GET Certificate Store Types

Documentation Suite v10

The GET /CertificateStoreTypes method is used to retrieve a list of all certificate store types. This method returns HTTP 200 OK on a success with details of the certificate store types.

Tip: The following permissions (see Security Overview) are required to use this feature:

CertificateStoreManagement: Read

Table 293: GET Certificate Store Types Input Parameters

Name	In	Description
pageReturned	Query	An integer that specifies how many multiples of the returnLimit to skip and offset by before returning results, to enable paging. The default is 1.
returnLimit	Query	An integer that specifies how many results to return per page. The default is 50.

Table 294: GET Certificate Store Types Response Data

Name

Description

Name

A string containing the full name of the certificate store type.

ShortName

A string containing the short name assigned to the certificate store type.

Capability

A string containing a reference name for the certificate store type (e.g. NS for a NetScaler store).

StoreType

A unique integer for the certificate store type. The ID is automatically assigned by Keyfactor Command.

ImportType

An integer that indicates the import type for the certificate store type. The ID is automatically assigned by Keyfactor Command and generally matches the StoreType for custom certificate store types.

LocalStore

A Boolean that indicates whether the store is local to the orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. machine (true) as, for example, JKS A Java KeyStore (JKS) is a file containing security certificates with matching private keys. They are often used by Java-based applications for authentication and encryption. and PEM A PEM format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PEM certificates always begin and end with entries like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. PEM certificates can contain a single certificate or a full certifiate chain and may contain a private key. Usually, extensions of .cer and .crt are certificate files with no private key, .key is a separate private key file, and .pem is both a certificate and private key. stores managed by the Keyfactor Java Agent The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed. or remote (false) as, for example, IIS stores managed by the Keyfactor Universal Orchestrator The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with Windows servers (a.k.a. IIS certificate stores) and FTP capable devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can run custom jobs to provide certificate management capabilities on a variety of platforms and devices (e.g. F5 devices, NetScaler devices, Amazon Web Services (AWS) resources) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux..

SupportedOperations

An array containing a series of Boolean values that indicate whether the certificate store type is enabled for the following functions:

Add
Create
Discovery
Enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA).
Remove

Properties

An array of unique parameters for the certificate store type. In the Keyfactor Command Management Portal these are known as Custom Fields. Show property details.

Name	Description
Name	A string containing the short name of the property.
DisplayName	A string containing the full display name of the property.
Type	A string containing the type of the property: String Bool MultipleChoice Secret
DependsOn	A string containing the name of the parameter A parameter or argument is a value that is passed into a function in an application. on which this parameter depends. This only applies if at least two custom parameters have been created for this certificate store type. This option is used to configure one custom parameter to display only if another custom parameter contains a value.
DefaultValue	A string containing the default value(s) of the parameter. If Type is Multiple Choice, this field should contain a comma-separated list of multiple choice options for this parameter. If Type is Boolean, this field should contain true or false.
Required	A Boolean that indicates whether the parameter is required (true) or not (false).

Note: There are three standard properties that are used for any built-in certificate store types that require server credentials (e.g. F5):

ServerUsername
ServerPassword
ServerUseSsl

These replace the separate certificate store server records that existed in previous versions of Keyfactor Command. For legacy support, if credentials are not provided through store properties during creation or editing of a certificate store, Keyfactor Command will attempt to find a certificate store server record and copy the credentials from it into the store properties for future use.

PasswordOptions

Options for the password in the certificate store type. Show password option details.

Name

Description

EntrySupported

A Boolean that indicates whether entry of a password for the certificate in the certificate store is allowed (true) or not (false).

StoreRequired

A Boolean that indicates whether entry of a password on the certificate store as a whole is required (true) or not (false).

Style

A string containing the style of password:

Default: Keyfactor Command will randomly generate a password.
Custom: Allow a password to be entered and authenticated when enrolling for a certificate through Keyfactor Command when installing to a store of this type. The Custom option can be selected only if the Allow Custom Password in the Application Settings, is equal to True. For more details, see Application Settings: Enrollment Tab in theKeyfactor Command Reference Guide.

StorePathValue

An array containing the value(s) for the certificate store path.

PrivateKeyAllowed

A string containing the option for private key Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure. requirements for certificates stored in stores with this certificate store type:

Forbidden: Private key is not required; generally, applies to trust stores (e.g. Root CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. certificates).
Optional: Private key is optional; applies to store types that could represent either a Trust Store or End-Entity Store.
Required: Private key is required; applies to stores that hold an End-Entity Certificate (server or client authorization).

ServerRequired

A Boolean that indicates whether server access is required for adding certificate stores for this certificate store type (true) or not (false). If set to true, a user will be prompted for a username and password to connect to the remote server.

PowerShell

A Boolean that indicates whether jobs for the store type are implemented using PowerShell (true) instead of a .NET class or not (false).

BlueprintAllowed

A Boolean that indicates whether certificate stores of this type will be included when creating or applying blueprints. For more details, see Orchestrator Blueprints in the Keyfactor Command Reference Guide.

CustomAliasAllowed

A string containing the selected certificate store type alias option:

Forbidden: A custom alias is not required and cannot be supplied.
Optional: A custom alias is optional.
Required: A custom alias is required.

The certificate store alias serves as an identifier for the certificate in the store. Depending on the type of store, it may be a file name, a certificate thumbprint, a string reference, or some other information. Some types of stores may not support associating an alias with the certificate (e.g. IIS trusted root).

EntryParameters

An array of unique parameters that are required when performing management jobs on a certificate store of this type. Show entry parameter details.

Name	Description
Name	A string containing the short name of the entry parameter.
DisplayName	A string containing the full display name of the entry parameter.
Type	A string containing the type of the entry parameter: String Bool MultipleChoice Secret
RequiredWhen	An array of Boolean values indicating the circumstances under which a value is required to be provided for this entry parameter. These are: HasPrivateKey: If set to true, a value must be provided for this field when configuring a management job (either add or remove) if the certificate has an associated private key in Keyfactor Command. This would be the case, for example, when doing a PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. enrollment and adding the resulting certificate to a certificate store. OnAdd: If set to true, a value must be provided for this field when configuring an add certificate job. OnRemove: If set to true, a value must be provided for this field when configuring a remove certificate job. OnReenrollment: If set to true, a value must be provided for this field when configuring a reenrollment job.
DependsOn	A string containing the name of the parameter on which this parameter depends. This only applies if at least two custom parameters have been created for this certificate store type. This option is used to configure one custom parameter to display only if another custom parameter contains a value.
DefaultValue	A string containing the default value for the entry parameter. If Type is Multiple Choice, this field should contain a single value that represents the default selection from the provided list (see Options) for this entry parameter. If Type is Boolean, this field should contain true or false.
Options	A string containing a comma-separated list of multiple choice options for this entry parameter.

Tip: What's the difference between properties (custom fields) and entry parameters?

Properties are about the certificate store definition itself and are static. For example, you might use a property to define the primary node name of an F5 instance. This node name is the same no matter what inventory or management jobs you do with the F5 device(s). Values for properties are entered in the certificate store record when creating or editing the certificate store record.
Entry parameters are about sending additional information to the server or device that hosts the certificate store when running management jobs for that certificate store. Often this is more fluid information that isn't the same for every use of that certificate store. For example, several virtual servers with separate certificates in the same folder may exist on a NetScaler device. When replacing one certificate, updates may need to be made to only the virtual server that is using the certificate. In this case, the authorized user will be prompted to enter the virtual server name based on an entry parameter. Values for entry parameters are entered at the time a management job is initiated (e.g. adding a certificate to a certificate store).

InventoryEndpoint

A string containing the orchestrator endpoint

An endpoint is a URL that enables the API to gain access to resources on a server. to which inventory updates are sent.

InventoryJobType

A GUID identifying the job type for inventory jobs.

ManagementJobType

A GUID identifying the job type for management jobs.

DiscoveryJobType

A GUID identifying the job type for discovery jobs.

EnrollmentJobType

A GUID identifying the job type for reenrollment jobs.

Contact Sales	Contact Support
sales@keyfactor.com +1-216-931-0465	support@keyfactor.com +1-216-785-2943

GET Certificate Store Types

Products

Solutions

Resources

Company