Certificate Enrollment
Minimum FMC version required:
(FMC 7.2) Only PKCS12 based certificate enrollment object is supported.
(FMC 7.4 and FMC 7.6) Only PKCS12 and MANUAL with CA only based certificate enrollment object is supported.
Location in GUI:
Objects » Object Management » PKI » Certificate Enrollment
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”objects (fmc.domains)
Section titled “objects (fmc.domains)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| certificate_enrollments | List | [certificate_enrollments] | No |
certificate_enrollments (fmc.domains.objects)
Section titled “certificate_enrollments (fmc.domains.objects)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| description | String | max: 255 | No | |
| enrollment_type | Choice | SCEP, ACME, EST, MANUAL, SELF_SIGNED_CERTFICATE, PKCS12 | Yes | |
| validation_usage_ipsec_client | Boolean | true, false | No | |
| validation_usage_ssl_client | Boolean | true, false | No | |
| validation_usage_ssl_server | Boolean | true, false | No | |
| skip_ca_flag_check | Boolean | true, false | No | |
| est | Class | [est] | No | |
| scep | Class | [scep] | No | |
| manual | Class | [manual] | No | |
| pkcs12 | Class | [pkcs12] | No | |
| acme | Class | [acme] | No | |
| certificate_parameters | Class | [certificate_parameters] | No | |
| key | Class | [key] | No | |
| revocation | Class | [revocation] | No |
est (fmc.domains.objects.certificate_enrollments)
Section titled “est (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enrollment_url | String | No | ||
| username | String | No | ||
| password | String | No | ||
| fingerprint | String | No | ||
| source_interface | String | No | ||
| ignore_server_certificate_validation | Boolean | true, false | No |
scep (fmc.domains.objects.certificate_enrollments)
Section titled “scep (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enrollment_url | String | No | ||
| challenge_password | String | No | ||
| retry_period | Integer | min: 1, max: 60 | No | |
| retry_count | Integer | min: 1, max: 100 | No | |
| fingerprint | String | No |
manual (fmc.domains.objects.certificate_enrollments)
Section titled “manual (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ca_certificate | String | No | ||
| ca_certificate_file | String | No |
pkcs12 (fmc.domains.objects.certificate_enrollments)
Section titled “pkcs12 (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| certificate | String | No | ||
| certificate_file | String | No | ||
| passphrase | String | No |
acme (fmc.domains.objects.certificate_enrollments)
Section titled “acme (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enrollment_url | String | No | ||
| authentication_protocol | Choice | HTTP01 | No | |
| authentication_interface | String | No | ||
| source_interface | String | No | ||
| ca_only_certificate | String | No | ||
| auto_enrollment | Boolean | true, false | No | |
| auto_enrollment_lifetime | Integer | min: 10, max: 99 | No | |
| auto_enrollment_key_regeneration | Boolean | true, false | No |
certificate_parameters (fmc.domains.objects.certificate_enrollments)
Section titled “certificate_parameters (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| include_fqdn | Choice | DEVICE_HOSTNAME, NONE, CUSTOM, DEFAULT | No | |
| custom_fqdn | String | No | ||
| alternate_fqdns | List | String | No | |
| include_device_ip | String | No | ||
| common_name | String | No | ||
| organizational_unit | String | No | ||
| organization | String | No | ||
| locality | String | No | ||
| state | String | No | ||
| country_code | String | No | ||
| String | No | |||
| include_device_serial_number | Boolean | true, false | No |
key (fmc.domains.objects.certificate_enrollments)
Section titled “key (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | No | ||
| size | Choice | CertKey_512, CertKey_768, CertKey_1024, CertKey_2048, CertKey_3072, CertKey_4096, CertKey_256, CertKey_384, CertKey_521 | No | |
| type | Choice | RSA, ECDSA, EdDSA | No | |
| ignore_ipsec_key_usage | Boolean | true, false | No |
revocation (fmc.domains.objects.certificate_enrollments)
Section titled “revocation (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| evaluation_priority | Choice | CRL, OCSP, NONE | No | |
| consider_certificate_valid_if_revocation_information_not_reachable | Boolean | true, false | No | |
| crl_use_distribution_point_from_the_certificate | Boolean | true, false | No | |
| crl_static_urls | List | String | No | |
| ocsp_url | String | No |
Examples
Section titled “Examples”fmc: domains: - name: Global objects: certificate_enrollments: - name: MyCertificateEnrollmentName1 description: PKCS12 certificate enrollment example enrollment_type: PKCS12 pkcs12: certificate_file: files/cert.p12 passphrase: cisco123Location in GUI:
Objects » Object Management » PKI » Certificate Enrollment
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”objects (fmc.domains)
Section titled “objects (fmc.domains)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| certificate_enrollments | List | [certificate_enrollments] | No |
certificate_enrollments (fmc.domains.objects)
Section titled “certificate_enrollments (fmc.domains.objects)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| description | String | max: 255 | No | |
| enrollment_type | Choice | SCEP, ACME, EST, MANUAL, SELF_SIGNED_CERTFICATE, PKCS12 | Yes | |
| validation_usage_ipsec_client | Boolean | true, false | No | |
| validation_usage_ssl_client | Boolean | true, false | No | |
| validation_usage_ssl_server | Boolean | true, false | No | |
| skip_ca_flag_check | Boolean | true, false | No | |
| est | Class | [est] | No | |
| scep | Class | [scep] | No | |
| manual | Class | [manual] | No | |
| pkcs12 | Class | [pkcs12] | No | |
| acme | Class | [acme] | No | |
| certificate_parameters | Class | [certificate_parameters] | No | |
| key | Class | [key] | No | |
| revocation | Class | [revocation] | No |
est (fmc.domains.objects.certificate_enrollments)
Section titled “est (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enrollment_url | String | No | ||
| username | String | No | ||
| password | String | No | ||
| fingerprint | String | No | ||
| source_interface | String | No | ||
| ignore_server_certificate_validation | Boolean | true, false | No |
scep (fmc.domains.objects.certificate_enrollments)
Section titled “scep (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enrollment_url | String | No | ||
| challenge_password | String | No | ||
| retry_period | Integer | min: 1, max: 60 | No | |
| retry_count | Integer | min: 1, max: 100 | No | |
| fingerprint | String | No |
manual (fmc.domains.objects.certificate_enrollments)
Section titled “manual (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ca_certificate | String | No | ||
| ca_certificate_file | String | No |
pkcs12 (fmc.domains.objects.certificate_enrollments)
Section titled “pkcs12 (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| certificate | String | No | ||
| certificate_file | String | No | ||
| passphrase | String | No |
acme (fmc.domains.objects.certificate_enrollments)
Section titled “acme (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enrollment_url | String | No | ||
| authentication_protocol | Choice | HTTP01 | No | |
| authentication_interface | String | No | ||
| source_interface | String | No | ||
| ca_only_certificate | String | No | ||
| auto_enrollment | Boolean | true, false | No | |
| auto_enrollment_lifetime | Integer | min: 10, max: 99 | No | |
| auto_enrollment_key_regeneration | Boolean | true, false | No |
certificate_parameters (fmc.domains.objects.certificate_enrollments)
Section titled “certificate_parameters (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| include_fqdn | Choice | DEVICE_HOSTNAME, NONE, CUSTOM, DEFAULT | No | |
| custom_fqdn | String | No | ||
| alternate_fqdns | List | String | No | |
| include_device_ip | String | No | ||
| common_name | String | No | ||
| organizational_unit | String | No | ||
| organization | String | No | ||
| locality | String | No | ||
| state | String | No | ||
| country_code | String | No | ||
| String | No | |||
| include_device_serial_number | Boolean | true, false | No |
key (fmc.domains.objects.certificate_enrollments)
Section titled “key (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | No | ||
| size | Choice | CertKey_512, CertKey_768, CertKey_1024, CertKey_2048, CertKey_3072, CertKey_4096, CertKey_256, CertKey_384, CertKey_521 | No | |
| type | Choice | RSA, ECDSA, EdDSA | No | |
| ignore_ipsec_key_usage | Boolean | true, false | No |
revocation (fmc.domains.objects.certificate_enrollments)
Section titled “revocation (fmc.domains.objects.certificate_enrollments)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| evaluation_priority | Choice | CRL, OCSP, NONE | No | |
| consider_certificate_valid_if_revocation_information_not_reachable | Boolean | true, false | No | |
| crl_use_distribution_point_from_the_certificate | Boolean | true, false | No | |
| crl_static_urls | List | String | No | |
| ocsp_url | String | No |
Examples
Section titled “Examples”fmc: domains: - name: Global objects: certificate_enrollments: - name: MyCertificateEnrollmentName1 description: PKCS12 certificate enrollment example enrollment_type: PKCS12 pkcs12: certificate_file: files/cert.p12 passphrase: cisco123