caption: Required device-wide Client Certificates
desc: Specifies device-wide client certificates that should be enrolled using the
device management protocol.
device_only: true
example_value:
- cert_profile_id: cert_profile_id_1
enable_remote_attestation_check: true
key_algorithm: rsa
name: Certificate Profile 1
policy_version: some_hash
renewal_period_seconds: 2592000
protocol_version: 2
features:
can_be_mandatory: true
can_be_recommended: false
dynamic_refresh: true
per_profile: false
owners:
- file://components/policy/OWNERS
- [email protected]
schema:
items:
properties:
cert_profile_id:
description: The identifier for this client certificate.
type: string
enable_remote_attestation_check:
description: 'Enable an additional security check based on remote attestation
(optional, default: True).'
type: boolean
key_algorithm:
description: The algorithm for key pair generation.
enum:
- rsa
type: string
name:
description: The name of the certificate profile.
type: string
policy_version:
description: The client should not interpret this data and should forward
it verbatim. The DMServer uses policy_version to verify that the policy
view of DMServer matches the view of ChromeOS device.
type: string
renewal_period_seconds:
description: Number of seconds before expiration of a certificate when renewal
should be triggered
type: integer
protocol_version:
description: Version of the certificate provisioning protocol. Defaults to 1.
1 is the 'static' protocol. 2 is the 'dynamic' protocol.
type: integer
required:
- cert_profile_id
- key_algorithm
type: object
type: array
supported_on:
- chrome_os:84-
tags: []
type: dict
generate_device_proto: False