End-entity certificate

End-entity certificates are always signed using an existing certificate authority, and are meant to be embedded into the issued certificates.

To use the resulting end-entity certificate with the signing key provided in the key_id, you can update it and set the certificate value to the resulting chain of your certificate authorities and the end-entity certificate.

Create a new end-entity certificate (JavaScript)

import { issueWithCertificateAuthority, ExtendedKeyUsage, KeyUsage } from "@vaultie/document-rails";

const response = await issueWithCertificateAuthority(
    client,
    accessToken,
    organizationId,
    certificateAuthorityId,
    {
        // Signing key identifier to sign the certificate for.
        // Consult signing key documentation for information about supported key types.
        key_id: endEntityKeyId,

        // Certificate revocation list that will be attached to this certificate. Optional.
        //
        // See "Certificate revocation lists" documentation for more information.
        certificate_revocation_list_id: certificateRevocationListId,

        // Define CA common name fields, required.
        common_name: {
            // Required.
            common_name: "Custom certificate",

            // Other fields are optional.
            organization_name: "Example"
            organization_unit_name: "Development"
            country_name: "XX"
            state_name: "XX"
        },

        // Define CA constraints, required.
        constraints: {
            // Required.
            key_usage: [KeyUsage.DigitalSignature],

            // Optional.
            extended_key_usage: [
                ExtendedKeyUsage.Critical,
                ExtendedKeyUsage.EmailProtection
            ],
        },

        // Define custom validity term in days. Default is ~1 year.
        validity_term: 30
    }
);