Skip to main content

Use the REST API to request certificates with custom extensions

You can use the Trust Lifecycle Manager REST API to issue and supply values for private certificates with custom extensions.

Prerequisites

API request body

To supply values for custom extension fields that get their value from a REST request:

  • In the API request body, use a single attributes.custom_values JSON object to supply values for all the dynamic custom extension fields.

  • Target each field by its placeholder name as configured in the custom extension template in the certificate profile.

  • Use a flat structure for the attributes.custom_values JSON object, regardless of the custom extension template structure. In the resulting certificate, the custom extension values will be structured like in the template.

To supply values for custom extension fields that get their value From CSR:

  • Include the encoded CSR in the csr request body field.

  • Make sure the CSR contains fields with OID numbers that match the configuration of the custom extension fields.

Enrollment example

Consider a certificate profile that uses REST API as the enrollment method and includes the following custom extension template:

[
    {
        "oid": "1.2.8.8",
        "critical": true,
        "template": {
          "type": "INTEGER",
          "value": "${user_id}"
        }
    },
    {
        "oid": "1.2.8.9",
        "critical": false,
        "template": {
          "type": "PrintableString",
          "value": "${user_work_location}"
        }
    }
]

Note that:

  • The template consists of two custom extensions: an INTEGER with placeholder name user_id , and a PrintableString with placeholder name user_work_location.

  • In the certificate profile, both of these dynamic extension fields are configured to use a REST request as the source of their value.

To use the Trust Lifecycle Manager REST API to request a new certificate from this profile and supply values to the custom extension fields, the request body should look like:

{
    "profile": {
        "id": "<profile-id>"
    },
    "seat": {
        "seat_id": "<seat-id>"
    },
    "csr": "<encoded-csr>"
    "attributes": {
        "subject": {
            "common_name": "<common-name>"
        }
        "custom_values": {
            "user_id": "<integer-value>",
            "user_work_location": "<string-value>"
        }
    }
}