How imported values map to a X.509 certificate
During a POST Certificates/Import API call, Trust Protection Platform maps the certificate attributes to a X.509 Certificate. For more information about attributes, see Parent class—X509 Certificate Base.
The imported certificate appears in the Policy folder. Based on certificate settings, the corresponding certificate type is User, Server, or Device.
Certificate information |
Maps to X.509 Certificate attribute name |
---|---|
Common Name (CN) | The X.509 Subject attribute. |
DNS SANs* | The X.509 SubjectAltName DNS attribute. |
IP Address SANs | The X.509 SubjectAltName IPAddress attribute. |
Email SANs | The X.509 SubjectAltName RFC822 attribute. |
URI SANs | The X.509 SubjectAltName URI attribute. |
UPN SANs | The X.509 SubjectAltName OtherName UPN attribute. |
Organization (O), |
The corresponding X.509 Certificate attribute. If the value differs from the policy, Trust Protection Platform uses the imported certificate value instead. |
Key size | The Key Bit Strength attribute. If a certificate key size differs from the 2048 character default, Trust Protection Platform uses the imported key size. |
Certificate key algorithm |
The Key Algorithm attribute. If the certificate key algorithm is Elliptic Curve Digital Signature Algorithm (ECDSA), the Key Algorithm attribute is ECC. The elliptic curve is assigned to the Elliptic Curve attribute. The P-256, P-384, or P-521 values are supported. |
* Domain Name System (DNS) Subject Alternative Names (SAN)s