public sealed class CertificateTemplate : IMessage<CertificateTemplate>, IEquatable<CertificateTemplate>, IDeepCloneable<CertificateTemplate>, IBufferMessage, IMessage
Reference documentation and code samples for the Certificate Authority v1 API class CertificateTemplate.
A
[CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
refers to a managed template for certificate issuance.
public CertificateIdentityConstraints IdentityConstraints { get; set; }
Optional. Describes constraints on identities that may be appear in
[Certificates][google.cloud.security.privateca.v1.Certificate] issued using
this template. If this is omitted, then this template will not add
restrictions on a certificate's identity.
Optional. The maximum lifetime allowed for issued
[Certificates][google.cloud.security.privateca.v1.Certificate] that use
this template. If the issuing
[CaPool][google.cloud.security.privateca.v1.CaPool] resource's
[IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
specifies a
[maximum_lifetime][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.maximum_lifetime]
the minimum of the two durations will be the maximum lifetime for issued
[Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
if the issuing
[CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
expires before a
[Certificate][google.cloud.security.privateca.v1.Certificate]'s requested
maximum_lifetime, the effective lifetime will be explicitly truncated
to match it.
Identifier. The resource name for this
[CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
in the format projects/*/locations/*/certificateTemplates/*.
public CertificateExtensionConstraints PassthroughExtensions { get; set; }
Optional. Describes the set of X.509 extensions that may appear in a
[Certificate][google.cloud.security.privateca.v1.Certificate] issued using
this
[CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
If a certificate request sets extensions that don't appear in the
[passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions],
those extensions will be dropped. If the issuing
[CaPool][google.cloud.security.privateca.v1.CaPool]'s
[IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
defines
[baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
that don't appear here, the certificate issuance request will fail. If this
is omitted, then this template will not add restrictions on a certificate's
X.509 extensions. These constraints do not apply to X.509 extensions set in
this
[CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s
[predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
public X509Parameters PredefinedValues { get; set; }
Optional. A set of X.509 values that will be applied to all issued
certificates that use this template. If the certificate request includes
conflicting values for the same properties, they will be overwritten by the
values defined here. If the issuing
[CaPool][google.cloud.security.privateca.v1.CaPool]'s
[IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
defines conflicting
[baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
for the same properties, the certificate issuance request will fail.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis webpage provides reference documentation for the \u003ccode\u003eCertificateTemplate\u003c/code\u003e class within the Google Cloud Security Private CA v1 API, with the latest version being 3.9.0.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eCertificateTemplate\u003c/code\u003e is used as a managed template for certificate issuance, and it implements multiple interfaces, including \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, and \u003ccode\u003eIDeepCloneable\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe class allows setting various properties, such as \u003ccode\u003eCertificateTemplateName\u003c/code\u003e, \u003ccode\u003eCreateTime\u003c/code\u003e, \u003ccode\u003eDescription\u003c/code\u003e, \u003ccode\u003eIdentityConstraints\u003c/code\u003e, \u003ccode\u003eLabels\u003c/code\u003e, \u003ccode\u003eMaximumLifetime\u003c/code\u003e, and more, which determine certificate attributes and restrictions.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eCertificateTemplate\u003c/code\u003e class includes properties to define X.509 extension constraints, which can restrict or define the values that can be used for the extensions in issued certificates.\u003c/p\u003e\n"],["\u003cp\u003eMultiple versions of the \u003ccode\u003eCertificateTemplate\u003c/code\u003e documentation are available, ranging from version 1.0.0 up to the latest version, 3.9.0, and each version has its own dedicated page.\u003c/p\u003e\n"]]],[],null,["# Certificate Authority v1 API - Class CertificateTemplate (3.10.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.10.0 (latest)](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [3.9.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.9.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [3.8.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.8.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [3.7.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.7.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [3.6.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.6.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [3.5.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.5.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [3.4.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.4.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [3.3.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.3.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [3.2.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.2.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [3.1.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.1.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [3.0.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.0.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [2.3.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/2.3.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [2.2.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/2.2.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [2.1.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/2.1.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [2.0.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/2.0.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate)\n- [1.0.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/1.0.0/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate) \n\n public sealed class CertificateTemplate : IMessage\u003cCertificateTemplate\u003e, IEquatable\u003cCertificateTemplate\u003e, IDeepCloneable\u003cCertificateTemplate\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Certificate Authority v1 API class CertificateTemplate.\n\nA\n\\[CertificateTemplate\\]\\[google.cloud.security.privateca.v1.CertificateTemplate\\]\nrefers to a managed template for certificate issuance. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e CertificateTemplate \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[CertificateTemplate](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[CertificateTemplate](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[CertificateTemplate](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.Security.PrivateCA.V1](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1)\n\nAssembly\n--------\n\nGoogle.Cloud.Security.PrivateCA.V1.dll\n\nConstructors\n------------\n\n### CertificateTemplate()\n\n public CertificateTemplate()\n\n### CertificateTemplate(CertificateTemplate)\n\n public CertificateTemplate(CertificateTemplate other)\n\nProperties\n----------\n\n### CertificateTemplateName\n\n public CertificateTemplateName CertificateTemplateName { get; set; }\n\n[CertificateTemplateName](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.CertificateTemplateName)-typed view over the [Name](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.CertificateTemplate#Google_Cloud_Security_PrivateCA_V1_CertificateTemplate_Name) resource name property.\n\n### CreateTime\n\n public Timestamp CreateTime { get; set; }\n\nOutput only. The time at which this\n\\[CertificateTemplate\\]\\[google.cloud.security.privateca.v1.CertificateTemplate\\]\nwas created.\n\n### Description\n\n public string Description { get; set; }\n\nOptional. A human-readable description of scenarios this template is\nintended for.\n\n### IdentityConstraints\n\n public CertificateIdentityConstraints IdentityConstraints { get; set; }\n\nOptional. Describes constraints on identities that may be appear in\n\\[Certificates\\]\\[google.cloud.security.privateca.v1.Certificate\\] issued using\nthis template. If this is omitted, then this template will not add\nrestrictions on a certificate's identity.\n\n### Labels\n\n public MapField\u003cstring, string\u003e Labels { get; }\n\nOptional. Labels with user-defined metadata.\n\n### MaximumLifetime\n\n public Duration MaximumLifetime { get; set; }\n\nOptional. The maximum lifetime allowed for issued\n\\[Certificates\\]\\[google.cloud.security.privateca.v1.Certificate\\] that use\nthis template. If the issuing\n\\[CaPool\\]\\[google.cloud.security.privateca.v1.CaPool\\] resource's\n\\[IssuancePolicy\\]\\[google.cloud.security.privateca.v1.CaPool.IssuancePolicy\\]\nspecifies a\n\\[maximum_lifetime\\]\\[google.cloud.security.privateca.v1.CaPool.IssuancePolicy.maximum_lifetime\\]\nthe minimum of the two durations will be the maximum lifetime for issued\n\\[Certificates\\]\\[google.cloud.security.privateca.v1.Certificate\\]. Note that\nif the issuing\n\\[CertificateAuthority\\]\\[google.cloud.security.privateca.v1.CertificateAuthority\\]\nexpires before a\n\\[Certificate\\]\\[google.cloud.security.privateca.v1.Certificate\\]'s requested\nmaximum_lifetime, the effective lifetime will be explicitly truncated\nto match it.\n\n### Name\n\n public string Name { get; set; }\n\nIdentifier. The resource name for this\n\\[CertificateTemplate\\]\\[google.cloud.security.privateca.v1.CertificateTemplate\\]\nin the format `projects/*/locations/*/certificateTemplates/*`.\n\n### PassthroughExtensions\n\n public CertificateExtensionConstraints PassthroughExtensions { get; set; }\n\nOptional. Describes the set of X.509 extensions that may appear in a\n\\[Certificate\\]\\[google.cloud.security.privateca.v1.Certificate\\] issued using\nthis\n\\[CertificateTemplate\\]\\[google.cloud.security.privateca.v1.CertificateTemplate\\].\nIf a certificate request sets extensions that don't appear in the\n\\[passthrough_extensions\\]\\[google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions\\],\nthose extensions will be dropped. If the issuing\n\\[CaPool\\]\\[google.cloud.security.privateca.v1.CaPool\\]'s\n\\[IssuancePolicy\\]\\[google.cloud.security.privateca.v1.CaPool.IssuancePolicy\\]\ndefines\n\\[baseline_values\\]\\[google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values\\]\nthat don't appear here, the certificate issuance request will fail. If this\nis omitted, then this template will not add restrictions on a certificate's\nX.509 extensions. These constraints do not apply to X.509 extensions set in\nthis\n\\[CertificateTemplate\\]\\[google.cloud.security.privateca.v1.CertificateTemplate\\]'s\n\\[predefined_values\\]\\[google.cloud.security.privateca.v1.CertificateTemplate.predefined_values\\].\n\n### PredefinedValues\n\n public X509Parameters PredefinedValues { get; set; }\n\nOptional. A set of X.509 values that will be applied to all issued\ncertificates that use this template. If the certificate request includes\nconflicting values for the same properties, they will be overwritten by the\nvalues defined here. If the issuing\n\\[CaPool\\]\\[google.cloud.security.privateca.v1.CaPool\\]'s\n\\[IssuancePolicy\\]\\[google.cloud.security.privateca.v1.CaPool.IssuancePolicy\\]\ndefines conflicting\n\\[baseline_values\\]\\[google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values\\]\nfor the same properties, the certificate issuance request will fail.\n\n### UpdateTime\n\n public Timestamp UpdateTime { get; set; }\n\nOutput only. The time at which this\n\\[CertificateTemplate\\]\\[google.cloud.security.privateca.v1.CertificateTemplate\\]\nwas updated."]]
