Renewing a certificate via API

The certificaterequests function renews and archives the old certificates. This API call requires:

  • An existing Managed Certificate ID. If Venafi Cloud stores information about certificate provisioning, the certificate is considered 'managed'.
  • A zone ID that provides policy information for the certificate renewal.
  • A Certificate Signing Request (CSR). If the request is for a test certificate, the CSR must include the sub-domain name.

To renew a certificate

  1. If you have not already done so, obtain an API key.

  2. To find the certificates that require renewal, use the managedcertificatesearch or certificateinstancesearch API call. For additional help, use the parameter descriptions from our documentation. For example, managedcertificatesearch can list expiring certificates by validityEnd.
  3. POST https://api.venafi.cloud/v1/managedcertificatesearch
    tppl-api-key: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
    
    {
       "expression":{
          "operands":[
             {
                "field":"validityEnd",
                "operator":"MATCH",
                "value":"2018-06-10T12:00:00.000+0000"
             }
          ]
       },...
  4. From the JSON response, use the certificates managedCertificateId and the zoneId for the next step. These attributes identify the information that is necessary for renewal.
  5. {
       "certificates": [
            {
                "id": "59f782d0-2637-11e8-9c27-854639d34df0",
                 ... 
                "instances": [
                    {
                        "id": "5c40af80-2637-11e8-9c27-854639d34df0",
                        "certificateId": 
                          "59f782d0-2637-11e8-9c27-854639d34df0",
                         "managedCertificateId": "59f782d0-2637-11e8-9c27-854639d34df0",
    
                        "companyId": 
                          "661e7940-67ee-11e7-a788-81bb040892b4",
                        "zoneId": "6620c332-67ee-11e7-a788-81bb040892b4",
                  ...
    }
    
    
  6. To renew, use the certificaterequests function and supply the zoneId and managedCertificateId from the previous step. Notice that the existingManagedCertificateId uses the managedCertificateId. Make sure the line breaks for the certificateSigningRequest are escaped with \n.
  7. POST https://api.venafi.cloud/v1/certificaterequests
    tppl-api-key: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
    {
       "certificateSigningRequest":
       "-----BEGIN CERTIFICATE REQUEST-----\n
        ...
        -----END CERTIFICATE REQUEST-----\n",
       "zoneId":"6620c332-67ee-11e7-a788-81bb040892b4",
       "existingManagedCertificateId":
          "59f782d0-2637-11e8-9c27-854639d34df0"
    }
    				
    Example Response
    HTTP 1.1 OK
    {
        "certificateRequests": [
            {
                "id": "51d1a5a0-263b-11e8-845e-25bb7a9ce615",
                "companyId": "661e7940-67ee-11e7-a788-81bb040892b4",
                "zoneId": "6620c332-67ee-11e7-a788-81bb040892b4",
                "status": "PENDING",
                "certificateName": 
                   "cn=silvana_a37fe.venafi.test,ou=Auto,o=Venafi,c=US",
                "certificateOwnerUserId": 
                   "16489650-e118-11e7-a6e2-5bba2580ce35",
                "certificatePolicyIds": {
                    "CERTIFICATE_USE": 
                       "6620c331-67ee-11e7-a788-81bb040892b4",
                    "CERTIFICATE_IDENTITY": 
                       "6620c330-67ee-11e7-a788-81bb040892b4"
                },
                "certificateProviderId": 
                   "66209c21-67ee-11e7-a788-81bb040892b4",
                "product": {
                    "certificateAuthority": "TESTCA",
    							
                    "validationScopeId": 
                       "661e7940-67ee-11e7-a788-81bb040892b4",
                    "certificateType": "DOMAIN_VALIDATED_SSL",
                    "validityPeriod": "NINETY_DAYS",
                    "hashAlgorithm": "SHA256",
                    "caconfigurationId": 
                       "45024c60-1257-11e7-93ae-92361f002671"
                },
                "certificateIds": [],
                "existingManagedCertificateId": 
                   "59f782d0-2637-11e8-9c27-854639d34df0",
                "-----BEGIN CERTIFICATE REQUEST-----\n
                ...
                -----END CERTIFICATE REQUEST-----\n",
                "subjectDN": 
                   "cn=jane_a37fe.venafi.test,ou=Auto,o=Venafi,c=US",
                "keyLength": 2048,
                "keyType": "RSA",
                "creationDate": "2018-03-12T21:21:25.242+0000",
                "modificationDate": "2018-03-12T21:21:25.242+0000"
            }
        ]
    }