Retrieve a certificate by PEM

Retrieve a specific certificate based on its PEM encoded value

Path parameters

pem

string required

The URL encoded PEM encoded value of the certificate

Example -----BEGIN%20CERTIFICATE----- ... -----END%20CERTIFICATE-----

Responses

200 The specified certificate

metadata

array of objects (Certificate Metadata) required

The certificate's technical metadata used internally

Array [

key

string required

The metadata name

Enum pki_connector previous_certificate_id renewed_certificate_id automation_policy gs_order_id metapki_id digicert_id entrust_id scep_transid fcms_id gsatlas_id certeurope_id digicert_order_id

value

string required

The metadata value

]

notAfter

integer required

The certificate's expiration date in milliseconds since the epoch

thumbprint

string required

The certificate's thumbprint

certificate

string required

The certificate's PEM-encoded content

string required

The certificate's Distinguished Name

revoked

boolean required

Whether the certificate is revoked

escrowed

boolean required

Whether the certificate is escrowed

issuer

string required

The certificate's issuer Distinguished Name

notBefore

integer required

The certificate's start date in milliseconds since the epoch

selfSigned

boolean required

Whether the certificate is self-signed

keyType

string (Keytype) required

The certificate's key type

publicKeyThumbprint

string required

The certificate's public key thumbprint

module

string required

The certificate's module

holderId

string required

The certificate's holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder

subjectAlternateNames

array of objects (SubjectAlternateName) required

The certificate's Subject Alternate Names

Array [

sanType

string required

The type of the SAN

Enum RFC822NAME DNSNAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID REGISTERED_ID

value

string required

The value of the SAN

]

serial

string required

The certificate's serial number

signingAlgorithm

string required

The certificate's signing algorithm

_id

string (Internal ID) required

Object internal ID

revocationDate

integer | null

The certificate's revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked

grades

array of objects | null (GradingPolicyResult)

The certificate's grades for the enabled grading policies

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

crlSynchronized

boolean | null

Whether the certificate's revocation status is synchronized with a CRL

discoveredTrusted

boolean | null

If the certificate was discovered and is found to be issued by an existing trusted CA, this field will be set to true. If the certificate was discovered and is not found to be issued by an existing trusted CA, this field will be set to false. If the certificate was not discovered, this field will be null

thirdPartyData

array of objects | null (ThirdPartyItem)

The certificate's information about synchronization with Horizon supported third parties

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

owner

string | null

The certificate's owner. This is a reference to a local identity identifier

contactEmail

string | null

The certificate's contact email. It will be used to send notifications about the certificate's expiration and revocation

profile

string | null

The certificate's profile

team

string | null

The certificate's team. This is a reference to a team identifier. It will be used to determine the certificate's permissions and send notifications

labels

array of objects | null (LabelData)

The certificate's labels

Array [

key

string required

The label's name

value

string required

The label's value

]

discoveryInfo

array of objects | null (DiscoveryInfo)

A list of metadata containing information on how and when the certificate was discovered

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

triggerResults

array of objects | null (TriggerResult)

The result of the execution of triggers on this certificate

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

Enum on_deny_update on_cancel_migrate on_pending_renew on_submit_migrate on_cancel_update on_approve_migrate on_pending_recover on_pending_enroll on_deny_revoke on_cancel_renew on_submit_recover on_submit_enroll on_cancel_recover on_approve_revoke on_pending_update on_deny_recover on_approve_renew on_deny_migrate on_revoke on_approve_recover on_expire on_enroll on_deny_renew on_approve_update on_recover on_deny_enroll on_submit_renew on_update on_approve_enroll on_cancel_enroll on_pending_migrate on_pending_revoke on_submit_update on_submit_revoke on_migrate on_cancel_revoke on_renew

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

extensions

array of objects (CertificateExtension)

The certificate's extensions

Array [

key

string required

The extension's type

Enum ms_sid ms_template

value

string required

The extension's value

]

discoveryData

array of objects | null (HostDiscoveryData)

A list of metadata containing information on where the certificate was discovered

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (TlsPort)

The ports on which the certificate is exposed for https connexion

]

revocationReason

string | null (Revocation Reason)

The certificate's revocation reason

400 Bad request

401 Unauthorized request

403 Unauthorized request

404 Certificate not found

500 Unexpected internal server error

get

/api/v1/certificates/{pem}

{

"metadata":

[ ... ] ,

"notAfter": 1609459200000 ,

"thumbprint": "30f727ea932acc3e7ec4716a7c1d1d571a0b9124afbe1d1d81a205562164c69c" ,

"revocationDate": 0 ,

"certificate": "-----BEGIN CERTIFICATE-----\nMI....\n-----END CERTIFICATE-----" ,

"dn": "CN=Test Certificate,OU=Test,O=Test,L=Test,ST=Test,C=US" ,

"grades":

[ ... ] ,

"revoked": true ,

"escrowed": true ,

"issuer": "CN=Test CA,OU=Test,O=Test,L=Test,ST=Test,C=US" ,

"notBefore": 1609459200000 ,

"crlSynchronized": true ,

"selfSigned": false ,

"discoveredTrusted": true ,

"keyType": "rsa-2048" ,

"thirdPartyData":

[ ... ] ,

"owner": "string" ,

"publicKeyThumbprint": "4d0faebaeaa595aba5fafe6040fa8a2143b019b59a2b25ced3b2fb7393ee10e2" ,

"contactEmail": "[email protected]" ,

"module": "webra" ,

"profile": "DefaultProfile" ,

"team": "string" ,

"holderId": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08" ,

"labels":

[ ... ] ,

"discoveryInfo":

[ ... ] ,

"subjectAlternateNames":

[ ... ] ,

"triggerResults":

[ ... ] ,

"extensions":

[ ... ] ,

"serial": "1" ,

"signingAlgorithm": "SHA256WITHRSA" ,

"discoveryData":

[ ... ] ,

"_id": "6448d56b310000400063f014" ,

"revocationReason": "string"

}