X509 Certificate Object

Defines the data necessary for Trust Protection Platform to manage enrollment and provisioning for a X509 certificate.

NOTE   The attributes in this section apply to X509 Certificate, X509 Certificate Base, X509 Device Certificate, and X509 User Certificate classes. The X509 Certificate class remains the class representing server certificates; however, it has become a child class of X509 Certificate Base and inherits nearly all of its attributes from that parent. The X509 Device Certificate and X509 User Certificate also inherit their attributes from the X509 Certificate Base class.

Because Trust Protection Platform administration consoles do not provide access to policy settings for the child classes, the X509 Certificate Base class should be used whenever applying attribute values to folders.

X509 Certificate attributes

Attribute

Description

ACME Account DN

UI: NA
Required: No

Policy Definable: No. Default: NA

The Distinguished Name of an Automatic Certificate Management Environment (ACME) account.

Application Group DN

UI: Application Group
Required: No

Policy Definable: No. Default: NA

The Policy tree location of Application objects that share the same certificate.

GeotrustTrueFlex CA:Emails

GeotrustTrueFlex CA:Enrollment Mode

GeotrustTrueFlex CA:First Pickup Request

GeotrustTrueFlex CA:Timestamp

Deprecated. Old. Don't give to customer. Too confusing.

Microsoft CA Pool:Certificate Authority

UI: NA
Required: No

Policy Definable: No. Default: NA

The Microsoft Certificate Authority (MSCA) that manages certificate enrollment.

Portal Download Count
UI: NA
Required: No

Policy Definable: No. Default: 0

The number of remaining certificate downloads from the user portal. For example, a value of 3 means you can download the certificate three more times.

Prohibited SAN Types

UI: Prohibited SAN Types
Required: No

Policy Definable: Yes. Default: NA

One or more of the following Subject Alternate Names (SAN) certificate types that are not allowed on a certificate: Email, IP address, UPN, URI.

For CodeSign ProtectDNS, IP, URI, VPN.

Ticket DN

UI: NA
Required: No

Policy Definable: Yes. Default: NA

The Distinguished Name (DN) that identifies a workflow ticket that managing this certificate.

Work DN

UI: NA
Required: No

Policy Definable: Yes. Default: NA

The DN that identifies an agent task to manage the certificate.