LXI Certificate List Schema

The LXI Certificate List schema represents a list of X.509 certificates, certificate chains, and CSR (Certificate Signing Requests) currently on the device.

The returned list of certificates includes a GUID that the client can use to delete the certificate.

This schema specifies the XML namespace:

http://lxistandard.org/schemas/LXICertificateList/1.0, version: 1.0
Editorial date: September 28, 2023

LXICertificateList

LXICertificateList contains a list of certificate entities on a device. Each is assigned a GUID that can be used to further manipulate the certificate.

The LXICertificateList complex type has no attributes

Sub-elements

The following must occur in this order:

ElementTypeCardinalityRequirements
CertificateInfolxi:CertificateInfo Required unbounded

CertificateInfo contains information about a certificate on the device, including the GUID which may be used to operate on the certificate.


CertificateInfo

CertificateInfo contains information about a certificate, certificate list, or CSR (certificate signing request).

The GUID included in the CertificateInfo is used to manipulate the individual entity.

Attributes

AttributeSyntaxLCIDescription
GUID
Type:xs:string
Card.:Req.
Default:NA
NA GUID is a Globally Unique Identifier generated by the device to represent this certificate.

Required: RULE:

Unsecure impact: NA

Type
Type:restriction of: xs:string
Card.:Req.
Default:NA
NA

Type indicates the kind of entity.

One of the following values is returned:
IDevID The entity is the Initial device identifier provided by the device manufacturer.
LDevID The entity is a locally significant device identifier provisioned to the device by a user.
CSR The entity is a Certificate Signing Request produced by the device to be signed by a certificate authority.

Required: RULE:

Unsecure impact: NA

DNSName
Type:xs:string
Card.:Req.
Default:NA
NA

DNSName is the DNS Name from the certificate.

Required: RULE:

Unsecure impact: NA

Enabled
Type:xs:boolean
Card.:Req.
Default:NA
NA

Enabled indicates if the corresponding certificate or certificate chain is enabled for use by the device.

Enabled is meaningless for Certificate Signing Requests. Enabled shall be returned true for CSRs.

Required: RULE:

Unsecure impact: NA

expirationDateTime
Type:xs:string
Card.:Req.
Default:NA
NA

expirationDateTime is the expiration date and time of the certificate.

For a CSR, expirationDateTime shall contain the requested expiration time from the CSR. If the CSR LXICertificateRequest/ExpirationDateTime was absent an empty string shall be returned.

RULE: The expiration date and time shall be expressed in ASN.1 format using ASN.1 GeneralizedTime per RFC5280.

OBSERVATION: The device will need to convert GeneralizedTime to UTC time if the year is between 1950 and 2050.

Required: RULE:

Unsecure impact: NA


The CertificateInfo complex type has no subelements