GET /staged_config/certificates/end_certificates

Gets the list of uploaded certificates from the staged area. You must have System Administrator, Security Administrator, Manage Log Sources, or WinCollect permissions to use this endpoint.

Table 1. GET /staged_config/certificates/end_certificates resource details
MIME Type

application/json

Table 2. GET /staged_config/certificates/end_certificates request parameter details
Parameter Type Optionality Data Type MIME Type Description

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 3. GET /staged_config/certificates/end_certificates response codes
HTTP Response Code Unique Code Description

200

An array of the certificate resources.

422

1020

null

422

1101

null

500

2035

null

Response Description

A list of deployed and staged end certificate resources. The list is filtered based on the user permissions.

Users with System Administrator or Security Administrator permissions can see all certificates that are in the system. Other administrative users can see the certificates that are mapped to the component for which they have permissions. For example, users who have the Log Source Manage permission can see only the certificates that apply to the Log Source component.

Non-administrative users see only the certificate name and ID. All other fields appear as 'null'.

A certificate object has the following format:
  • id - The certificate resource ID.
  • name - A unique name that identifies the certificate.
  • purpose - The intended use of the certificate.
  • subject - Returns the Subject of the certificate.
  • issuer - Returns the Issuer of the certificate.
  • not_before - Returns the "Validity Not Before" value of the certificate, represented as the number of milliseconds since UNIX Epoch.
  • expiry - Returns the "Validity Not After" field of the certificate, represented as the number of milliseconds since UNIX epoch.
  • serial_number - Returns the "Serial Number" field of the certificate.
  • key_usage - Returns the "Key Usage" field of the certificate. The values are one or more of the enum X509Certificate.KeyUsage
    • CRL_SIGN
    • DATA_ENCIPHERMENT
    • DECIPHER_ONLY
    • DIGITAL_SIGNATURE
    • ENCIPHER_ONLY
    • KEY_AGREEMENT
    • KEY_CERT_SIGN
    • KEY_ENCIPHERMENT
    • NON_REPUDIATION
  • extended_key_usage - Returns the "Extended Key Usage" field of the certificate. Values will be one or more of the enum X509Certificate.ExtendedKeyUsage values: "CLIENT_AUTH", "CODE_SIGNING", "EMAIL_PROTECTION", "OCSP_SIGNING", "SERVER_AUTH", "TIME_STAMPING"
  • certificate_revocation_list_distribution_point - returns the "CRL Distribution Points" field of the certificate
  • password - Returns the password that is used to encrypt the private key. This value is always null in the response.
  • component_id - Returns the assigned component ID of the certificate.
  • validation - Returns the code to indicate whether the certificate is valid. If not, it returns the reason that the certificate is not valid.
    • -1 - The certificate has not been validated.
    • 0 - The certificate is valid or has not been checked.
    • 2001 - Error parsing a certificate.
    • 2002 - Error decoding a certificate.
    • 2003 - The certificate is expired.
    • 2004 - The certificate is not yet valid.
    • 2005 - The certificate is revoked.
    • 2010 - Unexpected error occurred when processing a certificate.
    • 2011 - Error finding the issuer certificates.
    • 2012 - The certificate's key usage or extended key usage does not match its purpose.
    • 2013 - Error validating the full chain of the certificate.
    • 2014 - The certificate is an invalid self-signed certificate.
    • 2020 - The CRL is invalid.
    • 2030 - Unexpected error when processing the CRL.
    • 2031 - Error finding the issuer certificates for the CRL.
    • 2032 - The issuer does not have the CRL sign usage.
    • 2033 - Error validating the CRL.
    • 2034 - The CRL is expired.

Response Sample


[
    {
        "ca_chain_file": "String",
        "cert_file": "String",
        "certificate_revocation_list_distribution_point": "String",
        "component_id": 42,
        "component_name": "String",
        "csrId": 42,
        "expiry": 42,
        "extended_key_usage": [
            "String <one of: TLS_Web_server_authentication, TLS_Web_client_authentication, Email_protection>"
        ],
        "id": 42,
        "issuer": [
            {
                "field_name": "String",
                "value": "String"
            }
        ],
        "key_file": "String",
        "key_password": "String",
        "key_usage": [
            "String <one of: CRL_SIGN, DATA_ENCIPHERMENT, DECIPHER_ONLY, DIGITAL_SIGNATURE, ENCIPHER_ONLY, KEY_AGREEMENT, KEY_CERT_SIGN, KEY_ENCIPHERMENT, NON_REPUDIATION>"
        ],
        "name": "String",
        "not_before": 42,
        "purpose": "String",
        "serial_number": "String",
        "status": "String",
        "subject": [
            {
                "field_name": "String",
                "value": "String"
            }
        ],
        "validation": 42
    }
]