GET Templates

A string containing a query to limit the results (e.g. field1 -eq value1 AND field2 -gt value2). The default is to return all records. Fields available for querying through the API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. for the most part match those that appear in the Keyfactor Command Management Portal search dropdowns for the same feature. For querying guidelines, refer to the Keyfactor Command Reference Guide: Using the Template Search Feature. The query fields supported for this endpoint An endpoint is a URL that enables the API to gain access to resources on a server. are:

• AllowedEnrollmentType (1-PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. Enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)., 2-CSR A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. Enrollment, 3-CSR Generation, 0-None)

• DisplayName

• FriendlyName

• ForestRoot (deprecated)

• ConfigurationTenant

• HasPrivateKeyRetention (True, False)

• IsDefaultTemplate (True, False)

• KeyType (Unknown, RSA, DSA, ECC Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys. ECC generates keys through the properties of the elliptic curve equation instead of the traditional method of generation as the product of very large prime numbers., DH)

• ShortName

An object containing custom enrollment fields. These are configured on a per-template basis to allow you to submit custom fields with CSR enrollments and PFX enrollments to supply custom request attributes to the CA during the enrollment process. This functionality offers such benefits as:

• Preventing users from requesting invalid certificates, based on your specific certificate requirements per template.
• Providing additional information to the CA with the CSR.

Once created on the template, these values are shown in Keyfactor Command on the PFX and CSR enrollment pages in the Additional Enrollment Fields section. The fields are mandatory during enrollment. The data will appear on the CA / Issued Certificates attribute tab for certificates enrolled with a template configured with Keyfactor Command enrollment fields.

Note:  These are not metadata Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In the context of Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates. fields, so they are not stored in the Keyfactor Command database, but simply passed through to the CA. The CA in turn could, via a gateway or policy module, use this data to perform required actions.

Show enrollment field details.

An object containing individual template-level regular expressions against which to validate the subject data. Regular expressions defined on a template apply to enrollments made with that template only. Template-level regular expressions, if defined, take precedence over system-wide regular expressions. For more information about system-wide regular expressions, see GET Templates Settings. Show regular expression details.

Name	Description
TemplateId	The Keyfactor Command reference ID of the certificate template the regular expression is associated with.
SubjectPart	A string indicating the portion of the subject the regular expression applies to (e.g. CN A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com).).
RegEx	A string specifying the regular expression against which data entered in the indicated subject part field (e.g. CN) in the enrollment pages of the Keyfactor Command Management Portal or using an API enrollment method will be validated. Use the GET /Templates/SubjectParts method (see GET Templates Subject Parts) to retrieve a list of all the supported subject parts. Show regular expression examples. Subject Part Example CN (Common Name) This regular expression specifies that the data entered in the field must consist of some number of characters in the first portion of the field made up only of lowercase letters, uppercase letters, numbers, apostrophes, underscores, periods, and/or hyphens followed by exactly ".keyexample.com": ^[a-zA-Z0-9'_\.\-]*\.keyexample\.com$ The default value for the Common Name regular expression is: .+ This requires entry of at least one character in the Common Name field in the enrollment pages. O (Organization) This regular expression requires that the organization name entered in the field be one of "Key Example Inc", "Key Example" or "Key Example Inc.": ^(?:Key Example Inc|Key Example|Key Example, Inc\.)$ The period in the final company name (Key Example, Inc.) needs to be escaped in the regular expression with a slash ("\") but the comma does not. OU (Organization Unit) This regular expression requires that the organizational unit entered in the field be one of these four departments: ^(?:IT|HR|Accounting|E-Commerce)$ L (City/Locality) This regular expression requires that the city entered in the field be one of these five cities: ^(?:Boston|Chicago|New York|London|Dallas)$ ST (State/Province) This regular expression requires that the state entered in the field be one of these eight states: ^(?:Massachusetts|Illinois|New York|Ontario|Texas)$ C (Country) This regular expression requires that the country entered in the field be either US or CA: ^(?:US|CA)$ E (Email) This regular expression specifies that the data entered in the field must consist of some number of characters prior to the "@" made up only of lowercase letters, uppercase letters, numbers, apostrophes, underscores, periods, and/or hyphens followed by exactly "@keyexample.com": ^[a-zA-Z0-9'_\.\-]*@keyexample\.com$ DNS The Domain Name System is a service that translates names into IP addresses. (Subject Alternative Name The subject alternative name (SAN) is an extension to the X.509 specification that allows you to specify additional values when enrolling for a digital certificate. A variety of SAN formats are supported, with DNS name being the most common.: DNS Name) This regular expression specifies that the data entered in the field must consist of some number of characters in the first portion of the field made up only of lowercase letters, uppercase letters, numbers, apostrophes, underscores, periods, and/or hyphens followed by exactly either ".keyexample1.com" or ".keyexample2.com": ^[a-zA-Z0-9'_\.\-]*\.(?:keyexample1\.com|keyexample2\.com)$ IPv4 (Subject Alternative Name: IPv4 Address) This regular expression specifies that the data entered in the field must be exactly "130.101." followed by anywhere between 1 and 3 numbers followed by exactly "." followed by anywhere between 1 and 3 numbers: ^130\.101\.(?:[0-9]{1,3})\.(?:[0-9]{1,3})$ This regular expression specifies only that the IPv4 address is made up of 4 sets of between 1 and 3 numbers separated by periods: ^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$ IPv6 (Subject Alternative Name: IPv6 Address) This regular expression specifies that the data entered in the field must be made up of eight sets of between one and four numbers and/or uppercase letters separated by colons: ^(?:[A-F0-9]{1,4}:){7}[A-F0-9]{1,4}$ MAIL (Subject Alternative Name: Email) This regular expression specifies that the data entered in the field must consist of some number of characters prior to the "@" made up only of lowercase letters, uppercase letters, numbers, apostrophes, underscores, periods, and/or hyphens followed by exactly "@keyexample.com": ^[a-zA-Z0-9'_\.\-]*@keyexample\.com$ UPN (Subject Alternative Name: User Principal Name) This regular expression specifies that the data entered in the field must consist of some number of characters prior to the "@" made up only of lowercase letters, uppercase letters, numbers, apostrophes, underscores, periods, and/or hyphens followed by exactly "@keyexample.com": ^[a-zA-Z0-9'_\.\-]*@keyexample\.com$
Error	A string specifying the error message displayed to the user when the subject part referenced in the CSR or entered for a PFX enrollment does not match the given regular expression. Note that the error message already includes a leading string with the subject part (e.g. "Common Name:" or "Invalid CN provided:" depending on the interface used). Your custom message follows this.

An object containing the list of Keyfactor Command security roles—as strings—that have been granted enroll permission on the template.

A Boolean indicating whether the template has been configured with the Microsoft CA certificate manager approval option enabled (true) or not (false).