CZERTAINLY Client Operations API (2.7.1)
Download OpenAPI specification:Download
REST API for Client Operations
Issue Certificate
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
Request Body schema: application/json
Array of objects (RequestAttributeDto) List of attributes to create CSR. Required if CSR is not provided | |
Array of objects (RequestAttributeDto) List of attributes to sign the CSR | |
| pkcs10 required | string Certificate sign request (PKCS#10) encoded as Base64 string |
| tokenProfileUuid | string <uuid> Token Profile UUID. Required if CSR is not uploaded |
| keyUuid | string <uuid> Key UUID. Required if CSR is not uploaded |
required | Array of objects (RequestAttributeDto) List of RA Profile related Attributes to issue Certificate |
Array of objects (RequestAttributeDto) List of Custom Attributes | |
| uuid | string <uuid> UUID of CSR Entity to be signed |
Responses
Request samples
- Payload
Content type
application/json
{- "csrAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "signatureAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "pkcs10": "string",
- "tokenProfileUuid": "66f2e24c-4f07-496b-b5c4-6fe8a5e8361a",
- "keyUuid": "a0e39a6c-fae3-43d6-99c3-a3620775a368",
- "attributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "customAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
}Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
Content type
application/json
{- "certificateData": "string",
- "uuid": "string"
}Revoke Certificate
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
| certificateUuid required | string Certificate UUID |
Request Body schema: application/json
| reason | string Default: "UNSPECIFIED" Enum: "UNSPECIFIED" "KEY_COMPROMISE" "CA_COMPROMISE" "AFFILIATION_CHANGED" "SUPERSEDED" "CESSATION_OF_OPERATION" "CERTIFICATE_HOLD" "REMOVE_FROM_CRL" "PRIVILEGES_WITHDRAWN" "AA_COMPROMISE" Reason for revocation |
required | Array of objects (RequestAttributeDto) List of Attributes to revoke Certificate |
| destroyKey | boolean Default: false Destroy Key upon successful revocation |
Responses
Request samples
- Payload
Content type
application/json
{- "reason": "UNSPECIFIED",
- "attributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "destroyKey": false
}Response samples
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "message": "Error message"
}Renew Certificate
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
| certificateUuid required | string Certificate UUID |
Request Body schema: application/json
| replaceInLocations | boolean Default: false True to replace renewed certificate in the associated locations |
| pkcs10 | string Certificate sign request (PKCS#10) encoded as Base64 string. If not provided, Existing CSR will be used |
Responses
Request samples
- Payload
Content type
application/json
{- "replaceInLocations": false,
- "pkcs10": "string"
}Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
Content type
application/json
{- "certificateData": "string",
- "uuid": "string"
}Rekey Certificate
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
| certificateUuid required | string Certificate UUID |
Request Body schema: application/json
| replaceInLocations | boolean Default: false True to replace renewed certificate in the associated locations |
| pkcs10 | string Certificate sign request (PKCS#10) encoded as Base64 string. If not provided, CSR attributes will be used |
| keyUuid required | string <uuid> Key UUID |
| tokenProfileUuid required | string <uuid> Token Profile UUID |
Array of objects (RequestAttributeDto) Signature Attributes. If not provided, existing attributes will be used to generate the new CSR |
Responses
Request samples
- Payload
Content type
application/json
{- "replaceInLocations": false,
- "pkcs10": "string",
- "keyUuid": "a0e39a6c-fae3-43d6-99c3-a3620775a368",
- "tokenProfileUuid": "66f2e24c-4f07-496b-b5c4-6fe8a5e8361a",
- "signatureAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
]
}Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
Content type
application/json
{- "certificateData": "string",
- "uuid": "string"
}Validate revocation Attributes
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
Request Body schema: application/json
Array
| uuid | string UUID of the Attribute |
| name required | string Name of the Attribute |
required | Array of BooleanAttributeContent (object) or CodeBlockAttributeContent (object) or CredentialAttributeContent (object) or DateAttributeContent (object) or DateTimeAttributeContent (object) or FileAttributeContent (object) or FloatAttributeContent (object) or IntegerAttributeContent (object) or ObjectAttributeContent (object) or SecretAttributeContent (object) or StringAttributeContent (object) or TextAttributeContent (object) or TimeAttributeContent (object) (BaseAttributeContentDto) Content of the Attribute |
Responses
Request samples
- Payload
Content type
application/json
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
]Response samples
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "message": "Error message"
}Validate issue Certificate Attributes
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
Request Body schema: application/json
Array
| uuid | string UUID of the Attribute |
| name required | string Name of the Attribute |
required | Array of BooleanAttributeContent (object) or CodeBlockAttributeContent (object) or CredentialAttributeContent (object) or DateAttributeContent (object) or DateTimeAttributeContent (object) or FileAttributeContent (object) or FloatAttributeContent (object) or IntegerAttributeContent (object) or ObjectAttributeContent (object) or SecretAttributeContent (object) or StringAttributeContent (object) or TextAttributeContent (object) or TimeAttributeContent (object) (BaseAttributeContentDto) Content of the Attribute |
Responses
Request samples
- Payload
Content type
application/json
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
]Response samples
- 400
- 403
- 404
- 422
- 502
- 503
Content type
application/json
{- "message": "Error message"
}Get revocation Attributes
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
Responses
Response samples
- 200
- 400
- 403
- 404
- 502
- 503
Content type
application/json
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "description": "string",
- "type": "data",
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "contentType": "string",
- "properties": {
- "label": "Attribute Name",
- "visible": true,
- "group": "requiredAttributes",
- "required": false,
- "readOnly": false,
- "list": false,
- "multiSelect": false
}, - "constraints": [
- {
- "description": "string",
- "errorMessage": "string",
- "type": "regExp",
- "data": "string"
}
], - "attributeCallback": {
- "callbackContext": "string",
- "callbackMethod": "string",
- "mappings": [
- {
- "from": "string",
- "attributeType": "data",
- "attributeContentType": "string",
- "to": "string",
- "targets": [
- "pathVariable"
], - "value": { }
}
]
}
}
]Get issue Certificate Attributes
path Parameters
| authorityUuid required | string Authority Instance UUID |
| raProfileUuid required | string RA Profile UUID |
Responses
Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
Content type
application/json
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "description": "string",
- "type": "data",
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "contentType": "string",
- "properties": {
- "label": "Attribute Name",
- "visible": true,
- "group": "requiredAttributes",
- "required": false,
- "readOnly": false,
- "list": false,
- "multiSelect": false
}, - "constraints": [
- {
- "description": "string",
- "errorMessage": "string",
- "type": "regExp",
- "data": "string"
}
], - "attributeCallback": {
- "callbackContext": "string",
- "callbackMethod": "string",
- "mappings": [
- {
- "from": "string",
- "attributeType": "data",
- "attributeContentType": "string",
- "to": "string",
- "targets": [
- "pathVariable"
], - "value": { }
}
]
}
}
]Response samples
- 200
- 400
- 403
- 404
- 502
- 503
Content type
application/json
[- {
- "subjectDN": "string",
- "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "subjectAltName": "string",
- "status": "NEW",
- "username": "string"
}
]Add End Entity
path Parameters
| raProfileName required | string RA Profile name |
Request Body schema: application/json
required | object (RaProfileDto) RA profile related to End Entity |
string End Entity email | |
Array of objects (EndEntityExtendedInfoDto) End Entity extension data | |
| password required | string End Entity password |
| subjectAltName | string End Entity Subject alternative name |
| subjectDN required | string End Entity subject domain name |
| username required | string End Entity name |
Responses
Request samples
- Payload
Content type
application/json
{- "raProfile": {
- "uuid": "7b55ge1c-844f-11dc-a8a3-0242ac120002",
- "name": "Name",
- "description": "string",
- "authorityInstanceUuid": "string",
- "authorityInstanceName": "string",
- "attributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "customAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "enabled": true,
- "enabledProtocols": [
- "string"
]
}, - "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "password": "string",
- "subjectAltName": "string",
- "subjectDN": "string",
- "username": "string"
}Response samples
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "message": "Error message"
}Get End Entity information
path Parameters
| raProfileName required | string RA Profile name |
| username required | string Username |
Responses
Response samples
- 200
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "subjectDN": "string",
- "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "subjectAltName": "string",
- "status": "NEW",
- "username": "string"
}Edit End Entity
path Parameters
| raProfileName required | string RA Profile name |
| username required | string Username |
Request Body schema: application/json
required | object (RaProfileDto) RA profile related to End Entity |
string End Entity email | |
Array of objects (EndEntityExtendedInfoDto) End Entity extension data | |
| password required | string End Entity password |
| subjectAltName | string End Entity Subject alternative name |
| subjectDN required | string End Entity subject domain name |
| status required | string Enum: "NEW" "FAILED" "INITIALIZED" "IN_PROCESS" "GENERATED" "REVOKED" "HISTORICAL" "KEY_RECOVERY" "WAITING_FOR_ADD_APPROVAL" End Entity Subject domain name |
Responses
Request samples
- Payload
Content type
application/json
{- "raProfile": {
- "uuid": "7b55ge1c-844f-11dc-a8a3-0242ac120002",
- "name": "Name",
- "description": "string",
- "authorityInstanceUuid": "string",
- "authorityInstanceName": "string",
- "attributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "customAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "enabled": true,
- "enabledProtocols": [
- "string"
]
}, - "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "password": "string",
- "subjectAltName": "string",
- "subjectDN": "string",
- "status": "NEW"
}Response samples
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "message": "Error message"
}Revoke Certificate
path Parameters
| raProfileName required | string RA Profile name |
Request Body schema: application/json
| certificateSN required | string Certificate serial number |
| issuerDN required | string Issuer domain name |
| reason required | string Enum: "UNSPECIFIED" "KEY_COMPROMISE" "CA_COMPROMISE" "AFFILIATION_CHANGED" "SUPERSEDED" "CESSATION_OF_OPERATION" "CERTIFICATE_HOLD" "REMOVE_FROM_CRL" "PRIVILEGES_WITHDRAWN" "AA_COMPROMISE" Revocation reason |
Responses
Request samples
- Payload
Content type
application/json
{- "certificateSN": "string",
- "issuerDN": "string",
- "reason": "UNSPECIFIED"
}Response samples
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "message": "Error message"
}Issue Certificate
path Parameters
| raProfileName required | string RA Profile name |
Request Body schema: application/json
| password required | string End Entity password |
| pkcs10 required | string Certificate sign request (PKCS#10) encoded as Base64 string |
| username required | string End Entity username |
Responses
Request samples
- Payload
Content type
application/json
{- "password": "string",
- "pkcs10": "string",
- "username": "string"
}Response samples
- 200
- 400
- 403
- 404
- 502
- 503
Content type
application/json
{- "certificateData": "string"
}