Run a certificate trigger
When a trigger fails, the user might have the ability to run the trigger manually again. This is only possible when retryable is set to true in the triggerResult.
|
id
string
requiredThe ID of the certificate
Example
644796623000003800cc6c4b
|
|
triggerName
string
requiredThe name of the trigger
Example
TestTrigger
|
|
event
string
required
Enum
on_enroll
on_revoke
on_update
on_recover
on_migrate
on_expire
on_renew
|
-
200 The updated certificate
application/jsoncertificateobject (Certificate) requiredThe certificate object
metadataarray of objects (Certificate Metadata) requiredThe certificate's technical metadata used internally
Array [
keystring requiredThe metadata name
Enumpki_connectorprevious_certificate_idrenewed_certificate_idautomation_policygs_order_idmetapki_iddigicert_identrust_idscep_transidfcms_idgsatlas_idcerteurope_iddigicert_order_idvaluestring requiredThe metadata value
]
notAfterinteger requiredThe certificate's expiration date in milliseconds since the epoch
thumbprintstring requiredThe certificate's thumbprint
certificatestring requiredThe certificate's PEM-encoded content
dnstring requiredThe certificate's Distinguished Name
revokedboolean requiredWhether the certificate is revoked
issuerstring requiredThe certificate's issuer Distinguished Name
notBeforeinteger requiredThe certificate's start date in milliseconds since the epoch
selfSignedboolean requiredWhether the certificate is self-signed
keyTypestring (Keytype) requiredThe certificate's key type
Enumrsa-<size>ec-secp256r1ec-secp384r1ec-secp521r1ed-Ed448ed-Ed25519publicKeyThumbprintstring requiredThe certificate's public key thumbprint
modulestring requiredThe certificate's module
holderIdstring requiredThe certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder
subjectAlternateNamesarray of objects (models.certificate.SubjectAlternateName) requiredThe certificate's Subject Alternate Names
Array [
sanTypestring requiredThe type of the SAN
EnumDNSNAMERFC822NAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDvaluestring requiredThe value of the SAN
]
serialstring requiredThe certificate's serial number
signingAlgorithmstring requiredThe certificate's signing algorithm
_idstring requiredInternal ID
revocationDateinteger | nullThe certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked
gradesarray of objects | null (models.certificate.grading.policy.GradingPolicyResult)The certificate's grades for the enabled grading policies
Array [
namestring requiredThe name of the grading policy
gradestring requiredThe grade awarded by the grading policy
]
crlSynchronizedboolean | nullWhether the certificate's revocation status is synchronized with a CRL
discoveredTrustedboolean | nullIf the certificate was discovered and is found to be issued by an existing trusted CA, this field will be set to true. If the certificate was discovered and is not found to be issued by an existing trusted CA, this field will be set to false. If the certificate was not discovered, this field will be null
thirdPartyDataarray of objects | null (models.thirdparty.ThirdPartyItem)The certificate's information about synchronization with Horizon supported third parties
Array [
connectorstring requiredThe third party connector name on which this certificate is synchronized
idstring requiredThe Id of this certificate on the third party
fingerprintstring | nullThe fingerprint of this certificate on the third party
pushDateinteger | nullThe date when the certificate was pushed to this third party
removeDateinteger | nullThe date when the certificate was removed from this third party (in case of revocation)
]
ownerstring | nullThe certificate's owner. This is a reference to a local identity identifier
contactEmailstring | nullThe certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation
profilestring | nullThe certificate's profile
teamstring | nullThe certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications
labelsarray of objects | null (models.certificate.label.LabelData)The certificate's labels
Array [
keystring requiredThe label's name
valuestring requiredThe label's value
]
discoveryInfoarray of objects | null (models.discovery.DiscoveryInfo)A list of metadata containing information on how and when the certificate was discovered
Array [
campaignstring requiredThe discovery campaign's name
lastDiscoveryDateinteger requiredWhen this certificate was discovered for the last time
identifierstring | nullIdentifier of the user that discovered this certificate
]
triggerResultsarray of objects | null (models.trigger.TriggerResult)The result of the execution of triggers on this certificate
Array [
namestring requiredThe name of the trigger that was executed
eventstring requiredThe event that triggered the trigger
Enumon_deny_updateon_cancel_migrateon_pending_renewon_submit_migrateon_cancel_updateon_approve_migrateon_pending_recoveron_pending_enrollon_deny_revokeon_cancel_renewon_submit_recoveron_submit_enrollon_cancel_recoveron_approve_revokeon_pending_updateon_deny_recoveron_approve_renewon_deny_migrateon_revokeon_approve_recoveron_expireon_enrollon_deny_renewon_approve_updateon_recoveron_deny_enrollon_submit_renewon_updateon_approve_enrollon_cancel_enrollon_pending_migrateon_pending_revokeon_submit_updateon_submit_revokeon_migrateon_cancel_revokeon_renewtriggerTypestring requiredThe type of the trigger
Enumawsemailf5clientldappubintunepkcsakvwebhooklastExecutionDateinteger requiredThe last time this trigger was executed for this certificate and this event
statusstring requiredThe status of the trigger after its execution
Enumsuccessfailureretryableboolean requiredIs this trigger manually retryable (can be run)
retriesinteger | nullThe number of remaining tries before the trigger is abandoned
nextExecutionDateinteger | nullThe next scheduled execution time for this trigger
nextDelaystring | nullTime that will be waited between the next and the next+1 execution of this trigger
detailstring | nullContains details on this trigger's execution
]
extensionsarray of objects (models.certificate.extension.CertificateExtension)The certificate's extensions
Array [
keystring requiredThe extension's type
Enumms_sidms_templatevaluestring requiredThe extension's value
]
discoveryDataarray of objects | null (models.discovery.HostDiscoveryData)A list of metadata containing information on where the certificate was discovered
Array [
ipstring | nullThe certificate's host ip
sourcesarray of string | nullInformation on the type of discovery that discovered this certificate
hostnamesarray of string | nullThe certificate's host hostnames (netscan only)
operatingSystemsarray of string | nullThe certificate's host operating system (localscan only)
pathsarray of string | nullThe path to the certificate on the host machine (localscan only)
usagesarray of string | nullThe path of the configuration files that were used to find the certificates
tlsPortsarray of objects | null (models.discovery.TlsPort)The ports on which the certificate is exposed for https connexion
Array [
portinteger requiredThe number of the port
versionstring requiredProtocol version used
]
]
revocationReasonstring | nullThe certificate's revocation reason
EnumUNSPECIFIEDKEYCOMPROMISECACOMPROMISEAFFILIATIONCHANGESUPERSEDEDCESSATIONOFOPERATIONpermissionsobject (models.search.certificate.CertificatePermissions) requiredThe permissions of the currently authenticated principal on the certificate
revokeboolean requiredWhether the principal is authorized to revoke this certificate
requestRevokeboolean requiredWhether the principal is authorized to request revocation of this certificate
updateboolean requiredWhether the principal is authorized to update this certificate
requestUpdateboolean requiredWhether the principal is authorized to request update of this certificate
migrateboolean requiredWhether the principal is authorized to migrate this certificate
requestMigrateboolean requiredWhether the principal is authorized to request migration of this certificate
enrollboolean | nullWhether the principal is authorized to re-enroll this certificate
requestEnrollboolean | nullWhether the principal is authorized to request re-enrollment of this certificate
recoverboolean | nullWhether the principal is authorized to recover this certificate
requestRecoverboolean | nullWhether the principal is authorized to request recovery of this certificate
renewboolean | nullWhether the principal is authorized to renew this certificate
requestRenewboolean | nullWhether the principal is authorized to request renewal of this certificate
-
400 Bad request
application/jsonerrorstring requiredThe error code of the problem
ValueSEC-AUTH-007messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Identity Providertitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Identity Providerdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-008messagestring requiredA short, human-readable summary of the problem type
ValueInvalid redirect pathtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid redirect pathdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
401 Unauthorized request
application/jsonerrorstring requiredThe error code of the problem
ValueSEC-AUTH-002messagestring requiredA short, human-readable summary of the problem type
ValueInvalid credentials or principal does not existtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid credentials or principal does not existdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-009messagestring requiredA short, human-readable summary of the problem type
ValuePrincipal not authenticated or authentication expiredtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValuePrincipal not authenticated or authentication expireddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
403 Unauthorized request
application/jsonerrorstring requiredThe error code of the problem
ValueSEC-PERM-001messagestring requiredA short, human-readable summary of the problem type
ValueInsufficient privilegestitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInsufficient privilegesdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-003messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is not trustedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is not trusteddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-004messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is expiredtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is expireddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-005messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is revokedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is revokeddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-006messagestring requiredA short, human-readable summary of the problem type
ValuePrincipal not authenticated or authentication expiredtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValuePrincipal not authenticated or authentication expireddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueLIC-002messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Licensetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Licensedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueLIC-004messagestring requiredA short, human-readable summary of the problem type
ValueExpired Licensetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueExpired Licensedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
404 Object not found
application/jsonerrorstring requiredThe error code of the problem
ValueCERT-SEARCH-003messagestring requiredA short, human-readable summary of the problem type
ValueCertificate not foundtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate not founddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueCERT-SEARCH-004messagestring requiredA short, human-readable summary of the problem type
ValueCertificate Profile not foundtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate Profile not founddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueTRIG-003messagestring requiredA short, human-readable summary of the problem type
ValueTrigger not foundtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueTrigger not founddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
500 Internal server error
application/jsonerrorstring requiredThe error code of the problem
ValueTRIG-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected Errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected Errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected Errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected Errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueLIC-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807