Skip to content
Was this article helpful?


Configuration for Venafi certificate policy resource.


(click to see Operations )

Name Data Type Permissions Description
wildcards_allowed <Boolean> Read-write Indicates if wild cards is allowed.
state <String> Read-write State.
management_type <String> Read-write Management Type.
is_ca_locked <Boolean> Read-write Indicates if the CA value is locked in the policy.
is_city_locked <Boolean> Read-write Indicates if the city value is locked.
policy <String> Read-write Policy folder path which determines the certificate attributes..
keypair_algorithm <String> Read-write Algorithm for generating the key. Possible values: ECC, RSA.
key_generation <String> Read-write Key generation value.
subjaltname_ip_allowed <Boolean> Read-write Indicates if IP subject alternative names allowed.
org <String> Read-write Organization.
name <String> Read-write Name of the Venafi server configured..
is_key_value_locked <Boolean> Read-write Indicates if the algorithm property value is locked in the policy.
subjaltname_upn_allowed <Boolean> Read-write Indicates if UPN subject alternative names allowed.
org_unit <String[]> Read-write Organization Unit.
subjaltname_uri_allowed <Boolean> Read-write Indicates if URI subject alternative names allowed.
key_value <String> Read-write Key strength if algorithm is RSA. EllipticCurve ,if the algorithm is ECC .
is_key_generation_locked <Boolean> Read-write Indicates if the key generation value is locked in the policy.
tp_renewal_locked <Boolean> Read-write Indicates if TpRenewal is locked.
is_org_locked <Boolean> Read-write Indicates if the organization value is locked.
is_org_unit_locked <Boolean> Read-write Indicates if the organization unit value is locked.
subjaltname_email_allowed <Boolean> Read-write Indicates if Email subject alternative names allowed.
tp_renewal <Boolean> Read-write set to True, if automatic renewal is enabled in Venafi.
is_keypair_algorithm_locked <Boolean> Read-write Indicates if the key pair algorithm value is locked in the policy.
city <String> Read-write city.
is_state_locked <Boolean> Read-write Indicates if the state value is locked.
is_csr_generation_locked <Boolean> Read-write Indicates if the CsrGeneration value is locked in the policy.
country <String> Read-write country.
subjaltname_dns_allowed <Boolean> Read-write Indicates if DNS subject alternative names allowed.
is_management_type_locked <Boolean> Read-write Indicates if management type is locked.
ca <String> Read-write Certificate Authority.
csr_generation <String> Read-write CSR generation.Possible values: ServiceGenerated, UserGenerated.
is_country_locked <Boolean> Read-write Indicates if the country value is locked.


(click to see Properties )

  • GET (ALL)

Some options that you can use for each operations:

  • Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the 'warning' query parameter as 'yes'. For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:

    http:// <netscaler-ip-address> /nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code '209 X-NITRO-WARNING'.

  • Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER: <username>

    X-NITRO-PASS: <password>

    Note: In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Note: Mandatory parameters are marked in red and placeholder content is marked in green

The following parameters can be used in the nitro request : onerror <String_value>

Use this parameter to set the onerror status for nitro request. Applicable only for bulk requests.

Default value: EXIT

Possible values = EXIT, CONTINUE

get (all)

URL: https://<MGMT-IP>/nitro/v2/config/certificate_policy Query-parameters:

filter https://<MGMT-IP>/nitro/v2/config/certificate_policy ?filter=property-name1:property-value1,property-name2:property-value2 Use this query-parameter to get the filtered set of certificate_policy resources configured on the system. You can set a filter on any property of the resource.

pagesize=#no;pageno=#no https://<MGMT-IP>/nitro/v2/config/certificate_policy ?pagesize=#no;pageno=#no Use this query-parameter to get the certificate_policy resources in chunks.

count https://<MGMT-IP>/nitro/v2/config/certificate_policy ?count=yes Use this query-parameter to get the count of certificate_policy resources.


Request Headers: Accept: application/json





Response: HTTPS Status Code on Success: 200 OK HTTPS Status Code on Failure: 4xx (for general HTTPS errors) or 5xx (for NetScaler-MAS-specific errors). The response payload provides details of the error

Response Headers:


Response Payload:

{ "errorcode": 0, "message": "Done", "severity": ;ltString_value;gt, "certificate_policy":[{
Was this article helpful?