POST /staged_config/certificates/end_certificates

Use this endpoint to create a new certificate resource on the Console. This endpoint creates a keystore file that contains the supplied security objects. You must have System Administrator or Security Administrator permissions to use this endpoint. An administrator must deploy the configuration change.

Table 1. POST /staged_config/certificates/end_certificates resource details
MIME Type

application/json

Table 2. POST /staged_config/certificates/end_certificates request parameter details
Parameter Type Optionality Data Type MIME Type Description

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 3. POST /staged_config/certificates/end_certificates request body details
Parameter Data Type MIME Type Description Sample

CertificateDTO

Object

application/json

The new certificate resource object. This JSON object contains the following parameters:
  • name - A unique name to associate to this certificate.
  • purpose - Indicates the intended use of the certificate.
  • component_id - (Optional) Associates the certificate to a pre-registered component ID.

    When a component is assigned, the certificate can be used only with that component.

    To view the list of registered components, use the GET /api/config/certificates/components endpoint.

    If you do not want to associate the certificate to a component, set the component_id to 0 or leave it empty. Only System Administrators or Security Administrators can view certificates that do not have a component ID.

    To assign a component ID later, use the POST /api/staged_config/certificates/end_certificates/{id} endpoint.

  • key_file - The contents of the private key.

    This file is PEM-encoded and in the PKCS#8 format.

    This parameter can not be used in combination with the csr_id parameter. The csr_id must not be defined if the key_file parameter is used.

    Note: Only RSA generated private keys are supported.

  • key_password - (Optional) The password that is used to decrypt the private key (key_file).
  • csr_id - (Optional) Use csr_id for an existing CSR Resource when the certificate chain is being supplied by a Certificate Signing Request(CSR) that is initiated in Console.

    This parameter can not be used in combination with key_file. If csr_id is used, the key_file parameter must not be defined.

    If both key_file and csr_id are undefined, a lookup into the CSR's pending private keys is performed to find a matching private key.

  • ca_chain_file - (Optional) The intermediate certificate file. This file must be PEM-encoded.

    Note: To use multiple intermediate certificates, consolidate all intermediate chain certificates into one string, and separate the certificates with a new line (carriage return).

    The order of the certificate hierarchy is important. Each intermediate certificate must be listed in the child certificate authority first, and the issuer must come after it.

  • cert_file - The end certificate file. This file must be PEM-encoded.

{ "ca_chain_file": "String", "cert_file": "String", "component_id": 42, "component_name": "String", "csr_id": 42, "expiry": 42, "id": 42, "issuer": [ { "field_name": "String", "value": "String" } ], "key_file": "String", "key_password": "String", "name": "String", "purpose": "String", "status": "String", "subject": [ { "field_name": "String", "value": "String" } ], "validation": 42 }

Table 4. POST /staged_config/certificates/end_certificates response codes
HTTP Response Code Unique Code Description

201

The certificate was created successfully.

409

1102

null

422

1005

null

422

1006

null

422

1007

null

422

1008

null

422

2001

Error parsing a certificate

422

2002

Error parsing a certificate

422

2003

The certificate is expired

422

2004

The certificate is not yet valid

422

2005

The certificate is revoked

422

2010

Unexpected error occurred when processing a certificate

422

2011

Error finding issuer certificates

422

2012

The certificate's key usage or extended key usage does not match to its purpose

422

2013

Error validating the full chain of the certificate

422

2014

The certificate is an invalid self-signed certificate

422

2020

The CRL is invalid

422

2030

Unexpected error when processing CRL

422

2031

Error finding the issuer certificates for the CRL

422

2032

The issuer does not has CRL sign usage

422

2033

Error validating the CRL

422

2034

The CRL is expired

500

1020

null

500

2035

null

Response Description

The location header of the newly created resource. The certificate resource contains the following fields:
  • id - Uniquely identifies the certificate.
  • csr_id - Returns a null value to ensure that the data is hidden.
  • name - A unique name that identifies the certificate.
  • purpose - The intended use of the certificate.
  • component_id Returns the assigned component ID of the certificate.
  • component_name Returns the assigned component name of the certificate.
  • subject - Returns the Subject of the certificate.
  • issuer - Returns the Issuer of the certificate.
  • expiry - Returns the "Validity Not After" field of the certificate, represented as the number of milliseconds since UNIX epoch.
  • key_file - Returns a null value to ensure that the data is hidden.
  • key_password - Returns a null value to ensure that the data is hidden.
  • ca_chain_file - Returns a null value to ensure that the data is hidden.
  • cert_file - Returns a null value to ensure that the data is hidden.
  • validation - Returns the code to indicate whether the certificate is valid. If not, it returns the reason that the certificate is not valid.
    • -1 - The certificate has not been validated.
    • 0 - The certificate is valid or has not been checked.
    • 2001 - Error parsing a certificate.
    • 2002 - Error decoding a certificate.
    • 2003 - The certificate is expired.
    • 2004 - The certificate is not yet valid.
    • 2005 - The certificate is revoked.
    • 2010 - An unexpected error occurred when processing a certificate.
    • 2011 - Error finding the issuer certificates.
    • 2012 - The certificate's key usage or extended key usage does not match its purpose.
    • 2013 - Error validating the full chain of the certificate.
    • 2014 - The certificate is an invalid self-signed certificate.
    • 2020 - The CRL is invalid.
    • 2030 - Unexpected error when processing the CRL.
    • 2031 - Error finding the issuer certificates for the CRL.
    • 2032 - The issuer does not have the CRL sign usage.
    • 2033 - Error validating the CRL.
    • 2034 - The CRL is expired.

Response Sample


{
    "ca_chain_file": "String",
    "cert_file": "String",
    "component_id": 42,
    "component_name": "String",
    "csr_id": 42,
    "expiry": 42,
    "id": 42,
    "issuer": [
        {
            "field_name": "String",
            "value": "String"
        }
    ],
    "key_file": "String",
    "key_password": "String",
    "name": "String",
    "purpose": "String",
    "status": "String",
    "subject": [
        {
            "field_name": "String",
            "value": "String"
        }
    ],
    "validation": 42
}