To set the Sectigo-specific profile properties:

  1. Type in the Certificate Type field the identifier of a profile configured in Sectigo.
  2. Activate the Enable CA Profile Sync setting.
  3. Make an API call to the /v1/certificate-authorities/{caId}/profiles endpoint.

CA Gateway will merge the profile configuration set in the Management Console with profiles configured at Sectigo. For example:

{
"message": {
"message": "Profiles retrieved successfully.",
"details": []
},
"profiles": [
{
"id": "sectigo-profile-1",
"name": "static-profileA-local",
"properties": {
"cert_type": "60515"
},
"protocols": [],
"requestedProperties": [],
"subjectAltNameRequirements": [],
"subjectVariableRequirements": []
},
{
"id": "60515",
"name": "profileA",
"properties": {
"cert_type": "60515",
"description": "",
"key_type": "{\"EC\":[\"P-256\",\"P-384\",\"P-521\"],\"RSA\":[\"2048\",\"3072\",\"4096\",\"8192\"]}",
"terms": "[30]",
"use-secondary-org-name": "false"
},
"protocols": [],
"requestedProperties": [],
"subjectAltNameRequirements": [],
"subjectVariableRequirements": []
},
{
"id": "63999",
"name": "Sectigo Enterprise Pro - Multi-Domain (OV)",
"properties": {
"cert_type": "63999",
"description": "",
"key_type": "{\"EC\":[\"P-256\",\"P-384\"],\"RSA\":[\"2048\",\"4096\",\"8192\"]}",
"terms": "[47, 200, 365, 397]",
"use-secondary-org-name": "false"
},
"protocols": [],
"requestedProperties": [],
"subjectAltNameRequirements": [],
"subjectVariableRequirements": []
},
{
"id": "64442",
"name": "test",
"properties": {
"cert_type": "64442",
"description": "asdfsadf",
"key_type": "{\"EC\":[\"P-256\",\"P-384\",\"P-521\"],\"RSA\":[\"2048\",\"3072\",\"4096\",\"8192\"]}",
"terms": "[30]",
"use-secondary-org-name": "false"
},
"protocols": [],
"requestedProperties": [],
"subjectAltNameRequirements": [],
"subjectVariableRequirements": []
}
],
"type": "ProfilesResponse"
}

See below for the main parameters in this configuration.

In this API response, some parameter names include underscores for backwards compatibility, and key type values are escaped because they contain embedded JSON code.

key-types

A list of supported key types for the issued certificate. For example

"key_types": "{\"EC\":[\"P-256\",\"P-384\"],\"RSA\":[\"2048\",\"4096\",\"8192\"]}"

As described in the table below, the requested validity (if any) must be included on this list.

Request type

Requested key type

Key type for the issued certificate

​PKCS #10

​Included in the key-types list

As selected in the request​

Not included in the key-types list

Error

PKCS #12

The first in the key-types list, if key-type is not available, uses default.

Mandatory: No, this optional value defaults to a list containing a single RSA 2048 key type.

terms

A list of supported certificate validity periods, in days. For example

terms": "[47, 200, 365, 397]"

As described in the table below, the requested validity (if any) must be included on this list.

Request type

Requested validity

Validity of the issued certificate

​PKCS #10

​Included in the terms list

As selected in the request​

Not included in the terms list

Error

None

The first in the term list, if term list not available, uses default.

PKCS #12

The first in the term list, if term list not available, uses default.

 Mandatory: No, this optional value defaults to a list containing a single 30-day period.