POST /staged_config/certificates/end_certificates/{id}

Edit online

Use this endpoint to update an existing certificate resource.

You must have System Administrator or Security Administrator permissions to use this endpoint. After the certificate resource is updated, an administrator must deploy the updated Keystore file.

Table 1. POST /staged_config/certificates/end_certificates/{id} resource details
MIME Type

application/json

Table 2. POST /staged_config/certificates/end_certificates/{id} request parameter details
Parameter Type Optionality Data Type MIME Type Description

id

path

Required

Number (Integer)

text/plain

null

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Table 3. POST /staged_config/certificates/end_certificates/{id} request body details
Parameter Data Type MIME Type Description Sample

EndCertificateDTO

Object

application/json
The modified certificate resource object. This JSON object contains the following optional parameters:
  • name - A unique name to associate to this certificate.
  • purpose - Indicates the intended use of the certificate.
  • component_id - (Optional) Associates the certificate to a pre-registered component ID.

    When a component is assigned, the certificate can be used only with that component.

    To view the list of registered components, use the GET /api/config/certificates/components endpoint.

    If you do not want to associate the certificate to a component, set the component_id to 0. Only System Administrators or Security Administrators can view certificates that do not have a component ID.

    This parameter can not be used in combination with the csr_id parameter. The csr_id must not be defined if the key_file parameter is used.

    Note: Only RSA generated private keys are supported.
  • key_password - The password that is used to decrypt the private key (key_file).
  • ca_chain_file - The intermediate certificate file. This file must be PEM-encoded.
    Note: To use multiple intermediate certificates, consolidate all intermediate chain certificates into one string, and separate the certificates with a new line (carriage return).

    The order of the certificate hierarchy is important. Each intermediate certificate must be listed in the child certificate authority first, and the issuer must come after it.

  • cert_file - The end certificate file. This file must be PEM-encoded.

{ "ca_chain_file": "String", "cert_file": "String", "certificate_revocation_list_distribution_point": "String", "component_id": 42, "component_name": "String", "csr_id": 42, "expiry": 42, "extended_key_usage": [ "String <one of: TLS_Web_server_authentication, TLS_Web_client_authentication, Email_protection>" ], "id": 42, "issuer": [ { "field_name": "String", "value": "String" } ], "key_file": "String", "key_password": "String", "key_usage": [ "String <one of: CRL_SIGN, DATA_ENCIPHERMENT, DECIPHER_ONLY, DIGITAL_SIGNATURE, ENCIPHER_ONLY, KEY_AGREEMENT, KEY_CERT_SIGN, KEY_ENCIPHERMENT, NON_REPUDIATION>" ], "name": "String", "not_before": 42, "purpose": "String", "serial_number": "String", "status": "String", "subject": [ { "field_name": "String", "value": "String" } ], "validation": 42 }
Table 4. POST /staged_config/certificates/end_certificates/{id} response codes
HTTP Response Code Unique Code Description

200

The certificate was updated successfully.

404

1002

null

409

1102

null

422

1101

null

422

1103

null

422

1005

null

422

1006

null

422

1007

null

422

1008

null

422

2001

Error parsing a certificate

422

2002

Error parsing a certificate

422

2003

The certificate is expired

422

2004

The certificate is not yet valid

422

2005

The certificate is revoked

422

2010

Unexpected error occurred when processing a certificate

422

2011

Error finding issuer certificates

422

2012

The certificate's key usage or extended key usage does not match to its purpose

422

2013

Error validating the full chain of the certificate

422

2014

The certificate is an invalid self-signed certificate

422

2020

The CRL is invalid

422

2030

Unexpected error when processing CRL

422

2031

Error finding the issuer certificates for the CRL

422

2032

The issuer does not have CRL signing authority.

422

2033

Error validating the CRL

422

2034

The CRL is expired

500

1020

null

500

2035

null

Response Description

The Certificate resource with the following fields:
  • id - Uniquely identifies the certificate.
  • csr_id - Returns a null value to ensure that the data is hidden.
  • name - A unique name that identifies the certificate.
  • purpose - The intended use of the certificate.
  • component_id Returns the assigned component ID of the certificate.
  • component_name Returns the assigned component name of the certificate.
  • status - Returns the status of the certificate upload process. The status values are: DEPLOY_PENDING, DEPLOYED, and DELETE_PENDING.
  • subject - Returns the Subject of the certificate.
  • issuer - Returns the Issuer of the certificate.
  • expiry - Returns the "Validity Not After" field of the certificate, represented as the number of milliseconds since UNIX epoch.
  • serial_number - returns the "Serial Number" field of the certificate.
  • key_usage - returns the "Key Usage" field of the certificate.
  • certificate_revocation_list_distribution_point - returns the "CRL Distribution Points" field of the certificate
  • key_file - Returns a null value to ensure that the data is hidden.
  • key_password - Returns a null value to ensure that the data is hidden.
  • ca_chain_file - Returns a null value to ensure that the data is hidden.
  • cert_file - Returns a null value to ensure that the data is hidden.
  • validation - Returns the code to indicate whether the certificate is valid. If not, it returns the reason that the certificate is not valid.
    • -1 - The certificate has not been validated.
    • 0 - The certificate is valid or has not been checked.
    • 2001 - Error parsing a certificate.
    • 2002 - Error decoding a certificate.
    • 2003 - The certificate is expired.
    • 2004 - The certificate is not yet valid.
    • 2005 - The certificate is revoked.
    • 2010 - Unexpected error occurred when processing a certificate.
    • 2011 - Error finding the issuer certificates.
    • 2012 - The certificate's key usage or extended key usage does not match its purpose.
    • 2013 - Error validating the full chain of the certificate.
    • 2014 - The certificate is an invalid self-signed certificate.
    • 2020 - The CRL is invalid.
    • 2030 - Unexpected error when processing the CRL.
    • 2031 - Error finding the issuer certificates for the CRL.
    • 2032 - The issuer does not have the CRL sign usage.
    • 2033 - Error validating the CRL.
    • 2034 - The CRL is expired.

Response Sample


{
    "ca_chain_file": "String",
    "cert_file": "String",
    "certificate_revocation_list_distribution_point": "String",
    "component_id": 42,
    "component_name": "String",
    "csr_id": 42,
    "expiry": 42,
    "extended_key_usage": [
        "String <one of: TLS_Web_server_authentication, TLS_Web_client_authentication, Email_protection>"
    ],
    "id": 42,
    "issuer": [
        {
            "field_name": "String",
            "value": "String"
        }
    ],
    "key_file": "String",
    "key_password": "String",
    "key_usage": [
        "String <one of: CRL_SIGN, DATA_ENCIPHERMENT, DECIPHER_ONLY, DIGITAL_SIGNATURE, ENCIPHER_ONLY, KEY_AGREEMENT, KEY_CERT_SIGN, KEY_ENCIPHERMENT, NON_REPUDIATION>"
    ],
    "name": "String",
    "not_before": 42,
    "purpose": "String",
    "serial_number": "String",
    "status": "String",
    "subject": [
        {
            "field_name": "String",
            "value": "String"
        }
    ],
    "validation": 42
}