Renewing a certificate via API¶
The certificaterequests
function renews and archives the old certificates. This API call requires:
-
An existing Managed Certificate ID. If Venafi Cloud stores information about certificate provisioning, the certificate is considered 'managed'.
-
A zone ID that provides policy information for the certificate renewal.
-
A Certificate Signing Request (CSR). If the request is for a test certificate, the CSR must include the sub-domain name.
To renew a certificate
-
If you have not already done so, obtain an API key.
-
To find the certificates that require renewal, use the
managedcertificatesearch
orcertificateinstancesearch
API call. For additional help, use the parameter descriptions from ourdocumentation. For example,
managedcertificatesearch
can list expiring certificates byvalidityEnd
.POST https://api.venafi.cloud/v1/managedcertificatesearch tppl-api-key: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX { "expression":{ "operands":[ { "field":"validityEnd", "operator":"MATCH", "value":"2018-06-10T12:00:00.000+0000" } ] },...
-
From the JSON response, use the certificates managedCertificateId and the zoneId for the next step. These attributes identify the information that is necessary for renewal.
json { "certificates":[ { "id":"59f782d0-2637-11e8-9c27-854639d34df0", ... "instances":[ { "id":"5c40af80-2637-11e8-9c27-854639d34df0", "certificateId":"59f782d0-2637-11e8-9c27-854639d34df0", "managedCertificateId":"59f782d0-2637-11e8-9c27-854639d34df0", "companyId":"661e7940-67ee-11e7-a788-81bb040892b4", "zoneId":"6620c332-67ee-11e7-a788-81bb040892b4" ... }
-
To renew, use the
certificaterequests
function and supply thezoneId
andmanagedCertificateId
from the previous step. Notice that theexistingManagedCertificateId
uses themanagedCertificateId
. Make sure the line breaks for thecertificateSigningRequest
are escaped with \n.POST https://api.venafi.cloud/v1/certificaterequests tppl-api-key: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX { "certificateSigningRequest": "-----BEGIN CERTIFICATE REQUEST-----\n ... -----END CERTIFICATE REQUEST-----\n", "zoneId":"6620c332-67ee-11e7-a788-81bb040892b4", "existingManagedCertificateId": "59f782d0-2637-11e8-9c27-854639d34df0" }
Example response
HTTP 1.1 OK
{
"certificateRequests": [
{
"id": "51d1a5a0-263b-11e8-845e-25bb7a9ce615",
"companyId": "661e7940-67ee-11e7-a788-81bb040892b4",
"zoneId": "6620c332-67ee-11e7-a788-81bb040892b4",
"status": "PENDING",
"certificateName":
"cn=silvana_a37fe.venafi.test,ou=Auto,o=Venafi,c=US",
"certificateOwnerUserId":
"16489650-e118-11e7-a6e2-5bba2580ce35",
"certificatePolicyIds": {
"CERTIFICATE_USE":
"6620c331-67ee-11e7-a788-81bb040892b4",
"CERTIFICATE_IDENTITY":
"6620c330-67ee-11e7-a788-81bb040892b4"
},
"certificateProviderId":
"66209c21-67ee-11e7-a788-81bb040892b4",
"product": {
"certificateAuthority": "TESTCA",
"validationScopeId":
"661e7940-67ee-11e7-a788-81bb040892b4",
"certificateType": "DOMAIN_VALIDATED_SSL",
"validityPeriod": "NINETY_DAYS",
"hashAlgorithm": "SHA256",
"caconfigurationId":
"45024c60-1257-11e7-93ae-92361f002671"
},
"certificateIds": [],
"existingManagedCertificateId":
"59f782d0-2637-11e8-9c27-854639d34df0",
"-----BEGIN CERTIFICATE REQUEST-----\n
...
-----END CERTIFICATE REQUEST-----\n",
"subjectDN":
"cn=jane_a37fe.venafi.test,ou=Auto,o=Venafi,c=US",
"keyLength": 2048,
"keyType": "RSA",
"creationDate": "2018-03-12T21:21:25.242+0000",
"modificationDate": "2018-03-12T21:21:25.242+0000"
}
]
}