POST /staged_config/certificates/end_certificates

Edit online

Use this endpoint to create a new certificate resource on the Console. This endpoint creates a keystore file that contains the supplied security objects. You must have System Administrator or Security Administrator permissions to use this endpoint. An administrator must deploy the configuration change.

Table 1. POST /staged_config/certificates/end_certificates resource details
MIME Type
application/json

Table 2. POST /staged_config/certificates/end_certificates request parameter details
Parameter	Type	Optionality	Data Type	MIME Type	Description
fields	header	Optional	String	text/plain	Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 3. POST /staged_config/certificates/end_certificates request body details
Parameter	Data Type	MIME Type	Description	Sample
EndCertificateDTO	Object	application/json	The new certificate resource object. This JSON object contains the following parameters: name - A unique name to associate to this certificate. purpose - Indicates the intended use of the certificate. component_id - (Optional) Associates the certificate to a pre-registered component ID. When a component is assigned, the certificate can be used only with that component. To view the list of registered components, use the GET /api/config/certificates/components endpoint. If you do not want to associate the certificate to a component, set the component_id to 0 or leave it empty. Only System Administrators or Security Administrators can view certificates that do not have a component ID. To assign a component ID later, use the POST /api/staged_config/certificates/end_certificates/{id} endpoint. key_file - The contents of the private key. This file is PEM-encoded and in the PKCS#8 format. This parameter can not be used in combination with the csr_id parameter. The csr_id must not be defined if the key_file parameter is used. Note: Only RSA generated private keys are supported. key_password - (Optional) The password that is used to decrypt the private key (key_file). csr_id - (Optional) Use csr_id for an existing CSR Resource when the certificate chain is being supplied by a Certificate Signing Request(CSR) that is initiated in Console. This parameter can not be used in combination with key_file. If csr_id is used, the key_file parameter must not be defined. If both key_file and csr_id are undefined, a lookup into the CSR's pending private keys is performed to find a matching private key. ca_chain_file - (Optional) The intermediate certificate file. This file must be PEM-encoded. Note: To use multiple intermediate certificates, consolidate all intermediate chain certificates into one string, and separate the certificates with a new line (carriage return). The order of the certificate hierarchy is important. Each intermediate certificate must be listed in the child certificate authority first, and the issuer must come after it. cert_file - The end certificate file. This file must be PEM-encoded.	{ "ca_chain_file": "String", "cert_file": "String", "certificate_revocation_list_distribution_point": "String", "component_id": 42, "component_name": "String", "csr_id": 42, "expiry": 42, "extended_key_usage": [ "String <one of: TLS_Web_server_authentication, TLS_Web_client_authentication, Email_protection>" ], "id": 42, "issuer": [ { "field_name": "String", "value": "String" } ], "key_file": "String", "key_password": "String", "key_usage": [ "String <one of: CRL_SIGN, DATA_ENCIPHERMENT, DECIPHER_ONLY, DIGITAL_SIGNATURE, ENCIPHER_ONLY, KEY_AGREEMENT, KEY_CERT_SIGN, KEY_ENCIPHERMENT, NON_REPUDIATION>" ], "name": "String", "not_before": 42, "purpose": "String", "serial_number": "String", "status": "String", "subject": [ { "field_name": "String", "value": "String" } ], "validation": 42 }

Table 4. POST /staged_config/certificates/end_certificates response codes
HTTP Response Code	Unique Code	Description
201		The certificate was created successfully.
409	1102	null
422	1005	null
422	1006	null
422	1007	null
422	1008	null
422	2001	Error parsing a certificate
422	2002	Error parsing a certificate
422	2003	The certificate is expired
422	2004	The certificate is not yet valid
422	2005	The certificate is revoked
422	2010	Unexpected error occurred when processing a certificate
422	2011	Error finding issuer certificates
422	2012	The certificate's key usage or extended key usage does not match to its purpose
422	2013	Error validating the full chain of the certificate
422	2014	The certificate is an invalid self-signed certificate
422	2020	The CRL is invalid
422	2030	Unexpected error when processing CRL
422	2031	Error finding the issuer certificates for the CRL
422	2032	The issuer does not has CRL sign usage
422	2033	Error validating the CRL
422	2034	The CRL is expired
500	1020	null
500	2035	null

Response Description

The location header of the newly created resource. The certificate resource contains the following fields:

id - Uniquely identifies the certificate.
csr_id - Returns a null value to ensure that the data is hidden.
name - A unique name that identifies the certificate.
purpose - The intended use of the certificate.
component_id Returns the assigned component ID of the certificate.
component_name Returns the assigned component name of the certificate.
subject - Returns the Subject of the certificate.
issuer - Returns the Issuer of the certificate.
expiry - Returns the "Validity Not After" field of the certificate, represented as the number of milliseconds since UNIX epoch.
serial_number - returns the "Serial Number" field of the certificate.
key_usage - returns the "Key Usage" field of the certificate.
certificate_revocation_list_distribution_point - returns the "CRL Distribution Points" field of the certificate
key_file - Returns a null value to ensure that the data is hidden.
key_password - Returns a null value to ensure that the data is hidden.
ca_chain_file - Returns a null value to ensure that the data is hidden.
cert_file - Returns a null value to ensure that the data is hidden.
validation - Returns the code to indicate whether the certificate is valid. If not, it returns the reason that the certificate is not valid.
- -1 - The certificate has not been validated.
- 0 - The certificate is valid or has not been checked.
- 2001 - Error parsing a certificate.
- 2002 - Error decoding a certificate.
- 2003 - The certificate is expired.
- 2004 - The certificate is not yet valid.
- 2005 - The certificate is revoked.
- 2010 - An unexpected error occurred when processing a certificate.
- 2011 - Error finding the issuer certificates.
- 2012 - The certificate's key usage or extended key usage does not match its purpose.
- 2013 - Error validating the full chain of the certificate.
- 2014 - The certificate is an invalid self-signed certificate.
- 2020 - The CRL is invalid.
- 2030 - Unexpected error when processing the CRL.
- 2031 - Error finding the issuer certificates for the CRL.
- 2032 - The issuer does not have the CRL sign usage.
- 2033 - Error validating the CRL.
- 2034 - The CRL is expired.

Response Sample


{
    "ca_chain_file": "String",
    "cert_file": "String",
    "certificate_revocation_list_distribution_point": "String",
    "component_id": 42,
    "component_name": "String",
    "csr_id": 42,
    "expiry": 42,
    "extended_key_usage": [
        "String <one of: TLS_Web_server_authentication, TLS_Web_client_authentication, Email_protection>"
    ],
    "id": 42,
    "issuer": [
        {
            "field_name": "String",
            "value": "String"
        }
    ],
    "key_file": "String",
    "key_password": "String",
    "key_usage": [
        "String <one of: CRL_SIGN, DATA_ENCIPHERMENT, DECIPHER_ONLY, DIGITAL_SIGNATURE, ENCIPHER_ONLY, KEY_AGREEMENT, KEY_CERT_SIGN, KEY_ENCIPHERMENT, NON_REPUDIATION>"
    ],
    "name": "String",
    "not_before": 42,
    "purpose": "String",
    "serial_number": "String",
    "status": "String",
    "subject": [
        {
            "field_name": "String",
            "value": "String"
        }
    ],
    "validation": 42
}