CertificateProvisioningProcess

A certificate provisioning process.

JSON representation 
{
  "name": string,
  "provisioningProfileId": string,
  "subjectPublicKeyInfo": string,
  "startTime": string,
  "signData": string,
  "signatureAlgorithm": enum (SignatureAlgorithm),
  "signature": string,
  "issuedCertificate": string,
  "failureMessage": string,

  // Union field ca_connection_type can be only one of the following:
  "genericCaConnection": {
    object (GenericCaConnection)
  },
  "scepCaConnection": {
    object (ScepCaConnection)
  }
  // End of list of possible types for union field ca_connection_type.

  // Union field profile_type can be only one of the following:
  "genericProfile": {
    object (GenericProfile)
  },
  "scepProfile": {
    object (ScepProfile)
  }
  // End of list of possible types for union field profile_type.

  // Union field subject can be only one of the following:
  "chromeOsDevice": {
    object (ChromeOsDevice)
  },
  "chromeOsUserSession": {
    object (ChromeOsUserSession)
  }
  // End of list of possible types for union field subject.
}
Fields
name

string

Identifier. Resource name of the CertificateProvisioningProcess. The name pattern is given as customers/{customer}/certificateProvisioningProcesses/{certificateProvisioningProcess} with {customer} being the obfuscated customer id and {certificateProvisioningProcess} being the certificate provisioning process id.
provisioningProfileId

string

Output only. The ID of the certificate provisioning profile.
subjectPublicKeyInfo

string (bytes format)

Output only. The public key for which a certificate should be provisioned. Represented as a DER-encoded X.509 SubjectPublicKeyInfo.

A base64-encoded string.
startTime

string (Timestamp format)

Output only. Server-generated timestamp of when the certificate provisioning process has been created.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
signData

string (bytes format)

Output only. The data that the client was asked to sign. This field is only present after the SignData operation has been initiated.

A base64-encoded string.
signatureAlgorithm

enum (SignatureAlgorithm)

Output only. The signature algorithm that the client and backend components use when processing signData. If the profile_type is a GenericProfile, this field will only be present after the SignData operation was initiated. If the profile_type is a ScepProfile, the field will always be present.
signature

string (bytes format)

Output only. The signature of signatureAlgorithm, generated using the client's private key using signatureAlgorithm. This field is only present after the SignData operation has finished.

A base64-encoded string.
issuedCertificate

string

Output only. The issued certificate for this CertificateProvisioningProcess in PEM format.
failureMessage

string

Output only. A message describing why this CertificateProvisioningProcess has failed. Presence of this field indicates that the CertificateProvisioningProcess has failed.
Union field ca_connection_type. The type of the Certificate Authority connection which is used for this certificate provisioning process. ca_connection_type can be only one of the following:
genericCaConnection

object (GenericCaConnection)

Output only. The CA connection is a generic CA connection.
scepCaConnection

object (ScepCaConnection)

Output only. The CA connection is a SCEP CA connection.
Union field profile_type. The type of the certificate provisioning profile which is used for this certificate provisioning process. profile_type can be only one of the following:
genericProfile

object (GenericProfile)

Output only. The profile is a generic certificate provisioning profile.
scepProfile

object (ScepProfile)

Output only. The profile is a SCEP certificate provisioning profile.
Union field subject. The type of the entity a client certificate is being provisioned for (subject). subject can be only one of the following:
chromeOsDevice

object (ChromeOsDevice)

Output only. The client certificate is being provisioned for a ChromeOS device. This contains information about the device.
chromeOsUserSession

object (ChromeOsUserSession)

Output only. The client certificate is being provisioned for a ChromeOS user. This contains information about the current user session.

GenericCaConnection

Describes a generic Certificate Authority Connection.

JSON representation 
{
  "caConnectionAdapterConfigReference": string
}
Fields
caConnectionAdapterConfigReference

string

Output only. A string that references the administrator-provided configuration for the certification authority service.

ScepCaConnection

Describes a SCEP Certificate Authority Connection.

JSON representation 
{
  "caConnectionAdapterConfigReference": string
}
Fields
caConnectionAdapterConfigReference

string

Output only. A string that references the administrator-provided configuration for the certification authority service.

GenericProfile

Describes a generic certificate provisioning profile.

JSON representation 
{
  "profileAdapterConfigReference": string
}
Fields
profileAdapterConfigReference

string

Output only. A string that references the administrator-provided configuration for the certificate provisioning profile.

ScepProfile

Describes a SCEP certificate provisioning profile.

JSON representation 
{
  "subjectCommonName": string,
  "organization": string,
  "organizationalUnits": [
    string
  ],
  "locality": string,
  "state": string,
  "country": string,
  "subjectAltNames": [
    {
      object (SubjectAltName)
    }
  ],
  "certificateTemplateName": string,
  "keyUsages": [
    enum (KeyUsage)
  ]
}
Fields
subjectCommonName

string

Output only. The common name of the subject.
organization

string

Output only. The name of the organization the subject belongs to.
organizationalUnits[]

string

Output only. The organizational units of the subject.
locality

string

Output only. The locality of the subject.
state

string

Output only. The state of the subject.
country

string

Output only. The country of the subject.
subjectAltNames[]

object (SubjectAltName)

Output only. The subject alternative names.
certificateTemplateName

string

Output only. The certificate template name as defined by the admin on their on-prem infrastructure. The Certificate Authority uses this name to identify the certificate template.
keyUsages[]

enum (KeyUsage)

Output only. The allowed key usages for certificate's key.

SubjectAltName

Describes a subject alternative name.

JSON representation 
{
  "type": enum (SubjectAltNameType),
  "value": string
}
Fields
type

enum (SubjectAltNameType)

Output only. The type of the SubjectAltName extension.
value

string

Output only. The value of the subject alternative name with respect to the type.

ChromeOsDevice

Describes the ChromeOS device that a CertificateProvisioningProcess belongs to.

JSON representation 
{
  "deviceDirectoryApiId": string,
  "serialNumber": string
}
Fields
deviceDirectoryApiId

string

Output only. The unique Directory API ID of the device. This value is the same as the Admin Console's Directory API ID in the ChromeOS Devices tab.
serialNumber

string

Output only. Device serial number. This value is the same as the Admin Console's Serial Number in the ChromeOS Devices tab.

ChromeOsUserSession

Describes the ChromeOS user session that a CertificateProvisioningProcess belongs to.

JSON representation 
{
  "userDirectoryApiId": string,
  "userPrimaryEmail": string,
  "chromeOsDevice": {
    object (ChromeOsDevice)
  }
}
Fields
userDirectoryApiId

string

Output only. The unique Directory API ID of the user.
userPrimaryEmail

string

Output only. The primary e-mail address of the user.
chromeOsDevice

object (ChromeOsDevice)

Output only. This field contains information about the ChromeOS device that the user session is running on. It is only set if the user is affiliated, i.e., if the user is managed by the same organization that manages the ChromeOS device.