Home
CERT+
Automate certificate lifecycle management including issuance, discovery, renewal, and deployment, across public and private trust CAs. Assess, prioritize, and plan your migration to quantum-safe encryption with the Quantum Trust Hub add-on module.
CERT+ API Guide
CLM API
Create a Certificate in Async mode
CA Specific Information
Entrust MPKI

Entrust MPKI

Entrust MPKI Request Objects

Table 1. Entrust MPKI caConnectorInfo
Name	Description
certificateAuthority	(Mandatory) Name of the certificate authority that issues the certificate. Type: String Constraint: The value should be Entrust MPKI.
isAutoRenewal	(Optional) Determines whether the certificate will be renewed before its expiration date. If enabled (true), renewal is initiated before the expiry date, following the specified number of days in "renewBefore." Type: Boolean Constraint: The value should be disabled (false) if autoRegenerateEnabled is true.
renewBefore	(Optional) Specifies the number of days prior to expiration when the renewal request should be triggered. Type: Integer Constraint: The value must be provided if isAutoRenewal is true.
autoRegenerateEnabled	(Optional) Determines whether the certificate will be regenerated before its expiration date, as indicated by the "regenerateBeforeInDays" field. If enabled (true), regeneration occurs before expiry, according to the specified number of days in "regenerateBeforeInDays." Type: Boolean Constraint: The value should be disabled (false) if isAutoRenewal is true.
regenerateBeforeInDays	(Optional) Specifies the number of days prior to expiration when the regenerate request should be triggered. Type: Integer
caSettingName	(Mandatory) Name of the CASetting created in AppViewX for the chosen certificate authority. Type: String
certificateType	(Mandatory) Name of the certificate product offered by the certificate authority. Type: String
description	(Optional) Information about the certificate. Type: String
csrParameters	(Optional) Parameters required for generating a CSR. Type: Entrust MPKI CSR Parameters
vendorSpecificDetails	(Optional) Data specific to the Sectigo vendor. Type: Entrust MPKI vendorSpecificDetails
validityUnitValue	(Mandatory) Specifies the number of days, months, or years of validity for the CA based on the value in the "validityUnit." For example, if the expected validity is 1 year and "validityUnit" is months, then the "validityUnitValue" should be 12. Type: Integer Constraint: If the validityUnit is not provided, then the validityUnitValue must be provided in days.
validityInDays	(Optional) Specifies the validity in days. Type: Integer
validityUnit	(Optional) Specifies the unit in which the "validityUnitValue" is specified. Type: Integer Constraint: Possible values are days, months, or years.
name	(Optional) Name for the CA connector. Type: String

Table 2. Entrust MPKI csrParameters
Name	Mandatory	Description	Field Type	Constraints
`commonName`	Yes	Fully qualified domain name (FQDN) of the server for which certificate is requested.	`String`	Must be compliant with the common name specified in the policy, if the policy is set as ‘Strict’.
`organization`	No	Legal name of the organization.	`String`	Default value - Value configured in the policy.
`organizationUnit`	No	Division or department of the organization handling the certificate.	`String`	Default value - Value configured in the policy.
`locality`	No	City where the organization is located. This shouldn't be abbreviated.	`String`	Default value - Value configured in the policy.
`state`	No	State or region where the organization is located.This shouldn't be abbreviated.	`String`	Default value - Value configured in the policy.
`country`	No	The two-letter code for the country where your organization is located.	`String`	Default value - Value configured in the policy.
`mailAddress`	No	Email address of the organization.	`String`	Default value - Value configured in the policy.
`hashFunction`	No	Hash function to be used in the Certificate. For example, SHA160. Should be chosen from the possible values configured in the Certificate Policy.	`String`	Default value - the first value will be chosen from the policy.
`keyType`	No	Algorithm to be used for Key generation. For example, RSA, DSA, EC. Should be chosen from the possible values configured in the Certificate Policy.	`String`	Default value - the first value will be chosen from the policy.
`bitLength`	No	Bit length for the key is dependent on the key type chosen. Should be chosen from the possible values configured in the Certificate Policy.	`String`	Default value - the first value will be chosen from the policy.
`certificateCategories`	Yes	Purpose for which the generated certificate will be used.	Array	Possible values - Server, Client, Code Signing, Email
`ellipticCurve`	No	If the keyType chosen is EC, then the ellipticCurve must be specified depending on the bitlength selected. Should be chosen from the possible values configured in the Certificate Policy.	`String`	Default value - the first value will be chosen from the policy.
`enhancedSANTypes`	No	Subject alternative names for the certificate.	Entrust MPKI enhancedSANTypes	Value provided must be compliant with the Certificate Policy, if the policy is configured as Strict.

Table 3. Entrust MPKI vendorSpecificDetails
Name	Mandatory	Description	Field Type	Constraints
`caName`	Yes	Name of the CA.	`String`	Should be a valid CA name configured in CA Settings.
`certProfile`	Yes	Certificate Profile name associated with the given caName.	`String`	Should be a valid Certificate Profile name configured in CA Settings.

Table 4. Entrust MPKI enhancedSANTypes
Name	Mandatory	Description	Field Type	Constraints
`dNSNames`	No	List of Subject Alternative names for the Certificate.	`Array of String`	NA
`iPAddresses`	No	IP addresses to be considered as Subject Alternative Names.	`Array of String`	Must be valid ip addresses.
`uniformResourceIdentifiers`	No	URIs to be considered as Subject Alternative Names.	`Array of String`	NA

AppViewX