Certificate Manager Private CA API, REST: Policy.Get
Returns the specified policy.
HTTP request
GET https://private-ca.certificate-manager.api.cloud.yandex.net/privateca/v1/policies/{id}
Path parameters
Request message for getting a policy.
|
Field |
Description |
|
id |
string Required field. ID of the policy to retrieve. |
Response
HTTP Code: 200 - OK
{
"id": "string",
"certificateAuthorityId": "string",
"name": "string",
"subjectPolicy": {
"country": "string",
"organization": "string",
"organizationalUnit": "string",
"distinguishedNameQualifier": "string",
"stateOrProvince": "string",
"commonName": "string",
"emailAddress": "string",
"serialNumber": "string",
"locality": "string",
"title": "string",
"surname": "string",
"givenName": "string",
"initials": "string",
"generationQualifier": "string"
},
"sanPolicy": {
"otherNameOid": "string",
"rfc_822Name": "string",
"dnsName": "string",
"directoryName": "string",
"ediPartyName": {
"nameAssigner": "string",
"partyName": "string"
},
"uniformResourceIdentifier": "string",
"ipAddress": "string",
"registeredId": "string"
},
// Includes only one of the fields `keyUsagesWhiteList`, `keyUsagesBlackList`
"keyUsagesWhiteList": {
"keyUsage": [
"string"
]
},
"keyUsagesBlackList": {
"keyUsage": [
"string"
]
},
// end of the list of possible fields
// Includes only one of the fields `extendedKeyUsagesWhiteList`, `extendedKeyUsagesBlackList`
"extendedKeyUsagesWhiteList": {
"extendedKeyUsage": [
"string"
]
},
"extendedKeyUsagesBlackList": {
"extendedKeyUsage": [
"string"
]
},
// end of the list of possible fields
// Includes only one of the fields `extensionWhiteList`, `extensionBlackList`
"extensionWhiteList": {
"extensionOid": [
"string"
]
},
"extensionBlackList": {
"extensionOid": [
"string"
]
},
// end of the list of possible fields
"createdAt": "string",
"updatedAt": "string"
}
A policy defines the rules and constraints for issuing certificates within a certificate authority.
|
Field |
Description |
|
id |
string ID of the policy. |
|
certificateAuthorityId |
string ID of the certificate authority the policy belongs to. |
|
name |
string Name of the policy. |
|
subjectPolicy |
Policy for the subject field of the certificate. |
|
sanPolicy |
Policy for the Subject Alternative Name (SAN) extension of the certificate. |
|
keyUsagesWhiteList |
Whitelist of allowed key usages. Includes only one of the fields Policy for key usages. |
|
keyUsagesBlackList |
Blacklist of disallowed key usages. Includes only one of the fields Policy for key usages. |
|
extendedKeyUsagesWhiteList |
Whitelist of allowed extended key usages. Includes only one of the fields Policy for extended key usages. |
|
extendedKeyUsagesBlackList |
Blacklist of disallowed extended key usages. Includes only one of the fields Policy for extended key usages. |
|
extensionWhiteList |
Whitelist of allowed extensions. Includes only one of the fields Policy for certificate extensions. |
|
extensionBlackList |
Blacklist of disallowed extensions. Includes only one of the fields Policy for certificate extensions. |
|
createdAt |
string (date-time) Timestamp when the policy was created. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
updatedAt |
string (date-time) Timestamp when the policy was last updated. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
SubjectPolicy
Policy for the subject field of a certificate. Each string field could be a regexp
|
Field |
Description |
|
country |
string Allowed country name in the subject field. |
|
organization |
string Allowed organization name in the subject field. |
|
organizationalUnit |
string Allowed organizational unit name in the subject field. |
|
distinguishedNameQualifier |
string Allowed distinguished name qualifier in the subject field. |
|
stateOrProvince |
string Allowed state or province name in the subject field. |
|
commonName |
string Allowed common name in the subject field. |
|
emailAddress |
string Allowed email address in the subject field. |
|
serialNumber |
string Allowed serial number in the subject field. |
|
locality |
string Allowed locality name in the subject field. |
|
title |
string Allowed title in the subject field. |
|
surname |
string Allowed surname in the subject field. |
|
givenName |
string Allowed given name in the subject field. |
|
initials |
string Allowed initials in the subject field. |
|
generationQualifier |
string Allowed generation qualifier in the subject field. |
SubjectAlternativeNamePolicy
Policy for the Subject Alternative Name (SAN) field of a certificate. Each string field could be a regexp
|
Field |
Description |
|
otherNameOid |
string Allowed OIDs of the other name in the SAN field. |
|
rfc_822Name |
string Allowed RFC 822 names (email addresses) in the SAN field. |
|
dnsName |
string Allowed DNS names in the SAN field. |
|
directoryName |
string Allowed directory names in the SAN field. |
|
ediPartyName |
Allowed EDI party names in the SAN field. |
|
uniformResourceIdentifier |
string Allowed URIs in the SAN field. |
|
ipAddress |
string Allowed IP addresses in the SAN field. |
|
registeredId |
string Allowed registered IDs in the SAN field. |
EdiPartyName
|
Field |
Description |
|
nameAssigner |
string Specifies the entity or authority that assigned the partyName |
|
partyName |
string The actual identifier of the EDI party |
KeyUsagePolicy
Policy for key usages in a certificate.
|
Field |
Description |
|
keyUsage[] |
enum (KeyUsageExtension) List of key usages that are allowed or disallowed.
|
ExtendedKeyUsagePolicy
Policy for extended key usages in a certificate.
|
Field |
Description |
|
extendedKeyUsage[] |
enum (ExtendedKeyUsageExtension) List of extended key usages that are allowed or disallowed.
|
ExtensionPolicy
Policy for certificate extensions.
|
Field |
Description |
|
extensionOid[] |
string List of extension OIDs that are allowed or disallowed. |