. Software or HSM. See Template details.
-
Organization: A set of acceptable Organization (O) values from the project template. See Template details.
-
OrganizationUnit: A set of acceptable OrganizationUnit (OU) values. See Template details.
-
ReadOnly: true = prevent template changes or false = allow template changes. See Template details.
-
SANEmail: A set of acceptable Subject Alternate Name (SAN) email addresses from the project template. See Template details.
- State: A set of acceptable State (ST) names from the project template. See Template details.
-
TargetPolicyDN:The DN location where signing certificates will be created.
{ "CertificateTemplate":{ "AllowUserKeyImport":true, "Dn":"\\VED\\Code Signing\\Environment Templates\\Development", "Guid":"{adf9279b-1102-42c8-bb77-a373f13bbd02}", "Id":825093, "KeyUseFlowDN":"\\VED\\Code Signing\\Flows\\No Restrictions", "Type":"Code Signing Certificate Environment Template", "VisibleTo":{ "Items":[ ] }, "CertificateAuthorityDN":{ "Info":1, "Value":{ "Items":[ "\\VED\\Policy\\Code Signing\\Certificate Authority Templates\\Self-Signed Code Signing CA" ] } }, "CertificateSubject":{ "Info":1, "Value":{ "Items":[ ] } }, "City":{ "Info":1, "Value":{ "Items":[ ] } }, "Country":{ "Info":1, "Value":{ "Items":[ ] } }, "KeyAlgorithm":{ "Info":1, "Value":{ "Items":[ "RSA2048" ] } }, "KeyStorageLocation":{ "Info":1, "Value":{ "Items":[ ] } }, "Organization":{ "Info":1, "Value":{ "Items":[ ] } }, "OrganizationalUnit":{ "Info":1, "Value":{ "Items":[ ] } }, "SANEmail":{ "Info":1, "Value":{ "Items":[ ] } }, "State":{ "Info":1, "Value":{ "Items":[ ] } }, "TargetPolicyDN":"\\VED\\Policy\\Code Signing\\Certificates" } }