Class CIM_CertificateManagementService
extends CIM_KeyBasedCredentialManagementService

CIM_CertificateManagementService is used for managing X509 based certificates.

Table of Contents
Hierarchy
Direct Known Subclasses
Class Qualifiers
Class Properties
Class Methods


Class Hierarchy

CIM_ManagedElement
   |
   +--CIM_ManagedSystemElement
   |
   +--CIM_LogicalElement
   |
   +--CIM_EnabledLogicalElement
   |
   +--CIM_Service
   |
   +--CIM_SecurityService
   |
   +--CIM_AuthenticationService
   |
   +--CIM_CredentialManagementService
   |
   +--CIM_KeyBasedCredentialManagementService
   |
   +--CIM_CertificateManagementService

Direct Known Subclasses

Class Qualifiers

NameData TypeValue
DescriptionstringCIM_CertificateManagementService is used for managing X509 based certificates.
Experimentalbooleantrue
UMLPackagePathstringCIM::User::SecurityServices
Versionstring2.18.1

Class Properties

Inherited Properties

NameData TypeClass Origin
CaptionstringCIM_ManagedElement
CommunicationStatusuint16CIM_ManagedSystemElement
CreationClassNamestringCIM_Service
DescriptionstringCIM_ManagedElement
DetailedStatusuint16CIM_ManagedSystemElement
ElementNamestringCIM_ManagedElement
EnabledDefaultuint16CIM_EnabledLogicalElement
EnabledStateuint16CIM_EnabledLogicalElement
Generationuint64CIM_ManagedElement
HealthStateuint16CIM_ManagedSystemElement
InstallDatedatetimeCIM_ManagedSystemElement
InstanceIDstringCIM_ManagedElement
NamestringCIM_Service
OperatingStatusuint16CIM_ManagedSystemElement
OtherEnabledStatestringCIM_EnabledLogicalElement
PrimaryOwnerContactstringCIM_Service
PrimaryOwnerNamestringCIM_Service
PrimaryStatusuint16CIM_ManagedSystemElement
RequestedStateuint16CIM_EnabledLogicalElement
StartedbooleanCIM_Service
StartModestringCIM_Service
StatusstringCIM_ManagedSystemElement
SystemCreationClassNamestringCIM_Service
SystemNamestringCIM_Service
TimeOfLastStateChangedatetimeCIM_EnabledLogicalElement
TransitioningToStateuint16CIM_EnabledLogicalElement
AvailableRequestedStatesuint16[]CIM_EnabledLogicalElement
OperationalStatusuint16[]CIM_ManagedSystemElement
StatusDescriptionsstring[]CIM_ManagedSystemElement

Class Methods

Local Class Methods

CreateCertificateSigningRequest (uint32)

Method Qualifiers (CreateCertificateSigningRequest)

NameData TypeValue
DescriptionstringThis method is called to request a Certificate Signing Request (CSR) based on the Distinguished Name provided through Subject parameter. The CSR utilizes PKCS#10 structure as defined in RFC2986. If the Subject parameter is not NULL the following numbered requirements shall apply: 1) The Subject parameter shall follow the format specified by RFC 1485, 2) the PublicKeyAlgorithm shall specify the algorithm to be used for the public key, 3) the PublicKeySize shall specify the length for the public key in bits. If the Subject parameter is NULL the following numbered requirements shall apply: 1) the PublicKeyAlgorithm shall be NULL, 2) the PublicKeySize shall be NULL, 3) the PublicPrivateKeyPair shall reference an instance of CIM_UnsignedCredential representing the public/ private key pair to be used for the CSR. The OutputFormat parameter shall specify the output format of the CSR. If the OutputFormat parameter is NULL, the implementation shall format the Certificate Signing Request in the PEM format, otherwise the format shall be the format specified by the OutputFormat parameter. Upon the successful execution, the CSR output parameter shall contain the CSR in PKCS#10 structure.
ValueMapstring0, 1, 2, 3, 4, 5, 6, 7..32767, 32768..65535
ValuesstringCompleted with No Error, Not Supported, Error Occured, Busy, Invalid Reference, Invalid Parameter, Access Denied, DMTF Reserved, Vendor Specified

Method Parameters (CreateCertificateSigningRequest)

NameTypeQualifiers
NameData TypeValue
ExtendedKeyUsagestring
DescriptionstringThe ExtendedKeyUsage indicates one or more purposes for which the certified public key may be used.
INbooleantrue
OutputFormatuint16
DescriptionstringThe OutputFormat property represents the requested format of the Certificate Signing Request.
INbooleantrue
ValueMapstring2, 3, .., 32768..65535
ValuesstringPEM, DER, DMTF Rserved, Vendor Reserved
PublicKeyAlgorithmuint16
DescriptionstringThe PublicKeyAlgorithm specifies the algorithm to be used for the public key.
INbooleantrue
ValueMapstring2, 3, .., 32768..65535
ValuesstringRSA, DSA, DMTF Rserved, Vendor Reserved
PublicKeySizeuint16
DescriptionstringThe PublicKeySize shall specify the length for the public key in bits.
INbooleantrue
PUNITstringbit
Subjectstring
DescriptionstringThe Subject shall follow the format specified by RFC 1485. An example of the value of the Subject parameter could be "CN=Marshall T. Rose, O=Dover Beach Consulting, L=Santa Clara, ST=California, C=US"
INbooleantrue
CSRuint8[]
DescriptionstringThe CSR parameter is an output parameter that upon successful exection of this method will contain the formated Certificate Signing Request.
INbooleanfalse
OUTbooleantrue
Requiredbooleantrue
PublicPrivateKeyPair REF CIM_UnsignedCredential
DescriptionstringThe PublicPrivateKeyPair parameter specifies a reference to an instance of CIM_UnsignedCredential which represents a public private key pair to be utilized by the CSR.
INbooleantrue

CreateSelfSignedCertificate (uint32)

Method Qualifiers (CreateSelfSignedCertificate)

NameData TypeValue
DescriptionstringThis method is called to generate to generate a self-signed certificate. If the Subject parameter is not NULL the following numbered requirements shall apply: 1) The Subject parameter shall follow the format specified by RFC 1485, 2) the PublicKeyAlgorithm shall specify the algorithm to be used for the public key, 3) the PublicKeySize shall specify the length for the public key in bits. If the Subject parameter is NULL the following numbered requirements shall apply: 1) the PublicKeyAlgorithm shall be NULL, 2) the PublicKeySize shall be NULL, 3) the PublicPrivateKeyPair shall reference an instance of CIM_UnsignedCredential representing the public/ private key pair to be used for the self signed certificate. Upon successful execution the reference to the newly created instance of CIM_X509Certificate shall be returned in the NewCertificate parameter which represents the self-signed certificate with the public/private key pair of the size specified by the KeySize parameter. This instance shall be associated to the instance of CIM_Keystore referenced by the Keystore parameter through CIM_MemberOfCollection association. If the CredentialContext parameter is not NULL, the newly created instance shall be associated with the instance of CIM_ManagedElement referenced by the CredentialContext parameter through CIM_CredentialContext association. If the CredentialContext parameter is NULL, the newly created instance shall not be associated with the instance of CIM_ManagedElement through CIM_CredentialContext association.
ValueMapstring0, 1, 2, 3, 4, 5, 6, 7..32767, 32768..65535
ValuesstringCompleted with No Error, Not Supported, Error Occured, Busy, Invalid Reference, Invalid Parameter, Access Denied, DMTF Reserved, Vendor Specified

Method Parameters (CreateSelfSignedCertificate)

NameTypeQualifiers
NameData TypeValue
PublicKeyAlgorithmuint16
DescriptionstringThe PublicKeyAlgorithm specifies the algorithm to be used for the public key.
INbooleantrue
ValueMapstring2, 3, .., 32768..65535
ValuesstringRSA, DSA, DMTF Rserved, Vendor Reserved
PublicKeySizeuint16
DescriptionstringThe PublicKeySize shall specify the length for the public key in bits. The value shall be of power of 2.
INbooleantrue
PUNITstringbit
Subjectstring
DescriptionstringThe Subject shall follow the format specified by RFC 1485. An example of the value of Subject parameter could be "CN=Marshall T. Rose, O=Dover Beach Consulting, L=Santa Clara, ST=California, C=US"
INbooleantrue
CredentialContext REF CIM_ManagedElement
DescriptionstringThe managed element that represents the service or the managed element that will either verify the certificate(s) or present the certificate(s) for the verification.
INbooleantrue
Keystore REF CIM_Keystore
DescriptionstringThe Keystore parameter denotes the reference to the instance of CIM_Keystore that represents the key store where the new certificate will be added.
INbooleantrue
Requiredbooleantrue
PublicPrivateKeyPair REF CIM_UnsignedCredential
DescriptionstringThe PublicPrivateKeyPair parameter specifies a reference to an instance of CIM_UnsignedCredential which represents a public private key pair to be utilized by the newly created selef signed certificate.
INbooleantrue
SelfSignedCertificate REF CIM_X509Certificate
DescriptionstringReference to the newly created instance of CIM_X509Certificate representing the self signed certificate.
INbooleanfalse
OUTbooleantrue

ImportEncodedCertificates (uint32)

Method Qualifiers (ImportEncodedCertificates)

NameData TypeValue
DescriptionstringThis method is called to import a certificate or a certificate chain using the certificate's encoded representation. Upon successful execution the array of references to the instance(s) of CIM_X509Certificate representing the imported certificate or certificate chain shall be returned inside the NewCertificates output parameter. The newly created instance(s) of CIM_X509Certificate shall be associated to the instance of the CIM_Keystore referenced in the Keystore parameter. If the CredentialContext parameter is not NULL, the newly created instance(s) of the CIM_X509Certificate shall be associated to the insatnces of CIM_ManagedElement referenced in the CredentialContext property through the CIM_CredentialContext association. If the CredentialContext parameter is NULL, the newly created instance(s) of the CIM_X509Certificate shall not be associated to the insatnces of CIM_ManagedElement through the CIM_CredentialContext association.
ValueMapstring0, 1, 2, 3, 4, 5, 6, 7..32767, 32768..65535
ValuesstringCompleted with No Error, Not Supported, Error Occured, Busy, Invalid Reference, Invalid Parameter, Access Denied, DMTF Reserved, Vendor Specified

Method Parameters (ImportEncodedCertificates)

NameTypeQualifiers
NameData TypeValue
Formatuint16
DescriptionstringThe Format shall specify the format for the encoding that is used by octet string EncodedCertificates parameter.
INbooleantrue
Requiredbooleantrue
ValueMapstring2, 3, 4, 5, .., 32768..65535
ValuesstringDER, PEM, PKCS7, PKCS12, DMTF Rserved, Vendor Reserved
EncodedCertificatesuint8[]
DescriptionstringAn array of unsigned integers representing octet string of an encoded certificate or certificate chain to be imported.
INbooleantrue
OctetStringbooleantrue
Requiredbooleantrue
NewCertificatesCIM_X509Certificate[]
DescriptionstringReference to the newly created instance of CIM_X509Certificate representing the imported certificate or certificate chain.
INbooleanfalse
OUTbooleantrue
Requiredbooleantrue
CredentialContext REF CIM_ManagedElement
DescriptionstringThe managed element that represents the service or the managed element that will either verify the certificate(s) or present the certificate(s) for the verification.
INbooleantrue
Keystore REF CIM_Keystore
DescriptionstringThe Keystore parameter denotes the reference to the instance of CIM_Keystore that represents the key store where the new certificate or certificate chain will be added.
INbooleantrue
Requiredbooleantrue

ImportCertificates (uint32)

Method Qualifiers (ImportCertificates)

NameData TypeValue
DescriptionstringThis method is called to import a certificate or a certificate chain using an array of embedded instance of CIM_X509Certificate. Upon successful execution the array of references to the instance(s) of CIM_X509Certificate representing the imported certificate or certificate chain shall be returned by the NewCertificates output parameter. The newly created instance(s) of CIM_X509Certificate shall be associated to the instance of the CIM_Keystore referenced in the Keystore parameter. If the CredentialContext parameter is not NULL, the newly created instance(s) of the CIM_X509Certificate shall be associated to the insatnces of CIM_ManagedElement referenced in the CredentialContext property through the CIM_CredentialContext association.If the CredentialContext parameter is NULL, the newly created instance(s) of the CIM_X509Certificate shall not be associated to the insatnces of CIM_ManagedElement through the CIM_CredentialContext association.
ValueMapstring0, 1, 2, 3, 4, 5, 6, 7..32767, 32768..65535
ValuesstringCompleted with No Error, Not Supported, Error Occured, Busy, Invalid Reference, Invalid Parameter, Access Denied, DMTF Reserved, Vendor Specified

Method Parameters (ImportCertificates)

NameTypeQualifiers
NameData TypeValue
InputCertificatesstring[]
DescriptionstringAn array of embedded instance(s) of CIM_X509Certificate that contains the necessary information to import a certificate or a certificate chain.
EmbeddedInstancestringCIM_X509Certificate
INbooleantrue
Requiredbooleantrue
NewCertificatesCIM_X509Certificate[]
DescriptionstringReference to the newly created instance of CIM_X509Certificate representing the imported certificate or certificate chain.
INbooleanfalse
OUTbooleantrue
Requiredbooleantrue
CredentialContext REF CIM_ManagedElement
DescriptionstringThe managed element that represents the service or the managed element that will either verify the certificate(s) or present the certificate(s) for the verification.
INbooleantrue
Keystore REF CIM_Keystore
DescriptionstringThe Keystore parameter denotes the reference to the instance of CIM_Keystore that represents the key store where the new certificate or certificate chain will be added.
INbooleantrue
Requiredbooleantrue

ExportEncodedCertificates (uint32)

Method Qualifiers (ExportEncodedCertificates)

NameData TypeValue
DescriptionstringThis method is called to export a certificate or a certificate chain using the certificate's encoded representation. Upon successful execution the array of unsigned integers representing octet string of the exported certificate or certificate chain shall be returned inside the EncodedCertificates output parameter based on the encoding specified in the EncodingFormat parameter.
ValueMapstring0, 1, 2, 3, 4, 5, 6, 7..32767, 32768..65535
ValuesstringCompleted with No Error, Not Supported, Error Occured, Busy, Invalid Reference, Invalid Parameter, Access Denied, DMTF Reserved, Vendor Specified

Method Parameters (ExportEncodedCertificates)

NameTypeQualifiers
NameData TypeValue
Formatuint16
DescriptionstringThe Format parameter specifies the format of the octet string EncodedCertificates parameter.
INbooleantrue
Requiredbooleantrue
ValueMapstring2, 3, 4, 5, .., 32768..65535
ValuesstringDER, Base64, PKCS7, PKCS12, DMTF Rserved, Vendor Reserved
EncodedCertificatesuint8[]
DescriptionstringAn array of unsigned integers representing octet string of an exported encoded certificate or certificate chain.
INbooleanfalse
OctetStringbooleantrue
OUTbooleantrue
Requiredbooleantrue
CertificatesToExportCIM_X509Certificate[]
DescriptionstringReference to the instance of CIM_SignedCredential representing the certificate or certificate chain to be exported.
INbooleantrue
Requiredbooleantrue

ApplyCRL (uint32)

Method Qualifiers (ApplyCRL)

NameData TypeValue
DescriptionstringThis method is called to apply Certificate Revocation List (CRL) to a particular key store. Upon successful execution the array of references to the instance(s) of CIM_X509CRL representing the applied CRL shall be returned inside the AppliedCRL output parameter. The newly created instance(s) of CIM_X509CRL shall be associated to the instance of the CIM_Keystore referenced in the Keystore parameter. The newly created instance(s) of the CIM_X509CRL shall be associated to the insatnces of CIM_ManagedElement referenced in the CredentialContext property through the CIM_CredentialContext association.
ValueMapstring0, 1, 2, 3, 4, 5, 6, 7..32767, 32768..65535
ValuesstringCompleted with No Error, Not Supported, Error Occured, Busy, Invalid Reference, Invalid Parameter, Access Denied, DMTF Reserved, Vendor Specified

Method Parameters (ApplyCRL)

NameTypeQualifiers
NameData TypeValue
Formatuint16
DescriptionstringThe Format shall specify the format for the encoding that is used by octet string EncodedCRL parameter.
INbooleantrue
Requiredbooleantrue
ValueMapstring2, 3, 4, 5, .., 32768..65535
ValuesstringDER, PEM, PKCS7, PKCS12, DMTF Rserved, Vendor Reserved
EncodedCRLuint8[]
DescriptionstringAn array of unsigned integers representing octet string of an encoded CRL to be applied.
INbooleantrue
OctetStringbooleantrue
Requiredbooleantrue
NewCertificatesCIM_X509CRL[]
DescriptionstringReference to the newly created instance of CIM_X509CRL representing the applied CRL.
INbooleanfalse
OUTbooleantrue
Requiredbooleantrue
CredentialContext REF CIM_ManagedElement
DescriptionstringThe managed element that represents the service or the managed element for which the certificates were revoked by the application of the CRL.
INbooleantrue
Requiredbooleantrue
Keystore REF CIM_Keystore
DescriptionstringThe Keystore parameter denotes the reference to the instance of CIM_Keystore that represents the key store where the CRL will be applied.
INbooleantrue
Requiredbooleantrue

Inherited Class Methods

NameReturn TypeClass Origin
ChangeAffectedElementsAssignedSequenceuint32CIM_Service
CreateKeystoreuint32CIM_KeyBasedCredentialManagementService
ImportPublicPrivateKeyPairuint32CIM_KeyBasedCredentialManagementService
RequestStateChangeuint32CIM_EnabledLogicalElement
StartServiceuint32CIM_Service
StopServiceuint32CIM_Service