This table aggregates membership for all versions of the ChangeManagement object.
Versioned schema members
Any object member specific to a range of versions is indicated in its description, at what version the member was either introduced or removed. Any listed data member with no version number is common to all versions of the object.
| Member | Type | Description | |
|---|---|---|---|
ChangeManagement: After you create an enrollment, you can have CPS halt deployment when the certificate becomes available, so that you can test and view the certificate on a staging server prior to deployment in the production network. If you do not want CPS to automatically deploy the certificate to the production network after it receives the signed certificate from the CA, you can turn change management on for the enrollment. This stops CPS from deploying the certificate to the network until you acknowledge that you are ready to deploy the certificate. A version label indicates this member is introduced in that version. A pre-version label indicates this member is removed in that version. No version label indicates this member is present in all versions. | |||
acknowledgementDeadline | String, Null | The timestamp of the deadline for the user to acknowledge the change management validation result, before CPS automatically proceeds with attempting to deploy the pending state to the live network. The format of the timestamp is ISO-8601. This field is only populated when there's an existing certificate on network for the current enrollment, it's null otherwise. | |
pendingState | ChangeManagement.pendingState | required: The snapshot of the pending state for the enrollment when this change takes effect. | |
validationResult | ChangeManagement.validationResult, Null | The hash of validationResult. It always has a value, even when validationResult is null. The hash result of the validation result as of the time of the most recent validation check. It is used in the change-management-ack API call to further specify the state of the change that is being acknowledged. For best results, use the change-management-info API call, review the validationResult with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgement operation. | |
validationResultHash | String | required: The hash of validationResult. | |
ChangeManagement.pendingState: The snapshot of the pending state for the enrollment when this change takes effect. | |||
pendingCertificate | ChangeManagement.pendingState.pendingCertificate, Null | pre-v5. The snapshot of the pending certificate for the enrollment when this change takes effect. | |
pendingCertificates | ChangeManagement.pendingState.pendingCertificates[] | v5. The snapshot of the pending certificate for the enrollment when this change takes effect. | |
pendingNetworkConfiguration | ChangeManagement.pendingState.pendingNetworkConfiguration | required: The snapshot of the pending network configuration for the enrollment when this change takes effect. | |
ChangeManagement.pendingState.pendingCertificate: The snapshot of the pending certificate for the enrollment when this change takes effect. | |||
certificateType | String | pre-v5. Either san, single, wildcard, wildcard-san, or third-party. | |
fullCertificate | String | pre-v5. Displays the contents of the certificate. | |
ocspStapled | Boolean, Null | v4 only. OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. Enable this feature for best performance. | |
ocspUris | Array, Null | v4 only. URI used for OCSP stapling validation. | |
signatureAlgorithm | String | pre-v5. Displays the signature algorithm. | |
ChangeManagement.pendingState.pendingCertificates[]: The snapshot of the pending certificate for the enrollment when this change takes effect. | |||
certificateType | Enumeration | v5. Either san, single, wildcard, wildcard-san, or third-party. | |
fullCertificate | String | v5. Displays the contents of the certificate. | |
keyAlgorithm | Enumeration, Null | v5. Displays the key algorithm of the certificate. | |
ocspStapled | Boolean, Null | v5. OCSP Stapling improves performance by including a valid OCSP response in every TLS handshake. Enable this feature for best performance. | |
ocspUris | Array, Null | v5. URI used for OCSP stapling validation. | |
signatureAlgorithm | String | v5. Displays the signature algorithm. | |
ChangeManagement.pendingState.pendingNetworkConfiguration: The snapshot of the pending network configuration for the enrollment when this change takes effect. | |||
disallowedTlsVersions | Array, Null | v2. Disallowed TLS protocols. | |
dnsNameSettings | ChangeManagement.pendingState.pendingNetworkConfiguration.dnsNameSettings, Null | v4. DNS name settings. | |
mustHaveCiphers | String | required: Ciphers that you want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set. | |
networkType | String, Null | Enrollment network type. | |
ocspStapling | String, Null | v4. OCSP stapling setting for the deployment. | |
preferredCiphers | String | required: Ciphers that you preferably want to include for your enrollment while deploying it on the network. Defaults to ak-akamai-default when it is not set. | |
quicEnabled | Boolean | v4. QUIC transport layer network protocol. | |
sni | ChangeManagement.pendingState.pendingNetworkConfiguration.sni, Null | pre-v4. Server Name Indication (SNI) setting for this Enrollment. | |
sniOnly | Boolean | v4. Server Name Indication (SNI) setting for this Enrollment. | |
ChangeManagement.pendingState.pendingNetworkConfiguration.dnsNameSettings: DNS name settings. | |||
cloneDnsNames | Boolean | v4. All certificate SANs are included in dnsNames when cloneDnsNames is true. | |
dnsNames | Array, Null | v4. Names served by SNI-only enabled enrollments. | |
ChangeManagement.pendingState.pendingNetworkConfiguration.sni: Server Name Indication (SNI) setting for this Enrollment. | |||
cloneDnsNames | Boolean | pre-v4. All certificate SANs are included in dnsNames when cloneDnsNames is true. | |
dnsNames | Array, Null | pre-v4. Names served by SNI-only enabled enrollments. | |
ChangeManagement.validationResult: The hash of validationResult. It always has a value, even when validationResult is null. The hash result of the validation result as of the time of the most recent validation check. It's used in the change-management-ack API call to further specify the state of the change that is being acknowledged. For best results, use the change-management-info API call, review the validationResult with its hash, and then acknowledge change-management using the same hash retrieved when running the Change Management Acknowledgement operation. | |||
errors | ChangeManagement.validationResult.errors[] | Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors. | |
warnings | ChangeManagement.validationResult.warnings[] | Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings. | |
ChangeManagement.validationResult.errors[]: Validation errors of the current job state. Errors prevent a change from proceeding until you resolve them. They are optional and only appear if there are any errors. | |||
message | String | required: The description of the message. | |
messageCode | String | required: The unique code of the message. | |
ChangeManagement.validationResult.warnings[]: Validation warnings of the current job state. Warnings suspend the execution of a change. You can acknowledge or deny warnings. If you acknowledge them, the change proceeds with its operation. They are optional and only appear if there are any warnings. | |||
message | String | required: The description of the message. | |
messageCode | String | required: The unique code of the message. |
Sample v2 object
{
"acknowledgementDeadline": null,
"pendingState": {
"pendingCertificate": {
"certificateType": "third-party",
"fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
"signatureAlgorithm": "SHA-256"
},
"pendingNetworkConfiguration": {
"disallowedTlsVersions": [
"TLSv1_2"
],
"mustHaveCiphers": "ak-akamai-default2016q3",
"networkType": null,
"preferredCiphers": "ak-akamai-default",
"sni": null
}
},
"validationResult": {
"errors": null,
"warnings": [
{
"message": "[SAN name [san9.example.com] has been removed from the certificate. It is still live on the network., SAN name [san8.example.com] has been removed from the certificate. It is still live on the network.]",
"messageCode": "no-code"
}
]
},
"validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709"
}
Sample v4 object
{
"acknowledgementDeadline": null,
"pendingState": {
"pendingCertificate": {
"certificateType": "third-party",
"fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2DCCAsCgAwIBAgIQ661To2+zTDiFLyyARAaFXTANBgkqhkiG9w0BAQsFADBn\nMSowKAYDVQQDDCFBS0FNQUkgVEVTVCBJTlRFUk1FRElBVEUgQ0VSVCBbMV0xDjAM\nBgNVBAsMBVdlYkV4MQ8wDQYDVQQKDAZBa2FtYWkxCzAJBgNVBAgMAk1BMQswCQYD\nVQQGEwJVUzAeFw0xNzA1MTgyMTEwMTFaFw0xODA1MTkyMTEwMTFaMG0xHDAaBgNV\nBAMME3d3dy5jcHMtZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJN\nQTESMBAGA1UEBwwJQ2FtYnJpZGdlMQ8wDQYDVQQKDAZBa2FtYWkxDjAMBgNVBAsM\nBVdlYkV4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQeIJ2yfOC8P\nYQp6NjiCYSCkuS0z9a61v+k+KTDYQKIa8jDkwP0OITzvTnjMHuUd8JbSz5jNb22Z\nWxH/1F2p71rlSdBReBkZGLMLcQZPt5ju7ea7ZPz+MOWrwuc6YUafRMQk3qMeo3Sz\nIZQbmLKXkZeYriqy9s9yHJSUnWX1jOa51w6YM/Xar/2pZp2pyguaCNVGp7AAo38R\nAepaGcFwyjJse6dc+7dHOvDnjQ+Cg2lO8DSc12sFLllOhdOULldZRWbtfTLs9uet\niR8ZVpHJ1TtzEz3X9RqBBCvnqykQvMmiQKOkfYEd6LN4Tk6/HJw2/MZhIgAEXtUU\ndQMnD6OMcwIDAQABo3oweDB2BgNVHREEbzBtghRzYW4xLmNwcy1leGFtcGxlLmNv\nbYIUc2FuMi5jcHMtZXhhbXBsZS5jb22CFHNhbjMuY3BzLWV4YW1wbGUuY29tghRz\nYW40LmNwcy1leGFtcGxlLmNvbYITd3d3LmNwcy1leGFtcGxlLmNvbTANBgkqhkiG\n9w0BAQsFAAOCAQEAm9krrTxqDwUaO8J7P7CcrHfwXeWiDG3d9uHqCvHRGrcs46pI\ny8umThgOEba0QHi6CwM6O0+chcHsn6qf+uVKg2u1SKlE6qMIJ1Ppc8MJky1xo0M5\ncrtRpSXjaoF9S2zZZK1lwOJoK93BtC/lNfRc682TxlQ58jtBI6qnmLXUhF8Yo67v\n0UfHiBIv1pZFPIdk90/48vjWM54haNxm/PhxNb6AdzawR4zImUhMKsISP7uOTURQ\nfFfeNgMvHyI8Id1VPLN+e2y4FtnTVdW2e+PTBvOJ1M+YoFU7M04/2SmKJHqnHljh\nVQBpto9JgDmt0yqsdFdLrZlpsIQwpLqdgKZlSw==\n-----END CERTIFICATE-----",
"ocspStapled": "false",
"ocspUris": null,
"signatureAlgorithm": "SHA-256"
},
"pendingNetworkConfiguration": {
"disallowedTlsVersions": [
"TLSv1_2"
],
"dnsNameSettings": null,
"mustHaveCiphers": "ak-akamai-default2016q3",
"networkType": null,
"ocspStapling": "not-set",
"preferredCiphers": "ak-akamai-default",
"quicEnabled": "false",
"sniOnly": "false"
}
},
"validationResult": {
"errors": null,
"warnings": [
{
"message": "[SAN name [san9.example.com] has been removed from the certificate. It is still live on the network., SAN name [san8.example.com] has been removed from the certificate. It is still live on the network.]",
"messageCode": "no-code"
}
]
},
"validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709"
}
Sample v5 object
{
"acknowledgementDeadline": null,
"pendingState": {
"pendingCertificates": [
{
"certificateType": "third-party",
"fullCertificate": "-----BEGIN CERTIFICATE-----\nMIID2 ... <sample - removed for readability> .... KZlSw==\n-----END CERTIFICATE-----",
"keyAlgorithm": "RSA",
"ocspStapled": "false",
"ocspUris": null,
"signatureAlgorithm": "SHA-256"
}
],
"pendingNetworkConfiguration": {
"disallowedTlsVersions": [
"TLSv1_2"
],
"dnsNameSettings": null,
"mustHaveCiphers": "ak-akamai-default2016q3",
"networkType": null,
"ocspStapling": "not-set",
"preferredCiphers": "ak-akamai-default",
"quicEnabled": "false",
"sniOnly": "false"
}
},
"validationResult": {
"errors": null,
"warnings": [
{
"message": "[SAN name [san9.example.com] has been removed from the certificate. It is still live on the network., SAN name [san8.example.com] has been removed from the certificate. It is still live on the network.]",
"messageCode": "no-code"
}
]
},
"validationResultHash": "da39a3ee5e6b4b0d3255bfef95601890afd80709"
}