GET Workflow Instances Instance ID

A string indicating the current status of the workflow instance. The possible statuses are:

• CanceledForRestart
• Complete

• Failed

• Rejected

• Running

• Suspended

A string indicating the current status message for the workflow instance. Possible status messages vary and may include:

• Access is denied
• Awaiting # more approval(s) from approval roles.

• Either the credentials are invalid, or the CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. on [CA hostname] is not running

• Issued

• Issued. The private key Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure. was successfully retained.

• Post-process Failed: [Message indicating reason for failure generally from the CA]

• Pre-process failed: [Message indicating details of the failure]

• Revoked

• Step 'Keyfactor-Enroll' failed: [Message indicating details of the failure]

• Step 'Keyfactor-Revoke' failed:[Message indicating details of the failure]

• Step [custom step name] failed: [Message indicating details of the failure]

• Taken Under Submission. The certificate template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. requires manager approval, and is marked as pending.

• Workflow rejected by user with Id #.

An array containing the workflow definition. Show workflow definition details.

An array containing the data included in the workflow instance when the workflow was initiated. Show initial workflow instance data.

Name	Operation Type	Description
CertificateAuthority	Enrollment and Revocation	A string indicating the certificate authority A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. that will be used to enroll against, for enrollment requests, or that issued the certificate, for revocation requests in hostname\logical name format.
CertificateId	Revocation	An integer indicating the Keyfactor Command reference ID for the certificate.
SerialNumberString	Revocation	A string indicating the serial number of the certificate being revoked.
Thumbprint	Revocation	A string indicating the thumbprint of the certificate being revoked.
RevokeCode	Revocation	An integer containing the specific reason that the certificate is being revoked. Show revocation reasons. Value Description -1 Remove from Hold 0 Unspecified 1 Key Compromised 2 CA Compromised 3 Affiliation Changed 4 Superseded 5 Cessation of Operation 6 Certificate Hold 7 Remove from CRL A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted.. Only valid in the case that a cert is already on a CRL in a manner that it can be removed, such as Certificate Hold The default is Unspecified.
EffectiveDate	Revocation	A string containing the date and time when the certificate will be revoked.
Comment	Revocation	A string containing a freeform reason or comment on why the certificate is being revoked.
Delegate	Revocation	A Boolean indicating whether delegation is enabled for the certificate authority that issued the certificate (true) or not (false).
OperationStart	Revocation	A string indicating the time at which the revocation workflow was initiated.
Template	Enrollment	A string indicating the certificate template short name used for the enrollment request.
IncludeChain	Enrollment	A Boolean indicating whether to include the certificate chain in the enrollment response (true) or not (false).
SANs	Enrollment	An array of key/value pairs indicating the subject alternative names (SANs) for the certificate requested in the enrollment. Show SAN key values. Value Description rfc822 RFC 822 Name dns DNS The Domain Name System is a service that translates names into IP addresses. Name directory Directory Name uri Uniform Resource Identifier ip4 IP v4 Address ip6 IP v6 Address registeredid Registered ID (an OID Object identifiers or OIDs are a standardized system for identifying any object, concept, or "thing" with a globally unambiguous persistent name.) ms_ntprincipalname MS_NTPrincipalName (a string) ms_ntdsreplication MS_NTDSReplication (a GUID) For example: "SANs": { "dns": [ "dnssan1.keyexample.com", "dnssan2.keyexample.com", "dnssan3.keyexample.com" ], "ip4": [ "192.168.2.73" ] }
AdditionalAttributes	Enrollment	An array of key/value pairs indicating values for any custom enrollment fields set on the certificate template to supply custom request attributes to the CA during the enrollment process.
Metadata Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In the context of Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates.	Enrollment	An array of key/value pairs indicating values for the metadata fields that will be associated with the certificate once it is in Keyfactor Command. The key is the field name and the value is the value for the field.
Format	Enrollment	A string indicating the desired output format for the certificate. A value of STORE indicates that the certificate is intended to be delivered into one or more certificate stores.
CustomName	Enrollment	A string indicating a custom friendly name for the certificate.
Subject	Enrollment	A string containing the subject name of the requested certificate using X.500 format.
RenewalCertificate	Enrollment	An array containing the certificate information for the certificate that is being renewed. Show certificate details. Name Description Certificate An array containing a key value pair referencing the certificate being renewed in the following format: { "RawData":"[PEM-encoded certificate string]" } CertificateId An integer containing the Keyfactor Command reference ID of the certificate being renewed. Note:  This field is only populated for enrollments that are generated by requesting a certificate renewal (see Renew in the Keyfactor Command Reference Guide and POST Enrollment Renew).
Stores	Enrollment	An object containing a comma delimited set of arrays indicating the certificate stores to which the certificate should be distributed. Show store details. Name Description StoreId An array of GUIDs indicating the certificate store(s) to which the certificate should be deployed. Use the GET /CertificateStores method (see GET Certificate Stores) with a query of "Approved -eq true" to retrieve a list of all your approved certificate stores to determine the GUID(s) of the store(s). Alias The alias of the certificate upon entry into the store. The format of and requirement for this varies depending on the certificate store type and whether the Overwrite flag is selected. See PFX Enrollment in the Keyfactor Command Reference Guide for more information. Overwrite A Boolean that sets whether a certificate in the store with the Alias provided should be overwritten with the new certificate (true) or not (false). The default is false. Use the GET /Certificates/Locations/{id} method (see GET Certificates Locations ID) to retrieve a list of the locations an existing certificate is in to determine the alias used for the certificate in the certificate store. Properties An array of key/value pairs for the unique parameters defined for the certificate store type that need to be populated for the certificate. The key is the name of the specific parameter A parameter or argument is a value that is passed into a function in an application. from the certificate store type definition as returned in the JobProperties on the store type using the GET CertificateStoreTypes method and the value is the value that should be set for that parameter on the certificate in the certificate store. For example, for NetScaler, the key name that is optionally used to associate the certificate with a virtual server is NetscalerVserver and is returned by GET CertificateStoreTypes like so: "JobProperties": [ "NetscalerVserver" ] It can be seen in the Keyfactor Command Management Portal when editing the certificate store type in the field for Management Job Custom Fields. The setting is referenced using the following format: "Properties": {"NetscalerVserver":"MyVirtualServerName"} Note:  The only built-in certificate store type that makes use of properties that can be set on a certificate-by-certificate basis in the store is NetScaler. You may have custom certificate store types that make use of this functionality.
ManagementJobTime	Enrollment	An array indicating the schedule for the management job to add the certificate to the certificate store(s). Show management job time details. Name Description Immediate A Boolean that indicates a job scheduled to run immediately (true) or not (false). Tip:  In some instances, jobs initially scheduled as Immediate will appear on a GET as null. ExactlyOnce A dictionary that indicates a job scheduled to run at the time specified with the parameter: Name Description Time The date and time to next run the job. The date and time should be given using the ISO 8601 UTC time format YYYY-MM-DDTHH:mm:ss.000Z (e.g. 2021-05-19T16:23:01Z). For example, exactly once at 11:45 am: "ExactlyOnce": { "Time": "2022-02-27T11:45:00Z" } Tip:  In some instances, jobs initially scheduled as Immediate will appear on a GET as ExactlyOnce.
IsPFX	Enrollment	A Boolean indicating whether the certificate enrollment type that initiated the workflow instance was PFX (true) or CSR A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. (false).
PfxPasswordSecretInstanceId	Enrollment	A string indicating the Keyfactor Command reference GUID for the PFX password used to secure the PFX file on download.
InitiatingUserName	Enrollment and Revocation	A string indicating the name of the user who initiated the workflow in DOMAIN\\username format.