After Configuring the static Sectigo CA profile settings:

  1. Set the enable-ca-profile-sync flag to true.
  2. Make an API call to the /v1/certificate-authorities/{caId}/profiles endpoint.

CA Gateway will return the static configuration merged with profiles configured at Sectigo. For example:

{
"message": {
"message": "Profiles retrieved successfully.",
"details": []
},
"profiles": [
{
"id": "sectigo-profile-1",
"name": "static-profileA-local",
"properties": {
"cert_type": "60515"
},
"protocols": [],
"requestedProperties": [],
"subjectAltNameRequirements": [],
"subjectVariableRequirements": []
},
{
"id": "60515",
"name": "profileA",
"properties": {
"cert_type": "60515",
"description": "",
"key_type": "{\"EC\":[\"P-256\",\"P-384\",\"P-521\"],\"RSA\":[\"2048\",\"3072\",\"4096\",\"8192\"]}",
"terms": "[30]",
"use-secondary-org-name": "false"
},
"protocols": [],
"requestedProperties": [],
"subjectAltNameRequirements": [],
"subjectVariableRequirements": []
},
{
"id": "63999",
"name": "Sectigo Enterprise Pro - Multi-Domain (OV)",
"properties": {
"cert_type": "63999",
"description": "",
"key_type": "{\"EC\":[\"P-256\",\"P-384\"],\"RSA\":[\"2048\",\"4096\",\"8192\"]}",
"terms": "[47, 200, 365, 397]",
"use-secondary-org-name": "false"
},
"protocols": [],
"requestedProperties": [],
"subjectAltNameRequirements": [],
"subjectVariableRequirements": []
},
{
"id": "64442",
"name": "test",
"properties": {
"cert_type": "64442",
"description": "asdfsadf",
"key_type": "{\"EC\":[\"P-256\",\"P-384\",\"P-521\"],\"RSA\":[\"2048\",\"3072\",\"4096\",\"8192\"]}",
"terms": "[30]",
"use-secondary-org-name": "false"
},
"protocols": [],
"requestedProperties": [],
"subjectAltNameRequirements": [],
"subjectVariableRequirements": []
}
],
"type": "ProfilesResponse"
}

See below for the main parameters in this configuration.

In this API response, some parameter names include underscores for backwards compatibility, and key type values are escaped because they contain embedded JSON code.

key-types

A list of supported key types for the issued certificate.

This parameter is dynamically provisioned by Sectigo when enabling the enable-ca-profile-sync flag, so you do not need to set it manually.

For example

"key_types": "{\"EC\":[\"P-256\",\"P-384\"],\"RSA\":[\"2048\",\"4096\",\"8192\"]}"

As described in the table below, the requested validity (if any) must be included on this list.

Request type

Requested key type

Key type for the issued certificate

​PKCS #10

​Included in the key-types list

As selected in the request​

Not included in the key-types list

Error

PKCS #12

The first in the key-types list, if key-type is not available, uses default.

Mandatory: No, this optional value defaults to a list containing a single RSA 2048 key type.

terms

A list of supported certificate validity periods, in days.

This parameter is dynamically provisioned by Sectigo when enabling the enable-ca-profile-sync flag, so you do not need to set it manually.

For example

terms": "[47, 200, 365, 397]"

As described in the table below, the requested validity (if any) must be included on this list.

Request type

Requested validity

Validity of the issued certificate

​PKCS #10

​Included in the terms list

As selected in the request​

Not included in the terms list

Error

None

The first in the term list, if term list not available, uses default.

PKCS #12

The first in the term list, if term list not available, uses default.

 Mandatory: No, this optional value defaults to a list containing a single 30-day period.