Skip to content

Requesting a certificate using Automated Secure Keypair

The certificaterequests function may use Automated Secure Keypair (ASK) to generate the public and private key during a certificate request. The ASK feature requires you to have at least one VSatellite deployed and registered with TLS Protect Cloud.

This function requires:

To get a certificate using ASK

  1. If you have not already done so, obtain an API key.

  2. Use the certificatesearch function as part of the URL and set the header. For example:


  3. In the JSON body, insert the applicationId and the certificateIssuingTemplateId values. For additional help, use the parameter descriptions from Dev Central. For example:

       "isVaaSGenerated": true,
       "applicationId": "785a6260-28f5-11eb-804b-6769144073a1",
       "certificateIssuingTemplateId": "11a0c6e2-28f5-11eb-999a-4d91b3bd6de9",
       "validityPeriod": "P7D",
       "csrAttributes": {
          "commonName": "ask.venafi.example",
          "organization": "Venafi, Inc.",
          "organizationalUnits": [
             "Quality Assurance"
          "locality": "Salt Lake City",
          "state": "Utah",
          "country": "US",
          "subjectAlternativeNamesByType": {
             "dnsNames": [

  4. To manage other tasks, save the certificateIds from the JSON response. The first certificateId is that of the issued certificate and it is followed by the applicable chain certificates.

Example response

HTTP 201 Created
        "id": "3e191f90-4737-11ec-a491-150fc62378e9",
        "companyId": "11447611-28f5-11eb-b879-87373a818312",
        "applicationId": "785a6260-28f5-11eb-804b-6769144073a1",
        "creationDate": "2021-11-16T23:45:13.285+0000",
        "modificationDate": "2021-11-16T23:45:13.392+0000",
        "status": "ISSUED",
        "certificateOwnerUserId": "1f3873e0-2b55-11eb-9d73-73dd1c3fc270",
        "certificateIssuingTemplateId": "11a0c6e2-28f5-11eb-999a-4d91b3bd6de9",
        "certificateIds": [
        "certificateSigningRequest": "-----BEGIN CERTIFICATE REQUEST-----\nMIIC+...",
        "subjectDN": "cn=ask.venafi.example,ou=Quality Assurance,o=Venafi, Inc.,c=US,st=Utah,l=Salt Lake City",
        "keyLength": 2048,
        "keyType": "RSA",
        "subjectAlternativeNamesByType": {
           "otherName": [],
           "rfc822Name": [],
           "dNSName": [
           "x400Address": [],
           "directoryName": [],
           "ediPartyName": [],
           "uniformResourceIdentifier": [],
           "iPAddress": [],
           "registeredID": []
        "validityPeriod": "P7D"