Requesting a certificate via API¶
The certificaterequests
function enrolls or renews a certificate with a pre-generated Certificate Signing Request (CSR). This function requires: The certificaterequests
function enrolls or renews a certificate with a pre-generated Certificate Signing Request (CSR). This function requires:
- A zone ID.
- A CSR.
- An Issuing Template.
When submitting a certificate request to DevOpsACCELERATE, you can choose which Issuing Template to use to evaluate the request.
To request a certificate
-
If you have not already done so, obtain an API key.
-
Determine which Issuing Template to use.
-
Obtain a zone id for the certificate request.
-
Use a tool, such as OpenSSL, to generate a CSR in the PKS#10 format. The CSR field data should conform to the Issuing Template.
-
Use the
certificaterequests
function and supply the CSR. For additional help, use the parameter descriptions from ourdocumentation. For example:
POST https://api.venafi.cloud/v1/certificaterequests tppl-api-key: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
-
In the JSON body, insert the zoneID and the certificateSigningRequest value. Where necessary, make sure the CSR line breaks are escaped with \n. For example:
{ "certificateSigningRequest": "-----BEGIN CERTIFICATE REQUEST-----\n ... -----END CERTIFICATE REQUEST-----\n", "zoneId": "ffb9b170-0e7d-11e7-ae35-1b52a158cd01" }
- Save the
id
, which is the Certificate Request ID, for other tasks, such as checking the status of a certificate.
Example response
HTTP 1.1 OK
{
"certificateRequests":[
{
"id":"d7592620-131e-11e7-ac75-d9e91a6af247",
"companyId":"ffb4a860-0e7d-11e7-ae35-1b52a158cd01",
"zoneId":"ffb9b170-0e7d-11e7-ae35-1b52a158cd01",
"status":"PENDING",
"certificateName":"cn=User1,o=Venafi",
"certificateOwnerUserId":"89257000-0f4d-11e7-ac75-d9e91a6af247",
"certificatePolicyIds":{
"CERTIFICATE_USE":"ffb96350-0e7d-11e7-ae35-1b52a158cd01",
"CERTIFICATE_IDENTITY":"ffb91530-0e7d-11e7-ae35-1b52a158cd01"
},
"certificateProviderId":"ffb71960-0e7d-11e7-ae35-1b52a158cd01",
"product":{
"certificateAuthority":"TESTCA",
"certificateType":"DOMAIN_VALIDATED_SSL",
"validityPeriod":"ONE_YEAR",
"hashAlgorithm":"SHA256"
},
"certificateIds":[
],
"certificateSigningRequest":"-----BEGIN CERTIFICATE REQUEST-----\n
...
-----END CERTIFICATE REQUEST-----\n",
"subjectDN":"cn=User1,o=Venafi",
"keyLength":2048,
"keyType":"RSA",
"creationDate":"2017-03-27T18:54:44.098+0000",
"modificationDate":"2017-03-27T18:54:44.098+0000"
}
]
}