LXI Certificate Request Schema

The LXI Certificate Request schema is used by both the getCSR and createCertificate APIs for the client to specify attributes of the certificate it is requesting.

This schema specifies the XML namespace:

http://lxistandard.org/schemas/LXICertificateRequest/0.9, version: 0.9
Editorial date:

LXICertificateRequest

LXICertificateRequest contains attributes that a client may request be used for a device certificate.

The LXICertificateRequest complex type has no attributes

Sub-elements

The following must occur in this order:

ElementTypeCardinalityRequirements
SubjectNamelxi:SubjectName Optional

SubjectName specifies the attributes of the distinguished name to be used in the subject of the certificate.

The subject of the certificate indicates the identity of the LXI device.

AltDnsNamexs:string Optional unbounded

AltDnsName specifies the alternate DNS name to be used in the certificate.

AltIPAddressxs:string Optional unbounded

AltIPAddress specifies the alternate IP Address to be used in the certificate.

Multiple IP addresses may be specified as a comma separated list.

ExpirationDateTimexs:string Optional

ExpirationDateTime indicates the time at which the requested certificate will expire.

RULE: The expiration date and time shall be expressed in ASN.1 format using ASN.1 GeneralizedTime per RFC5280.

OBSERVATION: The device will need to convert GeneralizedTime to UTC time if the year is between 1950 and 2050.

CryptoSuitexs:string Optional

CryptoSuite specifies the cryptography suite that the certificate keyset should use.

RULE: If the device does not support the requested crypto suite, then the certificate request shall fail.

CertificateExtensionlxi:CertificateExtension Optional unbounded

CertificateExtension permits the user to request arbitrary certificate fields based on the object identifier and field values.


SubjectName

SubjectName contains the various attributes of the requested certificate subject.

RULE: The default fields for the subject name shall be the values used in the device IDevID.

The SubjectName complex type has no attributes

Sub-elements

The following must occur in this order:

ElementTypeCardinalityRequirements
CommonNamexs:string Optional

CommonName specifies the common name subject attribute.

Organizationxs:string Optional

Organization specifies the organization subject attribute.

OrganizationalUnitxs:string Optional unbounded

OrganizationUnit specifies the organization unit subject attribute.

Localityxs:string Optional

Locality specifies the locality subject attribute.

Statexs:string Optional

State specifies the state subject attribute.

Countryxs:string Optional

Country specifies the country subject attribute.

SerialNumberxs:string Optional

SerialNumber specifies the serial number subject attribute.

ExtraSubjectAttributelxi:ExtraSubjectAttribute Optional unbounded

ExtraSubjectAttribute specifies additional subject attributes not included in LXICertificateRequest using the Object ID and value.


ExtraSubjectAttribute

ExtraSubjectAttribute specifies an individual subject attribute.

The ExtraSubjectAttribute complex type has no attributes

Sub-elements

The following must occur in this order:

ElementTypeCardinalityRequirements
ObjectIDxs:string Required

ObjectID is the object ID that indicates the subject attribute as specified by the OpenGroup.

The format of this string is a series of dot-separated integers.

RULE: ObjectID shall be included.

ObjectValuexs:string Required

ObjectValue is the subject value associated with the specified attribute.

RULE: ObjectValue shall be included.


CertificateExtension

The CertificateExtension complex type has no attributes

Sub-elements

The following must occur in this order:

ElementTypeCardinalityRequirements
ObjectIDxs:string Required

ObjectID is the object ID that indicates the certificate extension as specified by the OpenGroup.

The format of this string is a series of dot-separated integers.

RULE: ObjectID shall be included.

Criticalxs:boolean Optional

Critical indicates that this certificate extension is critical.

ObjectValuexs:base64Binary Required

ObjectValue is the subject value associated with the certificate field.

RULE: ObjectValue shall be included.