Requesting a certificate

The certificaterequests function enrolls or renews a certificate with a pre-generated Certificate Signing Request (CSR). This function requires:

When submitting a certificate request to DevOpsACCELERATE, you can choose which Issuing Template to use to evaluate the request.

To request a certificate

  1. If you have not already done so, obtain an API key.

  2. Determine which Issuing Template to use.
  3. Obtain a zone id for the certificate request.
  4. Use a tool, such as OpenSSL, to generate a CSR in the PKS#10 format. The CSR field data should conform to the Issuing Template.
  5. Use the certificaterequests function and supply the CSR. For additional help, use the parameter descriptions from our documentation. For example:

    POST https://api.venafi.cloud/v1/certificaterequests
    tppl-api-key: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
  6. In the JSON body, insert the  zoneID and the certificateSigningRequest value. Where necessary, make sure the CSR line breaks are escaped with \n. For example:

    {
    "certificateSigningRequest":  
    "-----BEGIN CERTIFICATE REQUEST-----\n
     ...
     -----END CERTIFICATE REQUEST-----\n",
    "zoneId": "ffb9b170-0e7d-11e7-ae35-1b52a158cd01"
    }
    

    Example response:

    HTTP 1.1 OK
    {
      "certificateRequests": [
        {
          "id": "d7592620-131e-11e7-ac75-d9e91a6af247",
          "companyId": "ffb4a860-0e7d-11e7-ae35-1b52a158cd01",
          "zoneId": "ffb9b170-0e7d-11e7-ae35-1b52a158cd01",
          "status": "PENDING",
          "certificateName": "cn=User1,o=Venafi",
          "certificateOwnerUserId": 
             "89257000-0f4d-11e7-ac75-d9e91a6af247",
          "certificatePolicyIds": {
            "CERTIFICATE_USE": 
               "ffb96350-0e7d-11e7-ae35-1b52a158cd01",
            "CERTIFICATE_IDENTITY": 
               "ffb91530-0e7d-11e7-ae35-1b52a158cd01"
          },
          "certificateProviderId": 
             "ffb71960-0e7d-11e7-ae35-1b52a158cd01",
          "product": {
            "certificateAuthority": "TESTCA",
            "certificateType": "DOMAIN_VALIDATED_SSL",
            "validityPeriod": "ONE_YEAR",
            "hashAlgorithm": "SHA256"
          },
          "certificateIds": [],
          "certificateSigningRequest": 
          "-----BEGIN CERTIFICATE REQUEST-----\n
          ...
          -----END CERTIFICATE REQUEST-----\n",
          "subjectDN": "cn=User1,o=Venafi",
          "keyLength": 2048,
          "keyType": "RSA",
          "creationDate": "2017-03-27T18:54:44.098+0000",
          "modificationDate": "2017-03-27T18:54:44.098+0000"
        }
      ]
    }
  7. Save the ID, which is the Certificate Request ID, for other tasks, such as checking the status of a certificate.