CertificateDescription

A CertificateDescription describes an X.509 certificate or CSR that has been issued, as an alternative to using ASN.1 / X.509.

JSON representation
{
  "subjectDescription": {
    object (SubjectDescription)
  },
  "x509Description": {
    object (X509Parameters)
  },
  "publicKey": {
    object (PublicKey)
  },
  "subjectKeyId": {
    object (KeyId)
  },
  "authorityKeyId": {
    object (KeyId)
  },
  "crlDistributionPoints": [
    string
  ],
  "aiaIssuingCertificateUrls": [
    string
  ],
  "certFingerprint": {
    object (CertificateFingerprint)
  }
}
Fields
subjectDescription

object (SubjectDescription)

Describes some of the values in a certificate that are related to the subject and lifetime.

x509Description

object (X509Parameters)

Describes some of the technical X.509 fields in a certificate.

publicKey

object (PublicKey)

The public key that corresponds to an issued certificate.

subjectKeyId

object (KeyId)

Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.

authorityKeyId

object (KeyId)

Identifies the subjectKeyId of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1

crlDistributionPoints[]

string

Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13

aiaIssuingCertificateUrls[]

string

Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate.

certFingerprint

object (CertificateFingerprint)

The hash of the x.509 certificate.

SubjectDescription

These values describe fields in an issued X.509 certificate such as the distinguished name, subject alternative names, serial number, and lifetime.

JSON representation
{
  "subject": {
    object (Subject)
  },
  "subjectAltName": {
    object (SubjectAltNames)
  },
  "hexSerialNumber": string,
  "lifetime": string,
  "notBeforeTime": string,
  "notAfterTime": string
}
Fields
subject

object (Subject)

Contains distinguished name fields such as the common name, location and / organization.

subjectAltName

object (SubjectAltNames)

The subject alternative name fields.

hexSerialNumber

string

The serial number encoded in lowercase hexadecimal.

lifetime

string (Duration format)

For convenience, the actual lifetime of an issued certificate.

A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".

notBeforeTime

string (Timestamp format)

The time at which the certificate becomes valid.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

notAfterTime

string (Timestamp format)

The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from notBeforeTime through notAfterTime, inclusive. Corresponds to 'notBeforeTime' + 'lifetime' - 1 second.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

KeyId

A KeyId identifies a specific public key, usually by hashing the public key.

JSON representation
{
  "keyId": string
}
Fields
keyId

string

Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.

CertificateFingerprint

A group of fingerprints for the x509 certificate.

JSON representation
{
  "sha256Hash": string
}
Fields
sha256Hash

string

The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.