To set the Sectigo-specific profile properties:

  1. Type in the Certificate Type field the identifier of a profile configured in Sectigo.
  2. Activate the Enable CA Profile Sync setting.
  3. Make an API call to the /v1/certificate-authorities/{caId}/profiles endpoint.

CA Gateway will merge the profile configuration set in the Management Console with profiles configured at Sectigo. For example:

{
"message": {
"message": "Profiles retrieved successfully.",
"details": []
},
"profiles": [
{
"id": "sectigo-profile-1",
"name": "static-profileA-local",
"properties": {
"cert_type": "60515"
},
"protocols": [],
"requestedProperties": [],
"subjectAltNameRequirements": [],
"subjectVariableRequirements": []
},
{
"id": "60515",
"name": "profileA",
"properties": {
"cert_type": "60515",
"description": "",
"key_type": "{\"EC\":[\"P-256\",\"P-384\",\"P-521\"],\"RSA\":[\"2048\",\"3072\",\"4096\",\"8192\"]}",
"terms": "[30]",
"use-secondary-org-name": "false"
},
"protocols": [],
"requestedProperties": [],
"subjectAltNameRequirements": [],
"subjectVariableRequirements": []
},
{
"id": "63999",
"name": "Sectigo Enterprise Pro - Multi-Domain (OV)",
"properties": {
"cert_type": "63999",
"description": "",
"key_type": "{\"EC\":[\"P-256\",\"P-384\"],\"RSA\":[\"2048\",\"4096\",\"8192\"]}",
"terms": "[47, 200, 365, 397]",
"use-secondary-org-name": "false"
},
"protocols": [],
"requestedProperties": [],
"subjectAltNameRequirements": [],
"subjectVariableRequirements": []
},
{
"id": "64442",
"name": "test",
"properties": {
"cert_type": "64442",
"description": "asdfsadf",
"key_type": "{\"EC\":[\"P-256\",\"P-384\",\"P-521\"],\"RSA\":[\"2048\",\"3072\",\"4096\",\"8192\"]}",
"terms": "[30]",
"use-secondary-org-name": "false"
},
"protocols": [],
"requestedProperties": [],
"subjectAltNameRequirements": [],
"subjectVariableRequirements": []
}
],
"type": "ProfilesResponse"
}

In this API response, some parameter names include underscores for backwards compatibility, and key type values are escaped because they contain embedded JSON code.

To modify the value of these parameters using the Management Console:

  1. Click + Sectigo CA Profile Properties.
  2. In the Choose a key name field, enter the parameter name without quotation marks. For example: 
  3. In the New Value field, enter the parameter value enclosed in quotation marks.

key_types

A list of supported key types for the issued certificate. For example

"key_types": "{\"EC\":[\"P-256\",\"P-384\"],\"RSA\":[\"2048\",\"4096\",\"8192\"]}"

Each list must be enclosed in square brackets [].

As described in the table below, the requested validity (if any) must be included on this list.

Request type

Requested key type

Key type for the issued certificate

​PKCS #10

​Included in the key-types list

As selected in the request​

Not included in the key-types list

Error

PKCS #12

The first in the key-types list, if key-type is not available, uses default.

Mandatory: No, this optional value defaults to a list containing a single RSA 2048 key type.

terms

A comma-separated list of supported certificate validity periods (in days). . For example:

"terms": "[47, 200, 365, 397]"

The list must be enclosed in square brackets [].

As described in the table below, the requested validity (if any) must be included on this list.

Request type

Requested validity

Validity of the issued certificate

​PKCS #10

​Included in the terms list

As selected in the request​

Not included in the terms list

Error

None

The first in the term list, if term list not available, uses default.

PKCS #12

The first in the term list, if term list not available, uses default.

 Mandatory: No, this optional value defaults to a list containing a single 30-day period.