chromium/components/policy/resources/templates/policy_definitions/CertificateManagement/RequiredClientCertificateForDevice.yaml

caption: Required device-wide Client Certificates
desc: Specifies device-wide client certificates that should be enrolled using the
  device management protocol.
device_only: true
example_value:
- cert_profile_id: cert_profile_id_1
  enable_remote_attestation_check: true
  key_algorithm: rsa
  name: Certificate Profile 1
  policy_version: some_hash
  renewal_period_seconds: 2592000
  protocol_version: 2
features:
  can_be_mandatory: true
  can_be_recommended: false
  dynamic_refresh: true
  per_profile: false
owners:
- file://components/policy/OWNERS
- [email protected]
schema:
  items:
    properties:
      cert_profile_id:
        description: The identifier for this client certificate.
        type: string
      enable_remote_attestation_check:
        description: 'Enable an additional security check based on remote attestation
          (optional, default: True).'
        type: boolean
      key_algorithm:
        description: The algorithm for key pair generation.
        enum:
        - rsa
        type: string
      name:
        description: The name of the certificate profile.
        type: string
      policy_version:
        description: The client should not interpret this data and should forward
          it verbatim. The DMServer uses policy_version to verify that the policy
          view of DMServer matches the view of ChromeOS device.
        type: string
      renewal_period_seconds:
        description: Number of seconds before expiration of a certificate when renewal
          should be triggered
        type: integer
      protocol_version:
        description: Version of the certificate provisioning protocol. Defaults to 1.
          1 is the 'static' protocol. 2 is the 'dynamic' protocol.
        type: integer
    required:
    - cert_profile_id
    - key_algorithm
    type: object
  type: array
supported_on:
- chrome_os:84-
tags: []
type: dict
generate_device_proto: False