Certificate Enrollment
Location in GUI: Objects » Object Management » PKI » Certificate Enrollment
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”objects (fmc.domains)
Section titled “objects (fmc.domains)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| certificate_enrollments | List | [certificate_enrollments] | No |
certificate_enrollments (fmc.domains.objects)
Section titled “certificate_enrollments (fmc.domains.objects)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| description | String | max: 255 | No | |
| enrollment_type | Choice | SCEP, ACME, EST, MANUAL, SELF_SIGNED_CERTFICATE, PKCS12 | Yes | |
| validation_usage_ipsec_client | Boolean | true, false | No | |
| validation_usage_ssl_client | Boolean | true, false | No | |
| validation_usage_ssl_server | Boolean | true, false | No | |
| skip_ca_flag_check | Boolean | true, false | No | |
| est | Class | [est] | No | |
| scep | Class | [scep] | No | |
| manual | Class | [manual] | No | |
| pkcs12 | Class | [pkcs12] | No | |
| acme | Class | [acme] | No | |
| certificate_parameters | Class | [certificate_parameters] | No | |
| key | Class | [key] | No | |
| revocation | Class | [revocation] | No |
est (fmc.domains.objects.certificate_enrollments)
Section titled “est (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enrollment_url | String | No | ||
| username | String | No | ||
| password | String | No | ||
| fingerprint | String | No | ||
| source_interface | String | No | ||
| ignore_server_certificate_validation | Boolean | true, false | No |
scep (fmc.domains.objects.certificate_enrollments)
Section titled “scep (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enrollment_url | String | No | ||
| challenge_password | String | No | ||
| retry_period | Integer | min: 1, max: 60 | No | |
| retry_count | Integer | min: 1, max: 100 | No | |
| fingerprint | String | No |
manual (fmc.domains.objects.certificate_enrollments)
Section titled “manual (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ca_certificate | String | No | ||
| ca_certificate_file | String | No |
pkcs12 (fmc.domains.objects.certificate_enrollments)
Section titled “pkcs12 (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| certificate | String | No | ||
| certificate_file | String | No | ||
| passphrase | String | No |
acme (fmc.domains.objects.certificate_enrollments)
Section titled “acme (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enrollment_url | String | No | ||
| authentication_protocol | Choice | HTTP01 | No | |
| authentication_interface | String | No | ||
| source_interface | String | No | ||
| ca_only_certificate | String | No | ||
| auto_enrollment | Boolean | true, false | No | |
| auto_enrollment_lifetime | Integer | min: 10, max: 99 | No | |
| auto_enrollment_key_regeneration | Boolean | true, false | No |
certificate_parameters (fmc.domains.objects.certificate_enrollments)
Section titled “certificate_parameters (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| include_fqdn | Choice | DEVICE_HOSTNAME, NONE, CUSTOM, DEFAULT | No | |
| custom_fqdn | String | No | ||
| alternate_fqdns | List | String | No | |
| include_device_ip | String | No | ||
| common_name | String | No | ||
| organizational_unit | String | No | ||
| organization | String | No | ||
| locality | String | No | ||
| state | String | No | ||
| country_code | String | No | ||
| String | No | |||
| include_device_serial_number | Boolean | true, false | No |
key (fmc.domains.objects.certificate_enrollments)
Section titled “key (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | No | ||
| size | Choice | CertKey_512, CertKey_768, CertKey_1024, CertKey_2048, CertKey_3072, CertKey_4096, CertKey_256, CertKey_384, CertKey_521 | No | |
| type | Choice | RSA, ECDSA, EdDSA | No | |
| ignore_ipsec_key_usage | Boolean | true, false | No |
revocation (fmc.domains.objects.certificate_enrollments)
Section titled “revocation (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| evaluation_priority | Choice | CRL, OCSP, NONE | No | |
| consider_certificate_valid_if_revocation_information_not_reachable | Boolean | true, false | No | |
| crl_use_distribution_point_from_the_certificate | Boolean | true, false | No | |
| crl_static_urls | List | String | No | |
| ocsp_url | String | No |
Examples
Section titled “Examples”fmc: domains: - name: Global objects: certificate_enrollments: - name: MyCertificateEnrollmentName1 description: PKCS12 certificate enrollment example enrollment_type: PKCS12 pkcs12: certificate_file: files/cert.p12 passphrase: cisco123