Issue Certificate
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
Request Body schema: application/jsonrequired
Array of objects (RequestAttribute) List of attributes to create CSR. Required if CSR is not provided | |
Array of objects (RequestAttribute) List of attributes to sign the CSR | |
Array of objects (RequestAttribute) List of attributes to sign the alternative private key | |
| request required | string Certificate signing request encoded as Base64 string |
| format | string (CertificateRequestFormat) Default: "pkcs10" Enum: "pkcs10" "crmf" Certificate signing request format |
| tokenProfileUuid | string <uuid> Token Profile UUID. Required if CSR is not uploaded |
| keyUuid | string <uuid> Key UUID. Required if CSR is not uploaded |
| altTokenProfileUuid | string <uuid> Token Profile UUID for the alternative key. |
| altKeyUuid | string <uuid> Alternative Key UUID. |
required | Array of objects (RequestAttribute) List of RA Profile related Attributes to issue Certificate |
Array of objects (RequestAttribute) List of Custom Attributes |
Responses
Request samples
- Payload
Content type
application/json
{- "csrAttributes": [
- {
- "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true,
- "contentType": "string"
}
], - "version": "v2"
}
], - "signatureAttributes": [
- {
- "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true,
- "contentType": "string"
}
], - "version": "v2"
}
], - "altSignatureAttributes": [
- {
- "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true,
- "contentType": "string"
}
], - "version": "v2"
}
], - "request": "string",
- "format": "pkcs10",
- "tokenProfileUuid": "66f2e24c-4f07-496b-b5c4-6fe8a5e8361a",
- "keyUuid": "a0e39a6c-fae3-43d6-99c3-a3620775a368",
- "altTokenProfileUuid": "487a31a3-090d-4b19-9b24-0ff6d52ff0e9",
- "altKeyUuid": "ae57c41d-5798-439d-bc96-b05c70b20ac1",
- "attributes": [
- {
- "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true,
- "contentType": "string"
}
], - "version": "v2"
}
], - "customAttributes": [
- {
- "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true,
- "contentType": "string"
}
], - "version": "v2"
}
]
}Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
Content type
application/json
{- "certificateData": "string",
- "uuid": "string"
}Revoke Certificate
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
| certificateUuid required | string Certificate UUID |
Request Body schema: application/jsonrequired
| reason | string (CertificateRevocationReason) Default: "UNSPECIFIED" Enum: "unspecified" "keyCompromise" "cACompromise" "affiliationChanged" "superseded" "cessationOfOperation" "certificateHold" "privilegeWithdrawn" "aACompromise" Reason for revocation |
required | Array of objects (RequestAttribute) List of Attributes to revoke Certificate |
| destroyKey | boolean Default: false Destroy Key upon successful revocation |
Responses
Request samples
- Payload
Content type
application/json
{- "reason": "unspecified",
- "attributes": [
- {
- "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true,
- "contentType": "string"
}
], - "version": "v2"
}
], - "destroyKey": false
}Response samples
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "message": "Error message"
}Renew Certificate
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
| certificateUuid required | string Certificate UUID |
Request Body schema: application/jsonrequired
| replaceInLocations | boolean Default: false True to replace renewed certificate in the associated locations |
| request | string Certificate signing request encoded as Base64 string. If not provided, Existing CSR will be used |
| format | string (CertificateRequestFormat) Default: "pkcs10" Enum: "pkcs10" "crmf" Certificate signing request format |
Responses
Request samples
- Payload
Content type
application/json
{- "replaceInLocations": false,
- "request": "string",
- "format": "pkcs10"
}Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
Content type
application/json
{- "certificateData": "string",
- "uuid": "string"
}Rekey Certificate
The rekey operation is used to request a new certificate with a new key pair. The new certificate will be issued with the same subject and attributes as the original certificate, but with a new public key. Therefore, new certificate signing request (CSR) with new key pair needs to be provided, or new key pair managed by the platform needs to be selected. When the same key pair is used, or the subject is changed, the rekey operation will be rejected.
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
| certificateUuid required | string Certificate UUID |
Request Body schema: application/jsonrequired
| replaceInLocations | boolean Default: false True to replace renewed certificate in the associated locations |
| request | string Certificate signing request encoded as Base64 string. If not provided, CSR attributes will be used |
| format | string (CertificateRequestFormat) Default: "pkcs10" Enum: "pkcs10" "crmf" Certificate signing request format |
| keyUuid | string <uuid> Key UUID |
| tokenProfileUuid | string <uuid> Token Profile UUID |
| altKeyUuid | string <uuid> Alternative Key UUID |
| altTokenProfileUuid | string <uuid> Token Profile UUID for the alternative key |
Array of objects (RequestAttribute) Signature Attributes. If not provided, existing attributes will be used to generate the new CSR | |
Array of objects (RequestAttribute) Alternative Signature Attributes. If not provided, existing alternative attributes will be used to generate the new CSR |
Responses
Request samples
- Payload
Content type
application/json
{- "replaceInLocations": false,
- "request": "string",
- "format": "pkcs10",
- "keyUuid": "a0e39a6c-fae3-43d6-99c3-a3620775a368",
- "tokenProfileUuid": "66f2e24c-4f07-496b-b5c4-6fe8a5e8361a",
- "altKeyUuid": "ae57c41d-5798-439d-bc96-b05c70b20ac1",
- "altTokenProfileUuid": "487a31a3-090d-4b19-9b24-0ff6d52ff0e9",
- "signatureAttributes": [
- {
- "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true,
- "contentType": "string"
}
], - "version": "v2"
}
], - "altSignatureAttributes": [
- {
- "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true,
- "contentType": "string"
}
], - "version": "v2"
}
]
}Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
Content type
application/json
{- "certificateData": "string",
- "uuid": "string"
}Issue existing certificate with status Requested
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
| certificateUuid required | string Certificate UUID |
Responses
Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
Content type
application/json
{- "certificateData": "string",
- "uuid": "string"
}Validate revocation Attributes
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
Request Body schema: application/jsonrequired
Array
| uuid required | string <uuid> UUID of the Attribute |
| name required | string Name of the Attribute |
| contentType required | string (AttributeContentType) Enum: "string" "text" "integer" "boolean" "float" "date" "time" "datetime" "secret" "file" "credential" "codeblock" "object" "resource" Content Type of the Attribute |
Array of BooleanAttributeContentV2 (object) or CodeBlockAttributeContentV2 (object) or CredentialAttributeContentV2 (object) or DateAttributeContentV2 (object) or DateTimeAttributeContentV2 (object) or FileAttributeContentV2 (object) or FloatAttributeContentV2 (object) or IntegerAttributeContentV2 (object) or ObjectAttributeContentV2 (object) or SecretAttributeContentV2 (object) or StringAttributeContentV2 (object) or TextAttributeContentV2 (object) or TimeAttributeContentV2 (object) (BaseAttributeContentDtoV2) | |
| version required | string (AttributeVersion) Version of the Attribute |
Responses
Request samples
- Payload
Content type
application/json
[- {
- "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true,
- "contentType": "string"
}
], - "version": "v2"
}
]Response samples
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "message": "Error message"
}Validate issue Certificate Attributes
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
Request Body schema: application/jsonrequired
Array
| uuid required | string <uuid> UUID of the Attribute |
| name required | string Name of the Attribute |
| contentType required | string (AttributeContentType) Enum: "string" "text" "integer" "boolean" "float" "date" "time" "datetime" "secret" "file" "credential" "codeblock" "object" "resource" Content Type of the Attribute |
Array of BooleanAttributeContentV2 (object) or CodeBlockAttributeContentV2 (object) or CredentialAttributeContentV2 (object) or DateAttributeContentV2 (object) or DateTimeAttributeContentV2 (object) or FileAttributeContentV2 (object) or FloatAttributeContentV2 (object) or IntegerAttributeContentV2 (object) or ObjectAttributeContentV2 (object) or SecretAttributeContentV2 (object) or StringAttributeContentV2 (object) or TextAttributeContentV2 (object) or TimeAttributeContentV2 (object) (BaseAttributeContentDtoV2) | |
| version required | string (AttributeVersion) Version of the Attribute |
Responses
Request samples
- Payload
Content type
application/json
[- {
- "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true,
- "contentType": "string"
}
], - "version": "v2"
}
]Response samples
- 400
- 403
- 404
- 422
- 502
- 503
Content type
application/json
{- "message": "Error message"
}Get revocation Attributes
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
Responses
Response samples
- 200
- 400
- 403
- 404
- 502
- 503
Content type
application/json
[- {
- "name": "Attribute",
- "type": "data",
- "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "description": "string",
- "version": 0,
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "contentType": "string",
- "properties": {
- "label": "Attribute Name",
- "visible": true,
- "group": "requiredAttributes",
- "required": false,
- "readOnly": false,
- "list": false,
- "multiSelect": false,
- "protectionLevel": "none",
- "resource": "certificates",
- "extensibleList": false
}, - "constraints": [
- {
- "type": "regExp",
- "errorMessage": "string",
- "description": "string",
- "data": "string"
}
], - "attributeCallback": {
- "callbackContext": "string",
- "callbackMethod": "string",
- "mappings": [
- {
- "from": "string",
- "attributeType": "data",
- "attributeContentType": "string",
- "to": "string",
- "targets": [
- "pathVariable"
], - "value": null
}
]
}
}
]Get issue Certificate Attributes
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
Responses
Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
Content type
application/json
[- {
- "name": "Attribute",
- "type": "data",
- "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "description": "string",
- "version": 0,
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "contentType": "string",
- "properties": {
- "label": "Attribute Name",
- "visible": true,
- "group": "requiredAttributes",
- "required": false,
- "readOnly": false,
- "list": false,
- "multiSelect": false,
- "protectionLevel": "none",
- "resource": "certificates",
- "extensibleList": false
}, - "constraints": [
- {
- "type": "regExp",
- "errorMessage": "string",
- "description": "string",
- "data": "string"
}
], - "attributeCallback": {
- "callbackContext": "string",
- "callbackMethod": "string",
- "mappings": [
- {
- "from": "string",
- "attributeType": "data",
- "attributeContentType": "string",
- "to": "string",
- "targets": [
- "pathVariable"
], - "value": null
}
]
}
}
]List all End Entities
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| raProfileName required | string RA Profile name |
Responses
Response samples
- 200
- 400
- 403
- 404
- 502
- 503
Content type
application/json
[- {
- "subjectDN": "string",
- "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "subjectAltName": "string",
- "status": "NEW",
- "username": "string"
}
]Add End Entity
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| raProfileName required | string RA Profile name |
Request Body schema: application/jsonrequired
required | object (RaProfileDto) RA profile related to End Entity |
string End Entity email | |
Array of objects (EndEntityExtendedInfoDto) End Entity extension data | |
| password required | string End Entity password |
| subjectAltName | string End Entity Subject alternative name |
| subjectDN required | string End Entity subject domain name |
| username required | string End Entity name |
Responses
Request samples
- Payload
Content type
application/json
{- "raProfile": {
- "uuid": "7b55ge1c-844f-11dc-a8a3-0242ac120002",
- "name": "Name",
- "description": "string",
- "authorityInstanceUuid": "string",
- "authorityInstanceName": "string",
- "legacyAuthority": true,
- "enabled": true,
- "attributes": [
- {
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "version": "v2"
}
], - "customAttributes": [
- {
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "version": "v2"
}
], - "enabledProtocols": [
- "string"
], - "certificateValidationSettings": {
- "enabled": true,
- "frequency": 1,
- "expiringThreshold": 1
}
}, - "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "password": "string",
- "subjectAltName": "string",
- "subjectDN": "string",
- "username": "string"
}Response samples
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "message": "Error message"
}Get End Entity information
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| raProfileName required | string RA Profile name |
| username required | string Username |
Responses
Response samples
- 200
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "subjectDN": "string",
- "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "subjectAltName": "string",
- "status": "NEW",
- "username": "string"
}Edit End Entity
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| raProfileName required | string RA Profile name |
| username required | string Username |
Request Body schema: application/jsonrequired
required | object (RaProfileDto) RA profile related to End Entity |
string End Entity email | |
Array of objects (EndEntityExtendedInfoDto) End Entity extension data | |
| password required | string End Entity password |
| subjectAltName | string End Entity Subject alternative name |
| subjectDN required | string End Entity subject domain name |
| status required | string Enum: "NEW" "FAILED" "INITIALIZED" "IN_PROCESS" "GENERATED" "REVOKED" "HISTORICAL" "KEY_RECOVERY" "WAITING_FOR_ADD_APPROVAL" End Entity Subject domain name |
Responses
Request samples
- Payload
Content type
application/json
{- "raProfile": {
- "uuid": "7b55ge1c-844f-11dc-a8a3-0242ac120002",
- "name": "Name",
- "description": "string",
- "authorityInstanceUuid": "string",
- "authorityInstanceName": "string",
- "legacyAuthority": true,
- "enabled": true,
- "attributes": [
- {
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "version": "v2"
}
], - "customAttributes": [
- {
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "uuid": "b11c9be1-b619-4ef5-be1b-a1cd9ef265b7",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "version": "v2"
}
], - "enabledProtocols": [
- "string"
], - "certificateValidationSettings": {
- "enabled": true,
- "frequency": 1,
- "expiringThreshold": 1
}
}, - "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "password": "string",
- "subjectAltName": "string",
- "subjectDN": "string",
- "status": "NEW"
}Response samples
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "message": "Error message"
}Revoke Certificate
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| raProfileName required | string RA Profile name |
Request Body schema: application/jsonrequired
| certificateSN required | string Certificate serial number |
| issuerDN required | string Issuer domain name |
| reason required | string (CertificateRevocationReason) Enum: "unspecified" "keyCompromise" "cACompromise" "affiliationChanged" "superseded" "cessationOfOperation" "certificateHold" "privilegeWithdrawn" "aACompromise" Revocation reason |
Responses
Request samples
- Payload
Content type
application/json
{- "certificateSN": "string",
- "issuerDN": "string",
- "reason": "unspecified"
}Response samples
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "message": "Error message"
}Issue Certificate
Authorizations:
BearerJWTAuthCertificateAuthSessionAuth
path Parameters
| raProfileName required | string RA Profile name |
Request Body schema: application/jsonrequired
| password required | string End Entity password |
| pkcs10 required | string Certificate sign request (PKCS#10) encoded as Base64 string |
| username required | string End Entity username |
Responses
Request samples
- Payload
Content type
application/json
{- "password": "string",
- "pkcs10": "string",
- "username": "string"
}Response samples
- 200
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "certificateData": "string"
}