{ "$id": "http://redfish.dmtf.org/schemas/v1/CertificateEnrollment.v1_0_1.json", "$ref": "#/definitions/CertificateEnrollment", "$schema": "http://redfish.dmtf.org/schemas/v1/redfish-schema-v1.json", "copyright": "Copyright 2014-2025 DMTF. For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright", "definitions": { "ACMEChallengeType": { "enum": [ "Http01", "Dns01" ], "enumDescriptions": { "Dns01": "DNS challenge type for domain validation.", "Http01": "HTTP challenge type for domain validation." }, "enumLongDescriptions": { "Dns01": "This value shall indicate the RFC8555-defined dns-01 challenge type for domain validation.", "Http01": "This value shall indicate the RFC8555-defined http-01 challenge type for domain validation." }, "type": "string" }, "ACMEConfiguration": { "additionalProperties": false, "description": "ACME protocol specific configuration.", "longDescription": "This type shall contain configuration specific to the ACME protocol.", "patternProperties": { "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { "description": "This property shall specify a valid odata or Redfish property.", "type": [ "array", "boolean", "integer", "number", "null", "object", "string" ] } }, "properties": { "ChallengeType": { "anyOf": [ { "$ref": "#/definitions/ACMEChallengeType" }, { "type": "null" } ], "description": "The ACME challenge type used for domain validation.", "longDescription": "This property shall contain the ACME challenge type used for domain validation during automatic certificate enrollment.", "readonly": false }, "EABKey": { "description": "The external account binding (EAB) key value.", "longDescription": "This property shall contain a Base64-encoded string, with padding characters, of the external account binding (EAB) key value used for ACME account registration with certificate authorities that require EAB. This property shall be `null` in responses.", "readonly": false, "type": [ "string", "null" ], "writeOnly": true }, "EABKeyId": { "description": "The external account binding (EAB) key identifier.", "longDescription": "This property shall contain the external account binding (EAB) key identifier used for ACME account registration with certificate authorities that require EAB. This property shall be `null` in responses.", "readonly": false, "type": [ "string", "null" ], "writeOnly": true }, "Email": { "description": "The email address for ACME account registration.", "longDescription": "This property shall contain the email address used for ACME account registration and notifications.", "readonly": false, "type": [ "string", "null" ] } }, "type": "object" }, "Actions": { "additionalProperties": false, "description": "The available actions for this resource.", "longDescription": "This type shall contain the available actions for this resource.", "patternProperties": { "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { "description": "This property shall specify a valid odata or Redfish property.", "type": [ "array", "boolean", "integer", "number", "null", "object", "string" ] } }, "properties": { "Oem": { "$ref": "#/definitions/OemActions", "description": "The available OEM-specific actions for this resource.", "longDescription": "This property shall contain the available OEM-specific actions for this resource." } }, "type": "object" }, "CSRParameters": { "additionalProperties": false, "description": "Certificate signing request parameters.", "longDescription": "This type shall contain the parameters for generating a certificate signing request.", "patternProperties": { "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { "description": "This property shall specify a valid odata or Redfish property.", "type": [ "array", "boolean", "integer", "number", "null", "object", "string" ] } }, "properties": { "AlternativeNames": { "description": "The additional host names of the component to secure.", "items": { "type": [ "string", "null" ] }, "longDescription": "This property shall contain an array of additional host names of the component to secure, as defined by the RFC5280 'subjectAltName' attribute.", "readonly": false, "type": "array" }, "ChallengePassword": { "description": "The challenge password to apply to the certificate for revocation requests.", "longDescription": "This property shall contain the challenge password to apply to the certificate for revocation requests as defined by the RFC2985 'challengePassword' attribute.", "readonly": false, "type": [ "string", "null" ] }, "City": { "description": "The city or locality of the organization making the request.", "longDescription": "This property shall contain the city or locality of the organization making the request, as defined by the RFC5280 'localityName' attribute.", "readonly": false, "type": [ "string", "null" ] }, "CommonName": { "description": "The name of the component to secure.", "longDescription": "This property shall contain the of the component to secure, as defined by the RFC5280 'commonName' attribute.", "readonly": false, "type": "string" }, "ContactPerson": { "description": "The name of the user making the request.", "longDescription": "This property shall contain the name of the user making the request, as defined by the RFC5280 'name' attribute.", "readonly": false, "type": [ "string", "null" ] }, "Country": { "description": "The two-letter country code of the organization making the request.", "longDescription": "This property shall contain the two-letter ISO code for the country of the organization making the request, as defined by the RFC5280 'countryName' attribute.", "readonly": false, "type": [ "string", "null" ] }, "Email": { "description": "The email address of the contact within the organization making the request.", "longDescription": "This property shall contain the email address of the contact within the organization making the request, as defined by the RFC2985 'emailAddress' attribute.", "readonly": false, "type": [ "string", "null" ] }, "GivenName": { "description": "The given name of the user making the request.", "longDescription": "This property shall contain the given name of the user making the request, as defined by the RFC5280 'givenName' attribute.", "readonly": false, "type": [ "string", "null" ] }, "Initials": { "description": "The initials of the user making the request.", "longDescription": "This property shall contain the initials of the user making the request, as defined by the RFC5280 'initials' attribute.", "readonly": false, "type": [ "string", "null" ] }, "KeyBitLength": { "description": "The length of the key, in bits, if needed based on the `KeyPairAlgorithm` property value.", "longDescription": "This property shall contain the length of the key, in bits, if needed based on the `KeyPairAlgorithm` property value.", "readonly": false, "type": [ "integer", "null" ] }, "KeyCurveId": { "description": "The curve ID to use with the key, if needed based on the `KeyPairAlgorithm` property value.", "longDescription": "This property shall contain the curve ID to use with the key, if needed based on the `KeyPairAlgorithm` property value. The allowable values for this property shall be the strings in the 'Name' field of the 'TPM_ECC_CURVE Constants' table within the 'Trusted Computing Group Algorithm Registry'.", "readonly": false, "type": [ "string", "null" ] }, "KeyPairAlgorithm": { "description": "The type of key-pair for use with signing algorithms.", "longDescription": "This property shall contain the type of key-pair for use with signing algorithms. The allowable values for this property shall be the strings in the 'Algorithm Name' field of the 'TPM_ALG_ID Constants' table within the 'Trusted Computing Group Algorithm Registry'.", "readonly": false, "type": [ "string", "null" ] }, "KeyUsage": { "description": "The usage of the key contained in the certificate.", "items": { "anyOf": [ { "$ref": "http://redfish.dmtf.org/schemas/v1/Certificate.json#/definitions/KeyUsage" }, { "type": "null" } ] }, "longDescription": "This property shall contain the usage of the key contained in the certificate. If the client does not provide this value, the service can determine the appropriate key usage settings in the certificate signing request.", "readonly": false, "type": "array" }, "Organization": { "description": "The name of the organization making the request.", "longDescription": "This property shall contain the name of the organization making the request, as defined by the RFC5280 'organizationName' attribute.", "readonly": false, "type": [ "string", "null" ] }, "OrganizationalUnit": { "description": "The name of the unit or division of the organization making the request.", "longDescription": "This property shall contain the name of the unit or division of the organization making the request, as defined by the RFC5280 'organizationalUnitName' attribute.", "readonly": false, "type": [ "string", "null" ] }, "State": { "description": "The state, province, or region of the organization making the request.", "longDescription": "This property shall contain the state, province, or region of the organization making the request, as defined by the RFC5280 'stateOrProvinceName' attribute.", "readonly": false, "type": [ "string", "null" ] }, "Surname": { "description": "The surname of the user making the request.", "longDescription": "This property shall contain the surname of the user making the request, as defined by the RFC5280 'surname' attribute.", "readonly": false, "type": [ "string", "null" ] }, "UnstructuredName": { "description": "The unstructured name of the subject.", "longDescription": "This property shall contain the unstructured name of the subject, as defined by the RFC2985 'unstructuredName' attribute.", "readonly": false, "type": [ "string", "null" ] } }, "type": "object" }, "CertificateEnrollment": { "additionalProperties": false, "description": "This resource shall represent an automatic certificate enrollment for a Redfish implementation.", "longDescription": "The `CertificateEnrollment` schema describes an automatic certificate enrollment for a specific protocol such as ACME (Automatic Certificate Management Environment) or SCEP (Simple Certificate Enrollment Protocol).", "patternProperties": { "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { "description": "This property shall specify a valid odata or Redfish property.", "type": [ "array", "boolean", "integer", "number", "null", "object", "string" ] } }, "properties": { "@odata.context": { "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/context" }, "@odata.etag": { "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/etag" }, "@odata.id": { "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/id" }, "@odata.type": { "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/type" }, "ACME": { "anyOf": [ { "$ref": "#/definitions/ACMEConfiguration" }, { "type": "null" } ], "description": "ACME (Automatic Certificate Management Environment) protocol specific configuration for automatic certificate enrollment.", "longDescription": "This property shall contain configuration specific to the ACME protocol. This property shall only be present when the `EnrollmentType` property contains `ACME`." }, "Actions": { "$ref": "#/definitions/Actions", "description": "The available actions for this resource.", "longDescription": "This property shall contain the available actions for this resource." }, "CSRParameters": { "anyOf": [ { "$ref": "#/definitions/CSRParameters" }, { "type": "null" } ], "description": "The certificate signing request parameters.", "longDescription": "This property shall contain the parameters used for generating the certificate signing request." }, "Description": { "anyOf": [ { "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Description" }, { "type": "null" } ], "readonly": true }, "Enabled": { "description": "An indication of whether this automatic certificate enrollment is enabled.", "longDescription": "This property shall indicate whether this automatic certificate enrollment is enabled. If `true`, the implementation shall automatically enroll and renew certificates according to the configuration. If `false`, the implementation shall not perform automatic certificate enrollment operations. If this property is not specified by the client in the create request, it shall be assumed to be `false`.", "readonly": false, "type": "boolean" }, "EnrollmentState": { "anyOf": [ { "$ref": "#/definitions/EnrollmentState" }, { "type": "null" } ], "description": "The status information for this enrollment.", "longDescription": "This property shall contain the status information for this enrollment including the last operation performed and its status." }, "EnrollmentType": { "$ref": "http://redfish.dmtf.org/schemas/v1/CertificateEnrollment.json#/definitions/EnrollmentProtocolType", "description": "The configured automatic certificate enrollment protocol.", "longDescription": "This property shall contain the configured automatic certificate enrollment protocol.", "readonly": true }, "Id": { "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Id", "readonly": true }, "Links": { "$ref": "#/definitions/Links", "description": "The links to other resources that are related to this resource.", "longDescription": "This property shall contain links to resources that are related to but are not contained by, or subordinate to, this resource." }, "Name": { "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Name", "readonly": true }, "Oem": { "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", "description": "The OEM extension property.", "longDescription": "This property shall contain the OEM extensions. All values for properties that this object contains shall conform to the Redfish Specification-described requirements." }, "RenewBeforeExpiryDays": { "description": "The number of days before certificate expiry to begin automatic renewal of the certificate.", "longDescription": "This property shall contain the number of days before certificate expiry to begin automatic renewal of the certificate.", "minimum": 1, "readonly": false, "type": [ "integer", "null" ] }, "SCEP": { "anyOf": [ { "$ref": "#/definitions/SCEPConfiguration" }, { "type": "null" } ], "description": "SCEP (Simple Certificate Enrollment Protocol) protocol specific configuration for automatic certificate enrollment.", "longDescription": "This property shall contain configuration specific to the SCEP protocol. This property shall only be present when the `EnrollmentType` property contains `SCEP`." }, "ServerURI": { "description": "The URI of the certificate enrollment server.", "format": "uri-reference", "longDescription": "This property shall contain the URI of the certificate enrollment server that provides the automatic enrollment service.", "readonly": false, "type": "string" }, "VerifyCertificate": { "description": "An indication of whether the service will verify the certificate of the server referenced by the `ServerURI` property.", "longDescription": "This property shall indicate whether the service will verify the certificate of the server referenced by the `ServerURI` property with the certificates found in the collection referenced by the `Certificates` property. If this property is not supported by the service or specified by the client in the create request, it shall be assumed to be `false`. Regardless of the value of this property, services may perform additional verification based on other factors, such as the configuration of the `SecurityPolicy` resource.", "readonly": false, "type": [ "boolean", "null" ] } }, "required": [ "@odata.id", "@odata.type", "Id", "Name" ], "requiredOnCreate": [ "EnrollmentType", "ServerURI" ], "type": "object" }, "EnrollmentState": { "additionalProperties": false, "description": "The status information for an enrollment.", "longDescription": "This type shall contain the status information for an enrollment including the last operation performed and its status.", "patternProperties": { "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { "description": "This property shall specify a valid odata or Redfish property.", "type": [ "array", "boolean", "integer", "number", "null", "object", "string" ] } }, "properties": { "LastOperation": { "anyOf": [ { "$ref": "#/definitions/LastOperationType" }, { "type": "null" } ], "description": "The last operation performed by the automatic enrollment service.", "longDescription": "This property shall contain the last operation performed by the automatic enrollment service.", "readonly": true }, "LastOperationStatus": { "anyOf": [ { "$ref": "#/definitions/OperationStatus" }, { "type": "null" } ], "description": "The status of the last operation performed by automatic enrollment service.", "longDescription": "This enumeration shall describe the status of the last operation performed by automatic enrollment service.", "readonly": true }, "LastOperationTime": { "description": "The date and time when the last operation was performed.", "format": "date-time", "longDescription": "This property shall contain the date and time when the last operation was performed by the automatic enrollment service.", "readonly": true, "type": [ "string", "null" ] } }, "type": "object" }, "LastOperationType": { "enum": [ "Renew", "UpdateAcmeEmail" ], "enumDescriptions": { "Renew": "Certificate renewal operation.", "UpdateAcmeEmail": "Update ACME email operation. Applicable only when the enrollment protocol is ACME." }, "type": "string" }, "Links": { "additionalProperties": false, "description": "The links to other resources that are related to this resource.", "longDescription": "This Redfish Specification-described type shall contain links to resources that are related to but are not contained by, or subordinate to, this resource.", "patternProperties": { "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { "description": "This property shall specify a valid odata or Redfish property.", "type": [ "array", "boolean", "integer", "number", "null", "object", "string" ] } }, "properties": { "CACertificates": { "description": "The list of server certificates for the server referenced by the `ServerURI` property.", "items": { "$ref": "http://redfish.dmtf.org/schemas/v1/Certificate.json#/definitions/Certificate" }, "longDescription": "The list of references to server certificates for the server referenced by the `ServerURI` property. Members of this array shall reference members the `EnrollmentCACertificates` property in the `CertificateService` resource. If `VerifyCertificate` contains `true` and this property is present, services shall compare the certificates in this list with the certificate obtained during handshaking with the enrollment server in order to verify the identity of the enrollment server. If `VerifyCertificate` contains `true` and this property is absent, services shall compare the certificates in the `EnrollmentCACertificates` property in the `CertificateService` resource with the certificate obtained during handshaking with the enrollment server. If the server cannot be verified, the service shall fail the automatic certificate enrollment. If `VerifyCertificate` is `false`, the service shall not perform certificate verification. Regardless of the contents of this list and the `EnrollmentCACertificates` property in the `CertificateService` resource, services may perform additional verification based on other factors, such as the configuration of the `SecurityPolicy` resource.", "readonly": false, "type": "array" }, "CACertificates@odata.count": { "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/count" }, "EnrolledCertificate": { "anyOf": [ { "$ref": "http://redfish.dmtf.org/schemas/v1/Certificate.json#/definitions/Certificate" }, { "type": "null" } ], "description": "The link to the enrolled certificate.", "longDescription": "This property shall contain a link to the enrolled certificate.", "readonly": true }, "EnrolledCertificateLocation": { "anyOf": [ { "$ref": "http://redfish.dmtf.org/schemas/v1/CertificateCollection.json#/definitions/CertificateCollection" }, { "type": "null" } ], "description": "The link to the certificate collection where the enrolled certificate will be installed.", "longDescription": "This property shall contain a link to a resource collection of type `CertificateCollection` where the enrolled certificate will be installed.", "readonly": false }, "Oem": { "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", "description": "The OEM extension property.", "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements." } }, "requiredOnCreate": [ "EnrolledCertificateLocation" ], "type": "object" }, "OemActions": { "additionalProperties": true, "description": "The available OEM-specific actions for this resource.", "longDescription": "This type shall contain the available OEM-specific actions for this resource.", "patternProperties": { "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { "description": "This property shall specify a valid odata or Redfish property.", "type": [ "array", "boolean", "integer", "number", "null", "object", "string" ] } }, "properties": {}, "type": "object" }, "OperationStatus": { "enum": [ "Success", "Failed", "InProgress", "Unknown" ], "enumDescriptions": { "Failed": "The operation failed.", "InProgress": "The operation is in progress.", "Success": "The operation completed successfully.", "Unknown": "The operation status is unknown." }, "type": "string" }, "SCEPConfiguration": { "additionalProperties": false, "description": "SCEP protocol specific configuration.", "longDescription": "This type shall contain configuration specific to the SCEP protocol.", "patternProperties": { "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { "description": "This property shall specify a valid odata or Redfish property.", "type": [ "array", "boolean", "integer", "number", "null", "object", "string" ] } }, "properties": { "ChallengePassword": { "description": "The challenge password for SCEP enrollment.", "longDescription": "This property shall contain the challenge password used for SCEP enrollment. This property shall be `null` in responses.", "readonly": false, "type": [ "string", "null" ], "writeOnly": true } }, "type": "object" } }, "language": "en", "owningEntity": "DMTF", "release": "2025.3", "title": "#CertificateEnrollment.v1_0_1.CertificateEnrollment" }