This table aggregates membership for all versions of the ChangeManagement object.

Versioned schema members

Any object member specific to a range of versions is indicated in its description, at what version the member was either introduced or removed. Any listed data member with no version number is common to all versions of the object.

MemberTypeDescription
Change‚ÄčManagement: After you create an enrollment, you can have CPS halt deployment when the certificate becomes available, so that you can test and view the certificate on a staging server prior to deployment in the production network. If you do not want CPS to automatically deploy the certificate to the production network after it receives the signed certificate from the CA, you can turn change management on for the enrollment. This stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate. A version label indicates this member is introduced in that version. A pre-version label indicates this member is removed in that version. No version label indicates this member is present in all versions.
acknowledgement‚ÄčDeadlineString, NullThe timestamp of the deadline for the user to acknowledge the change management validation result, before CPS automatically proceeds with attempting to deploy the pending state to the live network. The format of the timestamp is ISO-8601. This field is only populated when there's an existing certificate on network for the current enrollment, it's null otherwise.
pending‚ÄčStateChange‚ÄčManagement.‚Äčpending‚ÄčStaterequired: The snapshot of the pending state for the enrollment when this change takes effect.
validation‚ÄčResultChange‚ÄčManagement.‚Äčvalidation‚ÄčResult, NullThe hash of validation‚ÄčResult. It always has a value, even when validation‚ÄčResult is null. The hash result of the validation result as of the time of the most recent validation check. It is used in the change-management-ack API call to further specify the state of the change that is being acknowledged. We recommend you use the change-management-info API call, review the validation‚ÄčResult with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgement operation.
validation‚ÄčResult‚ÄčHashStringrequired: The hash of validation‚ÄčResult.
Change‚ÄčManagement.pending‚ÄčState: The snapshot of the pending state for the enrollment when this change takes effect.
pending‚ÄčCertificateChange‚ÄčManagement.‚Äčpending‚ÄčState.‚Äčpending‚ÄčCertificate, Nullpre-v5. The snapshot of the pending certificate for the enrollment when this change takes effect.
pending‚ÄčCertificatesChange‚ÄčManagement.‚Äčpending‚ÄčState.‚Äčpending‚ÄčCertificates[]v5. The snapshot of the pending certificate for the enrollment when this change takes effect.
pending‚ÄčNetwork‚ÄčConfigurationChange‚ÄčManagement.‚Äčpending‚ÄčState.‚Äčpending‚ÄčNetwork‚ÄčConfigurationrequired: The snapshot of the pending network configuration for the enrollment when this change takes effect.
Change‚ÄčManagement.pending‚ÄčState.pending‚ÄčCertificate: The snapshot of the pending certificate for the enrollment when this change takes effect.
certificate‚ÄčTypeStringpre-v5. Either san, single, wildcard, wildcard-san, or third-party.
full‚ÄčCertificateStringpre-v5. Displays the contents of the certificate.
ocsp‚ÄčStapledBoolean, Nullv4 only. OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. We recommend all customers enable this feature.
ocsp‚ÄčUrisArray, Nullv4 only. URI used for OCSP stapling validation.
signature‚ÄčAlgorithmStringpre-v5. Displays the signature algorithm.
Change‚ÄčManagement.pending‚ÄčState.pending‚ÄčCertificates[]: The snapshot of the pending certificate for the enrollment when this change takes effect.
certificate‚ÄčTypeEnumerationv5. Either san, single, wildcard, wildcard-san, or third-party.
full‚ÄčCertificateStringv5. Displays the contents of the certificate.
key‚ÄčAlgorithmEnumeration, Nullv5. Displays the key algorithm of the certificate.
ocsp‚ÄčStapledBoolean, Nullv5. OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. We recommend all customers enable this feature.
ocsp‚ÄčUrisArray, Nullv5. URI used for OCSP stapling validation.
signature‚ÄčAlgorithmStringv5. Displays the signature algorithm.
Change‚ÄčManagement.pending‚ÄčState.pending‚ÄčNetwork‚ÄčConfiguration: The snapshot of the pending network configuration for the enrollment when this change takes effect.
disallowed‚ÄčTls‚ÄčVersionsArray, Nullv2. Disallowed TLS protocols.
dns‚ÄčName‚ÄčSettingsChange‚ÄčManagement.‚Äčpending‚ÄčState.‚Äčpending‚ÄčNetwork‚ÄčConfiguration.‚Äčdns‚ÄčName‚ÄčSettings, Nullv4. DNS name settings.
must‚ÄčHaveCiphersStringrequired: Ciphers that you want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
network‚ÄčTypeString, NullEnrollment network type.
ocsp‚ÄčStaplingString, Nullv4. OCSP stapling setting for the deployment.
preferred‚ÄčCiphersStringrequired: Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set.
quic‚ÄčEnabledBooleanv4. QUIC transport layer network protocol.
sniChange‚ÄčManagement.‚Äčpending‚ÄčState.‚Äčpending‚ÄčNetwork‚ÄčConfiguration.‚Äčsni, Nullpre-v4. Server Name Indication (SNI) setting for this Enrollment.
sni‚ÄčOnlyBooleanv4. Server Name Indication (SNI) setting for this Enrollment.
Change‚ÄčManagement.pending‚ÄčState.pending‚ÄčNetwork‚ÄčConfiguration.dns‚ÄčName‚ÄčSettings: DNS name settings.
clone‚ÄčDns‚ÄčNamesBooleanv4. All certificate SANs are included in dns‚ÄčNames when clone‚ÄčDns‚ÄčNames is true.
dns‚ÄčNamesArray, Nullv4. Names served by SNI-only enabled enrollments.
Change‚ÄčManagement.pending‚ÄčState.pending‚ÄčNetwork‚ÄčConfiguration.sni: Server Name Indication (SNI) setting for this Enrollment.
clone‚ÄčDns‚ÄčNamesBooleanpre-v4. All certificate SANs are included in dns‚ÄčNames when clone‚ÄčDns‚ÄčNames is true.
dns‚ÄčNamesArray, Nullpre-v4. Names served by SNI-only enabled enrollments.
Change‚ÄčManagement.validation‚ÄčResult: The hash of validation‚ÄčResult. It always has a value, even when validation‚ÄčResult is null. The hash result of the validation result as of the time of the most recent validation check. It is used in the change-management-ack API call to further specify the state of the change that is being acknowledged. We recommend you use the change-management-info API call, review the validation‚ÄčResult with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgement operation.
errorsChange‚ÄčManagement.‚Äčvalidation‚ÄčResult.‚Äčerrors[]Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors.
warningsChange‚ÄčManagement.‚Äčvalidation‚ÄčResult.‚Äčwarnings[]Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings.
Change‚ÄčManagement.validation‚ÄčResult.errors[]: Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors.
messageStringrequired: The description of the message.
message‚ÄčCodeStringrequired: The unique code of the message.
Change‚ÄčManagement.validation‚ÄčResult.warnings[]: Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings.
messageStringrequired: The description of the message.
message‚ÄčCodeStringrequired: The unique code of the message.

Sample v2 object

TBD

{
    "acknowledgementDeadline": null,
    "pendingState": {
        "pendingCertificate": {
            "certificateType": "third-party",
            "fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
            "signatureAlgorithm": "SHA-256"
        },
        "pendingNetworkConfiguration": {
            "disallowedTlsVersions": [
                "TLSv1_2"
            ],
            "mustHaveCiphers": "ak-akamai-default2016q3",
            "networkType": null,
            "preferredCiphers": "ak-akamai-default",
            "sni": null
        }
    },
    "validationResult": {
        "errors": null,
        "warnings": [
            {
                "message": "[SAN name [san9.example.com] has been removed from the certificate. It is still live on the network., SAN name [san8.example.com] has been removed from the certificate. It is still live on the network.]",
                "messageCode": "no-code"
            }
        ]
    },
    "validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709"
}

Sample v4 object

TBD

{
    "acknowledgementDeadline": null,
    "pendingState": {
        "pendingCertificate": {
            "certificateType": "third-party",
            "fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
            "ocspStapled": "false",
            "ocspUris": null,
            "signatureAlgorithm": "SHA-256"
        },
        "pendingNetworkConfiguration": {
            "disallowedTlsVersions": [
                "TLSv1_2"
            ],
            "dnsNameSettings": null,
            "mustHaveCiphers": "ak-akamai-default2016q3",
            "networkType": null,
            "ocspStapling": "not-set",
            "preferredCiphers": "ak-akamai-default",
            "quicEnabled": "false",
            "sniOnly": "false"
        }
    },
    "validationResult": {
        "errors": null,
        "warnings": [
            {
                "message": "[SAN name [san9.example.com] has been removed from the certificate. It is still live on the network., SAN name [san8.example.com] has been removed from the certificate. It is still live on the network.]",
                "messageCode": "no-code"
            }
        ]
    },
    "validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709"
}

Sample v5 object

TBD

{
    "acknowledgementDeadline": null,
    "pendingState": {
        "pendingCertificates": [
            {
                "certificateType": "third-party",
                "fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... <sample - removed for readability> .... KZlSw==\n-----END CERTIFICATE-----",
                "keyAlgorithm": "RSA",
                "ocspStapled": "false",
                "ocspUris": null,
                "signatureAlgorithm": "SHA-256"
            }
        ],
        "pendingNetworkConfiguration": {
            "disallowedTlsVersions": [
                "TLSv1_2"
            ],
            "dnsNameSettings": null,
            "mustHaveCiphers": "ak-akamai-default2016q3",
            "networkType": null,
            "ocspStapling": "not-set",
            "preferredCiphers": "ak-akamai-default",
            "quicEnabled": "false",
            "sniOnly": "false"
        }
    },
    "validationResult": {
        "errors": null,
        "warnings": [
            {
                "message": "[SAN name [san9.example.com] has been removed from the certificate. It is still live on the network., SAN name [san8.example.com] has been removed from the certificate. It is still live on the network.]",
                "messageCode": "no-code"
            }
        ]
    },
    "validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709"
}