For a complete list of the values for the Risk Intelligence certificate/validation endpoint
An endpoint is a URL that enables the API to gain access to resources on a server. parameters (Certificates) and certificate search query fields (Certificate Search Page) see the tables below.
Remediation Code Table
Table 70: Remediation Table
| Code | Action to be taken |
|---|---|
| ENFORCE | Change the configuration of the CA software to check CSR enrollments for compliance prior to issuance, then issue a compliant CSR. |
| KEYGEN | Modify or replace the process used to generate keys for this certificate, then reissue. |
| MANAGE |
Bring endpoint and corresponding certificate under management in Keyfactor Command. |
| NONE | This output includes a statement for informational purposes that is not expected to require further action. |
| PKI | Replace the certificate with one issued by a compliant trusted CA. |
| SIGN | Change the configuration of the CA software used to issue this certificate in order to ensure correct content is inserted by the CA at time of signing, then reissue the certificate. |
| UNKNOWN | Suggested steps cannot be provided. Contact your PKI administrator or Keyfactor representative to determine whether action is needed. |
| URGENT | This output contains a security issue that could be particularly serious in some circumstances and should be reported to your PKI administrator to determine action. |
Rule Names
For a list of the values for the ruleName parameter A parameter or argument is a value that is passed into a function in an application. see below:
-
DifferentialInventoryRule - For risk factors related to Differential Inventory Intelligence.
-
QuantumReadinessRule - For risk factors related to Quantum Readiness Intelligence.
-
AnomalyDetectionRule - For risk factors related to Anomaly Detection Intelligence.
-
PredictiveModelingRule - For risk factors related to Machine Learning Intelligence.
-
FactorableModulusRule - For risk factors related to RSA
A widely used public-key cryptosystem, RSA is commonly used for encryption and digital signatures. It is based on the mathematical difficulty of factoring large integers. Factoring Intelligence. -
FromEJBCARule - For risk factors related to EJBCA Issuance Intelligence.
-
LinterRule - For risk factors related to Certificate Linting Intelligence.
Risk Factor Tables
Table 71: Risk Factor Tables
| Rule Name |
Violation Name |
Error |
Score |
RemediationCode |
|---|---|---|---|---|
|
AnomalyDetectionRule
|
ERR_CERTIFICATE_TOO_LARGE
|
Certificates above 100kb are unsupported on many systems. |
1000 |
|
|
AnomalyDetectionRule
|
WARN_CERTIFICATE_TOO_LARGE
|
Certificates above 32kb may lead to compatibility issues |
100 |
|
|
AnomalyDetectionRule
|
WARN_CERTIFICATE_TOO_LARGE
|
Certificates above 4kb may not be supported on all systems |
10 |
|
|
AnomalyDetectionRule
|
WARN_TOO_MANY_SANS
|
_ SANs found on certificate |
1-100 |
|
|
AnomalyDetectionRule
|
WARN_VALIDITY_TOO_LONG
|
Certificate good for _ months. Shorter periods are recommended |
1-100 |
|
|
DifferentialInventoryRule
|
ERR_PRIVATE_NOT_UNDER_MANAGEMENT
|
Managed domain found online with private certificate not under management |
100 |
|
|
DifferentialInventoryRule
|
ERR_PUBLIC_NOT_IN_CT_LOG
|
Public certificate found for managed domain that is not contained in a CT log |
1000 |
|
|
DifferentialInventoryRule
|
ERR_PUBLIC_NOT_UNDER_MANAGEMENT
|
Public certificate found online not under management |
900 |
|
|
DifferentialInventoryRule
|
ERR_SELFSIGNED_NOT_UNDER_MANAGEMENT
|
Self-signed certificate found on endpoint |
2 |
|
|
DifferentialInventoryRule
|
WARN_PRIVATE_LOOKALIKE
|
Private certificate found on possible lookalike domain |
40 |
|
|
DifferentialInventoryRule
|
WARN_PUBLIC_LOOKALIKE
|
Public certificate found on possible lookalike domain |
300 |
|
|
DifferentialInventoryRule
|
WARN_SELFSIGNED_LOOKALIKE
|
Self-signed certificate found on possible lookalike domain |
2 |
|
|
FactorableModulusRule>
|
ERR_FACTORABLE_MODULUS
|
RSA modulus shares factors with known broken moduli, comprising the private key. |
1000 |
|
|
FromEJBCARule
|
WARN_REGRESSION_MODEL_MATCH
|
Certificates with similar features |
10 | |
|
PredictiveModelingRule
|
WARN_REGRESSION_MODEL_MATCH
|
Certificates with similar features |
10 | |
|
QuantumReadinessRule
|
INF_QUANTUM_READINESS
|
Recommended to transition to post-quantum key generation algorithms |
0 |
|
|
QuantumReadinessRule
|
ERR_BROKEN_KEY_SIZE
|
Key has 80 bits of security or less which is considered highly insecure. Larger keys are strongly recommended |
100 |
|
|
QuantumReadinessRule
|
INF_KEY_MOSTLY_SECURE
|
Key with bits of security between 112 & 128 is only considered mostly secure for certificates expiring by 31 Dec, 2029 |
1 |
|
|
QuantumReadinessRule
|
ERR_UNSECURE_KEY_SIZE
|
Key with bits of security between 81 & 111 is not recommended for certificates expiring by 31 Dec, 2029. Larger keys are recommended |
10-100 |
|
|
QuantumReadinessRule
|
ERR_MARGINALLY_INSECURE_KEY_SIZE
|
Key has 128 or above bits of security which is not considered fully secure for certificates expiring between 1 Jan, 2030 and 31 Dec, 2034. Larger keys are recommended |
10 |
|
|
QuantumReadinessRule
|
ERR_UNSECURE_KEY_SIZE
|
Key with bits of security between 112 & 127 is not recommended for certificates expiring between 1 Jan, 2030 and 31 Dec, 2034. Larger keys are recommended |
10-100 |
|
|
QuantumReadinessRule
|
ERR_BROKEN_KEY_SIZE
|
Key has 111 or below bits of security which is considered highly insecure for certificates expiring between 1 Jan, 2030 and 31 Dec, 2034. Larger keys are strongly recommended |
100 |
|
|
QuantumReadinessRule
|
ERR_BROKEN_KEY_SIZE
|
Key has 128 or less bits of security which should be considered highly insecure for certificates expiring after 31 Dec, 2034. Larger keys are strongly recommended. |
100 |
|
|
LinterRule
|
INF_CHECKING_INTERMEDIATE_CA
|
Checking as intermediate CA certificate |
-10000-0 |
|
|
LinterRule
|
INF_CHECKING_LEAF
|
Checking as leaf certificate |
0-0 |
|
|
LinterRule
|
INF_CHECKING_ROOT_CA
|
Checking as root CA certificate |
0-0 |
|
|
LinterRule
|
ERR_AIA_CRITICAL
|
authorityInformationAccess is marked critical |
10-900 |
|
|
LinterRule
|
ERR_AKID_CRITICAL
|
AKID is critical |
1-900 |
|
|
LinterRule
|
ERR_AKID_MISSING
|
AKID missing |
1-900 |
|
|
LinterRule
|
ERR_AKID_WITHOUT_KEY_ID
|
AKID without a key identifier |
1-2000 |
|
|
LinterRule
|
ERR_ALG_FAILED_DECODING
|
Algorithm parameters failed to decode |
50-1000 |
|
|
LinterRule
|
ERR_ALG_PARAMETER_MISSING
|
Algorithm parameter missing |
50-2000 |
|
|
LinterRule
|
ERR_ALG_PARAMETER_NOT_NULL
|
Algorithm parameter not NULL |
50-1000 |
|
|
LinterRule
|
ERR_ALG_PARAMETER_PRESENT
|
Algorithm parameter present |
50-1000 |
|
|
LinterRule
|
ERR_ALG_WRONG_TYPE
|
Algorithm with wrong ASN.1 type |
50-2000 |
|
|
LinterRule
|
ERR_ASN1_INTEGER_NOT_MINIMAL
|
ASN1 integer not minimally encoded |
10-500 |
|
|
LinterRule
|
ERR_BASIC_CONSTRAINTS_NEG_PATHLEN
|
Basic Constraints with negative length |
50-2000 |
|
|
LinterRule
|
ERR_BASIC_CONSTRAINTS_NO_CA_PATHLEN
|
Basic Constraints with pathlen for non-CA |
10-2000 |
|
|
LinterRule
|
ERR_BASIC_CONSTRAINTS_NO_CERT_SIGN_PATHLEN
|
Basic Constraints with pathlen but key usage without cert sign |
10-2000 |
|
|
LinterRule
|
ERR_BASIC_CONSTRAINTS_NOT_CRITICAL
|
CA certificate with non-critical Basic Constraints |
1-2000 |
|
|
LinterRule
|
ERR_BIT_STRING_LEADING_0
|
Bit string with leading 0 |
10-500 |
|
|
LinterRule
|
ERR_BUSINESS_CATEGORY_SIZE
|
Invalid length of businessCategory |
1-1000 |
|
|
LinterRule
|
ERR_CA_CERT_NOT_CA
|
CA certificate with CA:false |
1-2000 |
|
|
LinterRule
|
ERR_CN_NOT_IN_SAN
|
commonName not in subjectAltName extension |
1-400 |
|
|
LinterRule
|
ERR_COMMON_NAME_SIZE
|
commonName too long |
1-300 |
|
|
LinterRule
|
ERR_COUNTRY_SIZE
|
countryName not 2 characters long |
1-500 |
|
|
LinterRule
|
ERR_CRL_DIST_POINT_WITHOUT_DISTPOINT_OR_ISSUER
|
CRL DistributionPoint without distributionPoint or cRLIssuer |
0-2000 |
|
|
LinterRule
|
ERR_CRL_DISTPOINT_EMPTY
|
CRL DistributionPoint's distributionPoint empty |
0-2000 |
|
|
LinterRule
|
ERR_CRL_ISSUER_EMPTY
|
CRL DistributionPoint's cRLIssuer empty |
0-2000 |
|
|
LinterRule
|
ERR_CRL_ISSUER_NOT_DIRNAME
|
CRL DistributionPoint's cRLIssuer not a directoryName |
1-1000 |
|
|
LinterRule
|
ERR_DEFAULT_VALUE
|
Default value written instead of ommited |
1-400 |
|
|
LinterRule
|
ERR_DN_QUALIFIER_SIZE
|
Invalid length of dnQualifier |
1-1000 |
|
|
LinterRule
|
ERR_DOMAIN_WITH_LOCALITY
|
Domain validated certificate but with localityName |
30-1000 |
|
|
LinterRule
|
ERR_DOMAIN_WITH_NAME
|
Domain validated certificate but with givenName or surname |
40-1000 |
|
|
LinterRule
|
ERR_DOMAIN_WITH_ORG
|
Domain validated certificate with organizationName |
20-1000 |
|
|
LinterRule
|
ERR_DOMAIN_WITH_POSTAL
|
Domain validated certificate but with postalCode |
30-1000 |
|
|
LinterRule
|
ERR_DOMAIN_WITH_STATE
|
Domain validated certificate but with stateOrProvinceName |
30-1000 |
|
|
LinterRule
|
ERR_DOMAIN_WITH_STREET
|
Domain validated certificate but with streetAddress |
30-1000 |
|
|
LinterRule
|
ERR_DOMAINCOMPONENT_SIZE
|
Invalid length of domainComponent |
1-1000 |
|
|
LinterRule
|
ERR_DUPLICATE_EXTENSION
|
Duplicate extension |
10-500 |
|
|
LinterRule
|
ERR_EC_AT_INFINITY
|
EC point at infinity |
50-2000 |
|
|
LinterRule
|
ERR_EC_INCORRECT_ORDER
|
EC key has incorrect group order |
50-2000 |
|
|
LinterRule
|
ERR_EC_INVALID_GROUP_ORDER
|
EC key has invalid group order |
50-2000 |
|
|
LinterRule
|
ERR_EC_NO_PARAMETER
|
EC key without parameters |
50-2000 |
|
|
LinterRule
|
ERR_EC_NON_ALLOWED_CURVE
|
EC curve is not one of the allowed curves |
50-1000 |
|
|
LinterRule
|
ERR_EC_POINT_NOT_ON_CURVE
|
EC point not on curve |
50-2000 |
|
|
LinterRule
|
ERR_EMAIL_SIZE
|
emailAddress too long |
1-300 |
|
|
LinterRule
|
ERR_EMPTY_EKU
|
Extended Key Usage without any entries |
10-1000 |
|
|
LinterRule
|
ERR_EMPTY_ISSUER
|
Empty issuer |
<20 |
|
|
LinterRule
|
ERR_EMPTY_SUBJECT
|
Empty subject |
1-400 |
|
|
LinterRule
|
ERR_EV_LONGER_27_MONTHS
|
EV certificate valid longer than 27 months |
50-2000 |
|
|
LinterRule
|
ERR_EV_WITHOUT_BUSINESS
|
EV certificate without business |
50-2000 |
|
|
LinterRule
|
ERR_EV_WITHOUT_JURISDICTION_COUNTRY
|
EV certificate without jurisdiction country |
50-2000 |
|
|
LinterRule
|
ERR_EV_WITHOUT_NUMBER
|
EV certificate without number |
50-2000 |
|
|
LinterRule
|
ERR_EV_WITHOUT_ORGANIZATION
|
EV certificate without organization |
50-2000 |
|
|
LinterRule
|
ERR_GEN_NAME_TYPE
|
Invalid type in GeneralName |
10-1000 |
|
|
LinterRule
|
ERR_GIVEN_NAME_SIZE
|
givenName too long |
1-300 |
|
|
LinterRule
|
ERR_INDIVIDUAL_WITHOUT_COUNTRY
|
Individual without country |
1-300 |
|
|
LinterRule
|
ERR_INDIVIDUAL_WITHOUT_NAME
|
Individual without name |
1-300 |
|
|
LinterRule
|
ERR_INVALID
|
Error parsing certificate |
<0 |
|
|
LinterRule
|
ERR_INVALID_CRL_REASON
|
Invalid CRL reason |
1-1000 |
|
|
LinterRule
|
ERR_INVALID_DISPLAY_TEXT_LENGTH
|
Invalid display text length |
10-1000 |
|
|
LinterRule
|
ERR_INVALID_DISPLAY_TEXT_TYPE
|
Invalid display text type |
10-1000 |
|
|
LinterRule
|
ERR_INVALID_ENCODING
|
Fails decoding the characterset |
50-1000 |
|
|
LinterRule
|
ERR_INVALID_GENERAL_NAME_TYPE
|
Invalid general name type |
10-1000 |
|
|
LinterRule
|
ERR_INVALID_NAME_ENTRY_TYPE
|
Name entry contains an invalid type |
20-1000 |
|
|
LinterRule
|
ERR_INVALID_POLICY_QUALIFIER_ID
|
Invalid policy qualifier id |
1-1000 |
|
|
LinterRule
|
ERR_INVALID_TIME_FORMAT
|
Invalid time format |
10-600 |
|
|
LinterRule
|
ERR_INVALID_TYPE_USER_NOTICE
|
Invalid user notice type |
1-1000 |
|
|
LinterRule
|
ERR_INVALID_URL
|
Error parsing URL |
10-1000 |
|
|
LinterRule
|
ERR_IP_FAMILY
|
Invalid length of IP address |
10-1000 |
|
|
LinterRule
|
ERR_IP_IN_DNSNAME
|
IP address in dns name |
10-500 |
|
|
LinterRule
|
ERR_ISSUER_COUNTRY
|
Issuer without countryName |
1-1000 |
|
|
LinterRule
|
ERR_ISSUER_ORG_NAM
|
Issuer without organizationName |
1-1000 |
|
|
LinterRule
|
ERR_KEY_USAGE_EMPTY
|
Key usage is empty |
1-1000 |
|
|
LinterRule
|
ERR_KEY_USAGE_HAS_CERT_SIGN
|
Key usage has keyCertSign |
10-2000 |
|
|
LinterRule
|
ERR_KEY_USAGE_NOT_CRITICAL
|
Key usage not critical |
1-1000 |
|
|
LinterRule
|
ERR_KEY_USAGE_TOO_LONG
|
Key usage is too long |
1-1000 |
|
|
LinterRule
|
ERR_KEY_USAGE_UNKNOWN_BIT
|
Key usage with unknown bit |
50-1000 |
|
|
LinterRule
|
ERR_LOCALITY_NAME_SIZE
|
localityName too long |
1-300 |
|
|
LinterRule
|
ERR_LONGER_60_MONTHS
|
The certificate is valid for longer than 60 months |
3-1000 |
|
|
LinterRule
|
ERR_MISSING_EKU
|
Extended Key Usage lacks a required purpose |
10-1000 |
|
|
LinterRule
|
ERR_NAME_NO_IV_POLICY
|
Subject with givenName or surname but without the CAB IV policy oid |
10-1000 |
|
|
LinterRule
|
ERR_NO_AIA
|
no authorityInformationAccess extension |
0-1000 |
|
|
LinterRule
|
ERR_NO_BASIC_CONSTRAINTS
|
CA certificate without Basic Constraints |
1-2000 |
|
|
LinterRule
|
ERR_NO_KEY_USAGE
|
No key usage |
1-1000 |
|
|
LinterRule
|
ERR_NO_OCSP_HTTP
|
No OCSP over HTTP |
0-1000 |
|
|
LinterRule
|
ERR_NO_POLICYe
|
No policy extension |
1-1000 |
|
|
LinterRule
|
ERR_NO_SUBJECT_ALT_NAMEe
|
No Subject alternative name extension |
1-1000 |
|
|
LinterRule
|
ERR_NON_PRINTABLE
|
The string contains non-printable control characters |
10-500 |
|
|
LinterRule
|
ERR_NOT_ALL_CRL_REASONS
|
No CRL distpoint with all reasons |
0-1000 |
|
|
LinterRule
|
ERR_NOT_ALLOWED_HASH
|
Hash algorithm not allowed |
10-1000 |
|
|
LinterRule
|
ERR_NOT_ALLOWED_MASK_ALGORITHMe
|
Mask algorithm not allowed |
10-1000 |
|
|
LinterRule
|
ERR_NOT_NAMED_CURVE
|
Not using a named curve |
20-1000 |
|
|
LinterRule
|
ERR_NOT_VERSION3
|
Certificate not version 3 |
50-2000 |
|
|
LinterRule
|
ERR_ORGANIZATION_NAME_SIZE
|
organizationName too long |
1-500 |
|
|
LinterRule
|
ERR_ORGANIZATION_WITHOUT_COUNTRY
|
Organization validated certificate but without country |
50-2000 |
|
|
LinterRule
|
ERR_ORGANIZATION_WITHOUT_ORG
|
Organization validated certificate but without organizationName |
50-2000 |
|
|
LinterRule
|
ERR_ORGANIZATIONAL_UNIT_NAME_SIZE
|
organizationalUnitName too long |
1-300 |
|
|
LinterRule
|
ERR_POLICY_BR
|
Baseline Requirements policy present for non server authentication certificate |
10-2000 |
|
|
LinterRule
|
ERR_POST_OFFICE_BOX_SIZE
|
postOfficeBox too long |
1-300 |
|
|
LinterRule
|
ERR_POSTAL_CODE_SIZE
|
postalCode too long |
1-300 |
|
|
LinterRule
|
ERR_PSS_HASH_NOT_EQUAL
|
PSS hash algorithm not equal |
50-1000 |
|
|
LinterRule
|
ERR_PSS_INVALID_SALT_LENGTH
|
Invalid PSS salt length |
50-1000 |
|
|
LinterRule
|
ERR_PSS_INVALID_TRAILER
|
Invalid PSS trailer |
50-1000 |
|
|
LinterRule
|
ERR_RELATIVE_CRL_ISSUER_COUNT
|
CRL DistributionPoint's cRLIssuer is relative, but has more than 1 entry |
1-1000 |
|
|
LinterRule
|
ERR_ROOT_CA_WITH_EKU
|
CA root certificate with Extended Key Usage |
1-2000 |
|
|
LinterRule
|
ERR_RSA_EXP_3
|
RSA public exponent not equal to 3 or more |
60-2000 |
|
|
LinterRule
|
ERR_RSA_EXP_NOT_ODD
|
RSA public exponent not odd |
60-2000 |
|
|
LinterRule
|
ERR_RSA_MODULUS_NEGATIVE
|
RSA modulus is negative |
70-2000 |
|
|
LinterRule
|
ERR_RSA_SIZE_2048
|
RSA modulus smaller than 2048 bit |
50-1000 |
|
|
LinterRule
|
ERR_RSA_SMALL_FACTOR
|
RSA modulus has small factor |
70-2000 |
|
|
LinterRule
|
ERR_SAN_EMPTY
|
Empty SAN |
1-1000 |
|
|
LinterRule
|
ERR_SAN_NOT_CRITICAL
|
SAN is not critical |
1-300 |
|
|
LinterRule
|
ERR_SAN_TYPE
|
Invalid type in SAN entry |
10-1000 |
|
|
LinterRule
|
ERR_SAN_WITHOUT_NAME
|
subjectAltName without name |
10-1000 |
|
|
LinterRule
|
ERR_SERIAL_NOT_POSITIVE
|
Serial number not positive |
60-2000 |
|
|
LinterRule
|
ERR_SERIAL_NUMBER_SIZE
|
serialNumber too long |
50-1000 |
|
|
LinterRule
|
ERR_SERIAL_TOO_LARGE
|
Serial number too large |
50-1000 |
|
|
LinterRule
|
ERR_SIG_ALG_MISMATCH
|
Signature algorithm mismatch |
50-2000 |
|
|
LinterRule
|
ERR_SKID_CRITICAL
|
SKID critical |
1-900 |
|
|
LinterRule
|
ERR_SKID_MISSING
|
SKID missing |
1-1000 |
|
|
LinterRule
|
ERR_STATE_NAME_SIZE
|
stateOrProvinceName too long |
1-300 |
|
|
LinterRule
|
ERR_STREET_ADDRESS_SIZE
|
streetAddress too long |
1-300 |
|
|
LinterRule
|
ERR_STRING_WITH_NUL
|
Contains a null character in the string |
10-500 |
|
|
LinterRule
|
ERR_SUBJECT_ADDR
|
Subject without organizationName,given Name or surname but with streetAddress |
1-300 |
|
|
LinterRule
|
ERR_SUBJECT_COUNTRY
|
Subject with organizationName, givenName or surname but without countryName |
1-300 |
|
|
LinterRule
|
ERR_SUBJECT_NO_ORG_PLACE
|
Subject without organizationName, givenName or surname but with stateOrProvince or localityName |
1-300 |
|
|
LinterRule
|
ERR_SUBJECT_ORG_NO_PLACE
|
Subject with organizationName, givenName or surname but without stateOrProvince or localityName |
1-300 |
|
|
LinterRule
|
ERR_SUBJECT_POSTAL
|
Subject without organizationName, givenName or surname but with postalCode |
1-300 |
|
|
LinterRule
|
ERR_SURNAME_SIZE
|
surname too long |
1-300 |
|
|
LinterRule
|
ERR_TELETEX_WITH_ESCAPE
|
Teletex string with an escape sequence |
10-1000 |
|
|
LinterRule
|
ERR_UNKNOWN_PUBLIC_KEY_TYPE
|
Unknown public key type |
50-1000 |
|
|
LinterRule
|
ERR_UNKNOWN_SIGNATURE_ALGORITHM
|
Unknown signature algorithm |
50-2000 |
|
|
LinterRule
|
ERR_UNSTRUCTUREDNAME_SIZE
|
Invalid length of unstructuredName |
1-1000 |
|
|
LinterRule
|
ERR_URL_WITH_NUL
|
URL contains a null character |
10-1000 |
|
|
LinterRule
|
INF_CRL_NOT_URL
|
CRL is not a URL |
1-900 |
|
|
LinterRule
|
INF_NAME_ENTRY_LENGTH_NOT_CHECKED
|
Name entry length not checked |
0 |
|
|
LinterRule
|
INF_STRING_NOT_CHECKED
|
String not checked |
<0 |
|
|
LinterRule
|
INF_SUBJECT_CN
|
Subject has a deprecated CommonName |
0 |
|
|
LinterRule
|
INF_UNKNOWN_VALIDATION
|
Unknown validation policy |
1-1000 |
|
|
LinterRule
|
WARN_CALLED_WITH_WRONG_TYPE
|
Called with wrong certificate type |
<0 |
|
|
LinterRule
|
WARN_CRL_RELATIVE
|
CRL distribution point uses relative name |
1-1000 |
|
|
LinterRule
|
WARN_DUPLICATE_SAN
|
Duplicate SAN entry |
1-400 |
|
|
LinterRule
|
WARN_EV_LONGER_12_MONTHS
|
EV certificate valid longer than 12 months |
10-1000 |
|
|
LinterRule
|
WARN_EXPLICIT_TEXT_ENCODING
|
explicitText is not using a UTF8String |
10-600 |
|
|
LinterRule
|
WARN_KEY_USAGE_NO_CERT_OR_CRL_SIGN
|
Key usage doesn't have keyCertSign or cRLSign |
1-1000 |
|
|
LinterRule
|
WARN_KEY_USAGE_NOT_CRITICAL
|
Key usage not critical |
1-300 |
|
|
LinterRule
|
WARN_LONGER_39_MONTHS
|
The certificate is valid for longer than 39 months |
1-500 |
|
|
LinterRule
|
WARN_NO_CN
|
No commonName |
1-400 |
|
|
LinterRule
|
WARN_NO_EKU
|
Subscriber certificate without Extended Key Usage |
10-200 |
|
|
LinterRule
|
WARN_NO_ISSUING_CERT_HTTP
|
No HTTP URL for issuing certificate |
0-900 |
|
|
LinterRule
|
WARN_NON_PRINTABLE_STRING
|
The name entry contains something that is not a PrintableString or UTF8String |
10-400 |
|
|
LinterRule
|
WARN_POLICY_QUALIFIER_NOT_CPS
|
Policy information has qualifier other than CPS URI |
1-300 |
|
|
LinterRule
|
WARN_RSA_EXP_RANGE
|
RSA public exponent not in range of 2^16+1 to 2^256-1 |
20-1000 |
|
|
LinterRule
|
WARN_TLS_CLIENT_DNS
|
TLS client with DNS or IP address |
10-300 |
|
|
LinterRule
|
WARN_UNKNOWN_EKU
|
Unknown extended key usage |
10-500 |
An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (
) at the bottom of the Management Portal side menu.Was this page helpful? Provide Feedback