Renewing a certificate via API¶
The certificaterequests function renews and archives the old certificates. This API call requires:
-
An existing Managed Certificate ID. If Venafi Cloud stores information about certificate provisioning, the certificate is considered 'managed'.
-
A zone ID that provides policy information for the certificate renewal.
-
A Certificate Signing Request (CSR). If the request is for a test certificate, the CSR must include the sub-domain name.
To renew a certificate
-
If you have not already done so, obtain an API key.
-
To find the certificates that require renewal, use the
managedcertificatesearchorcertificateinstancesearchAPI call. For additional help, use the parameter descriptions from our
documentation. For example, managedcertificatesearchcan list expiring certificates byvalidityEnd.POST https://api.venafi.cloud/v1/managedcertificatesearch tppl-api-key: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX { "expression":{ "operands":[ { "field":"validityEnd", "operator":"MATCH", "value":"2018-06-10T12:00:00.000+0000" } ] },... -
From the JSON response, use the certificates managedCertificateId and the zoneId for the next step. These attributes identify the information that is necessary for renewal.
json { "certificates":[ { "id":"59f782d0-2637-11e8-9c27-854639d34df0", ... "instances":[ { "id":"5c40af80-2637-11e8-9c27-854639d34df0", "certificateId":"59f782d0-2637-11e8-9c27-854639d34df0", "managedCertificateId":"59f782d0-2637-11e8-9c27-854639d34df0", "companyId":"661e7940-67ee-11e7-a788-81bb040892b4", "zoneId":"6620c332-67ee-11e7-a788-81bb040892b4" ... } -
To renew, use the
certificaterequestsfunction and supply thezoneIdandmanagedCertificateIdfrom the previous step. Notice that theexistingManagedCertificateIduses themanagedCertificateId. Make sure the line breaks for thecertificateSigningRequestare escaped with \n.POST https://api.venafi.cloud/v1/certificaterequests tppl-api-key: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX { "certificateSigningRequest": "-----BEGIN CERTIFICATE REQUEST-----\n ... -----END CERTIFICATE REQUEST-----\n", "zoneId":"6620c332-67ee-11e7-a788-81bb040892b4", "existingManagedCertificateId": "59f782d0-2637-11e8-9c27-854639d34df0" }
Example response
HTTP 1.1 OK
{
"certificateRequests": [
{
"id": "51d1a5a0-263b-11e8-845e-25bb7a9ce615",
"companyId": "661e7940-67ee-11e7-a788-81bb040892b4",
"zoneId": "6620c332-67ee-11e7-a788-81bb040892b4",
"status": "PENDING",
"certificateName":
"cn=silvana_a37fe.venafi.test,ou=Auto,o=Venafi,c=US",
"certificateOwnerUserId":
"16489650-e118-11e7-a6e2-5bba2580ce35",
"certificatePolicyIds": {
"CERTIFICATE_USE":
"6620c331-67ee-11e7-a788-81bb040892b4",
"CERTIFICATE_IDENTITY":
"6620c330-67ee-11e7-a788-81bb040892b4"
},
"certificateProviderId":
"66209c21-67ee-11e7-a788-81bb040892b4",
"product": {
"certificateAuthority": "TESTCA",
"validationScopeId":
"661e7940-67ee-11e7-a788-81bb040892b4",
"certificateType": "DOMAIN_VALIDATED_SSL",
"validityPeriod": "NINETY_DAYS",
"hashAlgorithm": "SHA256",
"caconfigurationId":
"45024c60-1257-11e7-93ae-92361f002671"
},
"certificateIds": [],
"existingManagedCertificateId":
"59f782d0-2637-11e8-9c27-854639d34df0",
"-----BEGIN CERTIFICATE REQUEST-----\n
...
-----END CERTIFICATE REQUEST-----\n",
"subjectDN":
"cn=jane_a37fe.venafi.test,ou=Auto,o=Venafi,c=US",
"keyLength": 2048,
"keyType": "RSA",
"creationDate": "2018-03-12T21:21:25.242+0000",
"modificationDate": "2018-03-12T21:21:25.242+0000"
}
]
}