{
  "title": "SSL/TLS Certificate Structure",
  "description": "Structure documentation for SSL/TLS certificate management entities",
  "version": "1.0",
  "structures": [
    {
      "name": "Certificate",
      "description": "An SSL/TLS certificate",
      "fields": [
        { "name": "id", "type": "string", "required": true, "description": "Unique identifier" },
        { "name": "commonName", "type": "string", "required": true, "description": "Primary domain name" },
        { "name": "subjectAlternativeNames", "type": "array<string>", "required": false, "description": "All domains in the certificate" },
        { "name": "serialNumber", "type": "string", "required": false, "description": "Certificate serial (hex)" },
        { "name": "issuer", "type": "string", "required": false, "description": "CA distinguished name" },
        { "name": "notBefore", "type": "datetime", "required": true, "description": "Validity start" },
        { "name": "notAfter", "type": "datetime", "required": true, "description": "Expiry date" },
        { "name": "status", "type": "enum(issued|pending|revoked|expired)", "required": true },
        { "name": "certType", "type": "enum(DV|OV|EV|wildcard|multi-domain|private)", "required": false },
        { "name": "keyAlgorithm", "type": "enum(RSA-2048|RSA-4096|EC-256|EC-384)", "required": false },
        { "name": "pem", "type": "string", "required": false, "description": "PEM-encoded certificate" },
        { "name": "chain", "type": "string", "required": false, "description": "Intermediate chain PEM" },
        { "name": "fingerprint", "type": "object(sha256,sha1)", "required": false },
        { "name": "createdAt", "type": "datetime", "required": false },
        { "name": "revokedAt", "type": "datetime|null", "required": false },
        { "name": "revocationReason", "type": "string|null", "required": false }
      ]
    },
    {
      "name": "CertificateOrder",
      "description": "A certificate issuance order",
      "fields": [
        { "name": "id", "type": "string", "required": true },
        { "name": "status", "type": "enum(pending|processing|valid|invalid|expired)", "required": true },
        { "name": "domains", "type": "array<string>", "required": true },
        { "name": "challenges", "type": "array<Challenge>", "required": false },
        { "name": "certificateId", "type": "string|null", "required": false },
        { "name": "expiresAt", "type": "datetime", "required": false },
        { "name": "createdAt", "type": "datetime", "required": false }
      ]
    },
    {
      "name": "Challenge",
      "description": "A domain ownership challenge",
      "fields": [
        { "name": "id", "type": "string", "required": true },
        { "name": "type", "type": "enum(http-01|dns-01|tls-alpn-01)", "required": true },
        { "name": "domain", "type": "string", "required": true },
        { "name": "status", "type": "enum(pending|processing|valid|invalid)", "required": true },
        { "name": "token", "type": "string", "required": false }
      ]
    }
  ]
}