GET Certificate Store Types

Documentation Suite v10.5

The GET /CertificateStoreTypes method is used to retrieve a list of all certificate store types. This method returns HTTP 200 OK on a success with details of the certificate store types.

Tip: The following permissions (see Security Overview) are required to use this feature:

CertificateStoreManagement: Read

Table 295: GET Certificate Store Types Input Parameters

Name	In	Description
pageReturned	Query	An integer that specifies how many multiples of the returnLimit to skip and offset by before returning results, to enable paging. The default is 1.
returnLimit	Query	An integer that specifies how many results to return per page. The default is 50.

Table 296: GET Certificate Store Types Response Data

Name

Description

Name

A string containing the full name of the certificate store type.

ShortName

A string containing the short name assigned to the certificate store type.

Capability

A string containing a reference name for the certificate store type (e.g. NS for a NetScaler store).

StoreType

A unique integer for the certificate store type. The ID is automatically assigned by Keyfactor Command.

ImportType

An integer that indicates the import type for the certificate store type. The ID is automatically assigned by Keyfactor Command and generally matches the StoreType for custom certificate store types.

LocalStore

A Boolean that indicates whether the store is local to the orchestrator machine (true) as, for example, JKS and PEM stores managed by the Keyfactor Java Agent or remote (false) as, for example, IIS stores managed by the Keyfactor Universal Orchestrator.

SupportedOperations

An array containing a series of Boolean values that indicate whether the certificate store type is enabled for the following functions:

Add
Create
Discovery
Enrollment
Remove

Properties

An array of unique parameters for the certificate store type. In the Keyfactor Command Management Portal these are known as Custom Fields. Show property details.

Name	Description
Name	A string containing the short name of the property.
DisplayName	A string containing the full display name of the property.
Type	A string containing the type of the property: String Bool MultipleChoice Secret
DependsOn	A string containing the name of the parameter on which this parameter depends. This only applies if at least two custom parameters have been created for this certificate store type. This option is used to configure one custom parameter to display only if another custom parameter contains a value.
DefaultValue	A string containing the default value(s) of the parameter. If Type is Multiple Choice, this field should contain a comma-separated list of multiple choice options for this parameter. If Type is Boolean, this field should contain true or false.
Required	A Boolean that indicates whether the parameter is required (true) or not (false).

Note: There are three standard properties that are used for any built-in certificate store types that require server credentials (e.g. F5):

ServerUsername
ServerPassword
ServerUseSsl

These replace the separate certificate store server records that existed in previous versions of Keyfactor Command. For legacy support, if credentials are not provided through store properties during creation or editing of a certificate store, Keyfactor Command will attempt to find a certificate store server record and copy the credentials from it into the store properties for future use.

PasswordOptions

Options for the password in the certificate store type. Show password option details.

Name

Description

EntrySupported

A Boolean that indicates whether entry of a password for the certificate in the certificate store is allowed (true) or not (false).

StoreRequired

A Boolean that indicates whether entry of a password on the certificate store as a whole is required (true) or not (false).

Style

A string containing the style of password:

Default: Keyfactor Command will randomly generate a password.
Custom: Allow a password to be entered and authenticated when enrolling for a certificate through Keyfactor Command when installing to a store of this type. The Custom option can be selected only if the Allow Custom Password in the Application Settings, is equal to True. For more details, see Application Settings: Enrollment Tab in theKeyfactor Command Reference Guide.

StorePathValue

An array containing the value(s) for the certificate store path.

PrivateKeyAllowed

A string containing the option for private key requirements for certificates stored in stores with this certificate store type:

Forbidden: Private key is not required; generally, applies to trust stores (e.g. Root CA certificates).
Optional: Private key is optional; applies to store types that could represent either a Trust Store or End-Entity Store.
Required: Private key is required; applies to stores that hold an End-Entity Certificate (server or client authorization).

ServerRequired

A Boolean that indicates whether server access is required for adding certificate stores for this certificate store type (true) or not (false). If set to true, a user will be prompted for a username and password to connect to the remote server.

PowerShell

A Boolean that indicates whether jobs for the store type are implemented using PowerShell (true) instead of a .NET class or not (false).

BlueprintAllowed

A Boolean that indicates whether certificate stores of this type will be included when creating or applying blueprints. For more details, see Orchestrator Blueprints in the Keyfactor Command Reference Guide.

CustomAliasAllowed

A string containing the selected certificate store type alias option:

Forbidden: A custom alias is not required and cannot be supplied.
Optional: A custom alias is optional.
Required: A custom alias is required.

The certificate store alias serves as an identifier for the certificate in the store. Depending on the type of store, it may be a file name, a certificate thumbprint, a string reference, or some other information. Some types of stores may not support associating an alias with the certificate (e.g. IIS trusted root).

EntryParameters

An array of unique parameters that are required when performing management jobs on a certificate store of this type. Show entry parameter details.

Name	Description
Name	A string containing the short name of the entry parameter.
DisplayName	A string containing the full display name of the entry parameter.
Type	A string containing the type of the entry parameter: String Bool MultipleChoice Secret
RequiredWhen	An array of Boolean values indicating the circumstances under which a value is required to be provided for this entry parameter. These are: HasPrivateKey: If set to true, a value must be provided for this field when configuring a management job (either add or remove) if the certificate has an associated private key in Keyfactor Command. This would be the case, for example, when doing a PFX enrollment and adding the resulting certificate to a certificate store. OnAdd: If set to true, a value must be provided for this field when configuring an add certificate job. OnRemove: If set to true, a value must be provided for this field when configuring a remove certificate job. OnReenrollment: If set to true, a value must be provided for this field when configuring a reenrollment job.
DependsOn	A string containing the name of the parameter on which this parameter depends. This only applies if at least two custom parameters have been created for this certificate store type. This option is used to configure one custom parameter to display only if another custom parameter contains a value.
DefaultValue	A string containing the default value for the entry parameter. If Type is Multiple Choice, this field should contain a single value that represents the default selection from the provided list (see Options) for this entry parameter. If Type is Boolean, this field should contain true or false.
Options	A string containing a comma-separated list of multiple choice options for this entry parameter.

Tip: What's the difference between properties (custom fields) and entry parameters?

Properties are about the certificate store definition itself and are static. For example, you might use a property to define the primary node name of an F5 instance. This node name is the same no matter what inventory or management jobs you do with the F5 device(s). Values for properties are entered in the certificate store record when creating or editing the certificate store record.
Entry parameters are about the specific certificate within the certificate store. They are used to send additional information related to the certificate to the server or device that hosts the certificate store when running management jobs for that certificate store. Often this is more fluid information that isn't the same for every use of that certificate store. For example, several virtual servers with separate certificates in the same folder may exist on a NetScaler device. When replacing one certificate, updates may need to be made to only the virtual server that is using the certificate. In this case, the authorized user will be prompted to enter the virtual server name based on an entry parameter. Values for entry parameters are entered at the time a management job is initiated (e.g. adding a certificate to a certificate store).

InventoryEndpoint

A string containing the orchestrator endpoint to which inventory updates are sent.

InventoryJobType

A GUID identifying the job type for inventory jobs.

ManagementJobType

A GUID identifying the job type for management jobs.

DiscoveryJobType

A GUID identifying the job type for discovery jobs.

EnrollmentJobType

A GUID identifying the job type for reenrollment jobs.

Tip: For code examples, see the Keyfactor API Endpoint Utility. To find the embedded web copy of this utility, click the help icon (

) at the top of the Keyfactor Command Management Portal page next to the Log Out button.

GET Certificate Store Types

Products

Resources

Company