CertificateDescription

JSON representation
SubjectDescription
- JSON representation
KeyId
- JSON representation
CertificateFingerprint
- JSON representation

A CertificateDescription describes an X.509 certificate or CSR that has been issued, as an alternative to using ASN.1 / X.509.

JSON representation

JSON representation
{ "subjectDescription": { object (`SubjectDescription`) }, "x509Description": { object (`X509Parameters`) }, "publicKey": { object (`PublicKey`) }, "subjectKeyId": { object (`KeyId`) }, "authorityKeyId": { object (`KeyId`) }, "crlDistributionPoints": [ string ], "aiaIssuingCertificateUrls": [ string ], "certFingerprint": { object (`CertificateFingerprint`) }, "tbsCertificateDigest": string }

{
  "subjectDescription": {
    object (SubjectDescription)
  },
  "x509Description": {
    object (X509Parameters)
  },
  "publicKey": {
    object (PublicKey)
  },
  "subjectKeyId": {
    object (KeyId)
  },
  "authorityKeyId": {
    object (KeyId)
  },
  "crlDistributionPoints": [
    string
  ],
  "aiaIssuingCertificateUrls": [
    string
  ],
  "certFingerprint": {
    object (CertificateFingerprint)
  },
  "tbsCertificateDigest": string
}

Fields
`subjectDescription`	`object (SubjectDescription)` Describes some of the values in a certificate that are related to the subject and lifetime.
`x509Description`	`object (X509Parameters)` Describes some of the technical X.509 fields in a certificate.
`publicKey`	`object (PublicKey)` The public key that corresponds to an issued certificate.
`subjectKeyId`	`object (KeyId)` Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
`authorityKeyId`	`object (KeyId)` Identifies the subjectKeyId of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1
`crlDistributionPoints[]`	`string` Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13
`aiaIssuingCertificateUrls[]`	`string` Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.
`certFingerprint`	`object (CertificateFingerprint)` The hash of the x.509 certificate.
`tbsCertificateDigest`	`string` The hash of the pre-signed certificate, which will be signed by the CA. Corresponds to the TBS Certificate in https://tools.ietf.org/html/rfc5280#section-4.1.2. The field will always be populated.

SubjectDescription

These values describe fields in an issued X.509 certificate such as the distinguished name, subject alternative names, serial number, and lifetime.

JSON representation
{ "subject": { object (`Subject`) }, "subjectAltName": { object (`SubjectAltNames`) }, "hexSerialNumber": string, "lifetime": string, "notBeforeTime": string, "notAfterTime": string }

Fields
`subject`	`object (Subject)` Contains distinguished name fields such as the common name, location and / organization.
`subjectAltName`	`object (SubjectAltNames)` The subject alternative name fields.
`hexSerialNumber`	`string` The serial number encoded in lowercase hexadecimal.
`lifetime`	`string (Duration format)` For convenience, the actual lifetime of an issued certificate. A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: `"3.5s"`.
`notBeforeTime`	`string (Timestamp format)` The time at which the certificate becomes valid. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`notAfterTime`	`string (Timestamp format)` The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from notBeforeTime through notAfterTime, inclusive. Corresponds to 'notBeforeTime' + 'lifetime' - 1 second. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.

KeyId

A KeyId identifies a specific public key, usually by hashing the public key.

JSON representation
{ "keyId": string }

Fields

Fields
`keyId`	`string` Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

keyId

string

Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

CertificateFingerprint

A group of fingerprints for the x509 certificate.

JSON representation
{ "sha256Hash": string }

Fields

Fields
`sha256Hash`	`string` The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.

sha256Hash

string

The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.