Retrieve an existing Certificate Authority
Retrieve an existing Certificate Authority based on its name
|
name
string
required |
-
200 The Certificate Authority
application/jsontypestring requiredThe type of Certificate Authority
ValueexternaloutdatedRevocationStatusPolicystring requiredDefined the behavior when the revocation information is not up to date. revoked considers all certificates to be revoked even if they were not revoked on the last know status. unknown considers their status as unknown, and lastavailablestatus will consider them revoked if they were revoked, and valid otherwise
Enumrevokedunknownlastavailablestatusnamestring requiredThe name of the Certificate Authority
trustedForClientAuthenticationboolean requiredIf true, certificates emitted by this Certificate Authority can be used for client authentication on Stream
trustedForServerAuthenticationboolean requiredIf true, certificates emitted by this Certificate Authority can be used for server authentication by Stream
certificateobject (Certificate)dnstring requiredThe certificate's distinguished name
dnElementsarray of object (DN Element) requiredThe distinguished name, with each element being an object
Array [
typestring requiredThe DN element type
EnumCNUIDSERIALNUMBERSURNAMEGIVENNAMEunstructuredAddressunstructuredNameEOUorganizationIdentifierUniqueIdentifierSTREETSTLOCDCvaluestring requiredThe DN Element value
]
issuerDnstring requiredThe DN of this certificate's issuer
serialstring requiredThis certificate's serial number
notBeforeinteger requiredThis certificate's start of validity
notAfterinteger requiredThis certificate's end of validity
keyTypestring requiredThis certificate's keytype
signingAlgorithmstring requiredThs certificate's signing algorithm
pemstring requiredPEM encoded certificate
subjectKeyIdentifierstringThe subject key identifier of this certificate
sansarray of objects (SAN Element)List of this certificate's SANs
Array [
sanTypestring requiredThe type of SAN
EnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDvaluestring requiredThe value of the SAN
]
crldpsarray of stringThis certificate's CRL Distribution Points
aiasobjectThis certificate's Authority Information Access
crtobjectList of URIs on which the Certificate Authority certificate can be found
ocsparray of string | nullList of URIs on which the OCSP Responder of the Certificate Authority can be accessed
crlUrlsarray of string | nullURLs on which to find this Certificate Authority's CRL
refreshstring | nullThe refresh period of this Certificate Authority's CRL
timeoutstring | nullHTTP Request timeouts to fetch this Certificate Authority's CRL
proxystring | nullHTTP Proxy to access this Certificate Authority's CRL
triggersobject | null (TriggersExternalCertificateAuthority)Triggers that apply on events on this CA
onCRLUpdatearray of string | nullName of the triggers to execute when this CA's CRL are updated (manually or via fetch on URL)
onCRLUpdateErrorarray of string | nullName of the triggers to execute when an error occurs when this CA's CRL are updated (manually or via fetch on URL)
onCRLUpdateRecoverarray of string | nullName of the triggers to execute when this CA's CRL are successfully updated when the last status was error
onCRLSyncarray of string | nullName of the triggers to execute when this CA's CRL are synced
onCRLExpirationarray of string | nullName of the triggers to execute when this CA's CRL expire
onCAExpirationarray of string | nullName of the triggers to execute when this CA expires
revokedboolean | nullIf true, the Certificate Authority is revoked
revocationDatestring | nullThe revocation date of this Certificate Authority
revocationReasonstring | null (Revocation Reason)The revocation reason of this Certificate Authority
enableOCSPboolean | nullEnable OCSP on this CA
ocspSignerstring | nullName of the OCSP signer associated with this CA
compromisedboolean | nullDefine this CA as compromised for OCSP responses
archiveCutoffobject (Archive Cutoff)OCSP Archive Cutoff configuration
modestring requiredArchive cutoff mode. issuer uses the CA's expiration date and retention uses the retentionPeriod defined below
EnumissuerretentionretentionPeriodstring | nullretention mode: The time during which the certificate will be kept in retention after expiration
typestring requiredThe type of Certificate Authority
Valuemanagedenrollboolean requiredIf true, this Certificate Authority can emit certificates
enforceKeyUnicityboolean requiredIf true, each enrollment request must have a unique key
namestring requiredThe name of the Certificate Authority
trustedForClientAuthenticationboolean requiredIf true, certificates emitted by this Certificate Authority can be used for client authentication on Stream
trustedForServerAuthenticationboolean requiredIf true, certificates emitted by this Certificate Authority can be used for server authentication by Stream
certificateobject (Certificate)dnstring requiredThe certificate's distinguished name
dnElementsarray of object (DN Element) requiredThe distinguished name, with each element being an object
Array [
typestring requiredThe DN element type
EnumCNUIDSERIALNUMBERSURNAMEGIVENNAMEunstructuredAddressunstructuredNameEOUorganizationIdentifierUniqueIdentifierSTREETSTLOCDCvaluestring requiredThe DN Element value
]
issuerDnstring requiredThe DN of this certificate's issuer
serialstring requiredThis certificate's serial number
notBeforeinteger requiredThis certificate's start of validity
notAfterinteger requiredThis certificate's end of validity
keyTypestring requiredThis certificate's keytype
signingAlgorithmstring requiredThs certificate's signing algorithm
pemstring requiredPEM encoded certificate
subjectKeyIdentifierstringThe subject key identifier of this certificate
sansarray of objects (SAN Element)List of this certificate's SANs
Array [
sanTypestring requiredThe type of SAN
EnumRFC822NAMEDNSNAMEURIIPADDRESSOTHERNAME_UPNOTHERNAME_GUIDREGISTERED_IDvaluestring requiredThe value of the SAN
]
crldpsarray of stringThis certificate's CRL Distribution Points
aiasobjectThis certificate's Authority Information Access
crtobjectList of URIs on which the Certificate Authority certificate can be found
ocsparray of string | nullList of URIs on which the OCSP Responder of the Certificate Authority can be accessed
dnstring | nullThis Certificate Authority's Distinguished Name
queuestring | nullThe queue to apply on this Certificate Authority's operations
crldpsarray of string | nullThe urls of this Certificate Authority's CRL Distribution Points
aiaobject | null (Authority Information Access)AIAs to add to the certificate
certificatearray of string | nullList of URIs on which the Certificate Authority certificate can be found
ocsparray of string | nullList of URIs on which the OCSP Responder of the Certificate Authority can be accessed
policyarray of objects | null (Certificate Policy)This Certificate Authority's Certificate Policies
Array [
oidstring requiredObject Identifier of the Policy
cpsPointerstring | nullURI to a Certification Practice Statement document
organizationstring | nullOrganization of the user notice. Introduced in 2.0.12
noticeNumbersarray of integer | nullNotice numbers of the policy. Introduced in 2.0.12
explicitTextstring | nullThe text of the user notice. Introduced in 2.0.12
]
qcStatementobject | null (Qualified Certificate Statements)The Qualified Certificate Statements to add to the emitted certificates
eTSIQCComplianceboolean requiredIf true, the certificate is a Qualified Certificate
eTSIQCSSCDboolean requiredIf true, the private key of the certificate resides in a Secure Signature Creation Device
eTSIRetentionPeriodinteger requiredThis indicates the duration of the retention period of material information in years
eTSIQCTypeobject requiredThis indicates which type of document can be signed by the certificate. One of eseal, esign, web or none
eTSIPDSobject | nullThe PKI Disclosure Statements URI for a specified language
property name*stringadditional propertyeTSITransactionLimitobject | null (Transaction Limit Statement)This indicates the limits of the transactions the certificate is qualified for. The maximum amount is calculated by: valueLimit * 10^(valueLimitExp)
valueLimitinteger requiredThe maximum amount this certificate is qualified for simplified to the lowest power of 10
valueLimitExpinteger requiredThe exponent of the power of 10 to multiply with valueLimit to get the maximum amount
currencyCodestring requiredThe ISO-4217 currency code for this limit
eTSILegislationarray of string | nullThe alpha-2 ISO-3166 country codes where the certificate is qualified
overridePermissionsobject | null (Override Permissions)This indicates which properties can be overriden in the enrollment request
kuboolean | nullIf true, the Key Usages can be redefined in the enrollment request
ekuboolean | nullIf true, the Extended Key Usages can be redefined in the enrollment request
emptyExtensionsboolean | nullIf true, the Empty Extensions can be redefined in the enrollment request
crldpsboolean | nullIf true, the CRL Distribution Points can be redefined in the enrollment request
aiaboolean | nullIf true, the Authority Information Access can be redefined in the enrollment request
policyboolean | nullIf true, the Certificate Policy can be redefined in the enrollment request
pathlenboolean | nullIf true, the length of the certification path can be redefined in the enrollment request
lifetimeboolean | nullIf true, the certificate's lifetime can be redefined in the enrollment request
backdateboolean | nullIf true, the certificate's backdate can be redefined in the enrollment request
checkPoPboolean | nullIf true, the need to check the proof of possession can be redefined in the enrollment request
crlPolicyobject | null (CRL Generation Policy)Define how to generate the CRL fot his Certificate Authority
validitystring requiredThe duration of the CRL's validity
eidasboolean requiredIf true, the CRL will be EIDAS compliant
hardGenerationstring | nullThe CRL will be generated at each period
lazyGenerationstring | nullThe CRL will be checked at each period and generated if a new entry was added
triggersobject | null (TriggersManagedCertificateAuthority)Triggers that apply on events on this CA
onCRLGenerationarray of string | nullName of the triggers to execute when this CA's CRL are generated (manually or via cron)
onCRLGenerationErrorarray of string | nullName of the triggers to execute when an error occurs when this CA's CRL are generated (manually or via cron)
onCRLGenerationRecoverarray of string | nullName of the triggers to execute when this CA's CRL are successfully generated when the last status was error
onCRLSyncarray of string | nullName of the triggers to execute when this CA's CRL are synced
onCRLExpirationarray of string | nullName of the triggers to execute when this CA's CRL expire
onCAExpirationarray of string | nullName of the triggers to execute when this CA expires
revokedboolean | nullIf true, the Certificate Authority is revoked
revocationDatestring | nullThe revocation date of this Certificate Authority
revocationReasonstring | null (Revocation Reason)The revocation reason of this Certificate Authority
enableOCSPboolean | nullEnable OCSP on this CA
ocspSignerstring | nullName of the OCSP signer associated with this CA
compromisedboolean | nullDefine this CA as compromised for OCSP responses
archiveCutoffobject (Archive Cutoff)OCSP Archive Cutoff configuration
modestring requiredArchive cutoff mode. issuer uses the CA's expiration date and retention uses the retentionPeriod defined below
EnumissuerretentionretentionPeriodstring | nullretention mode: The time during which the certificate will be kept in retention after expiration
altPrivateKeyobject | null (Signer Private Key)This signer's private key
keystorestring requiredThe Keystore in which the key is stored
namestring requiredThe name of the key in the keystore
hashAlgorithmstring | null (Hash Algorithm)The Hash Algorithm to use when signing with this key
EnumSHA1SHA224SHA256SHA384SHA512SHA3_224SHA3_256SHA3_384SHA3_512usePSSboolean | nullFor RSA Keys in PKCS11 Keystores only: use the PSS signature algorithm
privateKeyobject (Signer Private Key)This signer's private key
keystorestring requiredThe Keystore in which the key is stored
namestring requiredThe name of the key in the keystore
hashAlgorithmstring | null (Hash Algorithm)The Hash Algorithm to use when signing with this key
EnumSHA1SHA224SHA256SHA384SHA512SHA3_224SHA3_256SHA3_384SHA3_512usePSSboolean | nullFor RSA Keys in PKCS11 Keystores only: use the PSS signature algorithm
-
401 Unauthorized request
application/problem+jsonerrorstring requiredThe error code of the problem
ValueSEC-AUTH-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-002messagestring requiredA short, human-readable summary of the problem type
ValueInvalid credentials or principal does not existtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid credentials or principal does not existdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-003messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is not trustedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is not trusteddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-004messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is expiredtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is expireddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-005messagestring requiredA short, human-readable summary of the problem type
ValueCertificate is revokedtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate is revokeddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-009messagestring requiredA short, human-readable summary of the problem type
ValueAuthentication expiredtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueAuthentication expireddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-010messagestring requiredA short, human-readable summary of the problem type
ValuePrincipal not authenticated or authentication expiredtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValuePrincipal not authenticated or authentication expireddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
403 Forbidden action
application/problem+jsonerrorstring requiredThe error code of the problem
ValueLIC-001messagestring requiredA short, human-readable summary of the problem type
ValueInvalid Licensetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInvalid Licensedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueLIC-002messagestring requiredA short, human-readable summary of the problem type
ValueExpired Licensetitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueExpired Licensedetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-PERM-001messagestring requiredA short, human-readable summary of the problem type
ValueInsufficient privilegestitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueInsufficient privilegesdetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
404 Not Found
application/problem+jsonerrorstring requiredThe error code of the problem
ValueCA-003messagestring requiredA short, human-readable summary of the problem type
ValueCertificate Authority not foundtitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueCertificate Authority not founddetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
-
500 Internal Server error
application/problem+jsonerrorstring requiredThe error code of the problem
ValueCA-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807
errorstring requiredThe error code of the problem
ValueSEC-AUTH-001messagestring requiredA short, human-readable summary of the problem type
ValueUnexpected errortitlestring requiredA short, human-readable summary of the problem type. In compliance with RFC7807
ValueUnexpected errordetailstring | nullA human-readable explanation specific to this occurrence of the problem. In compliance with RFC7807