CZERTAINLY Client Operations API (2.13.0)
Download OpenAPI specification:Download
REST API for Client Operations
Issue Certificate
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
Request Body schema: application/jsonrequired
Array of objects (RequestAttributeDto) List of attributes to create CSR. Required if CSR is not provided | |
Array of objects (RequestAttributeDto) List of attributes to sign the CSR | |
request required | string Certificate signing request encoded as Base64 string |
format | string (CertificateRequestFormat) Default: "pkcs10" Enum: "pkcs10" "crmf" Certificate signing request format |
tokenProfileUuid | string <uuid> Token Profile UUID. Required if CSR is not uploaded |
keyUuid | string <uuid> Key UUID. Required if CSR is not uploaded |
required | Array of objects (RequestAttributeDto) List of RA Profile related Attributes to issue Certificate |
Array of objects (RequestAttributeDto) List of Custom Attributes |
Responses
Request samples
- Payload
{- "csrAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "signatureAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "request": "string",
- "format": "pkcs10",
- "tokenProfileUuid": "66f2e24c-4f07-496b-b5c4-6fe8a5e8361a",
- "keyUuid": "a0e39a6c-fae3-43d6-99c3-a3620775a368",
- "attributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "customAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
]
}
Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
{- "certificateData": "string",
- "uuid": "string"
}
Revoke Certificate
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
certificateUuid required | string Certificate UUID |
Request Body schema: application/jsonrequired
reason | string (CertificateRevocationReason) Default: "UNSPECIFIED" Enum: "unspecified" "keyCompromise" "cACompromise" "affiliationChanged" "superseded" "cessationOfOperation" "certificateHold" "privilegeWithdrawn" "aACompromise" Reason for revocation |
required | Array of objects (RequestAttributeDto) List of Attributes to revoke Certificate |
destroyKey | boolean Default: false Destroy Key upon successful revocation |
Responses
Request samples
- Payload
{- "reason": "unspecified",
- "attributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "destroyKey": false
}
Response samples
- 400
- 403
- 404
- 502
- 503
{- "message": "Error message"
}
Renew Certificate
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
certificateUuid required | string Certificate UUID |
Request Body schema: application/jsonrequired
replaceInLocations | boolean Default: false True to replace renewed certificate in the associated locations |
request | string Certificate signing request encoded as Base64 string. If not provided, Existing CSR will be used |
format | string (CertificateRequestFormat) Default: "pkcs10" Enum: "pkcs10" "crmf" Certificate signing request format |
Responses
Request samples
- Payload
{- "replaceInLocations": false,
- "request": "string",
- "format": "pkcs10"
}
Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
{- "certificateData": "string",
- "uuid": "string"
}
Rekey Certificate
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
certificateUuid required | string Certificate UUID |
Request Body schema: application/jsonrequired
replaceInLocations | boolean Default: false True to replace renewed certificate in the associated locations |
request | string Certificate signing request encoded as Base64 string. If not provided, CSR attributes will be used |
format | string (CertificateRequestFormat) Default: "pkcs10" Enum: "pkcs10" "crmf" Certificate signing request format |
keyUuid required | string <uuid> Key UUID |
tokenProfileUuid required | string <uuid> Token Profile UUID |
Array of objects (RequestAttributeDto) Signature Attributes. If not provided, existing attributes will be used to generate the new CSR |
Responses
Request samples
- Payload
{- "replaceInLocations": false,
- "request": "string",
- "format": "pkcs10",
- "keyUuid": "a0e39a6c-fae3-43d6-99c3-a3620775a368",
- "tokenProfileUuid": "66f2e24c-4f07-496b-b5c4-6fe8a5e8361a",
- "signatureAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
]
}
Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
{- "certificateData": "string",
- "uuid": "string"
}
Issue existing certificate with status New
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
certificateUuid required | string Certificate UUID |
Responses
Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
{- "certificateData": "string",
- "uuid": "string"
}
Validate revocation Attributes
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
Request Body schema: application/jsonrequired
uuid required | string UUID of the Attribute |
name required | string Name of the Attribute |
contentType required | string (AttributeContentType) Enum: "string" "text" "integer" "boolean" "float" "date" "time" "datetime" "secret" "file" "credential" "codeblock" "object" Type of the attribute content. |
required | Array of BooleanAttributeContent (object) or CodeBlockAttributeContent (object) or CredentialAttributeContent (object) or DateAttributeContent (object) or DateTimeAttributeContent (object) or FileAttributeContent (object) or FloatAttributeContent (object) or IntegerAttributeContent (object) or ObjectAttributeContent (object) or SecretAttributeContent (object) or StringAttributeContent (object) or TextAttributeContent (object) or TimeAttributeContent (object) (BaseAttributeContentDto) Content of the Attribute |
Responses
Request samples
- Payload
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
]
Response samples
- 400
- 403
- 404
- 502
- 503
{- "message": "Error message"
}
Validate issue Certificate Attributes
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
Request Body schema: application/jsonrequired
uuid required | string UUID of the Attribute |
name required | string Name of the Attribute |
contentType required | string (AttributeContentType) Enum: "string" "text" "integer" "boolean" "float" "date" "time" "datetime" "secret" "file" "credential" "codeblock" "object" Type of the attribute content. |
required | Array of BooleanAttributeContent (object) or CodeBlockAttributeContent (object) or CredentialAttributeContent (object) or DateAttributeContent (object) or DateTimeAttributeContent (object) or FileAttributeContent (object) or FloatAttributeContent (object) or IntegerAttributeContent (object) or ObjectAttributeContent (object) or SecretAttributeContent (object) or StringAttributeContent (object) or TextAttributeContent (object) or TimeAttributeContent (object) (BaseAttributeContentDto) Content of the Attribute |
Responses
Request samples
- Payload
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
]
Response samples
- 400
- 403
- 404
- 422
- 502
- 503
{- "message": "Error message"
}
Get revocation Attributes
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
Responses
Response samples
- 200
- 400
- 403
- 404
- 502
- 503
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "description": "string",
- "type": "data",
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "contentType": "string",
- "properties": {
- "label": "Attribute Name",
- "visible": true,
- "group": "requiredAttributes",
- "required": false,
- "readOnly": false,
- "list": false,
- "multiSelect": false
}, - "constraints": [
- {
- "description": "string",
- "errorMessage": "string",
- "type": "regExp",
- "data": "string"
}
], - "attributeCallback": {
- "callbackContext": "string",
- "callbackMethod": "string",
- "mappings": [
- {
- "from": "string",
- "attributeType": "data",
- "attributeContentType": "string",
- "to": "string",
- "targets": [
- "pathVariable"
], - "value": { }
}
]
}
}
]
Get issue Certificate Attributes
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
Responses
Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "description": "string",
- "type": "data",
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "contentType": "string",
- "properties": {
- "label": "Attribute Name",
- "visible": true,
- "group": "requiredAttributes",
- "required": false,
- "readOnly": false,
- "list": false,
- "multiSelect": false
}, - "constraints": [
- {
- "description": "string",
- "errorMessage": "string",
- "type": "regExp",
- "data": "string"
}
], - "attributeCallback": {
- "callbackContext": "string",
- "callbackMethod": "string",
- "mappings": [
- {
- "from": "string",
- "attributeType": "data",
- "attributeContentType": "string",
- "to": "string",
- "targets": [
- "pathVariable"
], - "value": { }
}
]
}
}
]
Response samples
- 200
- 400
- 403
- 404
- 502
- 503
[- {
- "subjectDN": "string",
- "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "subjectAltName": "string",
- "status": "NEW",
- "username": "string"
}
]
Add End Entity
path Parameters
raProfileName required | string RA Profile name |
Request Body schema: application/jsonrequired
required | object (RaProfileDto) RA profile related to End Entity |
string End Entity email | |
Array of objects (EndEntityExtendedInfoDto) End Entity extension data | |
password required | string End Entity password |
subjectAltName | string End Entity Subject alternative name |
subjectDN required | string End Entity subject domain name |
username required | string End Entity name |
Responses
Request samples
- Payload
{- "raProfile": {
- "uuid": "7b55ge1c-844f-11dc-a8a3-0242ac120002",
- "name": "Name",
- "description": "string",
- "authorityInstanceUuid": "string",
- "authorityInstanceName": "string",
- "legacyAuthority": true,
- "enabled": true,
- "attributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "customAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "enabledProtocols": [
- "string"
]
}, - "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "password": "string",
- "subjectAltName": "string",
- "subjectDN": "string",
- "username": "string"
}
Response samples
- 400
- 403
- 404
- 502
- 503
{- "message": "Error message"
}
Get End Entity information
path Parameters
raProfileName required | string RA Profile name |
username required | string Username |
Responses
Response samples
- 200
- 400
- 403
- 404
- 502
- 503
{- "subjectDN": "string",
- "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "subjectAltName": "string",
- "status": "NEW",
- "username": "string"
}
Edit End Entity
path Parameters
raProfileName required | string RA Profile name |
username required | string Username |
Request Body schema: application/jsonrequired
required | object (RaProfileDto) RA profile related to End Entity |
string End Entity email | |
Array of objects (EndEntityExtendedInfoDto) End Entity extension data | |
password required | string End Entity password |
subjectAltName | string End Entity Subject alternative name |
subjectDN required | string End Entity subject domain name |
status required | string Enum: "NEW" "FAILED" "INITIALIZED" "IN_PROCESS" "GENERATED" "REVOKED" "HISTORICAL" "KEY_RECOVERY" "WAITING_FOR_ADD_APPROVAL" End Entity Subject domain name |
Responses
Request samples
- Payload
{- "raProfile": {
- "uuid": "7b55ge1c-844f-11dc-a8a3-0242ac120002",
- "name": "Name",
- "description": "string",
- "authorityInstanceUuid": "string",
- "authorityInstanceName": "string",
- "legacyAuthority": true,
- "enabled": true,
- "attributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "customAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "enabledProtocols": [
- "string"
]
}, - "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "password": "string",
- "subjectAltName": "string",
- "subjectDN": "string",
- "status": "NEW"
}
Response samples
- 400
- 403
- 404
- 502
- 503
{- "message": "Error message"
}
Revoke Certificate
path Parameters
raProfileName required | string RA Profile name |
Request Body schema: application/jsonrequired
certificateSN required | string Certificate serial number |
issuerDN required | string Issuer domain name |
reason required | string (CertificateRevocationReason) Default: "UNSPECIFIED" Enum: "unspecified" "keyCompromise" "cACompromise" "affiliationChanged" "superseded" "cessationOfOperation" "certificateHold" "privilegeWithdrawn" "aACompromise" Reason for revocation |
Responses
Request samples
- Payload
{- "certificateSN": "string",
- "issuerDN": "string",
- "reason": "unspecified"
}
Response samples
- 400
- 403
- 404
- 502
- 503
{- "message": "Error message"
}
Issue Certificate
path Parameters
raProfileName required | string RA Profile name |
Request Body schema: application/jsonrequired
password required | string End Entity password |
pkcs10 required | string Certificate sign request (PKCS#10) encoded as Base64 string |
username required | string End Entity username |
Responses
Request samples
- Payload
{- "password": "string",
- "pkcs10": "string",
- "username": "string"
}
Response samples
- 200
- 400
- 403
- 404
- 502
- 503
{- "certificateData": "string"
}