Skip to content

Requesting a certificate via API

The certificaterequests function enrolls or renews a certificate with a pre-generated Certificate Signing Request (CSR). This function requires: The certificaterequests function enrolls or renews a certificate with a pre-generated Certificate Signing Request (CSR). This function requires:

  • A zone ID.
  • A CSR.
  • An Issuing Template.

When submitting a certificate request to DevOpsACCELERATE, you can choose which Issuing Template to use to evaluate the request.

To request a certificate

  1. If you have not already done so, obtain an API key.

  2. Determine which Issuing Template to use.

  3. Obtain a zone id for the certificate request.

  4. Use a tool, such as OpenSSL, to generate a CSR in the PKS#10 format. The CSR field data should conform to the Issuing Template.

  5. Use the certificaterequests function and supply the CSR. For additional help, use the parameter descriptions from our screenshotdocumentation. For example:

    POST https://api.venafi.cloud/v1/certificaterequests
    tppl-api-key: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
    
  6. In the JSON body, insert the zoneID and the certificateSigningRequest value. Where necessary, make sure the CSR line breaks are escaped with \n. For example:

    {
    "certificateSigningRequest":  
    "-----BEGIN CERTIFICATE REQUEST-----\n
    ...
    -----END CERTIFICATE REQUEST-----\n",
    "zoneId": "ffb9b170-0e7d-11e7-ae35-1b52a158cd01"
    }
    

  7. Save the id, which is the Certificate Request ID, for other tasks, such as checking the status of a certificate.

Example response

HTTP 1.1 OK
{
"certificateRequests":[
    {
        "id":"d7592620-131e-11e7-ac75-d9e91a6af247",
        "companyId":"ffb4a860-0e7d-11e7-ae35-1b52a158cd01",
        "zoneId":"ffb9b170-0e7d-11e7-ae35-1b52a158cd01",
        "status":"PENDING",
        "certificateName":"cn=User1,o=Venafi",
        "certificateOwnerUserId":"89257000-0f4d-11e7-ac75-d9e91a6af247",
        "certificatePolicyIds":{
            "CERTIFICATE_USE":"ffb96350-0e7d-11e7-ae35-1b52a158cd01",
            "CERTIFICATE_IDENTITY":"ffb91530-0e7d-11e7-ae35-1b52a158cd01"
        },
        "certificateProviderId":"ffb71960-0e7d-11e7-ae35-1b52a158cd01",
        "product":{
            "certificateAuthority":"TESTCA",
            "certificateType":"DOMAIN_VALIDATED_SSL",
            "validityPeriod":"ONE_YEAR",
            "hashAlgorithm":"SHA256"
        },
        "certificateIds":[

        ],
        "certificateSigningRequest":"-----BEGIN CERTIFICATE REQUEST-----\n
        ...
        -----END CERTIFICATE REQUEST-----\n",
        "subjectDN":"cn=User1,o=Venafi",
        "keyLength":2048,
        "keyType":"RSA",
        "creationDate":"2017-03-27T18:54:44.098+0000",
        "modificationDate":"2017-03-27T18:54:44.098+0000"
    }
  ]
}