Intermediate certificate authority
Intermediate certificate authorities are signed with either a root key, or a key of the previous intermediate CA in the chain of trust.
import {
createCertificateAuthority,
CreateCertificateAuthorityRequestOriginType,
ExtendedKeyUsage,
KeyUsage
} from "@vaultie/document-rails";
const response = await createCertificateAuthority(
client,
accessToken,
organizationId,
{
// Intermediate CAs require providing the parent certificate authority ID.
type: CreateCertificateAuthorityRequestOriginType.Regular,
parent_certificate_authority_id: rootCertificateAuthorityId,
// Certificate revocation list that will be attached to this certificate. Optional.
//
// See "Certificate revocation lists" documentation for more information.
certificate_revocation_list_id: certificateRevocationListId,
// Signing key identifier to use to manage the certificate authority.
// Consult signing key documentation for information about supported key types.
key_id: intermediateCaKeyId,
// Define CA common name fields, required.
common_name: {
// Required.
common_name: "Custom Intermediate CA",
// Other fields are optional.
organization_name: "Example"
organization_unit_name: "Development"
country_name: "XX"
state_name: "XX"
},
// Define CA constraints. The field itself and all nested fields are optional.
constraints: {
key_usage: [
KeyUsage.DigitalSignature,
KeyUsage.KeyCertSign,
KeyUsage.CrlSign
],
extended_key_usage: [
ExtendedKeyUsage.Critical,
ExtendedKeyUsage.EmailProtection
],
pathlen: 0
},
// Define custom validity term in days. Default is ~10 years.
validity_term: 365
},
);