caEnrollImplIPA-RA Agent-Authenticated Server Certificate EnrollmentThis certificate profile is for enrolling server certificates with IPA-RA agent authentication.truefalseipararaCertAuthfalsefalsecertReqInputImplCertificate Request Inputcert_request_typeCertificate Request Typecert_requestCertificate RequestsubmitterInfoInputImplRequestor InformationstringRequestor NamestringRequestor EmailstringRequestor PhoneserverCertSetThis default populates a Certificate Subject Name to the request. The default values are Subject Name=CN=$request.req_subject_name.cn$, O=ABC.IDM.LAB.ENG.BRQ.REDHAT.COMstringSubject NameCN=$request.req_subject_name.cn$, {ipacertbase}This constraint accepts the subject name that matches CN=[^,]+,.+subjectNameConstraintImplstringSubject Name PatternCN=[^,]+,.+This default populates a Certificate Validity to the request. The default values are Range=731 in daysstringNot BeforestringNot After7310This constraint rejects the validity that is not between 740 days.validityConstraintImplintegerValidity Range365740stringValidity Range Unit (default: day)dayintegerGrace period for Not Before being set in the future (in seconds).0booleanCheck Not Before against current timefalsefalsebooleanCheck Not After against Not BeforefalsefalseThis default populates a User-Supplied Certificate Key to the request.stringreadonlyKey TypestringreadonlyKey LengthstringreadonlyKeyThis constraint accepts the key only if Key Type=RSA, Key Parameters =1024,2048,3072,4096keyConstraintImplchoice-,RSA,ECKey TypeRSARSAstringKey Lengths or Curves. For EC use comma separated list of curves, otherise use list of key sizes. Ex: 1024,2048,4096,8192 or: nistp256,nistp384,nistp521,sect163k1,nistk163 for EC.1024,2048,3072,4096This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.stringreadonlyCriticalitystringreadonlyKey IDNo ConstraintnoConstraintImplThis default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0 ( Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:http://ipa-ca.{ipadomain}/ca/ocsp,Enable:true)booleanCriticalityfalsestring_listGeneral Namesfalse11.3.6.1.5.5.7.48.1URINamehttp://ipa-ca.{ipadomain}/ca/ocsptrueNo ConstraintnoConstraintImplThis default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=falsebooleanCriticalityfalsebooleanDigital SignaturefalsebooleanNon-RepudiationfalsebooleanKey EnciphermentfalsebooleanData EnciphermentfalsebooleanKey AgreementfalsebooleanKey CertSignfalsebooleanCRL SignfalsebooleanEncipher OnlyfalsebooleanDecipher OnlyfalsetruetruetruetruetruefalsefalsefalsefalsefalseThis constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=falsekeyUsageExtConstraintImplchoicetrue,false,-Criticality-truechoicetrue,false,-Digital Signature-truechoicetrue,false,-Non-Repudiation-truechoicetrue,false,-Key Encipherment-truechoicetrue,false,-Data Encipherment-truechoicetrue,false,-Key Agreement-falsechoicetrue,false,-Key CertSign-falsechoicetrue,false,-CRL Sign-falsechoicetrue,false,-Encipher Only-falsechoicetrue,false,-Decipher Only-falseThis default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2booleanCriticalityfalsestring_listComma-Separated list of Object Identifiersfalse1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2No ConstraintnoConstraintImplThis default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSAchoiceSHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSASigning Algorithm-This constraint accepts only the Signing Algorithms of SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withECsigningAlgConstraintImplstringAllowed Signing AlgorithmsSHA1withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withECSHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withECThis default populates a CRL Distribution Points Extension (2.5.29.31) to the request. The default values are Criticality=false, Record #0 Point Type:URIName,Point Name:http://ipa-ca.{ipadomain}/ipa/crl/MasterCRL.bin,Reasons:,Issuer Type:DirectoryName,Issuer Name:CN=Certificate Authority,o=ipaca,Enable:true)booleanCriticalityfalsestring_listCRL Distribution Pointsfalse1URINamehttp://ipa-ca.{ipadomain}/ipa/crl/MasterCRL.binDirectoryNameCN=Certificate Authority,o=ipacatrueNo ConstraintnoConstraintImplThis default populates a Subject Key Identifier Extension (2.5.29.14) to the request.stringreadonlyCriticalitystringreadonlyKey IDNo ConstraintnoConstraintImplThis default populates a User-Supplied Extension (2.5.29.17) to the request.stringreadonlyObject Identifier2.5.29.17No ConstraintnoConstraintImpl