Enroll a certificate

Body required

application/json

Certificate enrollment request

string required

The Certificate Authority name on which to enroll the certificate

csr

string required

The PEM-encoded CSR of the certificate to enroll

template

object (EnrollmentRequestTemplate) required

The template of the certificate. Requested extensions can be modified if this was allowed in template configuration.

name

string required

Name of the template to enroll on

object | null (Key Usage)

Criticality and values of the Key Usages to add to the certificate

eku

object | null (Extended Key Usages)

Criticality and values of the Extended Key Usages to add to the certificate

emptyExtensions

array of string | null

Extensions that have no value to add to the certificate

crldps

array of string | null

List of CRL Distribution Points URI to add to the certificate

aia

object | null (Authority Information Access)

AIAs to add to the certificate

policy

object | null (Certificate Policy)

Certificate Policy to add to the certificate

pathLen

integer | null

Length of the path to the root Certificate Authority to add to the certificate

lifetime

string | null

Lifetime of the certificate to enroll

backdate

string | null

Time to substract to current time to set the notBefore of the certificate to enroll

checkPoP

boolean | null

If true, check that the CSR signature matches the CSR Public Key

dataFrom

string | null (DataFrom)

This defines which information source the certificate should use: api uses information from the json request body alone : dn, dnElements, sans and extensions, csr uses information from the csr only, apicsr uses information from the json request body and fallbacks on the csr if the information is not explicitly defined

Enum api csr apicsr

string | null

The certificate's Distinguished Name in standard form. This has precedence over building the DN using dnElements

dnElements

array of objects | null (Indexed Distinguished Name Element)

Elements to build the certificate's distinguished name. This can be overriden in the same request by the dn property

Array [

element

string required

The type and index of the element

value

string | null

The value of the element. Not setting this value means the value should not exist in the certificate

]

sans

array of objects | null (Certificate SAN Element)

Elements to build the certificate's Subject Alternate Names

Array [

element

string required

The type of the Subject Alternate Name

Enum ipaddress uri othername_upn dnsname othername_guid rfc822name registered_id

values

array of string required

List of values of the Subject Alternate Name. An empty list means the SAN should not be in the certificate

]

extensions

array of objects | null (Certificate Extension Element)

Elements to build the certificate's Extensions

Array [

type

string required

The type of the extension

Enum ms_sid ms_template

value

string | null

The value of the extension. Not setting this value means the extension should not be in the certificate

]

Responses

201 Certificate successfully enrolled

string (Internal ID) required

Object internal ID

string required

Name of the Certificate Authority the certificate is enrolled on

certificate

string required

The PEM of the certificate

string required

The Distinguished Name of the certificate

serial

string required

The serial number of the certificate

issuer

string required

The Distinguished Name of the issuer of the certificate

notBefore

string required

The start of the validity period of the certificate

notAfter

string required

The end of the validity period of the certificate

publicKeyThumbprint

string required

The thumbprint of the public key of the certificate

revoked

boolean required

If true, the certificate is revoked

template

string | null

Name of the Template the certificate is enrolled on

revocationDate

string | null

The revocation date of the certificate

revocationReason

string | null (Revocation Reason)

The revocation reason of the certificate

400 Bad Request

401 Unauthorized request

403 Forbidden action

404 Not Found

500 Internal Server error

post

/api/v1/lifecycle/enroll

{

"ca": "IssuingCA" ,

"csr": "-----BEGIN CSR----- ..." ,

"template":

{ ... } ,

"dataFrom": "api" ,

"dn": "CN=Common Name One,OU=Some Ou" ,

"dnElements":

[ ... ] ,

"sans":

[ ... ] ,

"extensions":

[ ... ]

}