CertificatePolicy Class

Management policy for a certificate.

Inheritance
builtins.object
CertificatePolicy

Constructor

CertificatePolicy(issuer_name: Optional[str] = None, **kwargs: Any)

Parameters

issuer_name
<xref:Optional>[str]
default value: None

Optional. Name of the referenced issuer object or reserved names; for example, self or unknown

subject
str

The subject name of the certificate. Should be a valid X509 distinguished name. Either subject or one of the subject alternative name parameters are required for creating a certificate. This will be ignored when importing a certificate; the subject will be parsed from the imported certificate.

san_emails
<xref:Iterable>[str]

Subject alternative emails of the X509 object. Either subject or one of the subject alternative name parameters are required for creating a certificate.

san_dns_names
<xref:Iterable>[str]

Subject alternative DNS names of the X509 object. Either subject or one of the subject alternative name parameters are required for creating a certificate.

san_user_principal_names
<xref:Iterable>[str]

Subject alternative user principal names of the X509 object. Either subject or one of the subject alternative name parameters are required for creating a certificate.

exportable
bool

Indicates if the private key can be exported. For valid values, see KeyType.

key_type
str or KeyType

The type of key pair to be used for the certificate.

key_size
int

The key size in bits. For example: 2048, 3072, or 4096 for RSA.

reuse_key
bool

Indicates if the same key pair will be used on certificate renewal.

key_curve_name
str or KeyCurveName

Elliptic curve name. For valid values, see KeyCurveName.

enhanced_key_usage
list[str]

The extended ways the key of the certificate can be used.

key_usage
list[str or KeyUsageType]

List of key usages.

content_type
str or CertificateContentType

The media type (MIME type) of the secret backing the certificate. If not specified, pkcs12 is assumed.

validity_in_months
int

The duration that the certificate is valid in months.

lifetime_actions
<xref:Iterable>[LifetimeAction]

Actions that will be performed by Key Vault over the lifetime of a certificate

certificate_type
str

Type of certificate to be requested from the issuer provider.

certificate_transparency
bool

Indicates if the certificates generated under this policy should be published to certificate transparency logs.

Methods

get_default

get_default

get_default()

Attributes

certificate_transparency

Whether the certificates generated under this policy should be published to certificate transparency logs.

Return type

certificate_type

Type of certificate requested from the issuer provider.

Return type

str

content_type

The media type (MIME type).

Return type

created_on

The datetime when the certificate is created.

Return type

enabled

Whether the certificate is enabled or not.

Return type

enhanced_key_usage

The enhanced key usage.

Return type

exportable

Whether the private key can be exported.

Return type

issuer_name

Name of the referenced issuer object or reserved names for the issuer of the certificate.

Return type

str

key_curve_name

Elliptic curve name.

Return type

key_size

The key size in bits.

Return type

int

key_type

The type of key pair to be used for the certificate.

Return type

key_usage

List of key usages.

Return type

lifetime_actions

Actions and their triggers that will be performed by Key Vault over the lifetime of the certificate.

Return type

reuse_key

Whether the same key pair will be used on certificate renewal.

Return type

san_dns_names

The subject alternative domain names.

Return type

<xref:Any>,

san_emails

The subject alternative email addresses.

Return type

<xref:Any>,

san_user_principal_names

The subject alternative user principal names.

Return type

<xref:Any>,

subject

The subject name of the certificate.

Return type

str

updated_on

The datetime when the certificate was last updated.

Return type

validity_in_months

The duration that the certificate is valid for in months.

Return type

int