Skip to content

Requesting a certificate via API

The certificaterequests function enrolls or renews a certificate with a pre-generated Certificate Signing Request (CSR). This function requires: The certificaterequests function enrolls or renews a certificate with a pre-generated Certificate Signing Request (CSR). This function requires:

  • A zone ID.
  • A CSR.
  • An Issuing Template.

When submitting a certificate request to DevOpsACCELERATE, you can choose which Issuing Template to use to evaluate the request.

To request a certificate

  1. If you have not already done so, obtain an API key.

  2. Determine which Issuing Template to use.

  3. Obtain a zone id for the certificate request.

  4. Use a tool, such as OpenSSL, to generate a CSR in the PKS#10 format. The CSR field data should conform to the Issuing Template.

  5. Use the certificaterequests function and supply the CSR. For additional help, use the parameter descriptions from ´╗┐our screenshotdocumentation. For example:

    POST https://api.venafi.cloud/v1/certificaterequests
    tppl-api-key: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
    
  6. In the JSON body, insert the zoneID and the certificateSigningRequest value. Where necessary, make sure the CSR line breaks are escaped with \n. For example:

    {
    "certificateSigningRequest":  
    "-----BEGIN CERTIFICATE REQUEST-----\n
    ...
    -----END CERTIFICATE REQUEST-----\n",
    "zoneId": "ffb9b170-0e7d-11e7-ae35-1b52a158cd01"
    }
    

  7. Save the id, which is the Certificate Request ID, for other tasks, such as checking the status of a certificate.

Example response

HTTP 1.1 OK
{
"certificateRequests":[
    {
        "id":"d7592620-131e-11e7-ac75-d9e91a6af247",
        "companyId":"ffb4a860-0e7d-11e7-ae35-1b52a158cd01",
        "zoneId":"ffb9b170-0e7d-11e7-ae35-1b52a158cd01",
        "status":"PENDING",
        "certificateName":"cn=User1,o=Venafi",
        "certificateOwnerUserId":"89257000-0f4d-11e7-ac75-d9e91a6af247",
        "certificatePolicyIds":{
            "CERTIFICATE_USE":"ffb96350-0e7d-11e7-ae35-1b52a158cd01",
            "CERTIFICATE_IDENTITY":"ffb91530-0e7d-11e7-ae35-1b52a158cd01"
        },
        "certificateProviderId":"ffb71960-0e7d-11e7-ae35-1b52a158cd01",
        "product":{
            "certificateAuthority":"TESTCA",
            "certificateType":"DOMAIN_VALIDATED_SSL",
            "validityPeriod":"ONE_YEAR",
            "hashAlgorithm":"SHA256"
        },
        "certificateIds":[

        ],
        "certificateSigningRequest":"-----BEGIN CERTIFICATE REQUEST-----\n
        ...
        -----END CERTIFICATE REQUEST-----\n",
        "subjectDN":"cn=User1,o=Venafi",
        "keyLength":2048,
        "keyType":"RSA",
        "creationDate":"2017-03-27T18:54:44.098+0000",
        "modificationDate":"2017-03-27T18:54:44.098+0000"
    }
  ]
}