This table aggregates field membership for all versions of the ChangeManagement object.
Versioned schema fields
Any object field specific to a range of versions is indicated in its description, at what version the field was either introduced or removed. Any listed data field with no version number is common to all versions of the object.
| Field | Type | Description | |
|---|---|---|---|
ChangeāManagement: After you create an enrollment, you can have CPS halt deployment when the certificate becomes available, so that you can test and view the certificate on a staging server prior to deployment in the production network. If you do not want CPS to automatically deploy the certificate to the production network after it receives the signed certificate from the CA, you can turn change management on for the enrollment. This stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate. A version label indicates this field is introduced in that version. A pre-version label indicates this field is removed in that version. No version label indicates this field is present in all versions. | |||
acknowledgementāDeadline | String, Null | The timestamp of the deadline for the user to acknowledge the change management validation result, before CPS automatically proceeds with attempting to deploy the pending state to the live network. The format of the timestamp is ISO-8601. This field is only populated when there's an existing certificate on network for the current enrollment, it's null otherwise. | |
pendingāState | ChangeāManagement.āpendingāState | required: The snapshot of the pending state for the enrollment when this change takes effect. | |
validationāResult | ChangeāManagement.āvalidationāResult, Null | The hash of validationāResult. It always has a value, even when validationāResult is null. The hash result of the validation result as of the time of the most recent validation check. It is used in the change-management-ack API call to further specify the state of the change that is being acknowledged. For best results, use the change-management-info API call, review the validationāResult with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgement operation. | |
validationāResultāHash | String | required: The hash of validationāResult. | |
ChangeāManagement.pendingāState: The snapshot of the pending state for the enrollment when this change takes effect. | |||
pendingāCertificate | ChangeāManagement.āpendingāState.āpendingāCertificate, Null | pre-v5. The snapshot of the pending certificate for the enrollment when this change takes effect. | |
pendingāCertificates | ChangeāManagement.āpendingāState.āpendingāCertificates[] | v5. The snapshot of the pending certificate for the enrollment when this change takes effect. | |
pendingāNetworkāConfiguration | ChangeāManagement.āpendingāState.āpendingāNetworkāConfiguration | required: The snapshot of the pending network configuration for the enrollment when this change takes effect. | |
ChangeāManagement.pendingāState.pendingāCertificate: The snapshot of the pending certificate for the enrollment when this change takes effect. | |||
certificateāType | String | pre-v5. Either san, single, wildcard, wildcard-san, or third-party. | |
fullāCertificate | String | pre-v5. Displays the contents of the certificate. | |
ocspāStapled | Boolean, Null | v4 only. OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. Enable this feature for best performance. | |
ocspāUris | Array, Null | v4 only. URI used for OCSP stapling validation. | |
signatureāAlgorithm | String | pre-v5. Displays the signature algorithm. | |
ChangeāManagement.pendingāState.pendingāCertificates[]: The snapshot of the pending certificate for the enrollment when this change takes effect. | |||
certificateāType | Enumeration | v5. Either san, single, wildcard, wildcard-san, or third-party. | |
fullāCertificate | String | v5. Displays the contents of the certificate. | |
keyāAlgorithm | Enumeration, Null | v5. Displays the key algorithm of the certificate. | |
ocspāStapled | Boolean, Null | v5. OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. Enable this feature for best performance. | |
ocspāUris | Array, Null | v5. URI used for OCSP stapling validation. | |
signatureāAlgorithm | String | v5. Displays the signature algorithm. | |
ChangeāManagement.pendingāState.pendingāNetworkāConfiguration: The snapshot of the pending network configuration for the enrollment when this change takes effect. | |||
disallowedāTlsāVersions | Array, Null | v2. Disallowed TLS protocols. | |
dnsāNameāSettings | ChangeāManagement.āpendingāState.āpendingāNetworkāConfiguration.ādnsāNameāSettings, Null | v4. DNS name settings. | |
mustāHaveCiphers | String | required: Ciphers that you want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set. | |
networkāType | String, Null | Enrollment network type. | |
ocspāStapling | String, Null | v4. OCSP stapling setting for the deployment. | |
preferredāCiphers | String | required: Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set. | |
quicāEnabled | Boolean | v4. QUIC transport layer network protocol. | |
sni | ChangeāManagement.āpendingāState.āpendingāNetworkāConfiguration.āsni, Null | pre-v4. Server Name Indication (SNI) setting for this Enrollment. | |
sniāOnly | Boolean | v4. Server Name Indication (SNI) setting for this Enrollment. | |
ChangeāManagement.pendingāState.pendingāNetworkāConfiguration.dnsāNameāSettings: DNS name settings. | |||
cloneāDnsāNames | Boolean | v4. All certificate SANs are included in dnsāNames when cloneāDnsāNames is true. | |
dnsāNames | Array, Null | v4. Names served by SNI-only enabled enrollments. | |
ChangeāManagement.pendingāState.pendingāNetworkāConfiguration.sni: Server Name Indication (SNI) setting for this Enrollment. | |||
cloneāDnsāNames | Boolean | pre-v4. All certificate SANs are included in dnsāNames when cloneāDnsāNames is true. | |
dnsāNames | Array, Null | pre-v4. Names served by SNI-only enabled enrollments. | |
ChangeāManagement.validationāResult: The hash of validationāResult. It always has a value, even when validationāResult is null. The hash result of the validation result as of the time of the most recent validation check. It's used in the change-management-ack API call to further specify the state of the change that is being acknowledged. For best results, use the change-management-info API call, review the validationāResult with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgement operation. | |||
errors | ChangeāManagement.āvalidationāResult.āerrors[] | Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors. | |
warnings | ChangeāManagement.āvalidationāResult.āwarnings[] | Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings. | |
ChangeāManagement.validationāResult.errors[]: Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors. | |||
message | String | required: The description of the message. | |
messageāCode | String | required: The unique code of the message. | |
ChangeāManagement.validationāResult.warnings[]: Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings. | |||
message | String | required: The description of the message. | |
messageāCode | String | required: The unique code of the message. |
Sample v2 object
{
"acknowledgementDeadline": null,
"pendingState": {
"pendingCertificate": {
"certificateType": "third-party",
"fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
"signatureAlgorithm": "SHA-256"
},
"pendingNetworkConfiguration": {
"disallowedTlsVersions": [
"TLSv1_2"
],
"mustHaveCiphers": "ak-akamai-default2016q3",
"networkType": null,
"preferredCiphers": "ak-akamai-default",
"sni": null
}
},
"validationResult": {
"errors": null,
"warnings": [
{
"message": "[SAN name [san9.example.com] has been removed from the certificate. It is still live on the network., SAN name [san8.example.com] has been removed from the certificate. It is still live on the network.]",
"messageCode": "no-code"
}
]
},
"validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709"
}Sample v4 object
{
"acknowledgementDeadline": null,
"pendingState": {
"pendingCertificate": {
"certificateType": "third-party",
"fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
"ocspStapled": "false",
"ocspUris": null,
"signatureAlgorithm": "SHA-256"
},
"pendingNetworkConfiguration": {
"disallowedTlsVersions": [
"TLSv1_2"
],
"dnsNameSettings": null,
"mustHaveCiphers": "ak-akamai-default2016q3",
"networkType": null,
"ocspStapling": "not-set",
"preferredCiphers": "ak-akamai-default",
"quicEnabled": "false",
"sniOnly": "false"
}
},
"validationResult": {
"errors": null,
"warnings": [
{
"message": "[SAN name [san9.example.com] has been removed from the certificate. It is still live on the network., SAN name [san8.example.com] has been removed from the certificate. It is still live on the network.]",
"messageCode": "no-code"
}
]
},
"validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709"
}Sample v5 object
{
"acknowledgementDeadline": null,
"pendingState": {
"pendingCertificates": [
{
"certificateType": "third-party",
"fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... <sample - removed for readability> .... KZlSw==\n-----END CERTIFICATE-----",
"keyAlgorithm": "RSA",
"ocspStapled": "false",
"ocspUris": null,
"signatureAlgorithm": "SHA-256"
}
],
"pendingNetworkConfiguration": {
"disallowedTlsVersions": [
"TLSv1_2"
],
"dnsNameSettings": null,
"mustHaveCiphers": "ak-akamai-default2016q3",
"networkType": null,
"ocspStapling": "not-set",
"preferredCiphers": "ak-akamai-default",
"quicEnabled": "false",
"sniOnly": "false"
}
},
"validationResult": {
"errors": null,
"warnings": [
{
"message": "[SAN name [san9.example.com] has been removed from the certificate. It is still live on the network., SAN name [san8.example.com] has been removed from the certificate. It is still live on the network.]",
"messageCode": "no-code"
}
]
},
"validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709"
}