CZERTAINLY Client Operations API (2.7.1)
Download OpenAPI specification:Download
REST API for Client Operations
Issue Certificate
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
Request Body schema: application/json
Array of objects (RequestAttributeDto) List of attributes to create CSR. Required if CSR is not provided | |
Array of objects (RequestAttributeDto) List of attributes to sign the CSR | |
pkcs10 required | string Certificate sign request (PKCS#10) encoded as Base64 string |
tokenProfileUuid | string <uuid> Token Profile UUID. Required if CSR is not uploaded |
keyUuid | string <uuid> Key UUID. Required if CSR is not uploaded |
required | Array of objects (RequestAttributeDto) List of RA Profile related Attributes to issue Certificate |
Array of objects (RequestAttributeDto) List of Custom Attributes | |
uuid | string <uuid> UUID of CSR Entity to be signed |
Responses
Request samples
- Payload
{- "csrAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "signatureAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "pkcs10": "string",
- "tokenProfileUuid": "66f2e24c-4f07-496b-b5c4-6fe8a5e8361a",
- "keyUuid": "a0e39a6c-fae3-43d6-99c3-a3620775a368",
- "attributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "customAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f"
}
Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
{- "certificateData": "string",
- "uuid": "string"
}
Revoke Certificate
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
certificateUuid required | string Certificate UUID |
Request Body schema: application/json
reason | string Default: "UNSPECIFIED" Enum: "UNSPECIFIED" "KEY_COMPROMISE" "CA_COMPROMISE" "AFFILIATION_CHANGED" "SUPERSEDED" "CESSATION_OF_OPERATION" "CERTIFICATE_HOLD" "REMOVE_FROM_CRL" "PRIVILEGES_WITHDRAWN" "AA_COMPROMISE" Reason for revocation |
required | Array of objects (RequestAttributeDto) List of Attributes to revoke Certificate |
destroyKey | boolean Default: false Destroy Key upon successful revocation |
Responses
Request samples
- Payload
{- "reason": "UNSPECIFIED",
- "attributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "destroyKey": false
}
Response samples
- 400
- 403
- 404
- 502
- 503
{- "message": "Error message"
}
Renew Certificate
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
certificateUuid required | string Certificate UUID |
Request Body schema: application/json
replaceInLocations | boolean Default: false True to replace renewed certificate in the associated locations |
pkcs10 | string Certificate sign request (PKCS#10) encoded as Base64 string. If not provided, Existing CSR will be used |
Responses
Request samples
- Payload
{- "replaceInLocations": false,
- "pkcs10": "string"
}
Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
{- "certificateData": "string",
- "uuid": "string"
}
Rekey Certificate
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
certificateUuid required | string Certificate UUID |
Request Body schema: application/json
replaceInLocations | boolean Default: false True to replace renewed certificate in the associated locations |
pkcs10 | string Certificate sign request (PKCS#10) encoded as Base64 string. If not provided, CSR attributes will be used |
keyUuid required | string <uuid> Key UUID |
tokenProfileUuid required | string <uuid> Token Profile UUID |
Array of objects (RequestAttributeDto) Signature Attributes. If not provided, existing attributes will be used to generate the new CSR |
Responses
Request samples
- Payload
{- "replaceInLocations": false,
- "pkcs10": "string",
- "keyUuid": "a0e39a6c-fae3-43d6-99c3-a3620775a368",
- "tokenProfileUuid": "66f2e24c-4f07-496b-b5c4-6fe8a5e8361a",
- "signatureAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
]
}
Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
{- "certificateData": "string",
- "uuid": "string"
}
Validate revocation Attributes
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
Request Body schema: application/json
uuid | string UUID of the Attribute |
name required | string Name of the Attribute |
required | Array of BooleanAttributeContent (object) or CodeBlockAttributeContent (object) or CredentialAttributeContent (object) or DateAttributeContent (object) or DateTimeAttributeContent (object) or FileAttributeContent (object) or FloatAttributeContent (object) or IntegerAttributeContent (object) or ObjectAttributeContent (object) or SecretAttributeContent (object) or StringAttributeContent (object) or TextAttributeContent (object) or TimeAttributeContent (object) (BaseAttributeContentDto) Content of the Attribute |
Responses
Request samples
- Payload
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
]
Response samples
- 400
- 403
- 404
- 502
- 503
{- "message": "Error message"
}
Validate issue Certificate Attributes
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
Request Body schema: application/json
uuid | string UUID of the Attribute |
name required | string Name of the Attribute |
required | Array of BooleanAttributeContent (object) or CodeBlockAttributeContent (object) or CredentialAttributeContent (object) or DateAttributeContent (object) or DateTimeAttributeContent (object) or FileAttributeContent (object) or FloatAttributeContent (object) or IntegerAttributeContent (object) or ObjectAttributeContent (object) or SecretAttributeContent (object) or StringAttributeContent (object) or TextAttributeContent (object) or TimeAttributeContent (object) (BaseAttributeContentDto) Content of the Attribute |
Responses
Request samples
- Payload
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
]
Response samples
- 400
- 403
- 404
- 422
- 502
- 503
{- "message": "Error message"
}
Get revocation Attributes
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
Responses
Response samples
- 200
- 400
- 403
- 404
- 502
- 503
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "description": "string",
- "type": "data",
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "contentType": "string",
- "properties": {
- "label": "Attribute Name",
- "visible": true,
- "group": "requiredAttributes",
- "required": false,
- "readOnly": false,
- "list": false,
- "multiSelect": false
}, - "constraints": [
- {
- "description": "string",
- "errorMessage": "string",
- "type": "regExp",
- "data": "string"
}
], - "attributeCallback": {
- "callbackContext": "string",
- "callbackMethod": "string",
- "mappings": [
- {
- "from": "string",
- "attributeType": "data",
- "attributeContentType": "string",
- "to": "string",
- "targets": [
- "pathVariable"
], - "value": { }
}
]
}
}
]
Get issue Certificate Attributes
path Parameters
authorityUuid required | string Authority Instance UUID |
raProfileUuid required | string RA Profile UUID |
Responses
Response samples
- 200
- 400
- 403
- 404
- 422
- 502
- 503
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "description": "string",
- "type": "data",
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "contentType": "string",
- "properties": {
- "label": "Attribute Name",
- "visible": true,
- "group": "requiredAttributes",
- "required": false,
- "readOnly": false,
- "list": false,
- "multiSelect": false
}, - "constraints": [
- {
- "description": "string",
- "errorMessage": "string",
- "type": "regExp",
- "data": "string"
}
], - "attributeCallback": {
- "callbackContext": "string",
- "callbackMethod": "string",
- "mappings": [
- {
- "from": "string",
- "attributeType": "data",
- "attributeContentType": "string",
- "to": "string",
- "targets": [
- "pathVariable"
], - "value": { }
}
]
}
}
]
Response samples
- 200
- 400
- 403
- 404
- 502
- 503
[- {
- "subjectDN": "string",
- "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "subjectAltName": "string",
- "status": "NEW",
- "username": "string"
}
]
Add End Entity
path Parameters
raProfileName required | string RA Profile name |
Request Body schema: application/json
required | object (RaProfileDto) RA profile related to End Entity |
string End Entity email | |
Array of objects (EndEntityExtendedInfoDto) End Entity extension data | |
password required | string End Entity password |
subjectAltName | string End Entity Subject alternative name |
subjectDN required | string End Entity subject domain name |
username required | string End Entity name |
Responses
Request samples
- Payload
{- "raProfile": {
- "uuid": "7b55ge1c-844f-11dc-a8a3-0242ac120002",
- "name": "Name",
- "description": "string",
- "authorityInstanceUuid": "string",
- "authorityInstanceName": "string",
- "attributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "customAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "enabled": true,
- "enabledProtocols": [
- "string"
]
}, - "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "password": "string",
- "subjectAltName": "string",
- "subjectDN": "string",
- "username": "string"
}
Response samples
- 400
- 403
- 404
- 502
- 503
{- "message": "Error message"
}
Get End Entity information
path Parameters
raProfileName required | string RA Profile name |
username required | string Username |
Responses
Response samples
- 200
- 400
- 403
- 404
- 502
- 503
{- "subjectDN": "string",
- "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "subjectAltName": "string",
- "status": "NEW",
- "username": "string"
}
Edit End Entity
path Parameters
raProfileName required | string RA Profile name |
username required | string Username |
Request Body schema: application/json
required | object (RaProfileDto) RA profile related to End Entity |
string End Entity email | |
Array of objects (EndEntityExtendedInfoDto) End Entity extension data | |
password required | string End Entity password |
subjectAltName | string End Entity Subject alternative name |
subjectDN required | string End Entity subject domain name |
status required | string Enum: "NEW" "FAILED" "INITIALIZED" "IN_PROCESS" "GENERATED" "REVOKED" "HISTORICAL" "KEY_RECOVERY" "WAITING_FOR_ADD_APPROVAL" End Entity Subject domain name |
Responses
Request samples
- Payload
{- "raProfile": {
- "uuid": "7b55ge1c-844f-11dc-a8a3-0242ac120002",
- "name": "Name",
- "description": "string",
- "authorityInstanceUuid": "string",
- "authorityInstanceName": "string",
- "attributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "customAttributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "label": "Attribute Name",
- "type": "data",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
], - "enabled": true,
- "enabledProtocols": [
- "string"
]
}, - "email": "string",
- "extensionData": [
- {
- "name": "string",
- "value": "string"
}
], - "password": "string",
- "subjectAltName": "string",
- "subjectDN": "string",
- "status": "NEW"
}
Response samples
- 400
- 403
- 404
- 502
- 503
{- "message": "Error message"
}
Revoke Certificate
path Parameters
raProfileName required | string RA Profile name |
Request Body schema: application/json
certificateSN required | string Certificate serial number |
issuerDN required | string Issuer domain name |
reason required | string Enum: "UNSPECIFIED" "KEY_COMPROMISE" "CA_COMPROMISE" "AFFILIATION_CHANGED" "SUPERSEDED" "CESSATION_OF_OPERATION" "CERTIFICATE_HOLD" "REMOVE_FROM_CRL" "PRIVILEGES_WITHDRAWN" "AA_COMPROMISE" Revocation reason |
Responses
Request samples
- Payload
{- "certificateSN": "string",
- "issuerDN": "string",
- "reason": "UNSPECIFIED"
}
Response samples
- 400
- 403
- 404
- 502
- 503
{- "message": "Error message"
}
Issue Certificate
path Parameters
raProfileName required | string RA Profile name |
Request Body schema: application/json
password required | string End Entity password |
pkcs10 required | string Certificate sign request (PKCS#10) encoded as Base64 string |
username required | string End Entity username |
Responses
Request samples
- Payload
{- "password": "string",
- "pkcs10": "string",
- "username": "string"
}
Response samples
- 200
- 400
- 403
- 404
- 502
- 503
{- "certificateData": "string"
}