Use the REST API to request certificates with custom extensions
You can use the Trust Lifecycle Manager REST API to issue and supply values for private certificates with custom extensions.
Prerequisites
The certificate profile must be configured with the
REST API
enrollment method.The custom extension fields must be configured to use
REST request
orFrom CSR
as the source of each field's value.
API request body
To supply values for custom extension fields that get their value from a REST request
:
In the API request body, use a single
attributes.custom_values
JSON object to supply values for all the dynamic custom extension fields.Target each field by its placeholder name as configured in the custom extension template in the certificate profile.
Use a flat structure for the
attributes.custom_values
JSON object, regardless of the custom extension template structure. In the resulting certificate, the custom extension values will be structured like in the template.
To supply values for custom extension fields that get their value From CSR
:
Include the encoded CSR in the
csr
request body field.Make sure the CSR contains fields with OID numbers that match the configuration of the custom extension fields.
Enrollment example
Consider a certificate profile that uses REST API
as the enrollment method and includes the following custom extension template:
[ { "oid": "1.2.8.8", "critical": true, "template": { "type": "INTEGER", "value": "${user_id}" } }, { "oid": "1.2.8.9", "critical": false, "template": { "type": "PrintableString", "value": "${user_work_location}" } } ]
Note that:
The template consists of two custom extensions: an
INTEGER
with placeholder nameuser_id
, and aPrintableString
with placeholder nameuser_work_location
.In the certificate profile, both of these dynamic extension fields are configured to use a
REST request
as the source of their value.
To use the Trust Lifecycle Manager REST API to request a new certificate from this profile and supply values to the custom extension fields, the request body should look like:
{ "profile": { "id": "<profile-id>" }, "seat": { "seat_id": "<seat-id>" }, "csr": "<encoded-csr>" "attributes": { "subject": { "common_name": "<common-name>" } "custom_values": { "user_id": "<integer-value>", "user_work_location": "<string-value>" } } }