Overview
The Sectigo Certificate Manager (SCM) REST API allows for the automation of many tasks normally done via the SCM UI. This includes:
-
issuance and management of SSL, client and device certificates
-
domain management
-
organization management
-
person management
-
discovery
-
reporting
-
ACME enrollment endpoints
-
network and MS agent management
-
admin management
Requests to the SCM REST API are performed as an administrator so all results will be filtered based on the administrator’s role and privileges.
HTTP verbs
This API tries to adhere as closely as possible to standard HTTP and REST conventions in its use of HTTP verbs.
| Verb | Usage |
|---|---|
|
Used to retrieve a resource |
|
Used to create a new resource |
|
Used to update an existing resource, including partial updates |
|
Used to delete an existing resource |
HTTP status codes
This API tries to adhere as closely as possible to standard HTTP and REST conventions in its use of HTTP status codes.
| Status code | Usage |
|---|---|
|
The request completed successfully |
|
A new resource has been created successfully. The resource’s URI is available from the response’s
|
|
An update to an existing resource has been applied successfully |
|
The request was malformed. The response body will include an error providing further information |
|
The requested resource did not exist |
Authorization
All API methods require HTTP headers for authentication. In addition, some API methods require certificate authentication as well. There are three authentication styles used by the API methods.
User Login via Password
Most API methods use this authentication style.
The required HTTP headers are:
| Header name | Description |
|---|---|
|
User login name |
|
User password |
|
Customer URI part |
User Login via Certificate
This can be used for all API methods except the APIs requiring Developer Login and is required by some APIs. In addition to the HTTP headers described below, the requests must have 'private' suffix in the URL, i.e. https://cert-manager.com/private/api/ssl/v1/types.
The required HTTP headers are:
| Header name | Description |
|---|---|
|
User login name |
|
Customer URI part |
Developer Login
Some APIs require this authentication style since a developer doesn’t need a user account. The required HTTP headers are:
| Header name | Description |
|---|---|
|
Developer email address |
|
Developer password |
|
Customer URI part |
Errors
Whenever an error response (status code >= 400) is returned, the body will contain a JSON object that describes the problem. The error object has the following structure:
| Path | Type | Description |
|---|---|---|
|
Number |
The error code |
|
String |
Error message |
For example, a request that attempts to access resource with bad credentials will produce a
401 Unauthorized response:
HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 41
{"code":-16,"description":"Unknown user"}Possible values for JSON object fields include:
| Error code | Error message |
|---|---|
-1 |
Unknown error. |
-2 |
Internal error. Please contact Support for details. |
-3 |
You are not authorized to perform {0}. |
-7 |
{0} is required but missing. |
-9 |
Unknown notification type: {0} |
-9 |
The CSR is not valid Base-64 data! |
-10 |
Error while decoding CSR. |
-11 |
The CSR uses an unsupported algorithm! |
-13 |
The CSR uses an unsupported key size! |
-14 |
Unknown error. |
-25 |
You are not authorized to execute {0} |
-35 |
The Server type is invalid! |
-36 |
The validity period (term) is invalid for this certificate profile. |
-37 |
Access denied. |
-39 |
{0} |
-39 |
The certificate profile id is invalid! |
-43 |
Internal error while decrypting. |
-44 |
Error while generating key pair with open SSL |
-62 |
Missing mandatory custom field! |
-62 |
Invalid IP address {0} |
-64 |
Optional field 'name' is invalid! |
-65 |
Internal error {0}. Please contact Support for details. |
-76 |
KU/EKU template is not allowed for customer. |
-78 |
The public key is invalid or not supported. |
-102 |
Only issued certificates could be revoked. |
-103 |
Certificate has not been collected yet. |
-105 |
Person not found. |
-105 |
Error was occurred while renewing cert. Status = {0} |
-107 |
Domain Control Validation is either incomplete or expired for {0}. Please complete it before requesting a certificate. |
-109 |
Certificate is not available now, please try again later. |
-110 |
Certificate has been revoked and cannot be downloaded. |
-111 |
No certificate profile found by id {0} |
-123 |
SSL Certificate to renew is invalid (null) |
-124 |
Wrong SSL certificate id {0}. |
-126 |
Unknown SSL certificate file format requested: {0} |
-129 |
Connection error while applying certificate. |
-130 |
SSL state is not ''ISSUED'': {0} |
-131 |
Custom fields limit exceeded for customer. |
-134 |
Custom field has to have unique name. |
-135 |
Custom field cannot be found. |
-138 |
Invalid CSR. |
-140 |
CSR decoding temporarily unavailable. Please try again later. |
-141 |
The public key size in the CSR should be {0} bits minimum. |
-159 |
Your certificate already revoked |
-159 |
Custom fields limit has been exceeded for this customer. Only {0} custom fields or fewer are allowed. |
-160 |
You can''t create fields with the same name - {0}! |
-164 |
Certificate cannot be enrolled for a Local Domain and/or Private IP for a validity period exceeding {0}. |
-166 |
Entered data doesn''t match the certificate or no valid certificate found |
-169 |
Certificate is not available, please contact administrator. |
-170 |
Based on the customer configuration, ECC CSRs are not allowed. |
-172 |
The Client Certificate Profile is invalid! |
-176 |
Updating is not possible. List of your Client Certificate Profile was changed by super admin. |
-180 |
This SSL Certificate Profile doesn''t allow renew |
-181 |
Anchor Certificate details do not match to your request. |
-183 |
Certificate is not collectable. |
-184 |
Object has no available customized Client Certificate Profile. |
-185 |
Customized Client Certificate Profile: {0} has no available terms. |
-188 |
This user have already reached the maximum allowed number of valid certificates: {0} |
-194 |
The CSR uses an unsupported key size. |
-195 |
CA is not available now. Please try again later. |
-196 |
Connection error while retrieving DCV email list. |
-213 |
Old password is incorrect |
-219 |
Cannot change the role of the only {0} user. |
-220 |
Password can''t be the same. |
-221 |
Please select at least one Organization/Department for each selected role |
-222 |
Please select roles for the same level |
-223 |
Please select only one Organization/Department for each selected role |
-226 |
This Admin account does not have privileges required to manage ''{0}'' <org>. |
-233 |
You have no privilege to create this admin user. |
-234 |
You have no privilege to modify the privileges of this admin. |
-237 |
Client Admin''s Email is invalid |
-249 |
You cannot update this client admin which has already been deleted. |
-253 |
You have no privilege to modify the role of this admin. |
-255 |
Privilege "Allow DCV" can''t be added to non SSL admins. |
-256 |
You have no privilege to assign DCV privileges. |
-303 |
The range is too wide. Maximum of {0} public ip-port pairs and {1} private ip-port pairs per scan are allowed. |
-304 |
Incorrect format CIDR. |
-305 |
The range of ip-port pairs is too wide. |
-306 |
Domain name {0} exceeds {1} characters limit. |
-410 |
Customer {0} cannot be found. |
-429 |
Customer {0} does not have a login name for CA. |
-500 |
Person name cannot be empty |
-507 |
You can''t change organization for this person.<br> Key escrow of its level has been enabled for either current organization/department or target organization/department. |
-508 |
New person. Please specify name |
-518 |
Unknown email address |
-524 |
You have no privilege to modify the email of this person. |
-607 |
Available Agent(s) are not configured to scan the specified private range(s). |
-615 |
To scan, you must first enter at least one range parameter. |
-618 |
Discovery is currently running. Please try again later. |
-637 |
Available Agent(s) are not configured to scan the specified public range(s). |
-639 |
Supplied orgid invalid.. |
-700 |
Such domain already exists |
-705 |
This operation cannot be performed as the delegation status is other than ‘‘Requested’’. |
-707 |
This domain delegation request has already been deleted. |
-709 |
Please delegate domain to at least one organization or department. |
-711 |
Domain can''t be delegated to deleted organization. |
-712 |
The domain name should be at least {0} characters in length. |
-713 |
The domain name should be at most {0} characters in length. |
-714 |
The domain name should have at least {0} dots. |
-715 |
The domain ''{0}'' is inactive. |
-723 |
<Something> is not a high-level domain. Only high-level domains can be validated. |
-724 |
The request for ''{0}'' cannot be processed since it''s domain validation status is {1}. |
-727 |
The domain ''{0}'' does not exist. |
-728 |
One or more delegations have been changed by another administrator. Your changes will be ignored. |
-731 |
You do not have sufficient privileges to modify the name of this domain. |
-732 |
Invalid domain name. |
-737 |
The domain(s): {0} are not validated! Please perform the DCV process for them before proceed. |
-738 |
Access denied. You are not allowed to perform the {0} operation on this domain. |
-740 |
This operation cannot be performed due to SSL certificates enrolled for this domain or its subdomains. |
-741 |
Access denied due to a DRAO’s request that has not been approved for domain {0}. Force domain creation is disabled. |
-834 |
The changes of Client Certificate Profile settings will cause the following departments have <br> no available customized Client Certificate Profile, or customized Client Certificate Profiles have no available term or default term: {0} |
-840 |
The changes of Client Certificate Profile settings will cause the under levels have <br> no available customized Client Certificate Profile, or customized Client Certificate Profiles have no available term or default term. |
-843 |
SSL certificate of this type cannot be requested due to ‘{0}’ validation status of the selected organization. |
-951 |
'At least one of the following fields must be filled in: {0}. |
-970 |
Incorrect login credentials. |
-976 |
New password must be between {0} and 32 characters. |
-977 |
New password length must be 32 characters. |
-982 |
New password must not contain Login. |
-1010 |
Domain ''{0}'' is not allowed. |
-1021 |
This operation cannot be performed for Organization ''{0}''. |
-1023 |
Organization ''{0}'' not found. |
-1104 |
Invalid order number {0} |
-1108 |
No valid client certificates found for {0}. |
-1112 |
Certificate can''t be approved cause it has state = {0} |
-1113 |
{0} certificate is not ready to be applied. Current certificate state is {1}. |
-1117 |
The SSL is null. |
-1137 |
The domain(s) {0} have not been validated under the DCV procedure. |
-1138 |
Error while checking size of public key in CSR. |
-1140 |
Since you are a requester of this certificate you can''t approve it. For EV certificates the requester and the approver must not be the same person. |
-1144 |
SSL certificate id: {0} must be re-discovered due to migration need. We are sorry for inconvenience. |
-1148 |
Replace is forbidden for autoinstalled certificates. |
-1400 |
The request is being processed by Sectigo. |
-1450 |
Unsupported certificate format specified: {0} |
-1601 |
Field ''{0}'' has invalid value. |
-1603 |
Error while validating the domain {0} |
-1608 |
DCV is not enabled for this customer. |
-3114 |
This {0} was modified or deleted by another user. |
-3115 |
This {0} was modified or deleted by another user. Please refresh data. |
-3301 |
Invalid scan range: {0} |
-5001 |
You don' t have access to Organization assigned to the Rule |
-5002 |
Assignment rules cannot be empty. |
-5003 |
Cannot delete. An assignment rule has been assigned to the Net Discovery Tasks {0} |
-5101 |
Certificate not found. {0} |
-5109 |
Device Certificate Profile not found. |
Date formatting
The dateFormat parameter allows you to specify the format in which date and time values are serialized in the API responses. You can pass either the name of an enum or the format string associated with an enum from the following list.
Supported Date Formats
| Description | Parameter name | Format | Example |
|---|---|---|---|
ISO 8601 (International Standard) |
ISO |
|
2024-07-10 |
ISO_HMS |
yyyy-MM-dd’T’HH:mm:ss.SSS’Z' |
2024-07-10T14:30:00.000Z |
|
European Format (Day-Month-Year) |
EU |
dd.MM.yyyy |
10.07.2024 |
EU_HMS |
dd.MM.yyyy HH:mm:ss |
10.07.2024 14:30:00 |
|
US Format (Month-Day-Year) |
US |
MM/dd/yyyy |
07/10/2024 |
US_HMS |
MM/dd/yyyy HH:mm:ss |
07/10/2024 14:30:00 |
|
UK Format (Day-Month-Year with Slashes) |
UK |
dd/MM/yyyy |
10/07/2024 |
UK_HMS |
dd/MM/yyyy HH:mm:ss |
10/07/2024 14:30:00 |
|
Japan Format (Year-Month-Day) |
JP |
yyyy/MM/dd |
2024/07/10 |
JP_HMS |
yyyy/MM/dd HH:mm:ss |
2024/07/10 14:30:00 |
Usage
It is possible to use the dateFormat in two case-independent ways:
-
Parameter name
Example
GET /api/resource?dateFormat=eu
or
GET /api/resource?dateFormat=EU
-
Format
Example
GET /api/resource?dateFormat=dd.mm.yyyy
or
GET /api/resource?dateFormat=dd.MM.yyyy
API reference
SSL Certificates
Used to perform operations on SSL certificates. SSL certificates are identified by an ID field, usually known as sslId in this API.
SSL helper APIs
List SSL certificate profiles
List SSL certificate profiles, previously known as a certificate type. An enrollment request will require the certificate profile be specified.
Query parameters
| Parameter | Description |
|---|---|
|
Filter by Organization ID (optional) |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/types?organizationId=8955' -i -X GET \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer325' \
-H 'password: Password123!' \
-H 'customerUri: cst325'Response fields
| Path | Type | Description |
|---|---|---|
|
|
An array of available SSL Certificate Profiles |
|
|
Certificate Profile ID |
|
|
Certificate Profile name |
|
|
Use secondary Organization name |
|
|
Certificate Profile description |
|
|
Terms (in days) available for the Certificate Profile |
|
|
Key types available for the Certificate Profile |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 225
[ {
"id" : 5170,
"name" : "SSL SASP 250598066",
"description" : "Description for SSL SASP 250598066",
"terms" : [ 365 ],
"keyTypes" : {
"RSA" : [ "1024", "2048", "4096" ]
},
"useSecondaryOrgName" : false
} ]List SSL certificate custom fields
List SSL certificate custom fields. An enrollment require will require all mandatory custom fields be specified.
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/customFields' -i -X GET \
-H 'login: admin_customer337' \
-H 'password: Password123!' \
-H 'customerUri: cst337' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
An array of custom fields |
|
|
Custom field ID |
|
|
Custom field name |
|
|
Is field mandatory |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 65
[ {
"id" : 354,
"name" : "testName",
"mandatory" : true
} ]SSL certificate Locations
List SSL certificate locations
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/887/location' -i -X GET \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer654' \
-H 'password: Password123!' \
-H 'customerUri: cst654'Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of SSL Certificate Locations |
|
|
Location ID |
|
|
Location Type |
|
|
Location Name (optional) |
|
|
Location Details |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 211
[ {
"id" : 158,
"locationType" : "CUSTOM",
"name" : "",
"details" : {
"IP" : "1.1.1.1"
}
}, {
"id" : 159,
"locationType" : "CUSTOM",
"name" : "",
"details" : {
"alias" : "value"
}
} ]Create custom location for SSL certificate
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
details |
Object |
Location details in key-value format that should be applied. |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/876/location' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer547' \
-H 'password: Password123!' \
-H 'customerUri: cst547' \
-d '{
"details" : {
"Server" : "Apache"
}
}'Response headers
| Name | Description |
|---|---|
|
URL location of the created certificate location entity |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/ssl/v1/876/location/155Get details of SSL certificate’s custom location
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
|
Location ID |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/886/location/157' -i -X GET \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer644' \
-H 'password: Password123!' \
-H 'customerUri: cst644'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Location ID |
|
|
Location Type |
|
|
Location Name (optional) |
|
|
Location Details |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 102
{
"id" : 157,
"locationType" : "CUSTOM",
"name" : "",
"details" : {
"IP" : "1.1.1.1"
}
}Update SSL certificate’s custom location
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
|
Location ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
details |
Object |
Location details in key-value format that should be applied. |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/916/location/160' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer892' \
-H 'password: Password123!' \
-H 'customerUri: cst892' \
-d '{
"details" : {
"Server" : "Apache"
}
}'Example response
HTTP/1.1 200 OKDelete SSL certificate’s custom location
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
|
Location ID |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/878/location/156' -i -X DELETE \
-H 'login: admin_customer563' \
-H 'password: Password123!' \
-H 'customerUri: cst563'Example response
HTTP/1.1 204 No ContentView SSL certificates
List SSL certificates
List all SSL certificates that match the requested filter.
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
the first position (entry) to return from the results of the query |
|
Filter by Common Name |
|
Filter by Subject Alternative Name |
|
Filter by status. Possible values: ', 'Invalid', 'Requested', 'Approved', 'Declined', 'Applied', 'Issued', 'Revoked', 'Expired', 'Replaced', 'Rejected', 'Unmanaged' - deprecated, result will be empty, 'SAApproved', 'Init'' |
|
Filter by Certificate Profile ID |
|
Filter by discovery status. Possible values: 'NotDeployed', 'Deployed' (deprecated, see "requestedVia"). |
|
Filter by Vendor |
|
Filter by Organization ID |
|
Filter by Install status. Possible values: 'NONE', 'NOT_STARTED', 'KEY_PROCESSING', 'KEY_READY', 'CERT_PROCESSING', 'SCHEDULED', 'INSTALLING', 'ACTION_REQUIRED', 'READY_FOR_INSTALL', 'NEED_SERVER_RESTART', 'COMPLETED', 'INVALID' |
|
Filter by Renewal status. Possible values: 'NOT_SCHEDULED', 'SCHEDULED', 'STARTED', 'SUCCESSFUL', 'FAILED' |
|
Filter by Issuer |
|
Filter by Serial Number |
|
Filter by Requester |
|
Filter by External Requester |
|
Filter by Signature Algorithm |
|
Filter by Key Algorithm |
|
Filter by Key Size filter (deprecated, see "keyParam") |
|
Filter by Key Size / Curve Name |
|
Filter by SHA1 Hash |
|
Filter by MD5 Hash |
|
Filter by SHA256 Hash |
|
Filter by Key Usage |
|
Filter by Extended Key Usage |
|
Filter by Requested Via. Possible values: 'WEB_FORM', 'CLIENT_ADMIN', 'API', 'DISCOVERY', 'IMPORTED', 'SCEP', 'CD_AGENT', 'MS_AGENT', 'MS_CA', 'BULK_REQUEST', 'ACME', 'EST', 'REST' |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1' -i -X GET \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer782' \
-H 'password: Password123!' \
-H 'customerUri: cst782'Response headers
| Name | Description |
|---|---|
|
Contains total number of SSL certificates available according to the filtering applied |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of requested ssls |
|
|
SSL ID |
|
|
SSL Common Name |
|
|
SSL Subject Alternative Names |
|
|
SSL Serial Number |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json;charset=UTF-8
Content-Length: 53
[ {
"sslId" : 905,
"commonName" : "ccmqa.com"
} ]Count SSL certificates
Count all SSL certificates that match the requested filter.
Query parameters
| Parameter | Description |
|---|---|
|
Common Name |
|
Subject Alternative Name |
|
Filter by Status. Possible values: ', 'Invalid', 'Requested', 'Approved', 'Declined', 'Applied', 'Issued', 'Revoked', 'Expired', 'Replaced', 'Rejected', 'Unmanaged' - deprecated, result will be empty, 'SAApproved', 'Init'' |
|
Filter by certificate Profile ID |
|
Filter by discovery status. Possible values: 'NotDeployed', 'Deployed' (deprecated, see "requestedVia"). |
|
Filter by Vendor |
|
Filter by Organization ID |
|
Filter by Install status. Possible values: 'NONE', 'NOT_STARTED', 'KEY_PROCESSING', 'KEY_READY', 'CERT_PROCESSING', 'SCHEDULED', 'INSTALLING', 'ACTION_REQUIRED', 'READY_FOR_INSTALL', 'NEED_SERVER_RESTART', 'COMPLETED', 'INVALID' |
|
Filter by Renewal status. Possible values: 'NOT_SCHEDULED', 'SCHEDULED', 'STARTED', 'SUCCESSFUL', 'FAILED' |
|
Filter by Issuer |
|
Filter by Serial Number |
|
Filter by Requester |
|
Filter by External Requester |
|
Filter by Signature Algorithm |
|
Filter by Key Algorithm |
|
Filter by Key Size filter (deprecated, see "keyParam") |
|
Filter by Key Size / Curve Name |
|
Filter by SHA1 Hash |
|
Filter by MD5 Hash |
|
Filter by Key Usage |
|
Filter by Extended Key Usage |
|
Filter by Requested Via. Possible values: 'WEB_FORM', 'CLIENT_ADMIN', 'API', 'DISCOVERY', 'IMPORTED', 'SCEP', 'CD_AGENT', 'MS_AGENT', 'MS_CA', 'BULK_REQUEST', 'ACME', 'EST', 'REST' |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1' -i -X HEAD \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer457' \
-H 'password: Password123!' \
-H 'customerUri: cst457'Response headers
| Name | Description |
|---|---|
|
Contains total number of SSL certificates available according to the filtering applied |
Example response
HTTP/1.1 200 OK
X-Total-Count: 42Get SSL certificate details
Get SSL certificate details.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID. |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/811' -i -X GET \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer239' \
-H 'password: Password123!' \
-H 'customerUri: cst239'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Certificate common name |
|
|
An ID using which this certificate can be renewed or revoked through Enrollment form. Deprecated. Use 'id' instead |
|
|
An ID using which this certificate can be renewed or revoked through Enrollment form |
|
|
An organization which this certificate is associated with |
|
|
The status of this certificate |
|
|
The obsolete parameter for the order identifier under which the certificate request has been processed. backendCertId should be used instead |
|
|
Certificate ID in enrolling backend |
|
|
The name of the issuing CA |
|
|
Information about Certificate Profile this certificate was enrolled from |
|
|
Certificate Profile ID |
|
|
Use secondary organization name |
|
|
Certificate Profile name |
|
|
Certificate Profile description |
|
|
Terms (in days) available for the Certificate Profile |
|
|
Key types available for the Certificate Profile |
|
|
SSL Subtype, available only for managed certificates. Deprecated, will be removed in favor of validationType |
|
|
Validation type, available only for managed certificates |
|
|
Term (days) |
|
|
The approver of the request for this certificate |
|
|
The approver ID of the request for this certificate |
|
|
Requester |
|
|
The Requester ID, when available |
|
|
Requested Via. Possible values: 'Enrollment Form', 'Client Admin', 'Web API', 'Discovery', 'Imported', 'SCEP', 'CD Agent', 'MS Agent', 'MS CA', 'Bulk Request', 'ACME', 'EST', 'REST API' |
|
|
External Requester, when available |
|
|
Comments |
|
|
Requested date |
|
|
Approved date |
|
|
Issued date |
|
|
Declined date |
|
|
Expiration date |
|
|
Replaced date |
|
|
Revocation date |
|
|
Revocation reason code provided on revoke to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
|
|
Renewal indicator |
|
|
Renewal date |
|
|
SSL Serial Number |
|
|
Signature Algorithm |
|
|
Key algorithm (deprecated, see "keyType") |
|
|
Key size (deprecated, see "keyType") |
|
|
Key type. For example: RSA - 2048, EC - P-256. |
|
|
Key Usages |
|
|
Extended Key Usages |
|
|
Subject alternative names |
|
|
Custom fields |
|
|
Custom field name |
|
|
Custom field value. For input type 'DATE' format is yyyy-MM-dd |
|
|
Certificate details |
|
|
The subject of the issuing CA certificate |
|
|
The subject of CA certificate |
|
|
The subject alternative names of the issuing CA certificate |
|
|
The MD5 fingerprint of CA certificate |
|
|
The SHA1 fingerprint of CA certificate |
|
|
The SHA256 fingerprint of CA certificate |
|
|
Certificate signing request details |
|
|
Certificate signing request (Base64-encoded) |
|
|
The MD5 hash of CSR |
|
|
The SHA1 hash of CSR |
|
|
The SHA256 hash of CSR |
|
|
Auto-Installation Information |
|
|
Auto-Installation state |
|
|
Auto-Installation nodes (planned or already installed to) |
|
|
Node name |
|
|
Node port |
|
|
Auto-Renewal Information |
|
|
Auto-Renewal state |
|
|
Days before expiration to start auto-renewal |
|
|
Suspend Notifications for the certificate |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 2643
{
"commonName" : "ccmqa.com",
"sslId" : 811,
"id" : 811,
"orgId" : 8928,
"status" : "Issued",
"orderNumber" : 7344326,
"backendCertId" : "7344326",
"vendor" : "Vendor",
"certType" : {
"id" : 5149,
"name" : "SSL SASP -1896578395",
"description" : "Description for SSL SASP -1896578395",
"terms" : [ 365 ],
"keyTypes" : {
"RSA" : [ "1024", "2048", "4096" ]
},
"useSecondaryOrgName" : false
},
"validationType" : "Organization Validation (OV)",
"term" : 365,
"owner" : "client-admin-244 client-admin-244",
"ownerId" : 10024,
"requester" : "242_nobody@nobody.sectigo.com",
"requestedVia" : "Enrollment Form",
"comments" : "some comments",
"requested" : "12/04/2025",
"expires" : "12/04/2026",
"renewed" : false,
"serialNumber" : "00:0::11::2:2::33",
"keyAlgorithm" : "RSA",
"keySize" : 2048,
"keyType" : "RSA - 2048",
"subjectAlternativeNames" : [ "ccmqa.com" ],
"customFields" : [ {
"name" : "name1",
"value" : "value1"
} ],
"certificateDetails" : {
"issuer" : "issuer",
"sha1Hash" : "AAABBBCCC",
"sha256Hash" : "7fbdaa891e461c286ecce7a92a8fb7fa89a5ce0cef813b3fd4b221c69b38388a"
},
"autoInstallDetails" : {
"state" : "Not configured"
},
"autoRenewDetails" : {
"state" : "Not scheduled"
},
"suspendNotifications" : false,
"csrDetails" : {
"sha1Hash" : "6AC55092352B0AF128E959EF83550B207CA48CBE",
"md5Hash" : "4E380094C3B3B40C69203451D32E78D3",
"sha256Hash" : "7A16100AAE509FE98CE5AC6D6F04AC81151A1EB4B2324F07D2BDCDB6D02452D2",
"csr" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICyTCCAbECAQAwgYMxCzAJBgNVBAYTAlVBMQ8wDQYDVQQIDAZPZGVzc2ExDzAN\nBgNVBAcMBk9kZXNzYTERMA8GA1UECgwIQWR2YW5jZWQxCzAJBgNVBAsMAklUMRIw\nEAYDVQQDDAljY21xYS5jb20xHjAcBgkqhkiG9w0BCQEWD25teXphQGNjbXFhLmNv\nbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZo0lPzCqBVu03qHJa\np2wbOyN8kvdkU2VRj+GaF2APgrQps/sepvhyralxa9w5WD5KyoXhnM+7DPCsqDxK\nkxsBjEliLQqXwmoiai0A2DMmjWCoSMopzNTIORLPn8GaWFJSEtCa+9D1EXD2UZjS\nY/8MN0fEAIqaXFUrfW3cqW/QUjZH0mlJumUqQjtZY0DnAQsCxxZUlsHCkKEHuEQu\n5WhY8ys1/RANaoJmRh2xZuFMOZ71kLkwi5fvReqxjkRRHwG9cYDyurTNYmjkaICN\n/hqUwk9VKkW0G5ol8t0xau8RuHdDHi5Wb/R6+d/G+8/kn0BoOqseABih1+FYs+Ws\nK8UCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQA15aWRLayIuUZmPhdrpJXQAtrw\nAoeYYwp5hvaTLwZBWEg5n+ZhH5SaSCpt+53QW3+jiT8jTsPKAqyvgSQI0MVi8o5J\nJhig6pPHGSKbfxmvmfSwxK4F9W2GNVcdICX+Js0BB5UXsZB4k1gTRr1VdICNiCDc\nDZAC0+HhkZSU9StD43T9ac3gZIfEEepX9WBx9QbBASbUZ1ziSBfGKA7vnQHbC9lT\nphLa2SvCSozmG36vYMV+Ak5YWnrp2c1Jhcd8PE0TIW6yPT+D6UvcZWb+KHfw2KAH\nVXPNFSgSZkMzFBMQJH9UcfyvPX5+7qXakxAhLS/zKOg7Y601cRg5/Eqa0Z59\n-----END CERTIFICATE REQUEST-----"
}
}Get SSL certificate DCV details
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/885/dcv' -i -X GET \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer636' \
-H 'password: Password123!' \
-H 'customerUri: cst636'Response fields
| Path | Type | Description |
|---|---|---|
|
|
DCV Log |
|
|
Error details |
|
|
Error code |
|
|
Error description |
|
|
DCV Log |
|
|
Domain Name |
|
|
DCV Status |
|
|
DCV Method |
|
|
DCV DNS TXT record expiration |
|
|
DCV Date |
|
|
Last check |
|
|
Next check |
|
|
EMAIL DCV reference number |
|
|
DCV Instructions |
|
|
Domain Name |
|
|
DCV Mode |
|
|
DNS DCV host part |
|
|
DNS DCV point part |
|
|
HTTP/S DCV file url |
|
|
HTTP/S DCV file content |
|
|
EMAIL DCV admin contact email |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 588
{
"dcvLog" : {
"error" : {
"code" : 0,
"description" : null
},
"log" : [ {
"domainName" : "ccmqa.com",
"dcvStatus" : "Awaiting Validation",
"dcvMethod" : "CNAME_CSR_HASH",
"lastCheck" : "2025-12-04 07:48:44",
"nextCheck" : "2025-12-04 08:48:44",
"dcvEmailRefNumber" : 1
} ]
},
"instructions" : [ {
"domainName" : "ccmqa.com",
"dcvMode" : "CNAME",
"host" : "_4E380094C3B3B40C69203451D32E78D3.ccmqa.com.",
"point" : "7A16100AAE509FE98CE5AC6D6F04AC81.151A1EB4B2324F07D2BDCDB6D02452D2.sectigo.com."
} ]
}Recheck SSL certificate DCV details
Initiate recheck of SSL certificate DCV details on CA.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/909/dcv/recheck' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer832' \
-H 'password: Password123!' \
-H 'customerUri: cst832'Example response
HTTP/1.1 202 AcceptedEnroll SSL certificate
Request SSL certificate
Submit request for a new SSL certificate.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
orgId |
Number |
Organization ID |
|
csr |
String |
Certificate signing request |
'Must match the regular expression |
subjAltNames |
String |
Subject alternative names (comma separated) |
|
certType |
Number |
Certificate Profile ID |
|
term |
Number |
Certificate validity period in days |
'Must be at least 1' |
comments |
String |
Comments for enroll request |
'Maximum length is 1024 characters or can be empty' |
customFields[] |
Array |
Custom fields to be applied to requested certificate. Must contain mandatory custom fields. |
|
customFields[].name |
String |
Name of an enabled custom field. |
[] |
customFields[].value |
String |
Value of the custom field. |
[] |
externalRequester |
String |
External Requester. Acceptable format: 'email@domain.com' or 'email1@domain.com, email2@domain.com' |
'Maximum length is 512 characters or can be empty' |
dcvMode |
String |
DCV validation mode. Possible values: [CNAME, EMAIL, HTTP, HTTPS, TXT]. Required in case of disabled DCV pre-validation. |
|
dcvEmail |
String |
DCV validation email. Required in case of EMAIL DCV mode. |
'Must be a well-formed email address' |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/enroll' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer255' \
-H 'password: Password123!' \
-H 'customerUri: cst255' \
-d '{
"orgId" : 8932,
"subjAltNames" : "ccmqa.com",
"certType" : 5153,
"term" : 365,
"comments" : "test",
"externalRequester" : "",
"customFields" : [ {
"name" : "custom field",
"value" : "custom field value"
} ],
"dcvMode" : "EMAIL",
"dcvEmail" : "admin@ccmqa.com",
"csr" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICyTCCAbECAQAwgYMxCzAJBgNVBAYTAlVBMQ8wDQYDVQQIDAZPZGVzc2ExDzAN\nBgNVBAcMBk9kZXNzYTERMA8GA1UECgwIQWR2YW5jZWQxCzAJBgNVBAsMAklUMRIw\nEAYDVQQDDAljY21xYS5jb20xHjAcBgkqhkiG9w0BCQEWD25teXphQGNjbXFhLmNv\nbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZo0lPzCqBVu03qHJa\np2wbOyN8kvdkU2VRj+GaF2APgrQps/sepvhyralxa9w5WD5KyoXhnM+7DPCsqDxK\nkxsBjEliLQqXwmoiai0A2DMmjWCoSMopzNTIORLPn8GaWFJSEtCa+9D1EXD2UZjS\nY/8MN0fEAIqaXFUrfW3cqW/QUjZH0mlJumUqQjtZY0DnAQsCxxZUlsHCkKEHuEQu\n5WhY8ys1/RANaoJmRh2xZuFMOZ71kLkwi5fvReqxjkRRHwG9cYDyurTNYmjkaICN\n/hqUwk9VKkW0G5ol8t0xau8RuHdDHi5Wb/R6+d/G+8/kn0BoOqseABih1+FYs+Ws\nK8UCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQA15aWRLayIuUZmPhdrpJXQAtrw\nAoeYYwp5hvaTLwZBWEg5n+ZhH5SaSCpt+53QW3+jiT8jTsPKAqyvgSQI0MVi8o5J\nJhig6pPHGSKbfxmvmfSwxK4F9W2GNVcdICX+Js0BB5UXsZB4k1gTRr1VdICNiCDc\nDZAC0+HhkZSU9StD43T9ac3gZIfEEepX9WBx9QbBASbUZ1ziSBfGKA7vnQHbC9lT\nphLa2SvCSozmG36vYMV+Ak5YWnrp2c1Jhcd8PE0TIW6yPT+D6UvcZWb+KHfw2KAH\nVXPNFSgSZkMzFBMQJH9UcfyvPX5+7qXakxAhLS/zKOg7Y601cRg5/Eqa0Z59\n-----END CERTIFICATE REQUEST-----"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Renew id |
|
|
SSL id |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 57
{
"sslId" : 812,
"renewId" : "kmITfPf3Gx8mqmK5D66L"
}Request SSL certificate with Private Key Agent
Submit request for a new SSL certificate with generated keypair. Private key will be generated on the Private Key Agent.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
orgId |
Number |
Organization ID |
|
commonName |
String |
Certificate common name |
'Must not be null,Size must be between 1 and 64 inclusive' |
subjAltNames |
String |
Subject alternative names (comma separated) |
|
certType |
Number |
Certificate Profile ID |
|
term |
Number |
Certificate validity period in days |
'Must be at least 1' |
comments |
String |
Comments for enroll request |
'Maximum length is 1024 characters or can be empty' |
algorithm |
String |
Keypair algorithm |
Possible values: RSA, EC |
keySize |
Number |
Keypair key size (deprecated, see "keyParam") |
Applied only in case keypair algorithm is specified. |
keyParam |
String |
Keypair key size (for RSA) or curve name (for EC) |
Applied only in case keypair algorithm is specified. |
customFields[] |
Array |
Custom fields to be applied to requested certificate. Must contain mandatory custom fields. |
|
customFields[].name |
String |
Name of an enabled custom field. |
[] |
customFields[].value |
String |
Value of the custom field. |
[] |
externalRequester |
String |
External Requester. Acceptable format: 'email@domain.com' or 'email1@domain.com, email2@domain.com' |
'Maximum length is 512 characters or can be empty' |
keyGenerationMethod |
String |
Key generation method |
Possible values: [PK_AGENT, AZURE_KEY_VAULT] |
passPhrase |
String |
Password to protect PKCS#12 certificate.(Only for Private Key agent key generation) |
'Size must be between 8 and 64 inclusive' |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/enroll-keygen' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer281' \
-H 'password: Password123!' \
-H 'customerUri: cst281' \
-d '{
"orgId" : 8940,
"subjAltNames" : "ccmqa.com",
"certType" : 5169,
"term" : 365,
"comments" : "test",
"externalRequester" : "",
"customFields" : [ {
"name" : "custom field",
"value" : "custom field value"
} ],
"commonName" : "ccmqa.com",
"passPhrase" : "password",
"keySize" : 2048,
"keyParam" : "2048",
"algorithm" : "RSA",
"keyGenerationMethod" : "PK_AGENT"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Renew id |
|
|
SSL id |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 57
{
"sslId" : 816,
"renewId" : "Sd6x8kQmKpRs-X2OgF4j"
}Request SSL certificate with Azure KeyVault
Submit request for a new SSL certificate with generated keypair. Private key will be generated in Azure KeyVault.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
orgId |
Number |
Organization ID |
|
commonName |
String |
Certificate common name |
'Must not be null,Size must be between 1 and 64 inclusive' |
subjAltNames |
String |
Subject alternative names (comma separated) |
|
certType |
Number |
Certificate Profile ID |
|
term |
Number |
Certificate validity period in days |
'Must be at least 1' |
comments |
String |
Comments for enroll request |
'Maximum length is 1024 characters or can be empty' |
algorithm |
String |
Keypair algorithm |
Possible values: RSA, EC |
keySize |
Number |
Keypair key size (deprecated, see "keyParam") |
Applied only in case keypair algorithm is specified. |
keyParam |
String |
Keypair key size (for RSA) or curve name (for EC) |
Applied only in case keypair algorithm is specified. |
customFields[] |
Array |
Custom fields to be applied to requested certificate. Must contain mandatory custom fields. |
|
customFields[].name |
String |
Name of an enabled custom field. |
[] |
customFields[].value |
String |
Value of the custom field. |
[] |
externalRequester |
String |
External Requester. Acceptable format: 'email@domain.com' or 'email1@domain.com, email2@domain.com' |
'Maximum length is 512 characters or can be empty' |
keyGenerationMethod |
String |
Key generation method |
Possible values: [PK_AGENT, AZURE_KEY_VAULT] |
azureKeyVault |
Object |
Azure Key Vault settings |
|
azureKeyVault.azureAccountId |
Number |
Azure Account ID |
|
azureKeyVault.vaultKey |
String |
Vault Key |
|
reuseKey |
Boolean |
Reuse key from Azure Key Vault |
|
exportableKey |
Boolean |
Exportable key from Azure Key Vault (only for non HSM vaults) |
|
hsmOnly |
Boolean |
HSM only key from Azure Key Vault |
|
dcvMode |
String |
DCV validation mode. Possible values: [CNAME, EMAIL, HTTP, HTTPS, TXT]. Required in case of disabled DCV pre-validation. |
|
dcvEmail |
String |
DCV validation email. Required in case of EMAIL DCV mode. |
'Must be a well-formed email address' |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/enroll-keygen' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer275' \
-H 'password: Password123!' \
-H 'customerUri: cst275' \
-d '{
"orgId" : 8938,
"subjAltNames" : "ccmqa.com",
"certType" : 5168,
"term" : 365,
"comments" : "test",
"externalRequester" : "",
"customFields" : [ {
"name" : "custom field",
"value" : "custom field value"
} ],
"dcvMode" : null,
"dcvEmail" : null,
"commonName" : "ccmqa.com",
"keySize" : 2048,
"keyParam" : "2048",
"algorithm" : "RSA",
"keyGenerationMethod" : "AZURE_KEY_VAULT",
"azureKeyVault" : {
"azureAccountId" : 206,
"vaultKey" : "/subscriptions/dde65984-58b0-4495-bfb6-76b08f0681d7/resourceGroups/testResourceGroup/providers/Microsoft.KeyVault/vaults/name2-kv"
},
"reuseKey" : false,
"exportableKey" : false,
"hsmOnly" : false
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Renew id |
|
|
SSL id |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 57
{
"sslId" : 815,
"renewId" : "LpgBustdKUfk8pjfoOBe"
}Collect SSL certificate
Download issued SSL certificate.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID. |
Query parameters
| Parameter | Description |
|---|---|
|
Format type for certificate. Allowed values: 'x509' - for Certificate (w/ chain), PEM encoded, 'x509CO' - for Certificate only, PEM encoded, 'base64' - for PKCS#7, PEM encoded, 'bin' - for PKCS#7, 'x509IO' - for Root/Intermediate(s) only, PEM encoded, 'x509IOR' - for Intermediate(s)/Root only, PEM encoded, 'pem' - for Certificate (w/ chain), PEM encoded, 'pemco' - for Certificate only, PEM encoded, 'pemia' - for Certificate (w/ issuer after), PEM encoded, 'x509R' - for Certificate (w/ chain), PEM encoded. base64 is default. |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/collect/807?format=base64' -i -X GET \
-H 'login: admin_customer207' \
-H 'password: Password123!' \
-H 'customerUri: cst207'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream;charset=UTF-8
Content-Length: 7411
Content-Disposition: attachment; filename="test.cert"
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
0fKtirOMxyHNwu8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF9TCCA92gAwIBAgIQHaJIMG+bJhjQguCWfTPTajANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjB8MQswCQYDVQQGEwJHQjEbMBkGA1UE
CBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQK
Ew9TZWN0aWdvIExpbWl0ZWQxJDAiBgNVBAMTG1NlY3RpZ28gUlNBIENvZGUgU2ln
bmluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIYijTKFehif
SfCWL2MIHi3cfJ8Uz+MmtiVmKUCGVEZ0MWLFEO2yhyemmcuVMMBW9aR1xqkOUGKl
UZEQauBLYq798PgYrKf/7i4zIPoMGYmobHutAMNhodxpZW0fbieW15dRhqb0J+V8
aouVHltg1X7XFpKcAC9o95ftanK+ODtj3o+/bkxBXRIgCFnoOc2P0tbPBrRXBbZO
oT5Xax+YvMRi1hsLjcdmG0qfnYHEckC14l/vC0X/o84Xpi1VsLewvFRqnbyNVlPG
8Lp5UEks9wO5/i9lNfIi6iwHr0bZ+UYc3Ix8cSjz/qfGFN1VkW6KEQ3fBiSVfQ+n
oXw62oY1YdMCAwEAAaOCAWQwggFgMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvA
nfKyA2bLMB0GA1UdDgQWBBQO4TqoUzox1Yq+wbutZxoDha00DjAOBgNVHQ8BAf8E
BAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAwYI
KwYBBQUHAwgwEQYDVR0gBAowCDAGBgRVHSAAMFAGA1UdHwRJMEcwRaBDoEGGP2h0
dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u
QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6
Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl
BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B
AQwFAAOCAgEATWNQ7Uc0SmGk295qKoyb8QAAHh1iezrXMsL2s+Bjs/thAIiaG20Q
BwRPvrjqiXgi6w9G7PNGXkBGiRL0C3danCpBOvzW9Ovn9xWVM8Ohgyi33i/klPeF
M4MtSkBIv5rCT0qxjyT0s4E307dksKYjalloUkJf/wTr4XRleQj1qZPea3FAmZa6
ePG5yOLDCBaxq2NayBWAbXReSnV+pbjDbLXP30p5h1zHQE1jNfYw08+1Cg4LBH+g
S667o6XQhACTPlNdNKUANWlsvp8gJRANGftQkGG+OY96jk32nw4e/gdREmaDJhlI
lc5KycF/8zoFm/lv34h/wCOe0h5DekUxwZxNqfBZslkZ6GqNKQQCd3xLS81wvjqy
VVp4Pry7bwMQJXcVNIr5NsxDkuS6T/FikyglVyn7URnHoSVAaoRXxrKdsbwcCtp8
Z359LukoTBh+xHsxQXGaSynsCz1XUNLK3f2eBVHlRHjdAd6xdZgNVCT98E7j4viD
vXK6yz067vBeF5Jobchh+abxKgoLpbn0nu6YMgWFnuv5gynTxix9vTp3Los3QqBq
gu07SqqUEKThDfgXxbZaeTMYkuO1dfih6Y4KJR7kHvGfWocj/5+kUZ77OYARzdu1
xKeogG/lU9Tg46LC0lsa+jImLWpXcBw8pFguo/NbSwfcMlnzh6cabVg=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIRAKicluNCIKrVY1IbC+37vhUwDQYJKoZIhvcNAQELBQAw
fDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSQwIgYDVQQD
ExtTZWN0aWdvIFJTQSBDb2RlIFNpZ25pbmcgQ0EwHhcNMTkwNjEzMDAwMDAwWhcN
MjEwNjEyMjM1OTU5WjB7MQswCQYDVQQGEwJDQTEOMAwGA1UEEQwFNTU1MjYxDjAM
BgNVBAgMBUlkYWhvMQ8wDQYDVQQHDAZLYW5hdGExEzARBgNVBAkMCjE5ODggbWFy
Y2gxEjAQBgNVBAoMCXRlc3QgY3JvcDESMBAGA1UEAwwJdGVzdCBjcm9wMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6A5w8ndXAWk8+6Zx+84FRiIX+B6t
xiKp1MHk7YA90mUdoU6nX/nqZErAtLMCr3C8x1nDlKZRvpMQIZhAT30orTm2TQXE
jOD5zIpxgG0YtQEyGRcpdehviwl+IkdWltgZe4adghJKUWEKfCvnWJrnK81ppcuA
xla4A1uLXYV7PoZIDi527xZK12SC9hxKYOHlcJ/od+NsUv114KFUTGe/EGuV9TQj
/VBOeObbfeAoOJvDNSso5EXKOu/WtEdiDZ5+2oUFz4lyzQyTtUA4cikClOfd2xBD
DvmfuoPhPj+1UsdqSDbE5xS3O8eIU9rnzVAbWe7YKe7+UBq8Sg2HUqJm2QIDAQAB
o4IBhjCCAYIwHwYDVR0jBBgwFoAUDuE6qFM6MdWKvsG7rWcaA4WtNA4wHQYDVR0O
BBYEFNpOBbcvZE5tFiSfOs1nwjjWXWtIMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMB
Af8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMBEGCWCGSAGG+EIBAQQEAwIEEDBA
BgNVHSAEOTA3MDUGDCsGAQQBsjEBAgEDAjAlMCMGCCsGAQUFBwIBFhdodHRwczov
L3NlY3RpZ28uY29tL0NQUzBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnNl
Y3RpZ28uY29tL1NlY3RpZ29SU0FDb2RlU2lnbmluZ0NBLmNybDBzBggrBgEFBQcB
AQRnMGUwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGln
b1JTQUNvZGVTaWduaW5nQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5z
ZWN0aWdvLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAAAECAwQFBgcICQoLDA0ODxAR
EhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BB
QkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3Bx
cnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6Ch
oqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR
0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+/w==
-----END CERTIFICATE-----Download private key from Private Key Agent
Generation of a link to download private key from Private Key Agent.
Path parameters
| Parameter | Description |
|---|---|
|
SSL ID for which the link will be generated. |
|
Parameter to specify download format: key only or entire certificate. Possible values: 'key' - for Private Key, Base64 encoded, 'p12' - for PKCS#12, Base64 encoded, 'p12aes' - for Certificate and Private Key, PKCS#12, 'jks' - for Certificate and Private Key, Java Key Store, 'pem' - for Certificate and Private Key, Encrypted PEM, |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
passphrase |
String |
Passphrase to protect certificate with private key. |
Must comply to organization password policy. [Maximum length is 32 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/keystore/881/p12' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer601' \
-H 'password: Password123!' \
-H 'customerUri: cst601' \
-H 'Accept: application/json' \
-d '{
"passphrase" : "123"
}'Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 110
{
"link" : "https://{private_key_agent_host_name}/download?token=9STOEPH57C84UOME35RFR165QI&keyformat=p12"
}Approve SSL certificate
Approve a SSL certificate request that needs approval.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
message |
String |
Short message containing accompanying information for certificate approval action |
[Must not be empty, Size must be between 1 and 512 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/approve/833' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer449' \
-H 'password: Password123!' \
-H 'customerUri: cst449' \
-d '{
"message" : "test"
}'Example response
HTTP/1.1 204 No ContentDecline SSL certificate
Decline a SSL certificate request.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
message |
String |
Short message containing accompanying information for certificate declining action |
[Must not be empty, Size must be between 1 and 512 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/decline/877' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer555' \
-H 'password: Password123!' \
-H 'customerUri: cst555' \
-d '{
"message" : "test"
}'Example response
HTTP/1.1 204 No ContentManage SSL certificate
Update SSL certificate details
Update SSL certificate.
| You can update only certificate fields listed in the table below. Organization ID, Certificate Profile ID, Term, Common name, CSR, SANs can be edited if a certificate state is one of: Requested, Declined, Rejected, Invalid |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
sslId |
Number |
Certificate ID |
[Must be at least 1, Must not be null] |
term |
Number |
Term (days) |
[Must be at least 1] |
certTypeId |
Number |
Certificate Profile ID |
[Must be at least 1] |
orgId |
Number |
Organization ID |
[Must be at least 1] |
commonName |
String |
Certificate common name |
[] |
csr |
String |
Certificate signing request |
[Must match the regular expression |
externalRequester |
String |
External requester emails, comma-separated |
[] |
comments |
String |
Comments |
[Maximum length is 1024 characters or can be empty] |
subjectAlternativeNames |
Array |
Subject alternative names |
[] |
customFields |
Array |
Custom fields |
[] |
customFields[].name |
String |
Example of custom field name |
[Must not be null, Size must be between 1 and 256 inclusive] |
customFields[].value |
String |
Example of custom field value. For input type 'DATE' format is yyyy-MM-dd |
[Must not be null, Maximum length is 256 characters or can be empty] |
autoRenewDetails |
Object |
Auto-Renewal Information |
[] |
autoRenewDetails.state |
String |
Auto-Renewal state |
[Allowed values 'Not scheduled' and 'Scheduled'], defaults to 'Not scheduled' |
autoRenewDetails.daysBeforeExpiration |
Number |
Days before expiration to start auto-renewal |
[Must be at least 1], defaults to 30 days. Auto-renewal state must be 'Scheduled' for days to update |
suspendNotifications |
Boolean |
Suspend Notifications for the certificate |
[] |
requester |
String |
Requester |
[] |
requesterAdminId |
Number |
Requester Admin Id |
[Must be at least 1] |
approverAdminId |
Number |
Approver Admin Id. Value -1 will set the approver admin to <None> |
[Must be at least -1] |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer924' \
-H 'password: Password123!' \
-H 'customerUri: cst924' \
-H 'Accept: application/json' \
-d '{
"customFields" : [ {
"name" : "name1",
"value" : "value1"
} ],
"comments" : "some comments",
"sslId" : 919,
"term" : 365,
"certTypeId" : 5237,
"orgId" : 9180,
"commonName" : "ccmqa.com",
"csr" : "MIIC1zCCAb8CAQAwgZExCzAJBgNVBAYTAlVBMRIwEAYDVQQIDAljY21xYS5jb20x\nEjAQBgNVBAcMCWNjbXFhLmNvbTESMBAGA1UECgwJY2NtcWEuY29tMRIwEAYDVQQL\nDAljY21xYS5jb20xEjAQBgNVBAMMCWNjbXFhLmNvbTEeMBwGCSqGSIb3DQEJARYP\nYWRtaW5AY2NtcWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nsdkqSb/r4zpbi2GCnCRvYo+CbnQg/wRbsObr0m9OXEP1jSTuj8CqJZvTnGjE15fy\npdTGadc40saepghV4gIUOnFpYQRZacSN3VPLxF9rjnLEDBn7mTqbtbvxjhOaiPYz\nZgEa6kOOf851rujvl0WClMuWTIoXM7OmaHZA1NorGc3lag+D+4Tx8j1ry22EphXE\nd+Pm+4Tf/Fshd9Cm1r1JLcnlq0YdkV6ynzeKbUJX1cdYyMrxWTnBy/Tp0dM8FDGY\nMQ3ArQBIaDPGOnq1Gfd/yLrbaQD/j0ntZ4WKIWTlJLAkDu0AySz9Tc+DBCTrGvor\n9tjfWaeQo7CU+pENRyYzEwIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAIBptH2V\nU66GWFt5nHiMZnPRD8r4/JfqDvtPbV+qbXz2G/S+nuw0dhzGb4zCp6INH7UgO21o\nGHqIO2we9o31CmfbfJBptQdcJ0h+b/1Awp/DJulwoNXHgUqq+PbKe2j+QdOTH8EG\nszGnRo3Li9WA+V3LkYi0GkBFKsP5SyKFA/am2A0TRyy9FJ6MaMPkwV397tKJJ+Hu\n0/YfJkwTaK6JGujEQOUBtTU6QmpWjfih5CafxaDFrFkzdPo8by+W8W13T1dvqBcs\nAZtdcEIcajHZ6sF/xEm9Dfui17R8a4kAHx8QD046mEt0/OxAacEURKkJeRQlRgN9\nTSfJ16hdPk69U4M=",
"externalRequester" : "",
"subjectAlternativeNames" : [ "ccmqa.com" ]
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Certificate common name |
|
|
An ID using which this certificate can be renewed or revoked through Enrollment form. Deprecated. Use 'id' instead |
|
|
An ID using which this certificate can be renewed or revoked through Enrollment form |
|
|
An organization which this certificate is associated with |
|
|
The status of this certificate |
|
|
The obsolete parameter for the order identifier under which the certificate request has been processed. backendCertId should be used instead |
|
|
Certificate ID in enrolling backend |
|
|
The name of the issuing CA |
|
|
Information about Certificate Profile this certificate was enrolled from |
|
|
Certificate Profile ID |
|
|
Use secondary organization name |
|
|
Certificate Profile name |
|
|
Certificate Profile description |
|
|
Terms (in days) available for the Certificate Profile |
|
|
Key types available for the Certificate Profile |
|
|
SSL Subtype, available only for managed certificates. Deprecated, will be removed in favor of validationType |
|
|
Validation type, available only for managed certificates |
|
|
Term (days) |
|
|
The approver of the request for this certificate |
|
|
The approver ID of the request for this certificate |
|
|
Requester |
|
|
The Requester ID, when available |
|
|
Requested Via. Possible values: 'Enrollment Form', 'Client Admin', 'Web API', 'Discovery', 'Imported', 'SCEP', 'CD Agent', 'MS Agent', 'MS CA', 'Bulk Request', 'ACME', 'EST', 'REST API' |
|
|
External Requester, when available |
|
|
Comments |
|
|
Requested date |
|
|
Approved date |
|
|
Issued date |
|
|
Declined date |
|
|
Expiration date |
|
|
Replaced date |
|
|
Revocation date |
|
|
Revocation reason code provided on revoke to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
|
|
Renewal indicator |
|
|
Renewal date |
|
|
Signature Algorithm |
|
|
Key algorithm (deprecated, see "keyType") |
|
|
Key size (deprecated, see "keyType") |
|
|
Key type. For example: RSA - 2048, EC - P-256. |
|
|
Key Usages |
|
|
Extended Key Usages |
|
|
Subject alternative names |
|
|
Custom fields |
|
|
Custom field name |
|
|
Custom field value. For input type 'DATE' format is yyyy-MM-dd |
|
|
Certificate details |
|
|
The subject of the issuing CA certificate |
|
|
The subject of CA certificate |
|
|
The subject alternative names of the issuing CA certificate |
|
|
The MD5 fingerprint of CA certificate |
|
|
The SHA1 fingerprint of CA certificate |
|
|
The SHA256 fingerprint of CA certificate |
|
|
Certificate signing request details |
|
|
Certificate signing request (Base64-encoded) |
|
|
The MD5 hash of CSR |
|
|
The SHA1 hash of CSR |
|
|
The SHA256 hash of CSR |
|
|
Auto-Installation Information |
|
|
Auto-Installation state |
|
|
Auto-Installation nodes (planned or already installed to) |
|
|
Node name |
|
|
Node port |
|
|
Auto-Renewal Information |
|
|
Auto-Renewal state |
|
|
Days before expiration to start auto-renewal |
|
|
Suspend Notifications for the certificate |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 2529
{
"commonName" : "ccmqa.com",
"sslId" : 919,
"id" : 919,
"orgId" : 9180,
"status" : "Requested",
"orderNumber" : 7344326,
"backendCertId" : "7344326",
"vendor" : "Vendor",
"certType" : {
"id" : 5237,
"name" : "SSL SASP -693373594",
"description" : "Description for SSL SASP -693373594",
"terms" : [ 365 ],
"keyTypes" : {
"RSA" : [ "1024", "2048", "4096" ]
},
"useSecondaryOrgName" : false
},
"validationType" : "Organization Validation (OV)",
"term" : 365,
"owner" : "client-admin-929 client-admin-929",
"ownerId" : 10269,
"requester" : "927_nobody@nobody.sectigo.com",
"requestedVia" : "Enrollment Form",
"comments" : "some comments",
"requested" : "12/04/2025",
"expires" : "12/04/2026",
"renewed" : false,
"keyAlgorithm" : "RSA",
"keySize" : 0,
"keyType" : "RSA",
"subjectAlternativeNames" : [ "ccmqa.com" ],
"customFields" : [ {
"name" : "name1",
"value" : "value1"
} ],
"certificateDetails" : {
"issuer" : "issuer",
"sha1Hash" : "AAABBBCCC"
},
"autoInstallDetails" : {
"state" : "Not configured"
},
"autoRenewDetails" : {
"state" : "Not scheduled"
},
"suspendNotifications" : false,
"csrDetails" : {
"sha1Hash" : "7C6BB104D58333DA4DB44772042B2BB27EC1B4A5",
"md5Hash" : "DB446785DA27B4FDCE70313285483980",
"sha256Hash" : "83059B9585D4BE71FF4209BF240F5532B2DD40068FA476A6469920F340CAF368",
"csr" : "-----BEGIN CERTIFICATE REQUEST-----\nMIIC1zCCAb8CAQAwgZExCzAJBgNVBAYTAlVBMRIwEAYDVQQIDAljY21xYS5jb20x\nEjAQBgNVBAcMCWNjbXFhLmNvbTESMBAGA1UECgwJY2NtcWEuY29tMRIwEAYDVQQL\nDAljY21xYS5jb20xEjAQBgNVBAMMCWNjbXFhLmNvbTEeMBwGCSqGSIb3DQEJARYP\nYWRtaW5AY2NtcWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nsdkqSb/r4zpbi2GCnCRvYo+CbnQg/wRbsObr0m9OXEP1jSTuj8CqJZvTnGjE15fy\npdTGadc40saepghV4gIUOnFpYQRZacSN3VPLxF9rjnLEDBn7mTqbtbvxjhOaiPYz\nZgEa6kOOf851rujvl0WClMuWTIoXM7OmaHZA1NorGc3lag+D+4Tx8j1ry22EphXE\nd+Pm+4Tf/Fshd9Cm1r1JLcnlq0YdkV6ynzeKbUJX1cdYyMrxWTnBy/Tp0dM8FDGY\nMQ3ArQBIaDPGOnq1Gfd/yLrbaQD/j0ntZ4WKIWTlJLAkDu0AySz9Tc+DBCTrGvor\n9tjfWaeQo7CU+pENRyYzEwIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAIBptH2V\nU66GWFt5nHiMZnPRD8r4/JfqDvtPbV+qbXz2G/S+nuw0dhzGb4zCp6INH7UgO21o\nGHqIO2we9o31CmfbfJBptQdcJ0h+b/1Awp/DJulwoNXHgUqq+PbKe2j+QdOTH8EG\nszGnRo3Li9WA+V3LkYi0GkBFKsP5SyKFA/am2A0TRyy9FJ6MaMPkwV397tKJJ+Hu\n0/YfJkwTaK6JGujEQOUBtTU6QmpWjfih5CafxaDFrFkzdPo8by+W8W13T1dvqBcs\nAZtdcEIcajHZ6sF/xEm9Dfui17R8a4kAHx8QD046mEt0/OxAacEURKkJeRQlRgN9\nTSfJ16hdPk69U4M=\n-----END CERTIFICATE REQUEST-----"
}
}Revoke SSL certificate
Sending a request to CA to add the particular SSL certificate in certificate revocation list.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
reasonCode |
Number |
Revocation reason code to be put to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
[Allowed ranges 0,1 and 3-5] |
reason |
String |
Short message with a reason why certificate needs to be revoked |
[Must not be empty, Size must be between 1 and 512 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/revoke/910' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer840' \
-H 'password: Password123!' \
-H 'customerUri: cst840' \
-d '{
"reasonCode" : 4,
"reason" : "my reason"
}'Example response
HTTP/1.1 204 No ContentRevoke SSL certificate by serial number
Sending a request to CA to add the particular SSL certificate in certificate revocation list.
Path parameters
| Parameter | Description |
|---|---|
|
Serial Number of certificate |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
reasonCode |
Number |
Revocation reason code to be put to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
[Allowed ranges 0,1 and 3-5] |
reason |
String |
Short message with a reason why certificate needs to be revoked |
[Must not be empty, Size must be between 1 and 512 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/revoke/serial/A9:3E:C0:61:FB:1E:C0:10:73:05:65:00:8D:72:D8:69' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer884' \
-H 'password: Password123!' \
-H 'customerUri: cst884' \
-d '{
"reasonCode" : 3,
"reason" : "my reason"
}'Example response
HTTP/1.1 204 No ContentManual Revoke SSL certificate by Id or serial number + issuer
Mark certificate as revoked. The certificate is not revoked on CA side.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
certId |
Number |
Certificate ID. Required if |
Must be present if serialNumber and issuer are not provided |
serialNumber |
Number |
Certificate serial number. Required if |
Must be present with issuer if certId is not provided |
issuer |
Number |
Certificate issuer. Required if |
Must be present with serialNumber if certId is not provided |
revokeDate |
String |
Certificate revoke date |
[] |
reasonCode |
Number |
Revocation reason code to be put to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
[Allowed ranges 0,1 and 3-5] |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/revoke/manual' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer790' \
-H 'password: Password123!' \
-H 'customerUri: cst790' \
-d '{
"certId" : 906,
"serialNumber" : null,
"issuer" : null,
"revokeDate" : "2025-06-10T00:00:00Z",
"reasonCode" : 4
}'Example response
HTTP/1.1 204 No ContentRenew SSL certificate by renew Id
Submission of a request for a new SSL certificate using the CSR and parameters of the initial certificate. The initial certificate is the one that is selected by the administrator for renewal in this case.
Path parameters
| Parameter | Description |
|---|---|
|
Renew ID for certificate. |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
csr |
String |
Certificate signing request (optional) |
'Must match the regular expression |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/renew/10' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer413' \
-H 'password: Password123!' \
-H 'customerUri: cst413' \
-d '{
"csr" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICyTCCAbECAQAwgYMxCzAJBgNVBAYTAlVBMQ8wDQYDVQQIDAZPZGVzc2ExDzAN\nBgNVBAcMBk9kZXNzYTERMA8GA1UECgwIQWR2YW5jZWQxCzAJBgNVBAsMAklUMRIw\nEAYDVQQDDAljY21xYS5jb20xHjAcBgkqhkiG9w0BCQEWD25teXphQGNjbXFhLmNv\nbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZo0lPzCqBVu03qHJa\np2wbOyN8kvdkU2VRj+GaF2APgrQps/sepvhyralxa9w5WD5KyoXhnM+7DPCsqDxK\nkxsBjEliLQqXwmoiai0A2DMmjWCoSMopzNTIORLPn8GaWFJSEtCa+9D1EXD2UZjS\nY/8MN0fEAIqaXFUrfW3cqW/QUjZH0mlJumUqQjtZY0DnAQsCxxZUlsHCkKEHuEQu\n5WhY8ys1/RANaoJmRh2xZuFMOZ71kLkwi5fvReqxjkRRHwG9cYDyurTNYmjkaICN\n/hqUwk9VKkW0G5ol8t0xau8RuHdDHi5Wb/R6+d/G+8/kn0BoOqseABih1+FYs+Ws\nK8UCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQA15aWRLayIuUZmPhdrpJXQAtrw\nAoeYYwp5hvaTLwZBWEg5n+ZhH5SaSCpt+53QW3+jiT8jTsPKAqyvgSQI0MVi8o5J\nJhig6pPHGSKbfxmvmfSwxK4F9W2GNVcdICX+Js0BB5UXsZB4k1gTRr1VdICNiCDc\nDZAC0+HhkZSU9StD43T9ac3gZIfEEepX9WBx9QbBASbUZ1ziSBfGKA7vnQHbC9lT\nphLa2SvCSozmG36vYMV+Ak5YWnrp2c1Jhcd8PE0TIW6yPT+D6UvcZWb+KHfw2KAH\nVXPNFSgSZkMzFBMQJH9UcfyvPX5+7qXakxAhLS/zKOg7Y601cRg5/Eqa0Z59\n-----END CERTIFICATE REQUEST-----\n"
}'Example response
HTTP/1.1 204 No ContentRenew SSL certificate
Submission of a request for a new SSL certificate using the CSR and parameters of the initial SSL certificate. The initial certificate is defined by its ID in this case.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID. |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
csr |
String |
Certificate signing request (optional) |
'Must match the regular expression |
dcvMode |
String |
Domain control validation mode. Possible values: [CNAME, EMAIL, HTTP, HTTPS, TXT] |
|
dcvEmail |
String |
Domain control validation email |
'Must be a well-formed email address' |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/renewById/817' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer343' \
-H 'password: Password123!' \
-H 'customerUri: cst343' \
-d '{
"csr" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICyTCCAbECAQAwgYMxCzAJBgNVBAYTAlVBMQ8wDQYDVQQIDAZPZGVzc2ExDzAN\nBgNVBAcMBk9kZXNzYTERMA8GA1UECgwIQWR2YW5jZWQxCzAJBgNVBAsMAklUMRIw\nEAYDVQQDDAljY21xYS5jb20xHjAcBgkqhkiG9w0BCQEWD25teXphQGNjbXFhLmNv\nbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZo0lPzCqBVu03qHJa\np2wbOyN8kvdkU2VRj+GaF2APgrQps/sepvhyralxa9w5WD5KyoXhnM+7DPCsqDxK\nkxsBjEliLQqXwmoiai0A2DMmjWCoSMopzNTIORLPn8GaWFJSEtCa+9D1EXD2UZjS\nY/8MN0fEAIqaXFUrfW3cqW/QUjZH0mlJumUqQjtZY0DnAQsCxxZUlsHCkKEHuEQu\n5WhY8ys1/RANaoJmRh2xZuFMOZ71kLkwi5fvReqxjkRRHwG9cYDyurTNYmjkaICN\n/hqUwk9VKkW0G5ol8t0xau8RuHdDHi5Wb/R6+d/G+8/kn0BoOqseABih1+FYs+Ws\nK8UCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQA15aWRLayIuUZmPhdrpJXQAtrw\nAoeYYwp5hvaTLwZBWEg5n+ZhH5SaSCpt+53QW3+jiT8jTsPKAqyvgSQI0MVi8o5J\nJhig6pPHGSKbfxmvmfSwxK4F9W2GNVcdICX+Js0BB5UXsZB4k1gTRr1VdICNiCDc\nDZAC0+HhkZSU9StD43T9ac3gZIfEEepX9WBx9QbBASbUZ1ziSBfGKA7vnQHbC9lT\nphLa2SvCSozmG36vYMV+Ak5YWnrp2c1Jhcd8PE0TIW6yPT+D6UvcZWb+KHfw2KAH\nVXPNFSgSZkMzFBMQJH9UcfyvPX5+7qXakxAhLS/zKOg7Y601cRg5/Eqa0Z59\n-----END CERTIFICATE REQUEST-----\n",
"dcvMode" : "EMAIL",
"dcvEmail" : "admin@ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
New certificate ID |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 19
{
"sslId" : 818
}Mark Renewed SSL certificate
Manually marking an SSL certificate as renewed, optionally linking it to a new certificate ID or Order Number. The initial certificate is defined by its ID.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
id |
Number |
Renewed certificate ID (optional) |
|
orderNumber |
String |
Renewed certificate Order Number (optional) |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/renew/manual/820' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer359' \
-H 'password: Password123!' \
-H 'customerUri: cst359' \
-d '{
"id" : 821
}'Example response
HTTP/1.1 204 No ContentReplace SSL certificate
Submission of a request for the substition of the particular SSL certificate applying its parameters and a new CSR.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID. |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
csr |
String |
Certificate signing request |
[Must match the regular expression |
reason |
String |
Short message with a reason why certificate needs to be replaced |
[Must not be empty, Size must be between 1 and 512 inclusive] |
commonName |
String |
Certificate common name |
[Size must be between 1 and 64 inclusive] |
subjectAlternativeNames |
Array |
Array of subject alternative names |
[] |
dcvMode |
String |
Domain control validation mode. Possible values: [CNAME, EMAIL, HTTP, HTTPS, TXT] |
[] |
dcvEmail |
String |
Domain control validation email |
[Must be a well-formed email address] |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/replace/832' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer429' \
-H 'password: Password123!' \
-H 'customerUri: cst429' \
-d '{
"csr" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICyTCCAbECAQAwgYMxCzAJBgNVBAYTAlVBMQ8wDQYDVQQIDAZPZGVzc2ExDzAN\nBgNVBAcMBk9kZXNzYTERMA8GA1UECgwIQWR2YW5jZWQxCzAJBgNVBAsMAklUMRIw\nEAYDVQQDDAljY21xYS5jb20xHjAcBgkqhkiG9w0BCQEWD25teXphQGNjbXFhLmNv\nbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZo0lPzCqBVu03qHJa\np2wbOyN8kvdkU2VRj+GaF2APgrQps/sepvhyralxa9w5WD5KyoXhnM+7DPCsqDxK\nkxsBjEliLQqXwmoiai0A2DMmjWCoSMopzNTIORLPn8GaWFJSEtCa+9D1EXD2UZjS\nY/8MN0fEAIqaXFUrfW3cqW/QUjZH0mlJumUqQjtZY0DnAQsCxxZUlsHCkKEHuEQu\n5WhY8ys1/RANaoJmRh2xZuFMOZ71kLkwi5fvReqxjkRRHwG9cYDyurTNYmjkaICN\n/hqUwk9VKkW0G5ol8t0xau8RuHdDHi5Wb/R6+d/G+8/kn0BoOqseABih1+FYs+Ws\nK8UCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQA15aWRLayIuUZmPhdrpJXQAtrw\nAoeYYwp5hvaTLwZBWEg5n+ZhH5SaSCpt+53QW3+jiT8jTsPKAqyvgSQI0MVi8o5J\nJhig6pPHGSKbfxmvmfSwxK4F9W2GNVcdICX+Js0BB5UXsZB4k1gTRr1VdICNiCDc\nDZAC0+HhkZSU9StD43T9ac3gZIfEEepX9WBx9QbBASbUZ1ziSBfGKA7vnQHbC9lT\nphLa2SvCSozmG36vYMV+Ak5YWnrp2c1Jhcd8PE0TIW6yPT+D6UvcZWb+KHfw2KAH\nVXPNFSgSZkMzFBMQJH9UcfyvPX5+7qXakxAhLS/zKOg7Y601cRg5/Eqa0Z59\n-----END CERTIFICATE REQUEST-----\n",
"reason" : "test",
"commonName" : "ccmqa.com",
"subjectAlternativeNames" : [ "ccmqa1.com", "ccmqa2.com" ],
"dcvMode" : "EMAIL",
"dcvEmail" : "admin@ccmqa.com"
}'Example response
HTTP/1.1 204 No ContentDelete SSL certificate
Submission of a request for deleting SSL certificate for a given SSL Id.
| Only imported or discovered certificates can be deleted. |
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID. |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/810' -i -X DELETE \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer231' \
-H 'password: Password123!' \
-H 'customerUri: cst231'Example response
HTTP/1.1 204 No ContentImport SSL certificates to SCM
Import certificates to SCM
Query parameters
| Parameter | Description |
|---|---|
|
An organization which this certificates import to |
Request parts
| Part | Description |
|---|---|
|
Zip archive with certificates to import |
Example request
$ curl 'https://cert-manager.com/api/ssl/v1/import?orgId=9086' -i -X POST \
-H 'Content-Type: multipart/form-data;charset=UTF-8' \
-H 'login: admin_customer664' \
-H 'password: Password123!' \
-H 'customerUri: cst664' \
-F 'file=@certs.zip;type=application/zip'Response fields
| Path | Type | Description |
|---|---|---|
|
|
An array of occurred errors |
|
|
Total number of processed certificates |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 426
{
"processedCount" : 8,
"errors" : [ "[appov_ccmqa_com_cert.cer] - SSL certificate already exists. Order number: N/A", "[ccmqa_com.crt] - SSL certificate already exists. Order number: N/A", "admin_ccmqa_com.p12 - Unsupported file extension", "appov_ccmqa_com_interm.cer - Failed to parse certificate: Certificate is corrupted or subject basic constraint is not met", "auto83_ccmqa_com.p12 - Unsupported file extension" ]
}Import SSL certificates to SCM (extended)
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
[] |
Array |
Certificates to import |
Should not be empty, maximum size is 128 |
[].orgID |
Number |
Organization ID |
[Must be at least 1, Must not be null] |
[].customFields |
Array |
List of custom certificate fields |
[] |
[].customFields[].name |
String |
Custom field name |
[] |
[].customFields[].value |
String |
Custom field value |
[] |
[].owner |
String |
Certificate owner |
[Must be a well-formed email address, Maximum length is 128 characters or can be empty] |
[].externalRequester |
String |
Comma-separated additional emails |
[Maximum length is 512 characters or can be empty] |
[].backendCertId |
String |
Backend certificate identifier |
[Maximum length is 255 characters or can be empty] |
[].cert |
String |
DER (Base64) certificate |
[Must not be empty] |
[].csr |
String |
DER (Base64) Certificate Signing Request |
[] |
[].comments |
String |
Additional comments |
[Maximum length is 1024 characters or can be empty] |
[].force |
Boolean |
Force alter editable certificate fields event if certificate is already exists. |
[] |
Example request
$ curl 'https://cert-manager.com/api/ssl/v2/import' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer162' \
-H 'password: Password123!' \
-H 'customerUri: cst162' \
-d '[{"orgID":8899,"customFields":[{"name":"testName","value":"testValue"}],"owner":"admin@requester.com","externalRequester":"email@one.com, email@two.com","backendCertId":"1234567890DFa","cert":"MIIHHjCCBgagAwIBAgIQDhG71w1UtxDQxvVAtrUspDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xNjA1MjEwMDAwMDBaFw0xOTA4MTQxMjAwMDBaMGoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJOWTERMA8GA1UEBxMITmV3IFlvcmsxHTAbBgNVBAoTFFN0YWNrIEV4Y2hhbmdlLCBJbmMuMRwwGgYDVQQDDBMqLnN0YWNrZXhjaGFuZ2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0YDzscT5i6T2FaRsTGNCiLB8OtPXu8N9iAyuaROh/nS0kRRsN8wUMk1TmgZhPuYM6oFS377V8W2LqhLBMrPXi7lnhvKt2DFWCyw38RrDbEsM5dzVGErmhux3F0QqcTI92zjVW61DmE7NSQLiR4yonVpTpdAaO4jSPJxn8d+4p1sIlU2JGSk8LZSWFqaROc7KtXtlWP4HahNRZtdwvL5dIEGGNWx+7B+XVAfY1ygc/UisldkA+a3D2+3WAtXgFZRZZ/1CWFjKWJNMAI6ZBAtlbgSNgRYxdcdleIhPLCzkzWysfltfiBmsmgz6VCoFR4KgJo8Gd3MeTWojBthM10SLwIDAQABo4IDuDCCA7QwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFFrBQmPCYhOznZSEqjIeF8tto4Z7MIIB6AYDVR0RBIIB3zCCAduCEyouc3RhY2tleGNoYW5nZS5jb22CEXN0YWNrb3ZlcmZsb3cuY29tghMqLnN0YWNrb3ZlcmZsb3cuY29tgg1zdGFja2F1dGguY29tggtzc3RhdGljLm5ldIINKi5zc3RhdGljLm5ldIIPc2VydmVyZmF1bHQuY29tghEqLnNlcnZlcmZhdWx0LmNvbYINc3VwZXJ1c2VyLmNvbYIPKi5zdXBlcnVzZXIuY29tgg1zdGFja2FwcHMuY29tghRvcGVuaWQuc3RhY2thdXRoLmNvbYIRc3RhY2tleGNoYW5nZS5jb22CGCoubWV0YS5zdGFja2V4Y2hhbmdlLmNvbYIWbWV0YS5zdGFja2V4Y2hhbmdlLmNvbYIQbWF0aG92ZXJmbG93Lm5ldIISKi5tYXRob3ZlcmZsb3cubmV0gg1hc2t1YnVudHUuY29tgg8qLmFza3VidW50dS5jb22CEXN0YWNrc25pcHBldHMubmV0ghIqLmJsb2dvdmVyZmxvdy5jb22CEGJsb2dvdmVyZmxvdy5jb22CGCoubWV0YS5zdGFja292ZXJmbG93LmNvbYIVKi5zdGFja292ZXJmbG93LmVtYWlsghNzdGFja292ZXJmbG93LmVtYWlsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAAzJAMGSdKoX1frdqNlNiXu8Gcbsm/DxWMXpcTXlZn8s+/qQQoc+/3o0CK3C8/j9n5DmsYa88P6Ntt5ysDs+b0ynXFva4CAEyKaoPM4SIpOjwfWBRSUOqAIkQO2/LhKBwT/EnpaIHIKGnI0UdXLQoDfkMDg6mgJsEBsKdKF5EfEX7iU3NO5xVJPJE8/R0btLAdYwxB9S6fSpCXGe2HqQD101O/7/4MWNdFSbfdDSFcn5oEm+idimrqiNrF5knmuJy4qPBkL7thNuGK6rvYCFZJM03ZEZhkQmn2jG/7LgjfwZmvfcITeADCpylf88bL+lf+vxe6cCl9CyqWgBDpsIxpE=","csr":"MIICqzCCAZMCAQAwZjELMAkGA1UEBhMCY24xDzANBgNVBAgTBmJlaWppbjEQMA4GA1UEBxMHYmVpamluZzEPMA0GA1UEChMGQ09NT0RPMRAwDgYDVQQLEwdkZXZlbG9wMREwDwYDVQQDDAgqLmNtLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJxrVE6cqSTe+jOsyYjBNw+5uZeDdu37bRgw6qQo2uSFhOhXyhsxcb0zaitpjNYLsEc4fp0YzNYrqzmIHK7HpgHgg9N9CVr0m2O/RlV761s257expajU1vYzVDIt/levLkOJe96++tOFOQ+6hrFnI2YWKxLdE+X0F7tGrDgkV2xXhW7qbw32C2kRyui3KvgoJ0Mwtwe0Gp6VVN61oNoinf5F/O8MGMFmM4TaRgSTcvWIJvrfuMTmHi9S918LfQRrFGfDKNX49iS8oWT7SVBmLxjcEqIsTfCFo9rg/aP8elS3kRFBH8fTNUPjcOCa/Km6JoIM4C/KEro6uraXAbl+QhMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBvyheU7vn+VCQJz8OHVD2r9c79KETEeaTMIvnTjGECd3RlXXErcFxuvFJYtTyiNZwzyRi7Q4IBp8g41UYRsBsMim0ioQdW9cIIMMn0oY7oAuQt6eM77iOd/bWhpGAPKe6rG8vadA6nF+hPIPEkqIlfWYNc/ZarvXr2UPNmYdv/skDi9PQUlzB1xOWQUO3Li+QYZWuE3UjLDNCoh5uTY5UMn/K+Ej8fDDz4mc4zZQQf3mASZcMEv75pqfEiRY1zUUPLLT5vUZ5yh32DG8mm+X5Gkr1xQNYGAUymxTdG2ct2t3xxLjGmRABxPvGNIrIefboyLma9Yd0GBOtrexsNzbUI","comments":"Test comments","force":true}]'Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of import results |
|
|
Indicates whether the certificate import was successful or not |
|
|
CA backend certificate ID |
|
|
SSL information |
|
|
SSL certificate ID |
|
|
SSL Subject |
|
|
SSL Serial Number |
|
|
Indicates if the certificate was created during the import process. If false, it means the certificate already existed in the system. |
|
|
Error message with details of the failed import. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 215
[{"successful":true,"backendCertId":"1234567890DFa","cert":{"id":796,"subject":"CN=*.stackexchange.com,O=Stack Exchange, Inc.,L=New York,ST=NY,C=US","serialNumber":"E11BBD70D54B710D0C6F540B6B52CA4"},"created":true}]The response array element can be error message:
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of import results |
|
|
Indicates whether the certificate import was successful or not |
|
|
CA backend certificate ID |
|
|
SSL information |
|
|
SSL Subject |
|
|
SSL Serial Number |
|
|
Error message with details of the failed import. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 307
[{"successful":false,"backendCertId":"1234567890DFa","cert":{"subject":"CN=*.stackexchange.com,O=Stack Exchange, Inc.,L=New York,ST=NY,C=US","serialNumber":"E11BBD70D54B710D0C6F540B6B52CA4"},"errorMessage":"Cannot bring certificate SN=''E11BBD70D54B710D0C6F540B6B52CA4'' under management. Contact support"}]Client Certificates
Used to perform operations on client certificates.
Client certificate helper APIs
List client certificate profiles
List client certificate profiles, previously known as a certificate type. An enrollment request will require the certificate profile be specified.
Query parameters
| Parameter | Description |
|---|---|
|
Filter by Organization ID (optional) |
Example request
$ curl 'https://cert-manager.com/api/smime/v1/types?organizationId=9216' -i -X GET \
-H 'login: admin_customer1035' \
-H 'password: Password123!' \
-H 'customerUri: cst1035' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
An array of available Client Certificate Profiles |
|
|
Certificate Profile ID |
|
|
Certificate Profile name |
|
|
Use secondary organization name |
|
|
Certificate Profile description |
|
|
Terms (in days) available for the Certificate Profile |
|
|
Key types available for the Certificate Profile |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 196
[{"id":5290,"name":"Client cert SASP -1629806034","description":"Description for Client cert SASP -1629806034","terms":[365],"keyTypes":{"RSA":["1024","2048","4096"]},"useSecondaryOrgName":false}]List client certificate custom fields
List client certificate custom fields. An enrollment require will require all mandatory custom fields be specified.
Example request
$ curl 'https://cert-manager.com/api/smime/v1/customFields' -i -X GET \
-H 'login: admin_customer1000' \
-H 'password: Password123!' \
-H 'customerUri: cst1000' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
An array of custom fields |
|
|
Custom field id |
|
|
Custom field name |
|
|
Is field mandatory |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 47
[{"id":357,"name":"testName","mandatory":true}]Client certificate locations
List client certificate locations
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Example request
$ curl 'https://cert-manager.com/api/smime/v2/220/location' -i -X GET \
-H 'Content-Type: application/json' \
-H 'login: admin_customer1137' \
-H 'password: Password123!' \
-H 'customerUri: cst1137'Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of Client Certificate Locations |
|
|
Location ID |
|
|
Location Type |
|
|
Location Name (optional) |
|
|
Location Details |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 152
[{"id":164,"locationType":"CUSTOM","name":"","details":{"location1":"PC"}},{"id":165,"locationType":"CUSTOM","name":"","details":{"location2":"Phone"}}]Create custom location for client certificate
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
details |
Object |
Location details in key-value format that should be applied. |
Example request
$ curl 'https://cert-manager.com/api/smime/v2/217/location' -i -X POST \
-H 'Content-Type: application/json' \
-H 'login: admin_customer1100' \
-H 'password: Password123!' \
-H 'customerUri: cst1100' \
-d '{"details":{"location":"Tablet"}}'Response headers
| Name | Description |
|---|---|
|
URL location of the created certificate location entity |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/smime/v2/217/location/161Get details of client certificate’s custom location
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
|
Location ID |
Example request
$ curl 'https://cert-manager.com/api/smime/v2/219/location/163' -i -X GET \
-H 'Content-Type: application/json' \
-H 'login: admin_customer1128' \
-H 'password: Password123!' \
-H 'customerUri: cst1128'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Location ID |
|
|
Location Type |
|
|
Location Name (optional) |
|
|
Location Details |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 80
{"id":163,"locationType":"CUSTOM","name":"","details":{"Mail Client":"Outlook"}}Update client certificate’s custom location
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
|
Location ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
details |
Object |
Location details in key-value format that should be applied. |
Example request
$ curl 'https://cert-manager.com/api/smime/v2/229/location/166' -i -X PUT \
-H 'Content-Type: application/json' \
-H 'login: admin_customer1187' \
-H 'password: Password123!' \
-H 'customerUri: cst1187' \
-d '{"details":{"MailClient":"Thunderbird"}}'Example response
HTTP/1.1 200 OKDelete client certificate’s custom location
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
|
Location ID |
Example request
$ curl 'https://cert-manager.com/api/smime/v2/218/location/162' -i -X DELETE \
-H 'login: admin_customer1107' \
-H 'password: Password123!' \
-H 'customerUri: cst1107'Example response
HTTP/1.1 204 No ContentView client certificates
List client certificates
List all client certificates that match the requested filter.
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
the first position (entry) to return from the results of the query |
|
Filter by certificate Key Vault flag |
|
Filter by certificate person ID |
|
Filter by certificate state. Possible values: ', 'blank', 'created', 'requested', 'issued', 'downloaded' - deprecated, 'expired', 'revoked', 'rejected', 'pre_revoked'' |
|
Filter by certificate profile ID |
|
Filter by certificate serial number |
|
Filter by certificate backend ID |
|
Filter by certificate signature algorithm |
|
Filter by certificate public key algorithm |
|
Filter by certificate public key size or curve name |
|
Filter by certificate key usage |
|
Filter by certificate extended key usage |
|
Filter by certificate person email |
Example request
$ curl 'https://cert-manager.com/api/smime/v2?size=10&position=0&personId=42&keyVault=true&certTypeId=100500&serialNumber=C3DB6F88E720DF99717059FBD02D29B0&backendCertId=12345&email=user%40ccmqa.com' -i -X GET \
-H 'login: admin_customer1125' \
-H 'password: Password123!' \
-H 'customerUri: cst1125' \
-H 'Accept: application/json'Response headers
| Name | Description |
|---|---|
|
Contains total number of client certificates available according to the filtering applied |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
An array of Client certificate properties |
|
|
Certificate ID |
|
|
Certificate details |
|
|
The subject of the issuing CA certificate |
|
|
The subject of CA certificate |
|
|
The subject alternative names of the issuing CA certificate |
|
|
The MD5 fingerprint of CA certificate |
|
|
The SHA1 fingerprint of CA certificate |
|
|
The SHA256 fingerprint of CA certificate |
|
|
Certificate state |
|
|
Certificate order number |
|
|
Certificate serial number |
|
|
Certificate ID in enrolling backend |
|
|
Certificate expiration date |
|
|
Certificate comments |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json
Content-Length: 331
[{"id":1,"state":"issued","certificateDetails":{"subject":"S/MIME Subject string","sha256Hash":"513b909ac0470c0fe23a2af2282b927d25fc590bda99c7dd505b093c975075c9"},"serialNumber":"C3:DB:6F:88:E7:20:DF:99:71:70:59:FB:D0:2D:29:B0","orderNumber":12345,"backendCertId":"12345","expires":"2345-06-07","comments":"S/MIME comment string"}]Count client certificates
Count all client certificates that match the requested filter.
Query parameters
| Parameter | Description |
|---|---|
|
Filter by certificate Key Vault flag |
|
Filter by certificate person ID |
|
Filter by certificate state. Possible values: ', 'blank', 'created', 'requested', 'issued', 'downloaded' - deprecated, 'expired', 'revoked', 'rejected', 'pre_revoked'' |
|
Filter by certificate profile ID |
|
Filter by certificate serial number |
|
Filter by certificate backend ID |
|
Filter by certificate signature algorithm |
|
Filter by certificate public key algorithm |
|
Filter by certificate public key size or curve name |
|
Filter by certificate key usage |
|
Filter by certificate extended key usage |
|
Filter by certificate person email |
Example request
$ curl 'https://cert-manager.com/api/smime/v2?personId=42&keyVault=true&certTypeId=100500&serialNumber=C3DB6F88E720DF99717059FBD02D29B0' -i -X HEAD \
-H 'login: admin_customer1122' \
-H 'password: Password123!' \
-H 'customerUri: cst1122' \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded'Response headers
| Name | Description |
|---|---|
|
Contains total number of client certificates available according to the filtering applied |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1List client certificates by person ID
List all client certificates for a person with given ID.
Path parameters
| Parameter | Description |
|---|---|
|
Person ID. |
Example request
$ curl 'https://cert-manager.com/api/smime/v2/byPersonId/1' -i -X GET \
-H 'login: admin_customer1119' \
-H 'password: Password123!' \
-H 'customerUri: cst1119' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
An array of Client certificate properties |
|
|
Certificate ID |
|
|
Certificate details |
|
|
The subject of the issuing CA certificate |
|
|
The subject of CA certificate |
|
|
The subject alternative names of the issuing CA certificate |
|
|
The MD5 fingerprint of CA certificate |
|
|
The SHA1 fingerprint of CA certificate |
|
|
The SHA256 fingerprint of CA certificate |
|
|
Certificate state |
|
|
Certificate order number |
|
|
Certificate serial number |
|
|
Certificate ID in enrolling backend |
|
|
Certificate expiration date |
|
|
Certificate comments |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 325
[{"id":1,"state":"issued","certificateDetails":{"subject":"S/MIME Subject string","sha256Hash":"513b909ac0470c0fe23a2af2282b927d25fc590bda99c7dd505b093c975075c9"},"serialNumber":"C3:DB:6F:88:E7:20:DF:99:71:70:59:FB:D0:2D:29:B0","orderNumber":12345,"backendCertId":"12345","expires":"2345-06-07","comments":"Test comments 1"}]List client certificates by person email
List all client certificates for a person with given email.
Path parameters
| Parameter | Description |
|---|---|
|
Person e-mail. Must be formatted as valid e-mail string. Also might need to be properly encoded as required by URL syntax standard. For example, the '@' character should be replaced with the %40 code, '.' - with %2E and so on. |
Example request
$ curl 'https://cert-manager.com/api/smime/v2/byPersonEmail/mailbox@domain.com' -i -X GET \
-H 'login: admin_customer1116' \
-H 'password: Password123!' \
-H 'customerUri: cst1116' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
An array of Client certificate properties |
|
|
Certificate ID |
|
|
Certificate details |
|
|
The subject of the issuing CA certificate |
|
|
The subject of CA certificate |
|
|
The subject alternative names of the issuing CA certificate |
|
|
The MD5 fingerprint of CA certificate |
|
|
The SHA1 fingerprint of CA certificate |
|
|
The SHA256 fingerprint of CA certificate |
|
|
Certificate state |
|
|
Certificate order number |
|
|
Certificate serial number |
|
|
Cert ID in enrolling backend |
|
|
Certificate expiration date |
|
|
Certificate comments |
Example response
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json
Content-Length: 325
[{"id":1,"state":"issued","certificateDetails":{"subject":"S/MIME Subject string","sha256Hash":"513b909ac0470c0fe23a2af2282b927d25fc590bda99c7dd505b093c975075c9"},"serialNumber":"C3:DB:6F:88:E7:20:DF:99:71:70:59:FB:D0:2D:29:B0","orderNumber":12345,"backendCertId":"12345","expires":"2345-06-07","comments":"Test comments 1"}]Client certificate details
Path parameters
| Parameter | Description |
|---|---|
|
Client certificate ID |
Example request
$ curl 'https://cert-manager.com/api/smime/v1/214' -i -X GET \
-H 'login: admin_customer1028' \
-H 'password: Password123!' \
-H 'customerUri: cst1028'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Certificate common name |
|
|
An ID using which this certificate can be renewed or revoked using API as well as through Enrollment form |
|
|
Certificate subtype |
|
|
An organization which this certificate is associated with |
|
|
The status of this certificate |
|
|
Certificate ID in enrolling backend |
|
|
Information about Certificate Profile this certificate was enrolled from |
|
|
Certificate Profile ID |
|
|
Use secondary organization name |
|
|
Certificate Profile name |
|
|
Certificate Profile description |
|
|
Terms (in days) available for the Certificate Profile |
|
|
Key types available for the Certificate Profile |
|
|
Term (days) |
|
|
Requested Via. Possible values: 'Admin Enroll', 'Self Enroll', 'API Enroll', 'Auto Enroll', 'CSV Enroll', 'SCEP Enroll', 'IdP Enroll', 'MS Agent Enroll', 'Discovery', 'MS CA Enroll', 'Imported', 'EST Enroll', 'REST Enroll API' |
|
|
Requested date |
|
|
Issued date |
|
|
Expiration date |
|
|
Revocation date |
|
|
Revocation reason code provided on revoke to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
|
|
SSL Serial Number |
|
|
Signature Algorithm |
|
|
Key algorithm (deprecated, see "keyType") |
|
|
Key size (deprecated, see "keyType") |
|
|
Key type. For example: RSA - 2048, EC - P-256. |
|
|
Key Usages |
|
|
Extended Key Usages |
|
|
Certificate signing request details |
|
|
Certificate signing request (Base64-encoded) |
|
|
The MD5 hash of CSR |
|
|
The SHA1 hash of CSR |
|
|
The SHA256 hash of CSR |
|
|
Subject alternative names |
|
|
Custom fields |
|
|
Custom field name |
|
|
Custom field value |
|
|
Certificate details |
|
|
The subject of the issuing CA certificate |
|
|
The subject of CA certificate |
|
|
The subject alternative names of the issuing CA certificate |
|
|
The MD5 fingerprint of CA certificate |
|
|
The SHA1 fingerprint of CA certificate |
|
|
The SHA256 fingerprint of CA certificate |
|
|
Suspend Notifications for the certificate |
|
|
Certificate comments |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1911
{"commonName":"Tester","id":214,"orgId":9214,"status":"issued","backendCertId":"12345678","certType":{"id":5287,"name":"High Persona Validated Cert","terms":[365,730],"keyTypes":{"RSA":["1024","2048","4096"]},"useSecondaryOrgName":false},"subType":"Private","term":30,"requestedVia":"Self Enroll","comments":"client certificate 214","requested":"12/04/2025","issued":"12/04/2025","expires":"01/15/2026","keyAlgorithm":"RSA","keySize":2048,"keyType":"RSA - 2048","keyUsages":["Digital Signature","Key Encipherment"],"extendedKeyUsages":["1.3.6.1.5.5.7.3.4","1.3.6.1.5.5.7.3.2"],"certificateDetails":{"sha1Hash":"AAABBBCCC","sha256Hash":"AAABBBCCCddd"},"suspendNotifications":false,"csrDetails":{"sha1Hash":"9B802A7197F02164581E29D8E3F4B7FA060CCE1F","md5Hash":"C594BBB2919E6939FDC221479EA2082D","sha256Hash":"2CF6FEA3F4B1400EC45FD3789A7D83C90F3ABCB196245425FD6A9EAFC77C51E5","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICtDCCAZwCAQAwbzELMAkGA1UEBhMCY24xCTAHBgNVBAgTADEJMAcGA1UEBxMA\nMQkwBwYDVQQKEwAxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEc\nMBoGA1UEAxMTZWdyZXQudGVjYWQuZnN1LmVkdTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBAI+4q/kdBTtGOxYMqIwtpDGJusbupt670DHasaGyOJBr5eIP\nxbWOtInA3R3LkhUUZxEaBDCW3TGy+0MnHVEE+EBop7tBSFQoCCntqwxMNSRMwuH3\n1Ha3LjWqtHvBrMRdmxqSA0njjz7o+SBxgE3RCfnxXk82/KKWxJB2Kz7y7qE3lssv\npAcdIch3/s3RKpIv7/ktQTjRZIikcR79SGDVtP5kcsbzz8uAYM5Y2az7k/Gas807\n1pTjpRGBH7ujWF4s7HLUcXk+dgzPzu1IMOlVeH560e9ESa1BRlQHxul+YFcC9PBO\n0ArFH02Y3ntKk7MTuffL4EvoXuZ13s5t1oi8P/0CAwEAAaAAMA0GCSqGSIb3DQEB\nBQUAA4IBAQAHhe0DxjBYktySw5R0ISt5H6g1mMrdMpili0FfyDK2yOmbLfIB64Lq\n5HWpN+rxTNqGVwTW6NpRJHbuDIH5kCkw7COBvBC+/chIJ2EC6EGUDvXjgqCQ5GhH\nxaa8nPq8aaZzD59XP5UKMIKFNUV71wiQzDbu1J8E9mPKQeDhxb+in1PXq75G9ZDw\nYwnMsYc4N0zecKZqToMEA3OfrUpkCD+Ndkovg7P4mH3YWhTB/DAQ1dsL5rpTyao/\n1DEMfSlUeMlQpGIrNi1PTTou1FIb1EMzW6W41u3f49nTxnYc/H6tslCwO6B24Npe\npURpTWiaiH9WrA8ED40wT81vjSj2bvaW\n-----END CERTIFICATE REQUEST-----"}}Enroll client certificate
Request client certificate
Creation and submission of a request for a new Client certificate.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
orgId |
Number |
Organization ID |
|
csr |
String |
Certificate signing request |
|
certType |
Number |
Certificate Profile ID |
|
term |
Number |
Certificate validity period in days |
[Must be at least 1] |
String |
Person e-mail |
[Must be a well-formed email address, Must not be empty, Maximum length is 128 characters or can be empty] |
|
phone |
String |
Person telephone |
[Must match the regular expression |
secondaryEmails |
Array |
Person secondary e-mails |
[] |
firstName |
String |
Person first name |
firstName must not be empty, firstName + ' ' + middleName + ' ' + lastName must be in range of 1 to 64 characters |
middleName |
String |
Person middle name |
firstName + ' ' + middleName + ' ' + lastName must be in range of 1 to 64 characters |
lastName |
String |
Person last name |
lastName must not be empty, firstName + ' ' + middleName + ' ' + lastName must be in range of 1 to 64 characters |
customFields |
Array |
Custom fields to be applied to requested certificate |
[] |
commonName |
String |
Person’s common name, if omitted will be constructed from Person’s full name |
[Maximum length is 64 characters or can be empty] |
eppn |
String |
EPPN |
[Maximum length is 128 characters or can be empty] |
upn |
String |
Principal name |
[Maximum length is 256 characters or can be empty] |
comments |
String |
Certificate comments |
[Maximum length is 1024 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/smime/v1/enroll' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer977' \
-H 'password: Password123!' \
-H 'customerUri: cst977' \
-d '{"orgId":9196,"firstName":"Name","middleName":"","lastName":"LastName","email":"name@test.net","phone":"12345678","secondaryEmails":[],"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIIC4jCCAcoCAQAwdDELMAkGA1UEBhMCVUExDTALBgNVBAgTBHRlc3QxDTALBgNV\nBAcTBHRlc3QxDTALBgNVBAoTBHRlc3QxDTALBgNVBAsTBHRlc3QxEjAQBgNVBAMT\nCWNjbXFhLmNvbTEVMBMGCSqGSIb3DQEJARYGdGVzdEB0MIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAul8SGkicOnrMjJDvgG8P2j1Ee5hY6ww+qSoe0oI2\ntvRcLBknPHMMAkxTjW9fy80wD8hyrnc+IGlQcq2R/tEMIJHRsJD603M+2FjAwlP9\n8xtiqv0hMyHO4fEt+HMyy8Q367aTBmnZCuAxJZJapfFW9wH5jGZxuX8mnrXVsBTD\n4ZBO4UFd9P4u8P0nJx80CiuDt4COSDl6Br4pNLciPVqfwj7LQ5/skwPkNCggk3/G\nxoQX/3FV7O4fC6WCxVP1uYjJVQjlD1Tf06hPNfonVfThVuP20OL3QAlnIF3lZiyY\nJ5etdFtu+BKcPNMdQDJOS/O4Zz0YJn6K2HdAXSc1YxYniwIDAQABoCkwJwYJKoZI\nhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQsF\nAAOCAQEAVJVTTELGHWoRh8JZt+kx/zO0VnibBq/D6uB405L+Ir80X48Ei9hTLB11\nAqhSBE+AbEgBhRnEIDBjiXEDcWvC532Omex721kc17ZTzowuD8lOjfQkTHbAmjIi\nnCQNFAPf0D/zpi6Eync5pi2P//Uj/Yn7oDYYli1t61EZwuQyEu4mbQ1efUnU/SOl\nAAQtDPhNwATZPmfefjM8+YuzhG70dQvmFAClcFayKM92Zx9khDd/VnLT85YzDULJ\n8iiHW8dZNblaTsUjKrc73iX2hONZIxw6B3tGCFs8mH9lZlExV7Y2er3t/lO1pdxe\nSUohEELWcttIxyWnYgxvwaWX4lfx9A==\n-----END CERTIFICATE REQUEST-----","certType":5254,"term":365,"customFields":[],"commonName":"Common name","upn":null,"eppn":null,"comments":"S/MIME comment string"}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Unique ID for certificate. This ID should be used for certificate operations. |
|
|
Obsolete parameter for the order identifier under which the certificate request has been processed. BackendCertId should be used instead. |
|
|
Certificate ID in enrolling backend |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 52
{"id":1,"orderNumber":12345,"backendCertId":"12345"}Collect client certificate
Delivering the newly issued Client certificate from CA to the administrator for download.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Query parameters
| Parameter | Description |
|---|---|
|
Format type for certificate. Allowed values: 'x509' - for Certificate (w/ chain), PEM encoded, 'x509CO' - for Certificate only, PEM encoded, 'base64' - for PKCS#7, PEM encoded, 'bin' - for PKCS#7, 'x509IO' - for Root/Intermediate(s) only, PEM encoded, 'x509IOR' - for Intermediate(s)/Root only, PEM encoded, 'pem' - for Certificate (w/ chain), PEM encoded, 'pemco' - for Certificate only, PEM encoded, 'pemia' - for Certificate (w/ issuer after), PEM encoded, 'x509R' - for Certificate (w/ chain), PEM encoded |
Example request
$ curl 'https://cert-manager.com/api/smime/v2/collect/1?format=base64' -i -X GET \
-H 'login: admin_customer1091' \
-H 'password: Password123!' \
-H 'customerUri: cst1091'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="test_example_com.p7b"Collect client certificate by backend certificate ID
Delivering the newly issued Client certificate from CA to the administrator for download. The certificate is defined by its backend ID.
Path parameters
| Parameter | Description |
|---|---|
|
Backend certificate ID |
Query parameters
| Parameter | Description |
|---|---|
|
Format type for certificate. Allowed values: 'x509' - for Certificate (w/ chain), PEM encoded, 'x509CO' - for Certificate only, PEM encoded, 'base64' - for PKCS#7, PEM encoded, 'bin' - for PKCS#7, 'x509IO' - for Root/Intermediate(s) only, PEM encoded, 'x509IOR' - for Intermediate(s)/Root only, PEM encoded, 'pem' - for Certificate (w/ chain), PEM encoded, 'pemco' - for Certificate only, PEM encoded, 'pemia' - for Certificate (w/ issuer after), PEM encoded, 'x509R' - for Certificate (w/ chain), PEM encoded |
Example request
$ curl 'https://cert-manager.com/api/smime/v2/collect/order/12345?format=base64' -i -X GET \
-H 'login: admin_customer1094' \
-H 'password: Password123!' \
-H 'customerUri: cst1094'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="test_example_com.p7b"Download P12 client certificate
Path parameters
| Parameter | Description |
|---|---|
|
Client certificate ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
encryptionType |
String |
Encryption type for the keystore. Allowed values: AES256-SHA256, TripleDES-SHA1. Default AES256-SHA256 |
|
passphrase |
String |
Keystore passphrase |
Example request
$ curl 'https://cert-manager.com/api/smime/v1/keystore/1' -i -X POST \
-H 'Content-Type: application/json' \
-H 'login: admin_customer1019' \
-H 'password: Password123!' \
-H 'customerUri: cst1019' \
-d '{"passphrase":"12345678"}
'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="key_vault.p12"
Content-Length: 20
[ BINARY BODY HERE ]Manage client certificate
Update client certificate details
Update client certificate.
Path parameters
| Parameter | Description |
|---|---|
|
Client certificate ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
customFields |
Array |
Custom fields |
[] |
customFields[].name |
String |
Custom field name |
[Must not be null, Size must be between 1 and 256 inclusive] |
customFields[].value |
String |
Custom field value. For input type 'DATE' format is yyyy-MM-dd |
[Must not be null, Maximum length is 256 characters or can be empty] |
comments |
String |
Comments |
[Maximum length is 1024 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/smime/v1/216' -i -X PUT \
-H 'Content-Type: application/json' \
-H 'login: admin_customer1084' \
-H 'password: Password123!' \
-H 'customerUri: cst1084' \
-d '{
"customFields": [{"name": "test", "value": "value"}],
"comments": "client certificate"
}
'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Certificate common name |
|
|
An ID using which this certificate can be renewed or revoked using API as well as through Enrollment form |
|
|
Certificate subtype |
|
|
An organization which this certificate is associated with |
|
|
The status of this certificate |
|
|
Certificate ID in enrolling backend |
|
|
Information about Certificate Profile this certificate was enrolled from |
|
|
Certificate Profile ID |
|
|
Use secondary organization name |
|
|
Certificate Profile name |
|
|
Certificate Profile description |
|
|
Terms (in days) available for the Certificate Profile |
|
|
Key types available for the Certificate Profile |
|
|
Term (days) |
|
|
Requested Via. Possible values: 'Admin Enroll', 'Self Enroll', 'API Enroll', 'Auto Enroll', 'CSV Enroll', 'SCEP Enroll', 'IdP Enroll', 'MS Agent Enroll', 'Discovery', 'MS CA Enroll', 'Imported', 'EST Enroll', 'REST Enroll API' |
|
|
Requested date |
|
|
Issued date |
|
|
Expiration date |
|
|
Revocation date |
|
|
Revocation reason code provided on revoke to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
|
|
SSL Serial Number |
|
|
Signature Algorithm |
|
|
Key algorithm (deprecated, see "keyType") |
|
|
Key size (deprecated, see "keyType") |
|
|
Key type. For example: RSA - 2048, EC - P-256. |
|
|
Key Usages |
|
|
Extended Key Usages |
|
|
Certificate signing request details |
|
|
Certificate signing request (Base64-encoded) |
|
|
The MD5 hash of CSR |
|
|
The SHA1 hash of CSR |
|
|
The SHA256 hash of CSR |
|
|
Subject alternative names |
|
|
Custom fields |
|
|
Custom field name |
|
|
Custom field value |
|
|
Certificate details |
|
|
The subject of the issuing CA certificate |
|
|
The subject of CA certificate |
|
|
The subject alternative names of the issuing CA certificate |
|
|
The MD5 fingerprint of CA certificate |
|
|
The SHA1 fingerprint of CA certificate |
|
|
The SHA256 fingerprint of CA certificate |
|
|
Suspend Notifications for the certificate |
|
|
Certificate comments |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1739
{"commonName":"Tester","id":216,"orgId":9233,"status":"created","backendCertId":"1","certType":{"id":5320,"name":"High Persona Validated Cert","terms":[365,730],"keyTypes":{"RSA":["1024","2048","4096"]},"useSecondaryOrgName":false},"subType":"Private","term":0,"requestedVia":"Self Enroll","comments":"client certificate","requested":"12/04/2025","keyAlgorithm":"RSA","keySize":2048,"keyType":"RSA - 2048","customFields":[{"name":"test","value":"value"}],"certificateDetails":{},"suspendNotifications":false,"csrDetails":{"sha1Hash":"9B802A7197F02164581E29D8E3F4B7FA060CCE1F","md5Hash":"C594BBB2919E6939FDC221479EA2082D","sha256Hash":"2CF6FEA3F4B1400EC45FD3789A7D83C90F3ABCB196245425FD6A9EAFC77C51E5","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICtDCCAZwCAQAwbzELMAkGA1UEBhMCY24xCTAHBgNVBAgTADEJMAcGA1UEBxMA\nMQkwBwYDVQQKEwAxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEc\nMBoGA1UEAxMTZWdyZXQudGVjYWQuZnN1LmVkdTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBAI+4q/kdBTtGOxYMqIwtpDGJusbupt670DHasaGyOJBr5eIP\nxbWOtInA3R3LkhUUZxEaBDCW3TGy+0MnHVEE+EBop7tBSFQoCCntqwxMNSRMwuH3\n1Ha3LjWqtHvBrMRdmxqSA0njjz7o+SBxgE3RCfnxXk82/KKWxJB2Kz7y7qE3lssv\npAcdIch3/s3RKpIv7/ktQTjRZIikcR79SGDVtP5kcsbzz8uAYM5Y2az7k/Gas807\n1pTjpRGBH7ujWF4s7HLUcXk+dgzPzu1IMOlVeH560e9ESa1BRlQHxul+YFcC9PBO\n0ArFH02Y3ntKk7MTuffL4EvoXuZ13s5t1oi8P/0CAwEAAaAAMA0GCSqGSIb3DQEB\nBQUAA4IBAQAHhe0DxjBYktySw5R0ISt5H6g1mMrdMpili0FfyDK2yOmbLfIB64Lq\n5HWpN+rxTNqGVwTW6NpRJHbuDIH5kCkw7COBvBC+/chIJ2EC6EGUDvXjgqCQ5GhH\nxaa8nPq8aaZzD59XP5UKMIKFNUV71wiQzDbu1J8E9mPKQeDhxb+in1PXq75G9ZDw\nYwnMsYc4N0zecKZqToMEA3OfrUpkCD+Ndkovg7P4mH3YWhTB/DAQ1dsL5rpTyao/\n1DEMfSlUeMlQpGIrNi1PTTou1FIb1EMzW6W41u3f49nTxnYc/H6tslCwO6B24Npe\npURpTWiaiH9WrA8ED40wT81vjSj2bvaW\n-----END CERTIFICATE REQUEST-----"}}Renew client certificate
Submission of a request for a new Client certificate using the CSR and parameters of the initial Client certificate.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Example request
$ curl 'https://cert-manager.com/api/smime/v1/renew/1' -i -X POST \
-H 'login: admin_customer1056' \
-H 'password: Password123!' \
-H 'customerUri: cst1056' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Unique ID for certificate. This ID should be used for certificate operations. |
|
|
Obsolete parameter for the order identifier under which the certificate request has been processed. BackendCertId should be used instead. |
|
|
Cert ID in enrolling backend |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 52
{"id":1,"orderNumber":12345,"backendCertId":"12345"}Renew client certificate by backend certificate ID
Submission of a request for a new Client certificate using the CSR and parameters of the initial Client certificate. The initial certificate is defined by its backend ID.
Path parameters
| Parameter | Description |
|---|---|
|
Backend certificate ID. |
Example request
$ curl 'https://cert-manager.com/api/smime/v2/renew/order/12345' -i -X POST \
-H 'login: admin_customer1178' \
-H 'password: Password123!' \
-H 'customerUri: cst1178' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Unique ID for certificate. This ID should be used for certificate operations. |
|
|
Obsolete parameter for the order identifier under which the certificate request has been processed. BackendCertId should be used instead. |
|
|
Cert ID in enrolling backend |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 52
{"id":1,"orderNumber":12345,"backendCertId":"12345"}Renew client certificate by serial number
Submission of a request for a new Client certificate using the CSR and parameters of the initial Client certificate. The initial certificate is defined by its serial number.
Path parameters
| Parameter | Description |
|---|---|
|
Serial number. |
Example request
$ curl 'https://cert-manager.com/api/smime/v2/renew/serial/test:serial' -i -X POST \
-H 'login: admin_customer1181' \
-H 'password: Password123!' \
-H 'customerUri: cst1181' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Unique ID for certificate. This ID should be used for certificate operations. |
|
|
Obsolete parameter for the order identifier under which the certificate request has been processed. BackendCertId should be used instead. |
|
|
Cert ID in enrolling backend |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 52
{"id":1,"orderNumber":12345,"backendCertId":"12345"}Revoke client certificate
Sending a request to CA to add the particular Client certificate in certificate revocation list.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
reasonCode |
Number |
Revocation reason code to be put to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
[Allowed ranges 0,1 and 3-5] |
reason |
String |
Short message explaining why certificate needs to be revoked |
[Maximum length is 512 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/smime/v1/revoke/1' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer1059' \
-H 'password: Password123!' \
-H 'customerUri: cst1059' \
-H 'Accept: application/json' \
-d '{"reasonCode":0,"reason":"my reason"}'Example response
HTTP/1.1 204 No ContentRevoke client certificate by backend certificate ID
Sending a request to CA to add the particular Client certificate in certificate revocation list. The certificate is defined by its backend ID.
Path parameters
| Parameter | Description |
|---|---|
|
Backend certificate ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
reasonCode |
Number |
Revocation reason code to be put to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
[Allowed ranges 0,1 and 3-5] |
reason |
String |
Short message explaining why certificate needs to be revoked |
[Maximum length is 512 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/smime/v1/revoke/order/12345' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer1065' \
-H 'password: Password123!' \
-H 'customerUri: cst1065' \
-H 'Accept: application/json' \
-d '{"reasonCode":0,"reason":"my reason"}'Example response
HTTP/1.1 204 No ContentRevoke client certificate by serial number
Sending a request to CA to add the Client certificate under the particular serial number in certificate revocation list.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate serial number |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
reasonCode |
Number |
Revocation reason code to be put to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
[Allowed ranges 0,1 and 3-5] |
reason |
String |
Short message explaining why certificate needs to be revoked |
[Maximum length is 512 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/smime/v1/revoke/serial/test:serial' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer1081' \
-H 'password: Password123!' \
-H 'customerUri: cst1081' \
-H 'Accept: application/json' \
-d '{"reasonCode":1,"reason":"my reason"}'Example response
HTTP/1.1 204 No ContentRevoke all client certificates related to email
Sending a request to CA to add all Client certificates issued for the person with the particular email address in certificate revocation list.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
reasonCode |
Number |
Revocation reason code to be put to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
[Allowed ranges 0,1 and 3-5] |
reason |
String |
Short message explaining why certificate needs to be revoked |
[Maximum length is 512 characters or can be empty] |
String |
Person e-mail address |
Example request
$ curl 'https://cert-manager.com/api/smime/v1/revoke' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer1062' \
-H 'password: Password123!' \
-H 'customerUri: cst1062' \
-H 'Accept: application/json' \
-d '{"reasonCode":0,"reason":"my reason","email":"test@email"}'Example response
HTTP/1.1 204 No ContentManual Revoke client certificate by Id or serial number + issuer
Mark certificate as revoked. The certificate is not revoked on CA side.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
certId |
Number |
Certificate ID. Required if |
Must be present if serialNumber and issuer are not provided |
serialNumber |
Number |
Certificate serial number. Required if |
Must be present with issuer if certId is not provided |
issuer |
Number |
Certificate issuer. Required if |
Must be present with serialNumber if certId is not provided |
revokeDate |
String |
Certificate revoke date |
[] |
reasonCode |
Number |
Revocation reason code to be put to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
[Allowed ranges 0,1 and 3-5] |
Example request
$ curl 'https://cert-manager.com/api/smime/v1/revoke/manual' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer1038' \
-H 'password: Password123!' \
-H 'customerUri: cst1038' \
-d '{"certId":1,"serialNumber":null,"issuer":null,"revokeDate":"2025-06-10T00:00:00Z","reasonCode":4}'Example response
HTTP/1.1 204 No ContentDelete client certificate
Submission of a request for deleting Client certificate for a given Id.
| Only imported or discovered certificates can be deleted. |
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID. |
Example request
$ curl 'https://cert-manager.com/api/smime/v1/213' -i -X DELETE \
-H 'login: admin_customer1012' \
-H 'password: Password123!' \
-H 'customerUri: cst1012'Example response
HTTP/1.1 204 No ContentImport client certificates to SCM
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
[] |
Array |
Certificates to import |
Should not be empty, maximum size is 128 |
[].orgID |
Number |
Organization ID |
[Must be at least 1, Must not be null] |
[].customFields |
Array |
List of custom certificate fields |
[] |
[].customFields[].name |
String |
Custom field name |
[] |
[].customFields[].value |
String |
Custom field value |
[] |
[].backendCertId |
String |
Backend certificate identifier |
[Maximum length is 255 characters or can be empty] |
[].cert |
String |
DER (Base64) certificate |
[Must not be empty] |
[].csr |
String |
DER (Base64) Certificate Signing Request |
[] |
[].comments |
String |
Additional comments |
[Maximum length is 1024 characters or can be empty] |
[].force |
Boolean |
Force alter editable certificate fields event if certificate is already exists. |
[] |
Example request
$ curl 'https://cert-manager.com/api/smime/v2/import' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer1146' \
-H 'password: Password123!' \
-H 'customerUri: cst1146' \
-d '[{"orgID":9255,"customFields":[{"name":"testName","value":"testValue"}],"backendCertId":"1234567890DFa","cert":"MIIECjCCA5CgAwIBAgIQfTldecXEba+DnvFWPQMZYzAKBggqhkjOPQQDAjBmMQswCQYDVQQGEwJVQTEWMBQGA1UECBMNT2Rlc2thIG9ibGFzdDEPMA0GA1UEBxMGT2Rlc3NhMRIwEAYDVQQKEwlBZHYuQ3VzdDIxGjAYBgNVBAMTEUFkdi5DdXN0MiBSb290IENBMB4XDTI0MDUxNTE3Mjg0OFoXDTI1MDUxNTE3Mjg0OFowTDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FsYWJhbWExETAPBgNVBAoTCEFkdmFuY2VkMRgwFgYDVQQDEw9SdXNsYW4gU2hpcG9zaGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClKHtE9Bbtge/cWYAWr+/JJ0X7Vm3ReQmTunfEG4n9xTN4gvqypPHu05mCw/Ez3tr5939RnvfX/FJGAz/vHat2GtmSZaTOLJl8U9kTb/bCSJx9E8W90Lg6Go1WBItiZm0EmWQECtZfwx4vd12KqZCo3uQD83DqS4mwg5h25NmelLm8Rctfq/+Mk+/iAQIeaN8u5X97lxjXz6qAUa8sQTPP0zhHUfiN0v6yX3GHssbYAhoRFwUkKRDRgJPglRT9sq082u68FOAT5O5ri2+2v8CTO3aQk6CSXNOmSgKS/gTOBixfIpUYlCNx3bryhUyA1ZMAy4Kc+YOTCHJfsWRwbO51AgMBAAGjggFtMIIBaTAfBgNVHSMEGDAWgBSJ87Jc1mpY1qM60+FxgUHI721OsDAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2NybC5kZXYuc2VjdGlnby5uZXQ6ODA4MC9BZHZhbmNlZFByaXZhdGVDQTIuY3JsMIGABggrBgEFBQcBAQR0MHIwQgYIKwYBBQUHMAKGNmh0dHA6Ly9jcnQuZGV2LnNlY3RpZ28ubmV0OjgwODAvQWR2YW5jZWRQcml2YXRlQ0EyLmNydDAsBggrBgEFBQcwAYYgaHR0cDovL29jc3AuZGV2LnNlY3RpZ28ubmV0OjgwODAwIQYDVR0RBBowGIEWc29tZW9uZWxpa2V1QGNjbXFhLmNvbTAdBgNVHQ4EFgQUGtwJd4SdJ8ndenHBTYZym1iRxZ4wCgYIKoZIzj0EAwIDaAAwZQIwYnQ1SwG/xS1R+pOq5TgNvId/HBF9BaEREyY7y31RACjHyf4yN/1D5m5Y2NWxQRxmAjEAv8LHLQYknt0v+is3C9qvPTkRos3zPZllKyEnv9VKRuYLr2RUY4liHVZN7jM81e4D","csr":"MIICqzCCAZMCAQAwZjELMAkGA1UEBhMCY24xDzANBgNVBAgTBmJlaWppbjEQMA4GA1UEBxMHYmVpamluZzEPMA0GA1UEChMGQ09NT0RPMRAwDgYDVQQLEwdkZXZlbG9wMREwDwYDVQQDDAgqLmNtLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJxrVE6cqSTe+jOsyYjBNw+5uZeDdu37bRgw6qQo2uSFhOhXyhsxcb0zaitpjNYLsEc4fp0YzNYrqzmIHK7HpgHgg9N9CVr0m2O/RlV761s257expajU1vYzVDIt/levLkOJe96++tOFOQ+6hrFnI2YWKxLdE+X0F7tGrDgkV2xXhW7qbw32C2kRyui3KvgoJ0Mwtwe0Gp6VVN61oNoinf5F/O8MGMFmM4TaRgSTcvWIJvrfuMTmHi9S918LfQRrFGfDKNX49iS8oWT7SVBmLxjcEqIsTfCFo9rg/aP8elS3kRFBH8fTNUPjcOCa/Km6JoIM4C/KEro6uraXAbl+QhMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBvyheU7vn+VCQJz8OHVD2r9c79KETEeaTMIvnTjGECd3RlXXErcFxuvFJYtTyiNZwzyRi7Q4IBp8g41UYRsBsMim0ioQdW9cIIMMn0oY7oAuQt6eM77iOd/bWhpGAPKe6rG8vadA6nF+hPIPEkqIlfWYNc/ZarvXr2UPNmYdv/skDi9PQUlzB1xOWQUO3Li+QYZWuE3UjLDNCoh5uTY5UMn/K+Ej8fDDz4mc4zZQQf3mASZcMEv75pqfEiRY1zUUPLLT5vUZ5yh32DG8mm+X5Gkr1xQNYGAUymxTdG2ct2t3xxLjGmRABxPvGNIrIefboyLma9Yd0GBOtrexsNzbUI","comments":"Test comments","force":true}]'Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of import results |
|
|
Indicates whether the certificate import was successful or not |
|
|
CA backend certificate ID |
|
|
Client certificate information |
|
|
Client certificate ID |
|
|
Client certificate Subject |
|
|
Client certificate Serial Number |
|
|
Indicates if the certificate was created during the import process. If false, it means the certificate already existed in the system. |
|
|
Error message with details of the failed import. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 194
[{"successful":true,"backendCertId":"1234567890DFa","cert":{"id":221,"subject":"CN=Ruslan Shiposha,O=Advanced,ST=Alabama,C=US","serialNumber":"7D395D79C5C46DAF839EF1563D031963"},"created":true}]The response array element can be error message:
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of import results |
|
|
Indicates whether the certificate import was successful or not |
|
|
CA backend certificate ID |
|
|
Client certificate information |
|
|
Client certificate Subject |
|
|
Client certificate Serial Number |
|
|
Error message with details of the failed import. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 328
[{"successful":false,"cert":{"subject":"CN=*.stackexchange.com,O=Stack Exchange, Inc.,L=New York,ST=NY,C=US","serialNumber":"E11BBD70D54B710D0C6F540B6B52CA4"},"errorMessage":"Certificate under serial number ''E11BBD70D54B710D0C6F540B6B52CA4'' cannot be managed as a certificate of ''Client cert'' type. CN must contain email."}]Device Certificates
Used to perform operations on device certificates.
Device certificate helper APIs
List device certificate Profiles
List device certificate profiles, previously known as a certificate type. An enrollment request will require the certificate profile be specified.
Query parameters
| Parameter | Description |
|---|---|
|
Filter by Organization ID (optional) |
Example request
$ curl 'https://cert-manager.com/api/device/v1/types?organizationId=10902' -i -X GET \
-H 'login: admin_customer5666' \
-H 'password: Password123!' \
-H 'customerUri: cst5666' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
An array of available certificate profiles |
|
|
Certificate Profile ID |
|
|
Certificate Profile name |
|
|
Certificate Profile description |
|
|
First available term (in days) for the Certificate Profile |
|
|
Use secondary organization name |
|
|
Terms (in days) available for the Certificate Profile |
|
|
Key types available for the Certificate Profile |
|
|
Key Usages available for the Certificate Profile |
|
|
Extended Key Usages available for the Certificate Profile |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 276
[{"id":5984,"name":"Device cert SASP 277931466","description":"Description for Device cert SASP 277931466","terms":[365],"keyTypes":{"RSA":["1024","2048","4096"]},"useSecondaryOrgName":false,"term":365,"ku":["Digital Signature","Non repudiation"],"eku":["1.3.6.1.5.5.7.3.2"]}]List device certificate custom fields
List device certificate custom fields. An enrollment require will require all mandatory custom fields be specified.
Example request
$ curl 'https://cert-manager.com/api/device/v1/customFields' -i -X GET \
-H 'login: admin_customer5670' \
-H 'password: Password123!' \
-H 'customerUri: cst5670' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
An array of custom fields |
|
|
Custom field ID |
|
|
Custom field name |
|
|
Is field mandatory |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 51
[{"id":436,"name":"custom field","mandatory":true}]Device certificate locations
List device certificate locations
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Example request
$ curl 'https://cert-manager.com/api/device/v1/344/location' -i -X GET \
-H 'Content-Type: application/json' \
-H 'login: admin_customer5680' \
-H 'password: Password123!' \
-H 'customerUri: cst5680'Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of Device Certificate Locations |
|
|
Location ID |
|
|
Location Type |
|
|
Location Name (optional) |
|
|
Location Details |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 152
[{"id":186,"locationType":"CUSTOM","name":"","details":{"location1":"PC"}},{"id":187,"locationType":"CUSTOM","name":"","details":{"location2":"Phone"}}]Create custom location for device certificate
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
details |
Object |
Location details in key-value format that should be applied. |
Example request
$ curl 'https://cert-manager.com/api/device/v1/329/location' -i -X POST \
-H 'Content-Type: application/json' \
-H 'login: admin_customer5634' \
-H 'password: Password123!' \
-H 'customerUri: cst5634' \
-d '{"details":{"device":"Tablet"}}'Response headers
| Name | Description |
|---|---|
|
URL location of the created certificate location entity |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/device/v1/329/location/183Get details of device certificate’s custom location
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
|
Location ID |
Example request
$ curl 'https://cert-manager.com/api/device/v1/342/location/185' -i -X GET \
-H 'Content-Type: application/json' \
-H 'login: admin_customer5674' \
-H 'password: Password123!' \
-H 'customerUri: cst5674'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Location ID |
|
|
Location Type |
|
|
Location Name (optional) |
|
|
Location Details |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 73
{"id":185,"locationType":"CUSTOM","name":"","details":{"Device":"Phone"}}Update device certificate’s custom location
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
|
Location ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
details |
Object |
Location details in key-value format that should be applied. |
Example request
$ curl 'https://cert-manager.com/api/device/v1/388/location/188' -i -X PUT \
-H 'Content-Type: application/json' \
-H 'login: admin_customer5819' \
-H 'password: Password123!' \
-H 'customerUri: cst5819' \
-d '{"details":{"device":"Laptop"}}'Example response
HTTP/1.1 200 OKDelete device certificate’s custom location
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
|
Location ID |
Example request
$ curl 'https://cert-manager.com/api/device/v1/334/location/184' -i -X DELETE \
-H 'login: admin_customer5646' \
-H 'password: Password123!' \
-H 'customerUri: cst5646'Example response
HTTP/1.1 204 No ContentView device certificates
List device certificates
List all device certificates that match the requested filter.
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
the first position (entry) to return from the results of the query |
|
Filter by certificate common name |
|
Filter by certificate requester email |
|
Filter by certificate status. Possible values: , 'REQUESTED', 'APPROVED', 'DECLINED', 'APPLIED', 'ISSUED', 'DOWNLOADED' - deprecated, 'EXPIRED', 'REVOKED', 'REJECTED', 'AWAITING_APPROVAL' - deprecated (falls back to 'REQUESTED', please use new status instead) |
|
Filter by certificate organization ID |
|
Filter by certificate profile ID |
|
Filter by certificate serial number |
|
Deprecated Filter by ID of certificate in the enrolling backend. Should not be used for certificate operations but will work during migration phase. |
|
Filter by certificate signature algorithm |
|
Filter by certificate public key algorithm |
|
Filter by certificate public key size or curve name |
|
Filter by certificate key usage |
|
Filter by certificate extended key Usage |
Example request
$ curl 'https://cert-manager.com/api/device/v1?size=10&position=0&commonName=34356576543tnl54hgnu49u90g&email=Someone%40nobody.sectigo.com&status=APPROVED&certTypeId=5995' -i -X GET \
-H 'login: admin_customer5716' \
-H 'password: Password123!' \
-H 'customerUri: cst5716'Response headers
| Name | Description |
|---|---|
|
Contains total number of device certificates available according to the filtering applied |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of requested device certificates |
|
|
Unique ID for certificate. Known as deviceCertId in some methods. This ID should be used for certificate operations. |
|
|
ID of certificate in the enrolling backend. Should not be used for certificate operations but will work during migration phase. |
|
|
Certificate status |
|
|
Certificate details |
|
|
The subject of the issuing CA certificate |
|
|
The subject of CA certificate |
|
|
The subject alternative names of the issuing CA certificate |
|
|
The MD5 fingerprint of CA certificate |
|
|
The SHA1 fingerprint of CA certificate |
|
|
The SHA256 fingerprint of CA certificate |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json
Content-Length: 154
[{"id":356,"status":"APPROVED","backendCertId":"5719","certificateDetails":{"subject":"C=UA,ST=Odessa,L=Odessa,O=Test,OU=Test,CN=Test,E=test@test.test"}}]Count device certificates
Count all device certificates that match the requested filter.
Query parameters
| Parameter | Description |
|---|---|
|
Filter by certificate common name |
|
Filter by certificate requester email |
|
Filter by certificate status. Possible values: ', 'REQUESTED', 'APPROVED', 'DECLINED', 'APPLIED', 'ISSUED', 'DOWNLOADED' - deprecated, 'EXPIRED', 'REVOKED', 'REJECTED', 'AWAITING_APPROVAL' - deprecated (falls back to 'REQUESTED', please use new status instead)' |
|
Filter by certificate organization ID |
|
Filter by certificate profile ID |
|
Filter by certificate serial number |
|
Deprecated Filter by ID of certificate in the enrolling backend. Should not be used for certificate operations but will work during migration phase. |
|
Filter by certificate signature algorithm |
|
Filter by certificate public key algorithm |
|
Filter by certificate public key size or curve name |
|
Filter by certificate key usage |
|
Filter by certificate extended key Usage |
Example request
$ curl 'https://cert-manager.com/api/device/v1?commonName=34356576543tnl54hgnu49u90g&orgId=10884&status=APPROVED' -i -X HEAD \
-H 'login: admin_customer5630' \
-H 'password: Password123!' \
-H 'customerUri: cst5630' \
-H 'Content-Type: application/x-www-form-urlencoded'Response headers
| Name | Description |
|---|---|
|
Contains total number of device certificates available according to the filtering applied |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1Get device certificate details
Get device certificate details.
Path parameters
| Parameter | Description |
|---|---|
|
Unique ID for certificate. |
Example request
$ curl 'https://cert-manager.com/api/device/v1/322' -i -X GET \
-H 'login: admin_customer5610' \
-H 'password: Password123!' \
-H 'customerUri: cst5610'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Certificate common name |
|
|
Unique ID for certificate. Known as deviceCertId in some methods. This ID should be used for certificate operations. |
|
|
An organization which this certificate is associated with |
|
|
The status of this certificate |
|
|
Deprecated. Old numeric form of backendCertId. backendCertId is new field but should not be used for certificate operations. |
|
|
ID of certificate in the enrolling backend. Should not be used for certificate operations but will work during migration phase. |
|
|
Certificate signing request details |
|
|
Certificate signing request (Base64-encoded) |
|
|
The MD5 hash of CSR |
|
|
The SHA1 hash of CSR |
|
|
The SHA256 hash of CSR |
|
|
Information about Certificate Profile this certificate was enrolled from |
|
|
Certificate Profile ID |
|
|
Use secondary organization name |
|
|
Certificate Profile name |
|
|
Certificate Profile description |
|
|
Terms (in days) available for the Certificate Profile |
|
|
Key types available for the Certificate Profile |
|
|
Term (days) |
|
|
The approver of the request for this certificate |
|
|
Requester |
|
|
Requested date |
|
|
Approved date |
|
|
Expiration date |
|
|
Key algorithm (deprecated, see "keyType") |
|
|
Key size (deprecated, see "keyType") |
|
|
Key type. For example: RSA - 2048, EC - P-256. |
|
|
SSL Serial Number |
|
|
Certificate comments |
|
|
Custom fields |
|
|
Custom field name |
|
|
Custom field value |
|
|
Certificate details |
|
|
The subject of the issuing CA certificate |
|
|
The subject of CA certificate |
|
|
The subject alternative names of the issuing CA certificate |
|
|
The MD5 fingerprint of CA certificate |
|
|
The SHA1 fingerprint of CA certificate |
|
|
The SHA256 fingerprint of CA certificate |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1899
{"commonName":"34356576543tnl54hgnu49u90g","id":322,"orgId":10874,"status":"Approved","orderNumber":5613,"backendCertId":"5613","certType":{"id":5970,"name":"Test device type","description":"Device cert profile","terms":[365],"keyTypes":{"RSA":["1024","2048","4096"]},"useSecondaryOrgName":false},"term":365,"requester":"Someone@nobody.sectigo.com","comments":"Device certificate comment string","requested":"12/04/2025","expires":"12/04/2026","keyAlgorithm":"RSA","keySize":2048,"keyType":"RSA - 2048","certificateDetails":{"subject":"C=UA,ST=Odessa,L=Odessa,O=Test,OU=Test,CN=Test,E=test@test.test"},"csrDetails":{"sha1Hash":"38BE9C4E235B01173E22C3F306745F2DC6E6CB6C","md5Hash":"F5D99D2EF46BE3C6938D07C880A7D5F6","sha256Hash":"EB7AE0A4B0621592821A0D0191D946A20B1376B4ECDC39E2AB05E74AD0B2BBF6","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIIC4jCCAcoCAQAwdDELMAkGA1UEBhMCVUExDTALBgNVBAgTBHRlc3QxDTALBgNV\nBAcTBHRlc3QxDTALBgNVBAoTBHRlc3QxDTALBgNVBAsTBHRlc3QxEjAQBgNVBAMT\nCWNjbXFhLmNvbTEVMBMGCSqGSIb3DQEJARYGdGVzdEB0MIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAul8SGkicOnrMjJDvgG8P2j1Ee5hY6ww+qSoe0oI2\ntvRcLBknPHMMAkxTjW9fy80wD8hyrnc+IGlQcq2R/tEMIJHRsJD603M+2FjAwlP9\n8xtiqv0hMyHO4fEt+HMyy8Q367aTBmnZCuAxJZJapfFW9wH5jGZxuX8mnrXVsBTD\n4ZBO4UFd9P4u8P0nJx80CiuDt4COSDl6Br4pNLciPVqfwj7LQ5/skwPkNCggk3/G\nxoQX/3FV7O4fC6WCxVP1uYjJVQjlD1Tf06hPNfonVfThVuP20OL3QAlnIF3lZiyY\nJ5etdFtu+BKcPNMdQDJOS/O4Zz0YJn6K2HdAXSc1YxYniwIDAQABoCkwJwYJKoZI\nhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQsF\nAAOCAQEAVJVTTELGHWoRh8JZt+kx/zO0VnibBq/D6uB405L+Ir80X48Ei9hTLB11\nAqhSBE+AbEgBhRnEIDBjiXEDcWvC532Omex721kc17ZTzowuD8lOjfQkTHbAmjIi\nnCQNFAPf0D/zpi6Eync5pi2P//Uj/Yn7oDYYli1t61EZwuQyEu4mbQ1efUnU/SOl\nAAQtDPhNwATZPmfefjM8+YuzhG70dQvmFAClcFayKM92Zx9khDd/VnLT85YzDULJ\n8iiHW8dZNblaTsUjKrc73iX2hONZIxw6B3tGCFs8mH9lZlExV7Y2er3t/lO1pdxe\nSUohEELWcttIxyWnYgxvwaWX4lfx9A==\n-----END CERTIFICATE REQUEST-----"}}Enroll device certificate
Request device certificate
Creation and submission of a request for a new Device certificate.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
orgId |
Number |
Organization ID |
'Must be at least 1,Must not be null' |
csr |
String |
Certificate signing request |
'Must match the regular expression |
certType |
Number |
Certificate Profile ID |
'Must be at least 1,Must not be null' |
term |
Number |
Certificate validity period in days |
'Must be at least 1' |
comments |
String |
Certificate comments |
[Maximum length is 1024 characters or can be empty] |
customFields[] |
Array |
Custom fields to be applied to requested certificate. Must contain mandatory custom fields. |
|
customFields[].name |
String |
Name of an enabled custom field. |
[] |
customFields[].value |
String |
Value of the custom field. For input type 'DATE' format is yyyy-MM-dd |
[] |
optionalFields[] |
Array |
Optional fields to be applied to requested certificate |
[] |
optionalFields[].name |
String |
Name of supported optional field. |
Must be one of the following values: [commonName, surname, countryName, localityName, stateOrProvinceName, streetAddress, organizationName, organizationalUnitName, title, description, postalCode, postOfficeBox, telephoneNumber, givenName, initials, emailAddress, DocumentoNacionaldeIdentidad, serialNumber, SIRENE, collectionEmailAddress, rfc822Name, subjectUniqueIdentifier, uniqueIdentifier, PermIdAscentMediaNetSecDept, PermIdAscentMediaEngHomeNet, sAMAccountName, userId, userPrincipalName, unstructuredName, domainComponent, dnsName, servicePrincipalName, eeSID] |
optionalFields[].value |
String |
Value of the optional field. |
[] |
Example request
$ curl 'https://cert-manager.com/api/device/v1/enroll' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5652' \
-H 'password: Password123!' \
-H 'customerUri: cst5652' \
-d '{"orgId":10896,"term":365,"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIIC4jCCAcoCAQAwdDELMAkGA1UEBhMCVUExDTALBgNVBAgTBHRlc3QxDTALBgNV\nBAcTBHRlc3QxDTALBgNVBAoTBHRlc3QxDTALBgNVBAsTBHRlc3QxEjAQBgNVBAMT\nCWNjbXFhLmNvbTEVMBMGCSqGSIb3DQEJARYGdGVzdEB0MIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAul8SGkicOnrMjJDvgG8P2j1Ee5hY6ww+qSoe0oI2\ntvRcLBknPHMMAkxTjW9fy80wD8hyrnc+IGlQcq2R/tEMIJHRsJD603M+2FjAwlP9\n8xtiqv0hMyHO4fEt+HMyy8Q367aTBmnZCuAxJZJapfFW9wH5jGZxuX8mnrXVsBTD\n4ZBO4UFd9P4u8P0nJx80CiuDt4COSDl6Br4pNLciPVqfwj7LQ5/skwPkNCggk3/G\nxoQX/3FV7O4fC6WCxVP1uYjJVQjlD1Tf06hPNfonVfThVuP20OL3QAlnIF3lZiyY\nJ5etdFtu+BKcPNMdQDJOS/O4Zz0YJn6K2HdAXSc1YxYniwIDAQABoCkwJwYJKoZI\nhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQsF\nAAOCAQEAVJVTTELGHWoRh8JZt+kx/zO0VnibBq/D6uB405L+Ir80X48Ei9hTLB11\nAqhSBE+AbEgBhRnEIDBjiXEDcWvC532Omex721kc17ZTzowuD8lOjfQkTHbAmjIi\nnCQNFAPf0D/zpi6Eync5pi2P//Uj/Yn7oDYYli1t61EZwuQyEu4mbQ1efUnU/SOl\nAAQtDPhNwATZPmfefjM8+YuzhG70dQvmFAClcFayKM92Zx9khDd/VnLT85YzDULJ\n8iiHW8dZNblaTsUjKrc73iX2hONZIxw6B3tGCFs8mH9lZlExV7Y2er3t/lO1pdxe\nSUohEELWcttIxyWnYgxvwaWX4lfx9A==\n-----END CERTIFICATE REQUEST-----","certType":5980,"customFields":[{"name":"custom field","value":"custom field value"}],"optionalFields":[{"name":"commonName","value":"test.example.com"}],"comments":"Device certificate comment string"}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Unique ID for certificate. This ID should be used for certificate operations. |
|
|
Certificate status. |
|
|
Deprecated. ID of certificate in the enrolling backend. Should not be used for certificate operations but will work during migration phase. |
|
|
Deprecated. Currently identical to deviceCertId for backwards compatibility during migration phase. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 81
{"deviceCertId":335,"status":"APPROVED","backendCertId":"5655","orderNumber":335}Collect device certificate
Delivering the newly issued Device certificate from CA to the administrator for download.
Path parameters
| Parameter | Description |
|---|---|
|
Unique ID for certificate. |
Query parameters
| Parameter | Description |
|---|---|
|
Format type name for certificate. If not specified, PKCS#7 Base64 encoded is default. Allowed values: 'x509R' - for Certificate (w/ chain), PEM encoded, 'x509' - for Certificate (w/ chain), PEM encoded, 'pem' - for Certificate (w/ chain), PEM encoded, 'x509CO' - for Certificate only, PEM encoded, 'pemco' - for Certificate only, PEM encoded, 'x509IO' - for Root/Intermediate(s) only, PEM encoded, 'x509IOR' - for Intermediate(s)/Root only, PEM encoded, 'pemia' - for Certificate (w/ issuer after), PEM encoded, 'base64' - for PKCS#7, PEM encoded, 'bin' - for PKCS#7 |
Example request
$ curl 'https://cert-manager.com/api/device/v1/collect/132132?format=base64' -i -X GET \
-H 'login: admin_customer5614' \
-H 'password: Password123!' \
-H 'customerUri: cst5614'Example response
HTTP/1.1 200 OK
Content-Length: 3218
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="test.cert"
-----BEGIN PKCS7-----
MIIJJQYJKoZIhvcNAQcCoIIJFjCCCRICAQExADALBgkqhkiG9w0BBwGgggj6MIIF
HjCCBAagAwIBAgIQBXQwB2XNLnzRqXF67yXetTANBgkqhkiG9w0BAQsFADCBgzEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKTAnBgNVBAMT
IFRlc3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE3MTEyNzAwMDAw
MFoXDTE4MTEyNzIzNTk1OVowaTELMAkGA1UECxMCSVQxFzAVBgNVBAoTDk15Q29t
cGFueSBMdGQuMQ4wDAYDVQQIEwVZb3JrczENMAsGA1UEBxMEWW9yazELMAkGA1UE
BhMCR0IxFTATBgNVBAMTDHR0LmNjbXFhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMjaijCapexR3eiRTcRrJNF3jqF9msby8qRvDHK5MNJ3WMQU
HgtcxSVRItBBV9M0GM2agG/+zOCvez71n2IfMoqqouZRfBsw7DMqnVMGQVYhBfVE
Mr2fsP0BGk1SdGaoZYgACKUkjc7MbdESyJhmEvEYIBpdVHzqDU2dJ2Op1t2G7Kpb
rzpRupMqmuQybGqJlidnicFf9irDcqd22Koih9TjfKM/4ZYMCBs3fv0bZVyM9Alh
lOEMFj1ytmcGLHa5ojnX1lLT4xjZNFaJJv9ZwNYAA+YkE29q7uJZINPcTf+CfqUe
UEWdq5cBiAPoPMrtsHimfLEvf3UmRxKhzNYEv6kCAwEAAaOCAaUwggGhMB8GA1Ud
IwQYMBaAFIaGHcsGJX0nAVdr5Wo40OREr5MyMB0GA1UdDgQWBBTXOsPzzx5rZ2/g
MmTvN+0y0Ys3XTAOBgNVHQ8BAf8EBAMCA/gwDAYDVR0TAQH/BAIwADAdBgNVHSUE
FjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwEQYJYIZIAYb4QgEBBAQDAgWgMEYGA1Ud
IAQ/MD0wOwYMKwYBBAGyMQECAQMFMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2Vj
dXJlLmNvbW9kby5uZXQvQ1BTMEoGA1UdHwRDMEEwP6A9oDuGOWh0dHA6Ly9jcmwu
Y29tb2RvY2EuY29tL1Rlc3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB7
BggrBgEFBQcBAQRvMG0wRQYIKwYBBQUHMAKGOWh0dHA6Ly9jcnQuY29tb2RvY2Eu
Y29tL1Rlc3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNydDAkBggrBgEFBQcw
AYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAA
AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8w
MTIzNDU2Nzg5Ojs8PT4/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9g
YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+Q
kZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr/A
wcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u/w
8fLz9PX29/j5+vv8/f7/MIID1DCCArygAwIBAgIQHpFpjHVf56b6C+OC9siGTDAN
BgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIg
TWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENB
IExpbWl0ZWQxKTAnBgNVBAMTIFRlc3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
aXR5MB4XDTE0MDEwMTAwMDAwMFoXDTMwMTIzMTIzNTk1OVowgYMxCzAJBgNVBAYT
AkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZv
cmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSkwJwYDVQQDEyBUZXN0IFJT
QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL/ZSIMZBY4Ifq5oXcdSPDa5ArrYahP4qhO9aES9jT7TEr5tpNIQ
QP044h+3MGc7Cgf17OYSqpd4WvvhgUCkc8XDda3JgKEgCaHfnjgynBtXk6JP8stM
IuKPZS9WcEQSKB7JPOnjaHdBkLRfbuSu0y7he9IoibiSCIU5mJ8T6QNd5wEWBp4j
gRQWnLBXtJENtCzcU5j2sPh0gZUFjlu1V3Cc8JUENzDpMpjtxNYHtbL68BFXcWvy
7hrqnE4eNM5K3DfEacdrvFgIQNfCMc4KEh2DFzDoCZpchDLhVGrYrTObG4D/RR0o
T2QuFqbaiatLcG/armNUgb+4VH1R/HOQaf0CAwEAAaNCMEAwHQYDVR0OBBYEFIaG
HcsGJX0nAVdr5Wo40OREr5MyMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD
AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCeQAWeNNtsKuUt5V9JifMy2AduOcK7lndh
M24L8KG86o7aoye1QDqMfFmUrFo7nDVno6G013PnRo97BcrVPoMVB66TP5LywOrL
rVoiIF9I5OD4BrtgvrRtlT3iMZwxjzU19lgEcLs+sJZhug2eDKAjp0PaJ40Wg5sn
o3CRq/urYgtIAiFdxgMBefK0Ejivos5RLDzmHjA/Wo+jFMfXvdP6RxVmz7Nxfcws
I+sOSWmb60dZlaC1yVZ0PbD2DFj7yEnW94p86d7Thmv6ksaqbOeWdJErnYJkqXPB
0wSazHQeQHjWp91j4ZwlYRhZQfovwiRi601iWNNE7hPrMb87FkvyMQA=
-----END PKCS7-----Manage device certificate
Update device certificate details
Update device certificate.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
customFields |
Array |
Custom fields |
[] |
customFields[].name |
String |
Custom field name |
[Must not be null, Size must be between 1 and 256 inclusive] |
customFields[].value |
String |
Custom field value. For input type 'DATE' format is yyyy-MM-dd |
[Must not be null, Maximum length is 256 characters or can be empty] |
comments |
String |
Comments |
[Maximum length is 1024 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/device/v1/386' -i -X PUT \
-H 'Content-Type: application/json' \
-H 'login: admin_customer5814' \
-H 'password: Password123!' \
-H 'customerUri: cst5814' \
-d '{
"customFields": [{"name": "test", "value": "value"}],
"comments": "device certificate"
}
'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Certificate common name |
|
|
Unique ID for certificate. Known as deviceCertId in some methods. This ID should be used for certificate operations. |
|
|
An organization which this certificate is associated with |
|
|
The status of this certificate |
|
|
Deprecated. Old numeric form of backendCertId. backendCertId is new field but should not be used for certificate operations. |
|
|
ID of certificate in the enrolling backend. Should not be used for certificate operations but will work during migration phase. |
|
|
Certificate signing request details |
|
|
Certificate signing request (Base64-encoded) |
|
|
The MD5 hash of CSR |
|
|
The SHA1 hash of CSR |
|
|
The SHA256 hash of CSR |
|
|
Information about Certificate Profile this certificate was enrolled from |
|
|
Certificate Profile ID |
|
|
Use secondary organization name |
|
|
Certificate Profile name |
|
|
Certificate Profile description |
|
|
Terms (in days) available for the Certificate Profile |
|
|
Key types available for the Certificate Profile |
|
|
Term (days) |
|
|
The approver of the request for this certificate |
|
|
Requester |
|
|
Requested date |
|
|
Approved date |
|
|
Expiration date |
|
|
Key algorithm (deprecated, see "keyType") |
|
|
Key size (deprecated, see "keyType") |
|
|
Key type. For example: RSA - 2048, EC - P-256. |
|
|
SSL Serial Number |
|
|
Certificate comments |
|
|
Custom fields |
|
|
Custom field name |
|
|
Custom field value |
|
|
Certificate details |
|
|
The subject of the issuing CA certificate |
|
|
The subject of CA certificate |
|
|
The subject alternative names of the issuing CA certificate |
|
|
The MD5 fingerprint of CA certificate |
|
|
The SHA1 fingerprint of CA certificate |
|
|
The SHA256 fingerprint of CA certificate |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 571
{"commonName":"device cert","id":386,"orgId":10986,"status":"Issued","orderNumber":111111,"backendCertId":"111111","certType":{"id":6019,"name":"Device cert SASP -1899455503","description":"Description for Device cert SASP -1899455503","terms":[180],"keyTypes":{"RSA":["1024","2048","4096"]},"useSecondaryOrgName":false},"term":0,"requester":"test@sbmqb.com","comments":"device certificate","requested":"12/04/2025","expires":"06/02/2026","keyAlgorithm":"RSA","keySize":2048,"keyType":"RSA - 2048","customFields":[{"name":"test","value":"value"}],"certificateDetails":{}}Approve device certificate
Allows admin to approve the requested Device certificate.
Path parameters
| Parameter | Description |
|---|---|
|
Unique ID for certificate. |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
message |
String |
Short message containing accompanying information for certificate approval action |
[Must not be empty, Size must be between 1 and 512 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/device/v1/approve/321' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5606' \
-H 'password: Password123!' \
-H 'customerUri: cst5606' \
-d '{"message":"Approval message"}'Example response
HTTP/1.1 204 No ContentDecline device certificate
Allows admin to decline the requested Device certificate.
Path parameters
| Parameter | Description |
|---|---|
|
Unique ID for certificate. |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
message |
String |
Short message containing accompanying information for certificate declining action |
[Must not be empty, Size must be between 1 and 512 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/device/v1/decline/330' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5638' \
-H 'password: Password123!' \
-H 'customerUri: cst5638' \
-d '{"message":"Decline message"}'Example response
HTTP/1.1 204 No ContentRevoke device certificate
Sending a request to CA to add the Device certificate under the particular Id to certificate revocation list.
Path parameters
| Parameter | Description |
|---|---|
|
Unique ID for certificate. |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
reasonCode |
Number |
Revocation reason code to be put to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
[Allowed ranges 0,1 and 3-5] |
reason |
String |
Short message explaining why certificate needs to be revoked |
[Maximum length is 512 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/device/v1/revoke/order/125546' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5786' \
-H 'password: Password123!' \
-H 'customerUri: cst5786' \
-d '{"reasonCode":4,"reason":"my reason"}'Example response
HTTP/1.1 204 No ContentRevoke device certificate by serial number
Sending a request to CA to add the Device certificate under the particular serial number to certificate revocation list.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate Serial Number |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
reasonCode |
Number |
Revocation reason code to be put to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
[Allowed ranges 0,1 and 3-5] |
reason |
String |
Short message explaining why certificate needs to be revoked |
[Maximum length is 512 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/device/v1/revoke/serial/A7:35:E0:9A:D6:D1:C0:CC:56:EA:6C:D0:E3:97:B6:D9' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5798' \
-H 'password: Password123!' \
-H 'customerUri: cst5798' \
-d '{"reasonCode":4,"reason":"my reason"}'Example response
HTTP/1.1 204 No ContentManual Revoke device certificate by Id or serial number + issuer
Mark certificate as revoked. The certificate is not revoked on CA side.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
certId |
Number |
Certificate ID. Required if |
Must be present if serialNumber and issuer are not provided |
serialNumber |
Number |
Certificate serial number. Required if |
Must be present with issuer if certId is not provided |
issuer |
Number |
Certificate issuer. Required if |
Must be present with serialNumber if certId is not provided |
revokeDate |
String |
Certificate revoke date |
[] |
reasonCode |
Number |
Revocation reason code to be put to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
[Allowed ranges 0,1 and 3-5] |
Example request
$ curl 'https://cert-manager.com/api/device/v1/revoke/manual' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer5724' \
-H 'password: Password123!' \
-H 'customerUri: cst5724' \
-d '{"certId":360,"serialNumber":null,"issuer":null,"revokeDate":"2025-06-10T00:00:00Z","reasonCode":4}'Example response
HTTP/1.1 204 No ContentRenew device certificate
Submission of a request for a new Device certificate using the CSR and parameters of the initial Device certificate. The initial certificate is defined by its Id.
Path parameters
| Parameter | Description |
|---|---|
|
Unique ID for certificate. |
Example request
$ curl 'https://cert-manager.com/api/device/v1/renew/order/12345' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5748' \
-H 'password: Password123!' \
-H 'customerUri: cst5748'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Unique ID for certificate. This ID should be used for certificate operations. |
|
|
Certificate status. |
|
|
Deprecated. ID of certificate in the enrolling backend. Should not be used for certificate operations but will work during migration phase. |
|
|
Deprecated. Currently identical to deviceCertId for backwards compatibility during migration phase. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 81
{"deviceCertId":368,"status":"APPROVED","backendCertId":"5751","orderNumber":368}Renew device certificate by serial number
Submission of a request for a new Device certificate using the CSR and parameters of the initial Device certificate. The initial certificate is defined by its serial number.
Path parameters
| Parameter | Description |
|---|---|
|
Serial Number of certificate which you are going to renew. |
Example request
$ curl 'https://cert-manager.com/api/device/v1/renew/serial/A7:35:E0:9A:D6:D1:C0:CC:56:EA:6C:D0:E3:97:B6:D9' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5770' \
-H 'password: Password123!' \
-H 'customerUri: cst5770'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Unique ID for certificate. This ID should be used for certificate operations. |
|
|
Certificate status. |
|
|
Deprecated. ID of certificate in the enrolling backend. Should not be used for certificate operations but will work during migration phase. |
|
|
Deprecated. Currently identical to deviceCertId for backwards compatibility during migration phase. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 81
{"deviceCertId":373,"status":"APPROVED","backendCertId":"5773","orderNumber":373}Replace device certificate
Submission of a request for a replace of a Device certificate using new CSR and the parameters of the initial Device certificate. The initial certificate is defined by its Id.
Path parameters
| Parameter | Description |
|---|---|
|
Unique ID for certificate. |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
csr |
String |
Certificate signing request related to new key pair |
[Must match the regular expression |
reason |
String |
Short message explaining why certificate needs to be replaced |
[Must not be empty, Size must be between 1 and 512 inclusive] |
revoke |
Boolean |
Previous certificate will be revoked if true |
[Must not be null] |
Example request
$ curl 'https://cert-manager.com/api/device/v1/replace/order/252' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5778' \
-H 'password: Password123!' \
-H 'customerUri: cst5778' \
-d '{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIIC4jCCAcoCAQAwdDELMAkGA1UEBhMCVUExDTALBgNVBAgTBHRlc3QxDTALBgNV\nBAcTBHRlc3QxDTALBgNVBAoTBHRlc3QxDTALBgNVBAsTBHRlc3QxEjAQBgNVBAMT\nCWNjbXFhLmNvbTEVMBMGCSqGSIb3DQEJARYGdGVzdEB0MIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAul8SGkicOnrMjJDvgG8P2j1Ee5hY6ww+qSoe0oI2\ntvRcLBknPHMMAkxTjW9fy80wD8hyrnc+IGlQcq2R/tEMIJHRsJD603M+2FjAwlP9\n8xtiqv0hMyHO4fEt+HMyy8Q367aTBmnZCuAxJZJapfFW9wH5jGZxuX8mnrXVsBTD\n4ZBO4UFd9P4u8P0nJx80CiuDt4COSDl6Br4pNLciPVqfwj7LQ5/skwPkNCggk3/G\nxoQX/3FV7O4fC6WCxVP1uYjJVQjlD1Tf06hPNfonVfThVuP20OL3QAlnIF3lZiyY\nJ5etdFtu+BKcPNMdQDJOS/O4Zz0YJn6K2HdAXSc1YxYniwIDAQABoCkwJwYJKoZI\nhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQsF\nAAOCAQEAVJVTTELGHWoRh8JZt+kx/zO0VnibBq/D6uB405L+Ir80X48Ei9hTLB11\nAqhSBE+AbEgBhRnEIDBjiXEDcWvC532Omex721kc17ZTzowuD8lOjfQkTHbAmjIi\nnCQNFAPf0D/zpi6Eync5pi2P//Uj/Yn7oDYYli1t61EZwuQyEu4mbQ1efUnU/SOl\nAAQtDPhNwATZPmfefjM8+YuzhG70dQvmFAClcFayKM92Zx9khDd/VnLT85YzDULJ\n8iiHW8dZNblaTsUjKrc73iX2hONZIxw6B3tGCFs8mH9lZlExV7Y2er3t/lO1pdxe\nSUohEELWcttIxyWnYgxvwaWX4lfx9A==\n-----END CERTIFICATE REQUEST-----","reason":"Test","revoke":false}'Example response
HTTP/1.1 204 No ContentDelete device certificate
Submission of a request for deleting Device certificate for a given Id.
| Only imported or discovered certificates can be deleted. |
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID. |
Example request
$ curl 'https://cert-manager.com/api/device/v1/332' -i -X DELETE \
-H 'login: admin_customer5642' \
-H 'password: Password123!' \
-H 'customerUri: cst5642'Example response
HTTP/1.1 204 No ContentImport device certificates to SCM
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
[] |
Array |
Certificates to import |
Should not be empty, maximum size is 128 |
[].orgID |
Number |
Organization ID |
[Must be at least 1, Must not be null] |
[].customFields |
Array |
List of custom certificate fields |
[] |
[].customFields[].name |
String |
Custom field name |
[] |
[].customFields[].value |
String |
Custom field value |
[] |
[].owner |
String |
Certificate owner |
[Must be a well-formed email address, Maximum length is 128 characters or can be empty] |
[].backendCertId |
String |
Backend certificate identifier |
[Maximum length is 255 characters or can be empty] |
[].cert |
String |
DER (Base64) certificate |
[Must not be empty] |
[].csr |
String |
DER (Base64) Certificate Signing Request |
[] |
[].comments |
String |
Additional comments |
[Maximum length is 1024 characters or can be empty] |
[].force |
Boolean |
Force alter editable certificate fields event if certificate is already exists. |
[] |
Example request
$ curl 'https://cert-manager.com/api/device/v1/import' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer5686' \
-H 'password: Password123!' \
-H 'customerUri: cst5686' \
-d '[{"orgID":10914,"customFields":[{"name":"custom field","value":"testValue"}],"owner":"admin@requester.com","backendCertId":"1234567890DFa","cert":"MIIHHjCCBgagAwIBAgIQDhG71w1UtxDQxvVAtrUspDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xNjA1MjEwMDAwMDBaFw0xOTA4MTQxMjAwMDBaMGoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJOWTERMA8GA1UEBxMITmV3IFlvcmsxHTAbBgNVBAoTFFN0YWNrIEV4Y2hhbmdlLCBJbmMuMRwwGgYDVQQDDBMqLnN0YWNrZXhjaGFuZ2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0YDzscT5i6T2FaRsTGNCiLB8OtPXu8N9iAyuaROh/nS0kRRsN8wUMk1TmgZhPuYM6oFS377V8W2LqhLBMrPXi7lnhvKt2DFWCyw38RrDbEsM5dzVGErmhux3F0QqcTI92zjVW61DmE7NSQLiR4yonVpTpdAaO4jSPJxn8d+4p1sIlU2JGSk8LZSWFqaROc7KtXtlWP4HahNRZtdwvL5dIEGGNWx+7B+XVAfY1ygc/UisldkA+a3D2+3WAtXgFZRZZ/1CWFjKWJNMAI6ZBAtlbgSNgRYxdcdleIhPLCzkzWysfltfiBmsmgz6VCoFR4KgJo8Gd3MeTWojBthM10SLwIDAQABo4IDuDCCA7QwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFFrBQmPCYhOznZSEqjIeF8tto4Z7MIIB6AYDVR0RBIIB3zCCAduCEyouc3RhY2tleGNoYW5nZS5jb22CEXN0YWNrb3ZlcmZsb3cuY29tghMqLnN0YWNrb3ZlcmZsb3cuY29tgg1zdGFja2F1dGguY29tggtzc3RhdGljLm5ldIINKi5zc3RhdGljLm5ldIIPc2VydmVyZmF1bHQuY29tghEqLnNlcnZlcmZhdWx0LmNvbYINc3VwZXJ1c2VyLmNvbYIPKi5zdXBlcnVzZXIuY29tgg1zdGFja2FwcHMuY29tghRvcGVuaWQuc3RhY2thdXRoLmNvbYIRc3RhY2tleGNoYW5nZS5jb22CGCoubWV0YS5zdGFja2V4Y2hhbmdlLmNvbYIWbWV0YS5zdGFja2V4Y2hhbmdlLmNvbYIQbWF0aG92ZXJmbG93Lm5ldIISKi5tYXRob3ZlcmZsb3cubmV0gg1hc2t1YnVudHUuY29tgg8qLmFza3VidW50dS5jb22CEXN0YWNrc25pcHBldHMubmV0ghIqLmJsb2dvdmVyZmxvdy5jb22CEGJsb2dvdmVyZmxvdy5jb22CGCoubWV0YS5zdGFja292ZXJmbG93LmNvbYIVKi5zdGFja292ZXJmbG93LmVtYWlsghNzdGFja292ZXJmbG93LmVtYWlsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAAzJAMGSdKoX1frdqNlNiXu8Gcbsm/DxWMXpcTXlZn8s+/qQQoc+/3o0CK3C8/j9n5DmsYa88P6Ntt5ysDs+b0ynXFva4CAEyKaoPM4SIpOjwfWBRSUOqAIkQO2/LhKBwT/EnpaIHIKGnI0UdXLQoDfkMDg6mgJsEBsKdKF5EfEX7iU3NO5xVJPJE8/R0btLAdYwxB9S6fSpCXGe2HqQD101O/7/4MWNdFSbfdDSFcn5oEm+idimrqiNrF5knmuJy4qPBkL7thNuGK6rvYCFZJM03ZEZhkQmn2jG/7LgjfwZmvfcITeADCpylf88bL+lf+vxe6cCl9CyqWgBDpsIxpE=","csr":"MIICqzCCAZMCAQAwZjELMAkGA1UEBhMCY24xDzANBgNVBAgTBmJlaWppbjEQMA4GA1UEBxMHYmVpamluZzEPMA0GA1UEChMGQ09NT0RPMRAwDgYDVQQLEwdkZXZlbG9wMREwDwYDVQQDDAgqLmNtLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJxrVE6cqSTe+jOsyYjBNw+5uZeDdu37bRgw6qQo2uSFhOhXyhsxcb0zaitpjNYLsEc4fp0YzNYrqzmIHK7HpgHgg9N9CVr0m2O/RlV761s257expajU1vYzVDIt/levLkOJe96++tOFOQ+6hrFnI2YWKxLdE+X0F7tGrDgkV2xXhW7qbw32C2kRyui3KvgoJ0Mwtwe0Gp6VVN61oNoinf5F/O8MGMFmM4TaRgSTcvWIJvrfuMTmHi9S918LfQRrFGfDKNX49iS8oWT7SVBmLxjcEqIsTfCFo9rg/aP8elS3kRFBH8fTNUPjcOCa/Km6JoIM4C/KEro6uraXAbl+QhMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBvyheU7vn+VCQJz8OHVD2r9c79KETEeaTMIvnTjGECd3RlXXErcFxuvFJYtTyiNZwzyRi7Q4IBp8g41UYRsBsMim0ioQdW9cIIMMn0oY7oAuQt6eM77iOd/bWhpGAPKe6rG8vadA6nF+hPIPEkqIlfWYNc/ZarvXr2UPNmYdv/skDi9PQUlzB1xOWQUO3Li+QYZWuE3UjLDNCoh5uTY5UMn/K+Ej8fDDz4mc4zZQQf3mASZcMEv75pqfEiRY1zUUPLLT5vUZ5yh32DG8mm+X5Gkr1xQNYGAUymxTdG2ct2t3xxLjGmRABxPvGNIrIefboyLma9Yd0GBOtrexsNzbUI","comments":"Test comments","force":true}]'Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of import results. |
|
|
Indicates whether the certificate import was successful or not |
|
|
CA backend certificate ID |
|
|
Device Certificate information |
|
|
Device Certificate ID |
|
|
Device Certificate Subject |
|
|
Device Certificate Serial Number |
|
|
Indicates if the certificate was created during the import process. If false, it means the certificate already existed in the system. |
|
|
Error message with details of the failed import. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 215
[{"successful":true,"backendCertId":"1234567890DFa","cert":{"id":346,"subject":"CN=*.stackexchange.com,O=Stack Exchange, Inc.,L=New York,ST=NY,C=US","serialNumber":"E11BBD70D54B710D0C6F540B6B52CA4"},"created":true}]The response array element can be error message:
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of import results |
|
|
Indicates whether the certificate import was successful or not |
|
|
CA backend certificate ID |
|
|
Device certificate information |
|
|
Device certificate Subject |
|
|
Device certificate Serial Number |
|
|
Error message with details of the failed import. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 275
[{"successful":false,"cert":{"subject":"CN=*.stackexchange.com,O=Stack Exchange, Inc.,L=New York,ST=NY,C=US","serialNumber":"E11BBD70D54B710D0C6F540B6B52CA4"},"errorMessage":"Cannot bring certificate SN=''E11BBD70D54B710D0C6F540B6B52CA4'' under management. Contact support"}]Code Signing Certificates
Used to perform operations on code signing certificates.
Manage code signing certificate
Import code signing certificates to SCM
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
[] |
Array |
Certificates to import |
Should not be empty, maximum size is 128 |
[].orgID |
Number |
Organization ID |
[Must be at least 1, Must not be null] |
[].customFields |
Array |
List of custom certificate fields |
[] |
[].customFields[].name |
String |
Custom field name |
[] |
[].customFields[].value |
String |
Custom field value |
[] |
[].backendCertId |
String |
Backend certificate identifier |
[Maximum length is 255 characters or can be empty] |
[].cert |
String |
DER (Base64) certificate |
[Must not be empty] |
[].csr |
String |
DER (Base64) Certificate Signing Request |
[] |
[].force |
Boolean |
Force alter editable certificate fields event if certificate is already exists. |
[] |
Example request
$ curl 'https://cert-manager.com/api/cscert/v1/import' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4429' \
-H 'password: Password123!' \
-H 'customerUri: cst4429' \
-d '[{"orgID":10471,"customFields":[{"name":"testName","value":"testValue"}],"backendCertId":"1234567890DFa","cert":"MIIEKDCCBBKgAwIBAgIRALdTZsH0yQtzU+E3X0Y5xDYwDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE+MDwGA1UEAxM1U2VjdGlnbyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMjQwNTE2MDAwMDAwWhcNMjUwNTE2MjM1OTU5WjAnMSUwIwYJKoZIhvcNAQkBFhZzb21lb25lbGlrZXVAY2NtcWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSh7RPQW7YHv3FmAFq/vySdF+1Zt0XkJk7p3xBuJ/cUzeIL6sqTx7tOZgsPxM97a+fd/UZ731/xSRgM/7x2rdhrZkmWkziyZfFPZE2/2wkicfRPFvdC4OhqNVgSLYmZtBJlkBArWX8MeL3ddiqmQqN7kA/Nw6kuJsIOYduTZnpS5vEXLX6v/jJPv4gECHmjfLuV/e5cY18+qgFGvLEEzz9M4R1H4jdL+sl9xh7LG2AIaERcFJCkQ0YCT4JUU/bKtPNruvBTgE+Tua4tvtr/Akzt2kJOgklzTpkoCkv4EzgYsXyKVGJQjcd268oVMgNWTAMuCnPmDkwhyX7FkcGzudQIDAQABo4IB3zCCAdswHwYDVR0jBBgwFoAUCcDy/AvalNtf/ivfqJlCz8ngrQAwHQYDVR0OBBYEFBrcCXeEnSfJ3XpxwU2GcptYkcWeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjBQBgNVHSAESTBHMDoGDCsGAQQBsjEBAgEKATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3NlY3RpZ28uY29tL1NNSU1FQ1BTMAkGB2eBDAEFAQIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNybDCBigYIKwYBBQUHAQEEfjB8MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAhBgNVHREEGjAYgRZzb21lb25lbGlrZXVAY2NtcWEuY29tMA0GCSqGSIb3DQEBCwUAAwEA","csr":"MIICqzCCAZMCAQAwZjELMAkGA1UEBhMCY24xDzANBgNVBAgTBmJlaWppbjEQMA4GA1UEBxMHYmVpamluZzEPMA0GA1UEChMGQ09NT0RPMRAwDgYDVQQLEwdkZXZlbG9wMREwDwYDVQQDDAgqLmNtLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJxrVE6cqSTe+jOsyYjBNw+5uZeDdu37bRgw6qQo2uSFhOhXyhsxcb0zaitpjNYLsEc4fp0YzNYrqzmIHK7HpgHgg9N9CVr0m2O/RlV761s257expajU1vYzVDIt/levLkOJe96++tOFOQ+6hrFnI2YWKxLdE+X0F7tGrDgkV2xXhW7qbw32C2kRyui3KvgoJ0Mwtwe0Gp6VVN61oNoinf5F/O8MGMFmM4TaRgSTcvWIJvrfuMTmHi9S918LfQRrFGfDKNX49iS8oWT7SVBmLxjcEqIsTfCFo9rg/aP8elS3kRFBH8fTNUPjcOCa/Km6JoIM4C/KEro6uraXAbl+QhMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBvyheU7vn+VCQJz8OHVD2r9c79KETEeaTMIvnTjGECd3RlXXErcFxuvFJYtTyiNZwzyRi7Q4IBp8g41UYRsBsMim0ioQdW9cIIMMn0oY7oAuQt6eM77iOd/bWhpGAPKe6rG8vadA6nF+hPIPEkqIlfWYNc/ZarvXr2UPNmYdv/skDi9PQUlzB1xOWQUO3Li+QYZWuE3UjLDNCoh5uTY5UMn/K+Ej8fDDz4mc4zZQQf3mASZcMEv75pqfEiRY1zUUPLLT5vUZ5yh32DG8mm+X5Gkr1xQNYGAUymxTdG2ct2t3xxLjGmRABxPvGNIrIefboyLma9Yd0GBOtrexsNzbUI","force":true}]'Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of import results |
|
|
Indicates whether certificate import was successful or not |
|
|
CA backend certificate ID |
|
|
Code Sign Certificate information |
|
|
Code Sign Certificate ID |
|
|
Code Sign Certificate Subject |
|
|
Code Sign Certificate Serial Number |
|
|
Indicates if the certificate was created during the import process. If false, it means the certificate already existed in the system. |
|
|
Error message with details of the failed import. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 172
[{"successful":true,"backendCertId":"1234567890DFa","cert":{"id":90,"subject":"E=someonelikeu@ccmqa.com","serialNumber":"B75366C1F4C90B7353E1375F4639C436"},"created":true}]Manual Revoke code signing certificate by Id or serial number + issuer
Mark certificate as revoked. The certificate is not revoked on CA side.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
certId |
Number |
Certificate ID. Required if |
Must be present if serialNumber and issuer are not provided |
serialNumber |
Number |
Certificate serial number. Required if |
Must be present with issuer if certId is not provided |
issuer |
Number |
Certificate issuer. Required if |
Must be present with serialNumber if certId is not provided |
revokeDate |
String |
Certificate revoke date |
[] |
reasonCode |
Number |
Revocation reason code to be put to CRL (Mozilla Root Store Policy 2.8 section 6.1.1) Reason code (unspecified (0), keyCompromise (1), affiliationChanged (3), superseded (4), cessationOfOperation (5)) |
[Allowed ranges 0,1 and 3-5] |
Example request
$ curl 'https://cert-manager.com/api/cscert/v1/revoke/manual' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4452' \
-H 'password: Password123!' \
-H 'customerUri: cst4452' \
-d '{"certId":93,"serialNumber":null,"issuer":null,"revokeDate":"2025-06-10T00:00:00Z","reasonCode":4}'Example response
HTTP/1.1 204 No ContentThe response array element can be error message:
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of import results |
|
|
Indicates whether the certificate import was successful or not |
|
|
CA backend certificate ID |
|
|
Code Signing certificate information |
|
|
Code Signing certificate Subject |
|
|
Code Signing certificate Serial Number |
|
|
Error message with details of the failed import. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 69
[{"successful":false,"errorMessage":"Organization ''2'' not found."}]Code Signing on Demand - Deprecated
The Code Signing on Demand (CSoD) API integrates the CSoD service and automation systems (such as Jenkins, TeamCity, Puppet, PerlScript) to provide an end-to-end, automated code signing platform.
Code signing requests are submitted by developers and approved by administrators. The code signing request must first be created, the files uploaded and the request submitted. The request needs to be approved by an administrator. Once approved, the request is completed automatically and the digitally signed files can be downloaded.
In addition to complete files it is possible to just sign hashes. Place the hash in a file with an md5 or sha extension and specify the HASH_SUM signing type when creating the request.
Developer API
A developer is a special type of user allowed to use the CsoD service to digitally sign files. These API methods require the Developer Login authentication style.
Create code signing request
The code signing request must first be created by a developer. The creation returns a request ID and an URL to upload the file to be signed.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
organizationId |
Number |
Organization ID |
|
version |
String |
A free form field that can be used to provide file verson information if required |
Should not be empty |
algorithms |
String |
Hashing algorithm to use. Multiple comma separated values are possible if the file signing type supports it |
Supported values are: MD5, SHA1, SHA256, SHA384, SHA512 |
signingType |
String |
Type of file(s) to sign. All uploaded files must be of the same type |
Supported values are: MICROSOFT_AUTHENTICODE, JAVA, MICROSOFT_OFFICE_AND_VBA, WINDOWS_PHONE_AND_XBOX, ANDROID, HASH_SUM, POWERSHELL |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
ID for created request |
|
|
URL to upload files for signing |
Example request
$ curl 'https://cert-manager.com/api/csod/v1/requests/developer' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'Accept: application/json' \
-H 'email: test@email' \
-H 'password: 123' \
-H 'customerUri: cst1984' \
-d '{"organizationId":9506,"version":"1","algorithms":"sha384","signingType":"java"}'Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 96
{"requestId":5,"uploadUrl":"https://host:123/path?token=R12M432FFURRUV6D8A36933A1T&requestId=5"}Additional notes
Certificate Manager 19.10 contains a bug in that the uploadUrl response field is incorrect. The URL needs to have the requestId added as a URL parameter. Look at the Example response above.
Upload files
The files to be digitally signed must be uploaded to the URL returned when the code signing request was created. The upload takes the form of a POST with a multipart/form-data content type. If uploading multiple files, the keys just need to be unique, i.e. file1, file2.
Example request
$ curl -F 'file1=@filename' https://agenthost/path?token=L1P1J62D3ALTVB67M511T5CL73&requestId=5Example response
HTTP/1.1 204 No ContentAdditional Notes
The hosted code signing agent by default will use a self-signed certificate so the upload may require extra handling. For example if using curl you can specify the --insecure flag.
Submit signing request
After the files have been uploaded the signing request is submitted. The request must then be approved by before it is completed. Requests are approved by an administrator.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
requestId |
Number |
Request ID returned when request created |
Example request
$ curl 'https://cert-manager.com/api/csod/v1/requests/developer' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'email: test@email' \
-H 'password: 123' \
-H 'customerUri: cst2011' \
-d '{"requestId":1}'Example response
HTTP/1.1 204 No ContentGet code signing request count
Enables the developer to get the number of code signing requests created by them.
Response fields
| Path | Type | Description |
|---|---|---|
|
|
Requests count |
Example request
$ curl 'https://cert-manager.com/api/csod/v1/requests/developer/count' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'email: test@email' \
-H 'password: 123' \
-H 'customerUri: cst1981'Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 11
{"count":1}Get list of submitted requests
Enables the developer to get the code signing requests IDs created by them.
Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of request IDs |
Example request
$ curl 'https://cert-manager.com/api/csod/v1/requests/developer/?size=1&position=10' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'email: test@email' \
-H 'password: 123' \
-H 'customerUri: cst2008'Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 3
[2]Get code signing request details
Enables the developer to get the code signing requests IDs created by them.
Response fields
| Path | Type | Description |
|---|---|---|
|
|
Developer email address |
|
|
Organization name |
|
|
Department name. Optional |
|
|
Name of the person who approved operation |
|
|
Value provided when creating request |
|
|
Type of file(s), possible values are: MICROSOFT_AUTHENTICODE, JAVA, MICROSOFT_OFFICE_AND_VBA, WINDOWS_PHONE_AND_XBOX, ANDROID, HASH_SUM, POWERSHELL |
|
|
Creation date |
|
|
State of request, posible values are: INIT, CREATED, IN_PROGRESS, DECLINED, SIGNED, EXPIRED, FAILED |
|
|
Array of applied hash algorithms |
|
|
Array of signed files |
|
|
File name |
|
|
URL to download the digitally signed file from. The process of downloading does involve a redirect to the code signing agent |
|
|
File size |
Example request
$ curl 'https://cert-manager.com/api/csod/v1/requests/developer/1' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'email: test@email' \
-H 'password: 123' \
-H 'customerUri: cst2002'Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 357
{"developerEmail":"test@email","organization":"org4Test","approver":"test ","version":"1","digestAlgorithms":["SHA256"],"signingService":"MICROSOFT_AUTHENTICODE","created":"12/04/2025 07:46:57 GMT","state":"SIGNED","files":[{"name":"test.msi","downloadUrl":"https://cert-manager.com/customer/cst2002/csfile/791bf478-af4c-44b4-87f2-9968300c5763","size":10}]}Administrator API
An administrator is a Certificate Manager user with privileges to approve code signing requests.
Approve code signing request
Enables the administrators to permit execution of the developer’s code signing request.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
requestId |
Number |
Request ID to be approved |
|
comment |
String |
Short message about approval |
None |
Example request
$ curl 'https://cert-manager.com/api/csod/v1/requests/admin/approve' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer1972' \
-H 'password: Password123!' \
-H 'customerUri: cst1972' \
-d '{"requestId":1,"comment":"Test"}'Example response
HTTP/1.1 204 No ContentDecline code signing request
Enables the administrators to decline execution of the developer’s code signing request.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
requestId |
Number |
Request ID to be declined |
|
comment |
String |
Short message about decline |
None |
Example request
$ curl 'https://cert-manager.com/api/csod/v1/requests/admin/decline' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer1990' \
-H 'password: Password123!' \
-H 'customerUri: cst1990' \
-d '{"requestId":1,"comment":"Test"}'Example response
HTTP/1.1 204 No ContentGet code signing request count
Enables the administrator to get the number of the code signing requests submitted and assigned to the organization(s) or department(s) that are delegated to them.
Response fields
| Path | Type | Description |
|---|---|---|
|
|
Requests count |
Example request
$ curl 'https://cert-manager.com/api/csod/v1/requests/admin/count' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer1978' \
-H 'password: Password123!' \
-H 'customerUri: cst1978'Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 11
{"count":2}Get list of submitted requests
Enables the administrator to get the code signing requests IDs submitted and assigned to the organization(s) or department(s) that are delegated to them.
Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of request IDs |
Example request
$ curl 'https://cert-manager.com/api/csod/v1/requests/admin/?size=1&position=10' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer2005' \
-H 'password: Password123!' \
-H 'customerUri: cst2005'Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 5
[2,3]Get code signing request details
Enables the administrator to get the code signing request details by its ID.
Response fields
| Path | Type | Description |
|---|---|---|
|
|
Developer email address |
|
|
Organization name |
|
|
Department name. Optional |
|
|
Name of the person who approved operation |
|
|
Value provided when creating request |
|
|
Type of file(s), possible values are: MICROSOFT_AUTHENTICODE, JAVA, MICROSOFT_OFFICE_AND_VBA, WINDOWS_PHONE_AND_XBOX, ANDROID, HASH_SUM, POWERSHELL |
|
|
Creation date |
|
|
State of request, posible values are: INIT, CREATED, IN_PROGRESS, DECLINED, SIGNED, EXPIRED, FAILED |
|
|
Array of applied hash algorithms |
|
|
Array of signed files |
|
|
File name |
|
|
URL to download the digitally signed file from. The process of downloading does involve a redirect to the code signing agent |
|
|
File size |
Example request
$ curl 'https://cert-manager.com/api/csod/v1/requests/admin/1' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer1999' \
-H 'password: Password123!' \
-H 'customerUri: cst1999'Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 357
{"developerEmail":"test@email","organization":"org4Test","approver":"test ","version":"1","digestAlgorithms":["SHA256"],"signingService":"MICROSOFT_AUTHENTICODE","created":"12/04/2025 07:46:57 GMT","state":"SIGNED","files":[{"name":"test.msi","downloadUrl":"https://cert-manager.com/customer/cst1999/csfile/791bf478-af4c-44b4-87f2-9968300c5763","size":10}]}Brand Indicators for Message Identification (BIMI) Certificates
View BIMI certificates
List BIMI certificates
List all BIMI certificates that match the requested filter.
Query parameters
| Parameter | Description |
|---|---|
|
Filter expression for fields: [profile, organizationId, sha1Fingerprint, serialNumber, verificationType, expires, requested, status, orderNumber, approverName, subjectAlternativeNames, comments, issuer, commonName] |
|
Sort field name with sort order direction (asc, desc). Comma separated. Fields: [profile, organizationId, sha1Fingerprint, serialNumber, verificationType, expires, requested, id, status, orderNumber, approverName, subjectAlternativeNames, issuer, commonName] |
|
Max count of entities retrieved on the request |
|
Returns the page to be returned |
Example request
$ curl 'https://cert-manager.com/api/brand-indicator/v1?filter=requested%3E2025-01-01&filter=organizationId%3D10706&filter=status%3DApplied' -i -X GET \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4935' \
-H 'password: Password123!' \
-H 'customerUri: test'Response headers
| Name | Description |
|---|---|
|
Contains total number of certificates available according to the filtering applied |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
Certificate ID |
|
|
Certificate status |
|
|
Certificate Common Name |
|
|
Order number |
|
|
Certificate profile |
|
|
Certificate profile ID |
|
|
Certificate profile name |
|
|
Certificate verification type |
|
|
Certificate term in days |
|
|
Certificate delegated to organization |
|
|
Certificate delegated to organization ID |
|
|
Certificate delegated to organization name |
|
|
Certificate requester info |
|
|
Certificate signature algorithm |
|
|
Comments |
|
|
Certificate requested date |
|
|
Subject Alternative Names |
|
|
Issuer |
|
|
Serial number |
|
|
How the request was submitted |
|
|
Certificate approver info |
|
|
SHA1 fingerprint |
|
|
SHA256 fingerprint |
|
|
Certificate approved date |
|
|
Certificate declined date |
|
|
Certificate expiration date |
|
|
Certificate issued date |
|
|
Certificate downloaded date |
|
|
Certificate revoked date |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json;charset=UTF-8
Content-Length: 821
[ {
"id" : 6,
"status" : "Applied",
"commonName" : "ccmqa.com",
"subjectAlternativeNames" : null,
"orderNumber" : "certificate_backend_id",
"issuer" : null,
"serialNumber" : null,
"profile" : {
"id" : 5890,
"name" : "Brand Indicator Certificate SASP -2036850379"
},
"verificationType" : "COMMON",
"term" : 0,
"requestedVia" : null,
"organization" : {
"id" : 10706,
"name" : "org4Test"
},
"requester" : {
"id" : 12103,
"name" : "client-admin-4936 client-admin-4936"
},
"approver" : null,
"signatureAlgorithm" : "",
"sha1Fingerprint" : null,
"sha256Fingerprint" : null,
"comments" : "",
"requested" : "2025-12-04T07:54:24.567Z",
"approved" : null,
"declined" : null,
"expires" : null,
"issued" : null,
"downloaded" : null,
"revoked" : null
} ]Get BIMI certificate details
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Example request
$ curl 'https://cert-manager.com/api/brand-indicator/v1/5' -i -X GET \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4930' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Certificate ID |
|
|
Certificate status |
|
|
Certificate Common Name |
|
|
Order number |
|
|
Certificate profile |
|
|
Certificate profile ID |
|
|
Certificate profile name |
|
|
Certificate verification type |
|
|
Certificate term in days |
|
|
Certificate delegated to organization |
|
|
Certificate delegated to organization ID |
|
|
Certificate delegated to organization name |
|
|
Certificate requester info |
|
|
Certificate signature algorithm |
|
|
Comments |
|
|
Certificate requested date |
|
|
Subject Alternative Names |
|
|
Issuer |
|
|
Serial number |
|
|
How the request was submitted |
|
|
Certificate approver info |
|
|
SHA1 fingerprint |
|
|
SHA256 fingerprint |
|
|
Certificate approved date |
|
|
Certificate declined date |
|
|
Certificate expiration date |
|
|
Certificate issued date |
|
|
Certificate downloaded date |
|
|
Certificate revoked date |
|
|
Indicates if CA should host the logo |
|
|
Logo URI |
|
|
Certificate URI |
|
|
DCV mode |
|
|
DCV email |
|
|
Trade mark details |
|
|
Trade mark logo BASE64 encoded |
|
|
Trade mark country |
|
|
Trade mark registration office |
|
|
Trade mark registration identifier |
|
|
Domain name where the logo was previously used, as required for BIMI certificate validation |
|
|
Organization extended validation details |
|
|
Organization business category |
|
|
Organization assumed name (DBA) |
|
|
Organization DUNS number |
|
|
Organization company registration number |
|
|
Jurisdiction of incorporation locality |
|
|
Jurisdiction of incorporation state or province |
|
|
Jurisdiction of incorporation country |
|
|
Incorporating agency |
|
|
Date of incorporation |
|
|
Organization telephone number |
|
|
Signer forename |
|
|
Signer surname |
|
|
Signer email |
|
|
Signer phone |
|
|
Signer title |
|
|
Signer relationship |
|
|
Signer address |
|
|
Signer city |
|
|
Signer postal code |
|
|
Signer country |
|
|
Signer state or province |
|
|
Approver forename |
|
|
Approver surname |
|
|
Approver email |
|
|
Approver phone |
|
|
Approver title |
|
|
Approver relationship |
|
|
Approver address |
|
|
Approver city |
|
|
Approver postal code |
|
|
Approver country |
|
|
Approver state or province |
|
|
Requester forename |
|
|
Requester surname |
|
|
Requester email |
|
|
Requester phone |
|
|
Requester title |
|
|
Requester relationship |
|
|
Requester address |
|
|
Requester city |
|
|
Requester postal code |
|
|
Requester country |
|
|
Requester state or province |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 3059
{
"id" : 5,
"status" : "Applied",
"commonName" : "ccmqa.com",
"subjectAlternativeNames" : null,
"orderNumber" : "certificate_backend_id",
"issuer" : null,
"serialNumber" : null,
"profile" : {
"id" : 5889,
"name" : "Brand Indicator Certificate SASP 1571302985"
},
"verificationType" : "COMMON",
"term" : 0,
"requestedVia" : null,
"organization" : {
"id" : 10704,
"name" : "org4Test"
},
"requester" : {
"id" : 12100,
"name" : "client-admin-4931 client-admin-4931"
},
"approver" : null,
"signatureAlgorithm" : "",
"sha1Fingerprint" : null,
"sha256Fingerprint" : null,
"comments" : "",
"requested" : "2025-12-04T07:54:24.412Z",
"approved" : null,
"declined" : null,
"expires" : null,
"issued" : null,
"downloaded" : null,
"revoked" : null,
"dcvMode" : "CNAME",
"dcvEmail" : "",
"tradeMark" : {
"base64Logo" : "PHN2ZyB3aWR0aD0iOTYiIGhlaWdodD0iOTYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIKICAgICB2ZXJzaW9uPSIxLjIiIGJhc2VQcm9maWxlPSJ0aW55LXBzIiB2aWV3Qm94PSIwIDAgOTYgOTYiPgogIDx0aXRsZT5FeGFtcGxlIENvbXBhbnk8L3RpdGxlPgogIDxyZWN0IHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIGZpbGw9IiNGRkZGRkYiLz4KICA8cGF0aCBkPSJNMTAgMTAgTDkwIDEwIEw1MCA4MCBaIiBmaWxsPSIjMDAwMDAwIi8+Cjwvc3ZnPgo=",
"trademarkCountry" : "US",
"trademarkOffice" : "United States Copyright Office",
"trademarkIdentifier" : "9876543210",
"logoPriorUseDomainName" : "ccmqa.com"
},
"evDetails" : {
"orgDetails" : {
"businessCategory" : "PrivateOrganization",
"assumedName" : "Test DBA",
"dunsNumber" : "123456789",
"companyNumber" : "123456789",
"joiLocality" : "New Jersey",
"joiStateOrProvince" : "NJ",
"joiCountry" : "US",
"incorporatingAgency" : "Test Inc Agency",
"dateOfIncorporation" : "2025-12-04",
"telephone" : null
},
"signer" : {
"forename" : "Signer",
"surname" : "Person",
"email" : "signer@example.com",
"phone" : "444-555-6666",
"title" : "Signer Title",
"relationship" : "RAO789",
"address" : "Signer Address",
"city" : "Signer City",
"postalCode" : "13579",
"country" : "US",
"stateOrProvince" : "Signer State"
},
"approver" : {
"forename" : "Jane",
"surname" : "Smith",
"email" : "approver@example.com",
"phone" : "111-222-3333",
"title" : "Approver",
"relationship" : "RAO456",
"address" : "Approver Address",
"city" : "Approver City",
"postalCode" : "67890",
"country" : "US",
"stateOrProvince" : "Approver State"
},
"requester" : {
"forename" : "John",
"surname" : "Doe",
"email" : "requester@example.com",
"phone" : "098-765-4321",
"title" : "Manager",
"relationship" : "RAO123",
"address" : "Requester Address",
"city" : "Requester City",
"postalCode" : "54321",
"country" : "US",
"stateOrProvince" : "Requester State"
}
},
"hostByCa" : true,
"logoUri" : null,
"certUri" : null
}Enroll
Request
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
csr |
String |
The certificate signing request |
[Must match the regular expression |
dcvMode |
String |
The domain control validation mode. Available: [CNAME, EMAIL, HTTP, HTTPS] |
[Must not be null] |
dcvEmail |
String |
The email for DCV |
[Must be a well-formed email address] |
orgId |
Number |
The ID of the organization |
[Must not be null] |
profileId |
Number |
The ID of the certificate profile |
[Must not be null] |
hostByCa |
Boolean |
Indicator if the CA should host the logo and certificate. Default: true |
[] |
validationDetails |
Object |
Details for validation |
[Must not be null] |
validationDetails.orgDetails |
Object |
Organization details |
[Must not be null] |
validationDetails.orgDetails.businessCategory |
String |
Business category |
[]Available: [PrivateOrganization, GovernmentEntity, BusinessEntity, NonCommercialEntity] |
validationDetails.orgDetails.assumedName |
String |
Assumed name |
[] |
validationDetails.orgDetails.companyNumber |
String |
Company number |
[] |
validationDetails.orgDetails.dunsNumber |
String |
DUNS number |
[] |
validationDetails.orgDetails.incorporatingAgency |
String |
Incorporating agency |
[] |
validationDetails.orgDetails.joiCountry |
String |
Jurisdiction of Incorporation country |
[Must be a valid ISO-3166 country code, Must not be null] |
validationDetails.orgDetails.joiStateOrProvince |
String |
Jurisdiction of Incorporation state or province |
[] |
validationDetails.orgDetails.joiLocality |
String |
Jurisdiction of Incorporation locality |
[] |
validationDetails.orgDetails.dateOfIncorporation |
String |
Date of incorporation |
[] |
validationDetails.approver |
Object |
Approver details |
[Must not be null] |
validationDetails.approver.title |
String |
Approver’s title |
[Must not be null] |
validationDetails.approver.forename |
String |
Approver’s forename |
[Must not be null] |
validationDetails.approver.surname |
String |
Approver’s surname |
[Must not be null] |
validationDetails.approver.email |
String |
Approver’s email |
[Must not be null] |
validationDetails.approver.phone |
String |
Approver’s phone number |
[] |
validationDetails.approver.relationship |
String |
Approver’s relationship to the organization |
[] |
validationDetails.approver.address |
String |
Approver’s address |
[] |
validationDetails.approver.city |
String |
Approver’s city |
[] |
validationDetails.approver.postalCode |
String |
Approver’s postal code |
[] |
validationDetails.approver.country |
String |
Approver’s country |
[Must be a valid ISO-3166 country code] |
validationDetails.approver.stateOrProvince |
String |
Approver’s state or province |
[] |
validationDetails.signer |
Object |
Signer details |
[] |
validationDetails.requester |
Object |
Requester details |
[] |
tradeMark |
Object |
Trademark details |
[Must not be null] |
tradeMark.base64Logo |
String |
Base64 encoded logo |
[Must be a valid BIMI SVG logo encoded as Base64, Must not be null, Size must be between 1 and 32767 inclusive] |
tradeMark.trademarkCountry |
String |
Trademark country |
[Must be a valid ISO-3166 country code] |
tradeMark.trademarkOffice |
String |
Trademark office |
[Maximum length is 2048 characters or can be empty] |
tradeMark.trademarkIdentifier |
String |
Trademark identifier |
[Maximum length is 2048 characters or can be empty] |
tradeMark.logoPriorUseDomainName |
String |
Domain that was using the logo.(CMC certificates) |
[Must match the regular expression |
Example request
$ curl 'https://cert-manager.com/api/brand-indicator/v1/enroll' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4925' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"csr" : "-----BEGIN CERTIFICATE REQUEST-----MIICyTCCAbECAQAwgYMxCzAJBgNVBAYTAlVBMQ8wDQYDVQQIDAZPZGVzc2ExDzANBgNVBAcMBk9kZXNzYTERMA8GA1UECgwIQWR2YW5jZWQxCzAJBgNVBAsMAklUMRIwEAYDVQQDDAljY21xYS5jb20xHjAcBgkqhkiG9w0BCQEWD25teXphQGNjbXFhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZo0lPzCqBVu03qHJap2wbOyN8kvdkU2VRj+GaF2APgrQps/sepvhyralxa9w5WD5KyoXhnM+7DPCsqDxKkxsBjEliLQqXwmoiai0A2DMmjWCoSMopzNTIORLPn8GaWFJSEtCa+9D1EXD2UZjSY/8MN0fEAIqaXFUrfW3cqW/QUjZH0mlJumUqQjtZY0DnAQsCxxZUlsHCkKEHuEQu5WhY8ys1/RANaoJmRh2xZuFMOZ71kLkwi5fvReqxjkRRHwG9cYDyurTNYmjkaICN/hqUwk9VKkW0G5ol8t0xau8RuHdDHi5Wb/R6+d/G+8/kn0BoOqseABih1+FYs+WsK8UCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQA15aWRLayIuUZmPhdrpJXQAtrwAoeYYwp5hvaTLwZBWEg5n+ZhH5SaSCpt+53QW3+jiT8jTsPKAqyvgSQI0MVi8o5JJhig6pPHGSKbfxmvmfSwxK4F9W2GNVcdICX+Js0BB5UXsZB4k1gTRr1VdICNiCDcDZAC0+HhkZSU9StD43T9ac3gZIfEEepX9WBx9QbBASbUZ1ziSBfGKA7vnQHbC9lTphLa2SvCSozmG36vYMV+Ak5YWnrp2c1Jhcd8PE0TIW6yPT+D6UvcZWb+KHfw2KAHVXPNFSgSZkMzFBMQJH9UcfyvPX5+7qXakxAhLS/zKOg7Y601cRg5/Eqa0Z59-----END CERTIFICATE REQUEST-----",
"dcvMode" : "HTTP",
"orgId" : 10702,
"profileId" : 5888,
"hostByCa" : true,
"validationDetails" : {
"orgDetails" : {
"businessCategory" : "PrivateOrganization",
"incorporatingAgency" : "Example Incorporating Agency",
"joiCountry" : "US"
},
"approver" : {
"title" : "MR",
"forename" : "John",
"surname" : "Doe",
"email" : "user@email.com",
"phone" : "+1 123-456-7890",
"relationship" : "Partner",
"address" : "123 Main St",
"city" : "New York",
"postalCode" : "10001",
"country" : "US"
}
},
"tradeMark" : {
"base64Logo" : "PHN2ZyB3aWR0aD0iOTYiIGhlaWdodD0iOTYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIKICAgICB2ZXJzaW9uPSIxLjIiIGJhc2VQcm9maWxlPSJ0aW55LXBzIiB2aWV3Qm94PSIwIDAgOTYgOTYiPgogIDx0aXRsZT5FeGFtcGxlIENvbXBhbnk8L3RpdGxlPgogIDxyZWN0IHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIGZpbGw9IiNGRkZGRkYiLz4KICA8cGF0aCBkPSJNMTAgMTAgTDkwIDEwIEw1MCA4MCBaIiBmaWxsPSIjMDAwMDAwIi8+Cjwvc3ZnPgo=",
"trademarkCountry" : "US",
"trademarkOffice" : "United States Copyright Office",
"trademarkIdentifier" : "9876543210",
"logoPriorUseDomainName" : "ccmqa.com"
}
}'Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/brand-indicator/v1/enroll/4Update ( Only requested, declined, rejected, invalid states are supported)
Path parameters
| Parameter | Description |
|---|---|
|
The ID of the certificate |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
csr |
String |
The certificate signing request |
[Must match the regular expression |
dcvMode |
String |
The domain control validation mode. Available: [CNAME, EMAIL, HTTP, HTTPS] |
[] |
dcvEmail |
String |
The email for DCV |
[Must be a well-formed email address] |
orgId |
Number |
The ID of the organization |
[] |
profileId |
Null |
The ID of the certificate profile |
[] |
hostByCa |
Boolean |
Indicator if the CA should host the logo and certificate. Default: true |
[] |
validationDetails |
Object |
Details for validation |
[] |
validationDetails.orgDetails |
Object |
Organization details |
[Must not be null] |
validationDetails.orgDetails.businessCategory |
String |
Business category |
[]Available: [PrivateOrganization, GovernmentEntity, BusinessEntity, NonCommercialEntity] |
validationDetails.orgDetails.assumedName |
String |
Assumed name |
[] |
validationDetails.orgDetails.companyNumber |
String |
Company number |
[] |
validationDetails.orgDetails.dunsNumber |
String |
DUNS number |
[] |
validationDetails.orgDetails.incorporatingAgency |
String |
Incorporating agency |
[] |
validationDetails.orgDetails.joiCountry |
String |
Jurisdiction of Incorporation country |
[Must be a valid ISO-3166 country code, Must not be null] |
validationDetails.orgDetails.joiStateOrProvince |
String |
Jurisdiction of Incorporation state or province |
[] |
validationDetails.orgDetails.joiLocality |
String |
Jurisdiction of Incorporation locality |
[] |
validationDetails.orgDetails.dateOfIncorporation |
String |
Date of incorporation |
[] |
validationDetails.approver |
Object |
Approver details |
[Must not be null] |
validationDetails.approver.title |
String |
Approver’s title |
[Must not be null] |
validationDetails.approver.forename |
String |
Approver’s forename |
[Must not be null] |
validationDetails.approver.surname |
String |
Approver’s surname |
[Must not be null] |
validationDetails.approver.email |
String |
Approver’s email |
[Must not be null] |
validationDetails.approver.phone |
String |
Approver’s phone number |
[] |
validationDetails.approver.relationship |
String |
Approver’s relationship to the organization |
[] |
validationDetails.approver.address |
String |
Approver’s address |
[] |
validationDetails.approver.city |
String |
Approver’s city |
[] |
validationDetails.approver.postalCode |
String |
Approver’s postal code |
[] |
validationDetails.approver.country |
String |
Approver’s country |
[Must be a valid ISO-3166 country code] |
validationDetails.approver.stateOrProvince |
String |
Approver’s state or province |
[] |
validationDetails.signer |
Object |
Signer details |
[] |
validationDetails.requester |
Object |
Requester details |
[] |
tradeMark |
Object |
Trademark details |
[] |
tradeMark.base64Logo |
String |
Base64 encoded logo |
[Must be a valid BIMI SVG logo encoded as Base64, Must not be null, Size must be between 1 and 32767 inclusive] |
tradeMark.trademarkCountry |
String |
Trademark country |
[Must be a valid ISO-3166 country code] |
tradeMark.trademarkOffice |
String |
Trademark office |
[Maximum length is 2048 characters or can be empty] |
tradeMark.trademarkIdentifier |
String |
Trademark identifier |
[Maximum length is 2048 characters or can be empty] |
tradeMark.logoPriorUseDomainName |
String |
Domain that was using the logo.(CMC certificates) |
[Must match the regular expression |
Example request
$ curl 'https://cert-manager.com/api/brand-indicator/v1/10' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4953' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"csr" : "-----BEGIN CERTIFICATE REQUEST-----MIICyTCCAbECAQAwgYMxCzAJBgNVBAYTAlVBMQ8wDQYDVQQIDAZPZGVzc2ExDzANBgNVBAcMBk9kZXNzYTERMA8GA1UECgwIQWR2YW5jZWQxCzAJBgNVBAsMAklUMRIwEAYDVQQDDAljY21xYS5jb20xHjAcBgkqhkiG9w0BCQEWD25teXphQGNjbXFhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZo0lPzCqBVu03qHJap2wbOyN8kvdkU2VRj+GaF2APgrQps/sepvhyralxa9w5WD5KyoXhnM+7DPCsqDxKkxsBjEliLQqXwmoiai0A2DMmjWCoSMopzNTIORLPn8GaWFJSEtCa+9D1EXD2UZjSY/8MN0fEAIqaXFUrfW3cqW/QUjZH0mlJumUqQjtZY0DnAQsCxxZUlsHCkKEHuEQu5WhY8ys1/RANaoJmRh2xZuFMOZ71kLkwi5fvReqxjkRRHwG9cYDyurTNYmjkaICN/hqUwk9VKkW0G5ol8t0xau8RuHdDHi5Wb/R6+d/G+8/kn0BoOqseABih1+FYs+WsK8UCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQA15aWRLayIuUZmPhdrpJXQAtrwAoeYYwp5hvaTLwZBWEg5n+ZhH5SaSCpt+53QW3+jiT8jTsPKAqyvgSQI0MVi8o5JJhig6pPHGSKbfxmvmfSwxK4F9W2GNVcdICX+Js0BB5UXsZB4k1gTRr1VdICNiCDcDZAC0+HhkZSU9StD43T9ac3gZIfEEepX9WBx9QbBASbUZ1ziSBfGKA7vnQHbC9lTphLa2SvCSozmG36vYMV+Ak5YWnrp2c1Jhcd8PE0TIW6yPT+D6UvcZWb+KHfw2KAHVXPNFSgSZkMzFBMQJH9UcfyvPX5+7qXakxAhLS/zKOg7Y601cRg5/Eqa0Z59-----END CERTIFICATE REQUEST-----",
"dcvMode" : "EMAIL",
"dcvEmail" : "admin@ccmqa.com",
"orgId" : 10715,
"profileId" : null,
"validationDetails" : {
"orgDetails" : {
"businessCategory" : "PrivateOrganization",
"companyNumber" : "1234567890",
"incorporatingAgency" : "Example Incorporating Agency",
"joiCountry" : "US"
},
"approver" : {
"title" : "MR",
"forename" : "John",
"surname" : "Doe",
"email" : "user@email.com",
"phone" : "+1 123-456-7890",
"relationship" : "Partner",
"address" : "123 Main St",
"city" : "New York",
"postalCode" : "10001",
"country" : "US"
}
},
"tradeMark" : {
"base64Logo" : "PHN2ZyB3aWR0aD0iOTYiIGhlaWdodD0iOTYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIKICAgICB2ZXJzaW9uPSIxLjIiIGJhc2VQcm9maWxlPSJ0aW55LXBzIiB2aWV3Qm94PSIwIDAgOTYgOTYiPgogIDx0aXRsZT5FeGFtcGxlIENvbXBhbnk8L3RpdGxlPgogIDxyZWN0IHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIGZpbGw9IiNGRkZGRkYiLz4KICA8cGF0aCBkPSJNMTAgMTAgTDkwIDEwIEw1MCA4MCBaIiBmaWxsPSIjMDAwMDAwIi8+Cjwvc3ZnPgo=",
"trademarkCountry" : "US",
"trademarkOffice" : "United States Copyright Office",
"trademarkIdentifier" : "9876543210",
"logoPriorUseDomainName" : "ccmqa.com"
},
"hostByCa" : true
}'Example response
HTTP/1.1 202 AcceptedGet DCV details
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Example request
$ curl 'https://cert-manager.com/api/brand-indicator/v1/7/dcv' -i -X GET \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4940' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
DCV Log |
|
|
Error details |
|
|
Error code |
|
|
Error description |
|
|
DCV Log |
|
|
Domain Name |
|
|
DCV Status |
|
|
DCV Date |
|
|
Last check |
|
|
Next check |
|
|
EMAIL DCV reference number |
|
|
DCV Instructions |
|
|
Domain Name |
|
|
DCV Mode |
|
|
DNS DCV host part |
|
|
DNS DCV point part |
|
|
HTTP/S DCV file url |
|
|
HTTP/S DCV file content |
|
|
EMAIL DCV admin contact email |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 550
{
"dcvLog" : {
"error" : {
"code" : 0,
"description" : null
},
"log" : [ {
"domainName" : "ccmqa.com",
"dcvStatus" : "Awaiting Validation",
"lastCheck" : "2025-12-04 07:54:24",
"nextCheck" : "2025-12-04 08:54:24",
"dcvEmailRefNumber" : 1
} ]
},
"instructions" : [ {
"domainName" : "ccmqa.com",
"dcvMode" : "CNAME",
"host" : "_4E380094C3B3B40C69203451D32E78D3.ccmqa.com.",
"point" : "7A16100AAE509FE98CE5AC6D6F04AC81.151A1EB4B2324F07D2BDCDB6D02452D2.sectigo.com."
} ]
}Schedule recheck of DCV details on CA
Initiate recheck of the certificate DCV details on CA.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Example request
$ curl 'https://cert-manager.com/api/brand-indicator/v1/8/dcv/recheck' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4945' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 202 AcceptedCollect
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Query parameters
| Parameter | Description |
|---|---|
|
Format of the certificate data. Supported values: pem, der, base64 |
Example request
$ curl 'https://cert-manager.com/api/brand-indicator/v1/collect/2?format=base64' -i -X POST \
-H 'login: admin_customer4917' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-H 'Content-Type: application/json;charset=UTF-8'Example response
HTTP/1.1 200 OK
Content-Length: 1819
Cache-Control: no-cache
Content-Type: application/octet-stream;charset=UTF-8
Content-Disposition: attachment; filename="ccmqa.com.crt"
-----BEGIN PKCS7-----
MIIFDQYJKoZIhvcNAQcCoIIE/jCCBPoCAQExADALBgkqhkiG9w0BBwGgggTiMIIE3jCCA8agAwIB
AgIQRabTRIww50IRstN5TGUVaDANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGln
byBMaW1pdGVkMSgwJgYDVQQDEx9TZWN0aWdvIERldiBSU0EgSW50ZXJtZWRpYXRlIENBMB4XDTIw
MDMyNzAwMDAwMFoXDTIxMDMyNzIzNTk1OVowgbQxDjAMBgNVBBETBTY1MDAwMRAwDgYDVQQLEwdk
ZXBzY2VwMRAwDgYDVQQKEwdvcmdzY2VwMRUwEwYDVQQJEwxQdXNoa2luc2theWExEjAQBgNVBAgT
CU9kZXNza2F5YTEPMA0GA1UEBxMGT2Rlc3NhMQswCQYDVQQGEwJVQTEWMBQGA1UEAxMNdGVzdCBh
dXRoY2VydDEdMBsGCSqGSIb3DQEJARYOYXV0b0BjY21xYS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgwBSCgYCQzSqybqSXGZHwVMdMrZUOa7nrXrmd1DnnXAkXGIrw6nTrGuZf
7rxmeT5eMWYl8A1S5VaZb42o+f9a3tx8kzOqmpAAiXsQsNIlkBa6f6diGTCKHMKx8ADLdN7QTMfT
WRTIPiTvRoAjPfRPP9QoXJzJjKYmX3u05Kzxleyp14ecQehM8CRmr7jEQvoTcAe8/no+6SzqOhN/
lOF6Hwul6G/lqHO6iQztpRyK8lpQ4cNcZ+j2aJRdyE2vB6TZhjWJ3hc1l4nf8Arr8ZWwgq19Af1L
V2jdwwGbtYQkjqKzZAlrD6doF1vywozTU7rTWmXWxvjuQk/eo8PimxyJAgMBAAGjggEcMIIBGDAf
BgNVHSMEGDAWgBQgruVeAdH7eMF3E/4GicyFnNnL7zAdBgNVHQ4EFgQUKWj2qIO/R/loNe6h4LyA
fO0CpLIwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwQG
CCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQEAwIFoDBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vZGV2
LmNybC5zZWN0aWdvLmNvbS9TZWN0aWdvRGV2UlNBSW50ZXJtZWRpYXRlQ0EuY3JsMDkGA1UdEQQy
MDCgHgYKKwYBBAGCNxQCA6AQDA5hdXRvQGNjbXFhLmNvbYEOYXV0b0BjY21xYS5jb20wDQYJKoZI
hvcNAQELBQADggEBAGs1r0arsblQIALbh9eLmlcWsTJmGsP3D5okBp/UcyUnl4TS9Ce4Yiy/eJvP
t/VlAAKI+Bh2wbHGvkhg5ZBMpaNt8HChHr6K3/rDxJbqcpLFF5BbPCCOjGzs+4UT+dYBee+38qxC
M8A7cQue887QMcX2RurOIK89NGWt8RJsz+EZq77gVO3QU2YOf2dL8VsTGe7tklguUe4TVxzdcj2W
liRJpEKOOm81Pym3c5VAJUU18BJnqGy1GdrT9h0qAC5DZNkvG/HEFY7cLCMTk8P7wpwU4oI0T0Ub
BXyuANPB2+WuBndoXqy7qas7XdoDBMOsXM/2RCCcy3EWfO+eIngifgQxAA==
-----END PKCS7-----Approve
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
message |
String |
Short message containing accompanying information for certificate approval action |
[Must not be empty, Size must be between 1 and 512 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/brand-indicator/v1/approve/1' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4912' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"message" : "test"
}'Example response
HTTP/1.1 204 No ContentRevoke
Path parameters
| Parameter | Description |
|---|---|
|
Certificate ID. |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
reasonCode |
Number |
Revoke reason code. |
[Allowed ranges 0,1 and 3-5] |
reason |
String |
Revoke reason message. |
[Must not be empty, Size must be between 1 and 512 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/brand-indicator/v1/revoke/9' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4950' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"reasonCode" : 4,
"reason" : "Superseded due to new certificate"
}'Example response
HTTP/1.1 204 No ContentEnrollment Profiles
List
Query parameters
| Parameter | Description |
|---|---|
|
Filter expression for fields: [name, delegationMode, certType, orgId] |
|
Sort field name with sort order direction (asc, desc). Comma separated. Fields: [name, id] |
|
Max count of entities retrieved on the request |
|
Returns the page to be returned |
Example request
$ curl 'https://cert-manager.com/api/profile/v1?sort=name%2Casc&sort=id&filter=certType%3DBrandIndicator' -i -X GET \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-H 'login: admin_customer104' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of profiles |
|
|
Profile ID |
|
|
Profile name |
|
|
Profile description |
|
|
Profile certificate type |
|
|
Profile backend |
|
|
Profile delegation mode |
Example response
HTTP/1.1 200 OK
X-Total-Count: 2
Content-Type: application/json;charset=UTF-8
Content-Length: 528
[ {
"id" : 5135,
"name" : "Brand Indicator Certificate SASP -541390633",
"description" : "Description for Brand Indicator Certificate SASP -541390633",
"certType" : "BrandIndicator",
"backendType" : "sectigo",
"delegationMode" : "GLOBAL_FOR_CUSTOMER"
}, {
"id" : 5136,
"name" : "Brand Indicator Certificate SASP 609926030",
"description" : "Description for Brand Indicator Certificate SASP 609926030",
"certType" : "BrandIndicator",
"backendType" : "sectigo",
"delegationMode" : "GLOBAL_FOR_CUSTOMER"
} ]Details
Path parameters
| Parameter | Description |
|---|---|
|
Profile ID |
Example request
$ curl 'https://cert-manager.com/api/profile/v1/5134' -i -X GET \
-H 'login: admin_customer101' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-H 'Content-Type: application/json;charset=UTF-8'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Profile ID |
|
|
Profile name |
|
|
Profile description |
|
|
Profile certificate type |
|
|
Profile backend |
|
|
Profile delegation mode |
|
|
Profile attributes |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 440
{
"id" : 5134,
"name" : "Brand Indicator Certificate SASP 1637344335",
"description" : "Description for Brand Indicator Certificate SASP 1637344335",
"certType" : "BrandIndicator",
"backendType" : "sectigo",
"delegationMode" : "GLOBAL_FOR_CUSTOMER",
"attributes" : {
"TERM" : {
"365" : "1 year"
},
"KEY_TYPE_CONFIG" : {
"RSA" : {
"allowedValues" : [ "1024", "2048", "4096" ]
}
}
}
}Domain Control Validation
Any domain added to SCM must pass Domain Control Validation (DCV) before public certificates can be issued to it. DCV is a procedure of validation of the applicant’s control of the domain which needs to appear in the subject of the certificate.
View domain control validations
List domain control validations
List all domain validations that match the requested filter.
Query parameters
| Parameter | Description |
|---|---|
|
the first position (entry) to return from the results of the query |
|
Count of entries |
|
Domain |
|
Organization ID |
|
Department ID |
|
DCV Status |
|
DCV Order status |
|
Expires in (days) |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation?size=10&position=0&org=&department=&domain=ccmqa.com&expiresIn=&dcvStatus=&orderStatus=' -i -X GET \
-H 'login: admin_customer3400' \
-H 'password: Password123!' \
-H 'customerUri: cst3400' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of DCV domains |
|
|
Domain |
|
|
DCV Status |
|
|
DCV Order status |
|
|
DCV Order method. Values: [EMAIL, CNAME, HTTP, HTTPS, AUTO, TXT] |
|
|
DCV Method |
|
|
DCV Expiration date |
Example response
HTTP/1.1 200 OK
X-Total-Count: 2
Content-Type: application/json
Content-Length: 380
[ {
"domain" : "ccmqa.com",
"dcvStatus" : "VALIDATED",
"dcvMethod" : "EMAIL",
"dcvOrderStatus" : "NOT_INITIATED",
"dcvOrderMethod" : "EMAIL",
"expirationDate" : "2025-12-05"
}, {
"domain" : "www.ccmqa.com",
"dcvStatus" : "VALIDATED",
"dcvMethod" : "EMAIL",
"dcvOrderStatus" : "NOT_INITIATED",
"dcvOrderMethod" : "EMAIL",
"expirationDate" : "2025-12-05"
} ]Get domain control validation details
Get domain validation details. The V2 API provides more information about the domain validation and is the preferred version.
V2
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain which status is requested |
[Size must be between 3 and 255 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v2/validation/status' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3560' \
-H 'password: Password123!' \
-H 'customerUri: cst3560' \
-H 'Accept: application/json' \
-d '{
"domain" : "example.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Validation status |
|
|
Validation date |
|
|
Validation expiration date |
|
|
Validation order status |
|
|
Validation order mode. Possible values: [EMAIL, CNAME, HTTP, HTTPS, AUTO, TXT] |
|
|
HTTP(s) validation. URL to the validation txt file in the "/.well-known/pki-validation" directory of the HTTP server |
|
|
HTTP(s) validation. Validation txt file content: first line |
|
|
HTTP(s) validation. Validation txt file content: second line |
|
|
DNS validation record host value |
|
|
DNS validation record point value |
|
|
Email validation recipient |
|
|
Email validation reference number |
|
|
Validation order backend ID |
|
|
Validation order submission date(only for submitted orders) |
|
|
Order expiration date(only for submitted orders) |
|
|
Time of last check(only for submitted orders) |
|
|
Time of the scheduled next check(only for submitted orders) |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 568
{
"status" : "EXPIRED",
"validationDate" : "2024-12-04",
"expirationDate" : "2025-11-24",
"orderStatus" : "SUBMITTED",
"orderMode" : "HTTP",
"url" : "http://example.com/.well-known/pki-validation/88F809061BDC7A65DC409D53F99E7544.txt",
"firstLine" : "a82374a0ef33dcf28016018f5eb25cc32c8b3b9b7af188bb9e74a82964a0575e",
"secondLine" : "sectigo.com",
"orderBackendId" : "99887766",
"submittedDate" : "2025-12-04",
"orderExpiration" : "2026-01-03T07:52:47.794Z",
"lastCheck" : "2025-12-04T06:52:47.794Z",
"nextCheck" : "2025-12-04T08:52:47.794Z"
}V1 - Deprecated
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to validate |
[Size must be between 3 and 255 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/status' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3390' \
-H 'password: Password123!' \
-H 'customerUri: cst3390' \
-d '{
"domain" : "ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Validation status |
|
|
Validation date |
|
|
Validation expiration date |
|
|
Validation order status |
|
|
Validation order mode. Possible values: [EMAIL, CNAME, HTTP, HTTPS, AUTO, TXT] |
|
|
HTTP(s) validation. URL to the validation txt file in the "/.well-known/pki-validation" directory of the HTTP server |
|
|
HTTP(s) validation. Validation txt file content: first line |
|
|
HTTP(s) validation. Validation txt file content: second line |
|
|
DNS validation record host value |
|
|
DNS validation record point value |
|
|
Email validation recipient |
|
|
Email validation reference number |
|
|
Validation order backend ID |
|
|
Validation order submission date(only for submitted orders) |
|
|
Order expiration date(only for submitted orders) |
|
|
Time of last check(only for submitted orders) |
|
|
Time of the scheduled next check(only for submitted orders) |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 133
{
"status" : "VALIDATED",
"validationDate" : "2024-12-05",
"expirationDate" : "2025-12-05",
"orderStatus" : "NOT_INITIATED"
}Sync domain control validation details with backend
Synchronize domain validation details with backend.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to validate |
[Size must be between 3 and 255 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/sync?force=true' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3550' \
-H 'password: Password123!' \
-H 'customerUri: cst3550' \
-d '{
"domain" : "ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Validation status |
|
|
Validation date |
|
|
Validation expiration date |
|
|
Validation order status |
|
|
Validation order mode. Possible values: [EMAIL, CNAME, HTTP, HTTPS, AUTO, TXT] |
|
|
HTTP(s) validation. URL to the validation txt file in the "/.well-known/pki-validation" directory of the HTTP server |
|
|
HTTP(s) validation. Validation txt file content: first line |
|
|
HTTP(s) validation. Validation txt file content: second line |
|
|
DNS validation record host value |
|
|
DNS validation record point value |
|
|
Email validation recipient |
|
|
Email validation reference number |
|
|
Validation order backend ID |
|
|
Validation order submission date(only for submitted orders) |
|
|
Order expiration date(only for submitted orders) |
|
|
Time of last check(only for submitted orders) |
|
|
Time of the scheduled next check(only for submitted orders) |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 167
{
"status" : "NOT_VALIDATED",
"orderStatus" : "SUBMITTED",
"orderMode" : "EMAIL",
"emailValidationReferenceNumber" : "876186775",
"orderBackendId" : "1234"
}Clear domain control validation
Reset the parameters of a request for DCV and drop domain validation Status and DCV Order Status of the domain to the initial values.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to validate |
[Size must be between 3 and 255 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/clear' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3375' \
-H 'password: Password123!' \
-H 'customerUri: cst3375' \
-d '{
"domain" : "ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Order status |
|
|
Message |
|
|
Status |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 135
{
"status" : "VALIDATED",
"orderStatus" : "NOT_INITIATED",
"message" : "DCV status: VALIDATED; DCV order status: NOT_INITIATED"
}Delete domain control validation
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to remove validation from |
[Size must be between 3 and 255 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/delete' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3385' \
-H 'password: Password123!' \
-H 'customerUri: cst3385' \
-d '{
"domain" : "ccmqa.com"
}'Example response
HTTP/1.1 200 OKValidate domain
Method HTTP
Start domain control validation HTTP
Start Domain Control Validation using HTTP method.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to validate |
[Size must be between 3 and 255 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/start/domain/http' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3525' \
-H 'password: Password123!' \
-H 'customerUri: cst3525' \
-d '{
"domain" : "ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
URL |
|
|
First line |
|
|
Second line |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 212
{
"url" : "http://ccmqa.com/.well-known/pki-validation/685BB4B52E86CD979E32FC39F22AFA41.txt",
"firstLine" : "3dae349f789a0bb710f1f9ad9e52eb20062637186ee7a30836bf0ae9f743b9ba",
"secondLine" : "sectigo.com"
}Start domain control validation HTTPS
Start Domain Control Validation using HTTPS method.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to validate |
[Size must be between 3 and 255 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/start/domain/https' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3535' \
-H 'password: Password123!' \
-H 'customerUri: cst3535' \
-d '{
"domain" : "ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
URL |
|
|
First line |
|
|
Second line |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 213
{
"url" : "https://ccmqa.com/.well-known/pki-validation/685BB4B52E86CD979E32FC39F22AFA41.txt",
"firstLine" : "3dae349f789a0bb710f1f9ad9e52eb20062637186ee7a30836bf0ae9f743b9ba",
"secondLine" : "sectigo.com"
}Submit domain control validation HTTP
Submit a request for Domain Control Validation using HTTP method.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to validate |
[Size must be between 3 and 255 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/submit/domain/http' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3525' \
-H 'password: Password123!' \
-H 'customerUri: cst3525' \
-d '{
"domain" : "ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Order status |
|
|
Message |
|
|
Status |
|
|
Validation order backend ID |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 130
{
"status" : "VALIDATED",
"orderStatus" : "SUBMITTED",
"message" : "Submitted successfully",
"orderBackendId" : "100500"
}Submit domain control validation HTTPS
Submit a request for Domain Control Validation using HTTPS method.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to validate |
[Size must be between 3 and 255 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/submit/domain/https' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3535' \
-H 'password: Password123!' \
-H 'customerUri: cst3535' \
-d '{
"domain" : "ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Order status |
|
|
Message |
|
|
Status |
|
|
Validation order backend ID |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 130
{
"status" : "VALIDATED",
"orderStatus" : "SUBMITTED",
"message" : "Submitted successfully",
"orderBackendId" : "100500"
}Method DNS
Start domain control validation CName
Start Domain Control Validation using CName method.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to validate |
[Size must be between 3 and 255 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/start/domain/cname' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3500' \
-H 'password: Password123!' \
-H 'customerUri: cst3500' \
-d '{
"domain" : "ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Host |
|
|
Point |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 155
{
"host" : "_685bb4b52e86cd979e32fc39f22afa41.ccmqa.com.",
"point" : "3dae349f789a0bb710f1f9ad9e52eb20.062637186ee7a30836bf0ae9f743b9ba.sectigo.com."
}Submit domain control validation CName
Submit a request for Domain Control Validation using CName method.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to validate |
[Size must be between 3 and 255 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/submit/domain/cname' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3500' \
-H 'password: Password123!' \
-H 'customerUri: cst3500' \
-d '{
"domain" : "ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Order status |
|
|
Message |
|
|
Status |
|
|
Validation order backend ID |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 130
{
"status" : "VALIDATED",
"orderStatus" : "SUBMITTED",
"message" : "Submitted successfully",
"orderBackendId" : "100500"
}Submit domain control validation CName using DNS Connector
Submit a request for Domain Control Validation using CName method in an automated manner. See DNS Connector API for more details.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to validate |
[Size must be between 3 and 255 inclusive] |
dnsAgentUUID |
String |
Domain agent UUID |
[] |
dnsProviderName |
String |
DNS provider name |
[] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/submit/domain/cname' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3495' \
-H 'password: Password123!' \
-H 'customerUri: cst3495' \
-d '{
"dnsAgentUUID" : "2bf2517526b9445aaf558fcf5a368588",
"dnsProviderName" : "cloudflare",
"domain" : "ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Order status |
|
|
Message |
|
|
Status |
|
|
Validation order backend ID |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 134
{
"status" : "NOT_VALIDATED",
"orderStatus" : "SUBMITTED",
"message" : "Submitted successfully",
"orderBackendId" : "100500"
}Start domain control validation TXT
Start request is not supported by the API. Use submit directly.
Submit domain control validation using TXT record
Submit a request for Domain Control Validation using TXT method. Use information from the response to create a DNS TXT record. (i.e. _pki-validation.<domain name>. TXT <validation code>)
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to validate |
[Size must be between 3 and 255 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/submit/domain/txt' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3545' \
-H 'password: Password123!' \
-H 'customerUri: cst3545' \
-d '{
"domain" : "ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Order status |
|
|
Message |
|
|
Status |
|
|
Validation order backend ID |
|
|
DNS TXT record host |
|
|
DNS TXT record point |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 219
{
"status" : "VALIDATED",
"orderStatus" : "SUBMITTED",
"message" : "Submitted successfully",
"orderBackendId" : "100500",
"host" : "_pki-validation.ccmqa.com.",
"point" : "zYWR 5J<pyt_sa%uh98IUo>xx5T_c/!I"
}Method Email
Start domain control validation email
Retrieve emails that could be used for Domain Control Validation.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to validate |
[Size must be between 3 and 255 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/start/domain/email' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3510' \
-H 'password: Password123!' \
-H 'customerUri: cst3510' \
-d '{
"domain" : "ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of e-mails |
|
|
List of e-mails for each domain |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 486
{
"emails" : [ "webmaster@ccmqa.com", "administrator@ccmqa.com", "hostmaster@ccmqa.com", "dns.txt@sectigo.com", "domain.admin@sectigo.com", "admin@ccmqa.com", "postmaster@ccmqa.com" ],
"dcvEmails" : [ {
"domainName" : "ccmqa.com",
"whoisEmails" : [ "domain.admin@sectigo.com" ],
"adminEmails" : [ "admin@ccmqa.com", "administrator@ccmqa.com", "hostmaster@ccmqa.com", "postmaster@ccmqa.com", "webmaster@ccmqa.com" ],
"dnsTxtEmails" : [ "dns.txt@sectigo.com" ]
} ]
}Start domain control validation email bulk
Retrieve emails that could be used for Domain Control Validation.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domains |
Array |
Domain lists to receive DCV e-mails |
[] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/start/domain/email' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3470' \
-H 'password: Password123!' \
-H 'customerUri: cst3470' \
-d '{
"domains" : [ "ccmqa.com", "domain.com" ]
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Common emails applicable for bulk DCV |
|
|
List of e-mails for each domain |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 654
{
"emails" : [ "dns.txt@sectigo.com", "domain.admin@sectigo.com" ],
"dcvEmails" : [ {
"domainName" : "ccmqa.com",
"whoisEmails" : [ "domain.admin@sectigo.com" ],
"adminEmails" : [ "admin@ccmqa.com", "administrator@ccmqa.com", "hostmaster@ccmqa.com", "postmaster@ccmqa.com", "webmaster@ccmqa.com" ],
"dnsTxtEmails" : [ "dns.txt@sectigo.com" ]
}, {
"domainName" : "domain.com",
"whoisEmails" : [ "domain.admin@sectigo.com" ],
"adminEmails" : [ "admin@domain.com", "administrator@domain.com", "hostmaster@domain.com", "postmaster@domain.com", "webmaster@domain.com" ],
"dnsTxtEmails" : [ "dns.txt@sectigo.com" ]
} ]
}Submit domain control validation email
Submit a request for Domain Control Validation using Email method.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domain |
String |
Domain to validate |
[Must not be empty, Maximum length is 255 characters or can be empty] |
String |
[Must be a well-formed email address, Must not be empty] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/submit/domain/email' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3510' \
-H 'password: Password123!' \
-H 'customerUri: cst3510' \
-d '{
"domain" : "ccmqa.com",
"email" : "email@ccmqa.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Order status |
|
|
Message |
|
|
Status |
|
|
Validation order backend ID |
|
|
Email validation reference number |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 180
{
"status" : "VALIDATED",
"orderStatus" : "SUBMITTED",
"message" : "Submitted successfully",
"orderBackendId" : "100500",
"emailValidationReferenceNumber" : "876186775"
}Submit bulk domain control validation email
Submit a request for Domain Control Validation using Email method.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domains |
Array |
Domains to validate |
[Must not be empty] |
String |
DCV email suitable for validating all provided domains. Refer to /api/validation/start/domain/email for more details |
[Must be a well-formed email address, Must not be empty] |
Example request
$ curl 'https://cert-manager.com/api/dcv/v1/validation/submit-bulk/domain/email' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3520' \
-H 'password: Password123!' \
-H 'customerUri: cst3520' \
-d '{
"domains" : [ "ccmqa.com", "domain.com" ],
"email" : "domain.admin@sectigo.com"
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Message |
|
|
Validation order status |
|
|
Validation order backend ID |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 104
{
"orderStatus" : "SUBMITTED",
"message" : "Submitted successfully",
"orderBackendId" : "100500"
}Custom Fields
Custom fields allow storage of custom metadata with certificates.
View custom fields
List custom fields
List all custom fields. Includes complete details.
V2
Example request
$ curl 'https://cert-manager.com/api/customField/v2' -i -X GET \
-H 'login: admin_customer21566' \
-H 'password: Password123!' \
-H 'customerUri: cst21566' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of custom fields |
|
|
Custom field ID |
|
|
Custom field name |
|
|
List of access methods for which this field is mandatory |
|
|
Custom field certificate type |
|
|
State |
|
|
Input type |
|
|
Input field options (for 'TEXT_OPTION' type only) |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json
Content-Length: 189
[{"id":454,"name":"Test field","certType":"ssl","state":"ACTIVE","input":{"type":"TEXT_OPTION","options":["option1","option2"]},"mandatories":["ADMIN_UI","SOAP_API","WEB_FORM","REST_API"]}]V1 - Deprecated
Example request
$ curl 'https://cert-manager.com/api/customField/v1' -i -X GET \
-H 'login: admin_customer21536' \
-H 'password: Password123!' \
-H 'customerUri: cst21536' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of custom fields |
|
|
Custom field ID |
|
|
Custom field name |
|
|
Custom field mandatory attribute |
|
|
Custom field certificate type |
|
|
State |
|
|
Input field properties |
|
|
Input field type |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 119
[{"id":444,"name":"Test field","mandatory":true,"certType":"ssl","state":"ACTIVE","input":{"type":"TEXT_SINGLE_LINE"}}]List custom fields by certificate type
List all custom fields filtered by certificate type. Includes complete details.
V2
Query parameters
| Parameter | Description |
|---|---|
|
Certificate type. Possible values: [SSL, SMIME, CodeSign, Device, BrandIndicator] |
Example request
$ curl 'https://cert-manager.com/api/customField/v2/?certType=SSL' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'Accept: application/json' \
-H 'login: admin_customer21569' \
-H 'password: Password123!' \
-H 'customerUri: cst21569'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Custom field ID |
|
|
Custom field name |
|
|
List of access methods for which this field is mandatory |
|
|
Custom field certificate type |
|
|
State |
|
|
Input type |
|
|
Input field options (for 'TEXT_OPTION' type only) |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json
Content-Length: 189
[{"id":455,"name":"Test field","certType":"ssl","state":"ACTIVE","input":{"type":"TEXT_OPTION","options":["option1","option2"]},"mandatories":["ADMIN_UI","SOAP_API","WEB_FORM","REST_API"]}]V1 - Deprecated
Example request
$ curl 'https://cert-manager.com/api/customField/v1/ssl' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'Accept: application/json' \
-H 'login: admin_customer21539' \
-H 'password: Password123!' \
-H 'customerUri: cst21539'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Custom field ID |
|
|
Custom field name |
|
|
Custom field mandatory attribute |
|
|
Custom field certificate type |
|
|
State |
|
|
Input field properties |
|
|
Input field type |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 119
[{"id":445,"name":"Test field","mandatory":true,"certType":"ssl","state":"ACTIVE","input":{"type":"TEXT_SINGLE_LINE"}}]Get custom field details
Get custom field details.
V2
Path parameters
| Parameter | Description |
|---|---|
|
ID of custom field whose details are being requested |
Example request
$ curl 'https://cert-manager.com/api/customField/v2/453' -i -X GET \
-H 'Accept: application/json' \
-H 'login: admin_customer21563' \
-H 'password: Password123!' \
-H 'customerUri: cst21563'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Custom field ID |
|
|
Custom field name |
|
|
List of access methods for which this field is mandatory |
|
|
Custom field certificate type |
|
|
State |
|
|
Input type |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 154
{"id":453,"name":"test","certType":"ssl","state":"ACTIVE","input":{"type":"TEXT_SINGLE_LINE"},"mandatories":["ADMIN_UI","SOAP_API","WEB_FORM","REST_API"]}Manage custom fields
Create custom field
Create the custom field for a particular type of certificate.
V2
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Custom field name |
[Must not be blank, Maximum length is 256 characters or can be empty] |
mandatories |
Array |
List of access methods for which this field is mandatory |
Possible values: ADMIN_UI, REST_API, SOAP_API, WEB_FORM |
certType |
String |
Custom field certificate type |
Possible values: ssl, smime, device, codesign |
state |
String |
State |
[] |
input.type |
String |
Input type |
Input type. Allowed values: [TEXT_SINGLE_LINE, TEXT_MULTI_LINE, EMAIL, NUMBER, TEXT_OPTION, DATE] |
input.options |
Array |
Input options (for 'TEXT_OPTION' type only) |
[Must not be empty] |
Example request
$ curl 'https://cert-manager.com/api/customField/v2' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'Accept: application/json' \
-H 'login: admin_customer21554' \
-H 'password: Password123!' \
-H 'customerUri: cst21554' \
-d ' {"name":"test","certType":"ssl","state":"ACTIVE","input":{"type":"TEXT_OPTION", "options": ["Option 1", "Option2"]},
"mandatories":["ADMIN_UI","REST_API","SOAP_API","WEB_FORM"]}
'Response headers
| Name | Description |
|---|---|
|
Url location of created custom field |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/customField/v2/450V1 - Deprecated
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Custom field name |
[Must not be blank, Maximum length is 256 characters or can be empty] |
mandatory |
Boolean |
Custom field mandatory attribute |
[] |
certType |
String |
Custom field certificate type |
Possible values: ssl, smime, device |
state |
String |
State |
[] |
Example request
$ curl 'https://cert-manager.com/api/customField/v1' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'Accept: application/json' \
-H 'login: admin_customer21521' \
-H 'password: Password123!' \
-H 'customerUri: cst21521' \
-d ' {"name":"test","mandatory":true,"certType":"ssl","state":"ACTIVE"}
'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Custom field ID |
|
|
Custom field name |
|
|
Custom field mandatory attribute |
|
|
Custom field certificate type |
|
|
State |
|
|
Input field properties |
|
|
Input field type |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 111
{"id":440,"name":"test","mandatory":true,"certType":"ssl","state":"ACTIVE","input":{"type":"TEXT_SINGLE_LINE"}}Update custom field
Update custom field.
V2
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
id |
Number |
Custom field ID |
|
name |
String |
Custom field name |
[Must not be blank, Maximum length is 256 characters or can be empty] |
mandatories |
Array |
List of access methods for which this field is mandatory |
Possible values: ADMIN_UI, REST_API, SOAP_API, WEB_FORM |
certType |
String |
Custom field certificate type |
Possible values: ssl, smime, device, codesign |
state |
String |
State |
[] |
input.type |
String |
Input type |
[] |
input.options |
Array |
Input options (for 'TEXT_OPTION' type only) |
[Must not be empty] |
Example request
$ curl 'https://cert-manager.com/api/customField/v2' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'Accept: application/json' \
-H 'login: admin_customer21572' \
-H 'password: Password123!' \
-H 'customerUri: cst21572' \
-d '{
"id": 456,
"name":"Test field",
"certType":"ssl",
"state":"ACTIVE",
"mandatories":[],
"input": {"type": "TEXT_OPTION", "options": ["option1", "option2"]}
}
'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Custom field ID |
|
|
Custom field name |
|
|
List of access methods for which this field is mandatory |
|
|
Custom field certificate type |
|
|
State |
|
|
Input field properties |
|
|
Input field type |
|
|
Input field options |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 144
{"id":456,"name":"Test field","certType":"ssl","state":"ACTIVE","input":{"type":"TEXT_OPTION","options":["option1","option2"]},"mandatories":[]}V1 - Deprecated
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
id |
Number |
Custom field ID |
[Must be at least 1] |
name |
String |
Custom field name |
[Must not be blank, Maximum length is 256 characters or can be empty] |
mandatory |
Boolean |
Custom field mandatory attribute |
[] |
certType |
String |
Custom field certificate type |
Possible values: ssl, smime, device |
state |
String |
State |
[] |
Example request
$ curl 'https://cert-manager.com/api/customField/v1' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'Accept: application/json' \
-H 'login: admin_customer21545' \
-H 'password: Password123!' \
-H 'customerUri: cst21545' \
-d ' {"id":447,"name":"Test field","mandatory":true,"certType":"ssl","state":"ACTIVE"}
'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Custom field ID |
|
|
Custom field name |
|
|
Custom field mandatory attribute |
|
|
Custom field certificate type |
|
|
State |
|
|
Input field properties |
|
|
Input field type |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 117
{"id":447,"name":"Test field","mandatory":true,"certType":"ssl","state":"ACTIVE","input":{"type":"TEXT_SINGLE_LINE"}}Delete custom field
Delete the custom field which is no longer needed.
V2
Path parameters
| Parameter | Description |
|---|---|
|
Custom field ID |
Example request
$ curl 'https://cert-manager.com/api/customField/v2/452' -i -X DELETE \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'Accept: application/json' \
-H 'login: admin_customer21560' \
-H 'password: Password123!' \
-H 'customerUri: cst21560'Example response
HTTP/1.1 204 No ContentV1 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
Custom field ID |
Example request
$ curl 'https://cert-manager.com/api/customField/v1/442' -i -X DELETE \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'login: admin_customer21530' \
-H 'password: Password123!' \
-H 'customerUri: cst21530'Example response
HTTP/1.1 204 No ContentDiscovery
The Discovery API automates frequently performed operations to accelerate certificate discovery for customers with dynamically changing IP ranges.
The 'Tasks' resource contains information about planned discovery scans. A task comprises general information (task name, agent, ranges to scan), assignment rules, scan schedule, and has a 'Status' parameter.
Network Discovery Tasks
Add network scan task
Enables administrators to create a scan task for the private and/or public network(s) in search of SSL certificates.
V2 - Deprecated
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
agent |
String |
Agent name |
[] |
ranges |
Array |
Array of ranges |
[] |
ranges[].address |
String |
Range address |
|
ranges[].ports |
String |
Range port |
|
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month |
[] |
dayOfMonth |
Number |
Day of month |
[] |
dayOfWeek |
Number |
Day of week |
[] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v2/net_task' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6302' \
-H 'password: Password123!' \
-H 'customerUri: cst6302' \
-d '{"ranges":[{"address":"176.108.103.10/32","ports":"3"}],"agent":"org4Test3sivt","name":"WYTHRPGCKNGDHPFCTVEQBKWYKSIBEVIT","certBucketId":"8bba796f-4b33-495e-92c9-bad6d4bc96d2","frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":0,"dayOfMonth":0,"dayOfWeek":0}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Task ID |
Example response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 15
{"taskId":1000}V3 - Deprecated
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
agent |
String |
Agent name |
[Must not be empty] |
ranges |
Array |
Array of ranges |
[Must not be empty] |
ranges[].address |
String |
Range address |
|
ranges[].ports |
String |
Range port |
|
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month |
[Must be at most 11] |
dayOfMonth |
Number |
Day of month |
[Must be at most 30] |
dayOfWeek |
Number |
Day of week |
[Must be at most 6] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v3/net_task' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6608' \
-H 'password: Password123!' \
-H 'customerUri: cst6608' \
-d '{"ranges":[{"address":"10.146.191.94/32","ports":"1"}],"agent":"org4Test9ukvf","name":"RLNVIASBDKQNNQBGJWBCXWCGAIDZSQTU","certBucketId":"7d429c0e-0684-4015-b706-91f2ce8b83d1","frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":0,"dayOfMonth":0,"dayOfWeek":0}'Response headers
| Name | Description |
|---|---|
|
URL location of created task |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/discovery/v3/net_task/10000V4
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
agent |
String |
Agent name |
[Must not be empty] |
ranges |
Array |
Array of ranges |
[Must not be empty] |
ranges[].address |
String |
Range address |
|
ranges[].ports |
String |
Range port |
|
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency. Possible values are [Manual, Daily, Weekly, Monthly, Quarterly, SemiAnnually, Annually, Once] |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month. Possible values is 1 for January, 2 for February and etc. |
[Must be at least 1, Must be at most 12] |
dayOfMonth |
Number |
Day of month. Possible values is 1 for 1st day of month, 2 for 2nd day of month and etc. |
[Must be at least 1, Must be at most 31] |
dayOfWeek |
Number |
Day of week. Possible values is 7 for Sunday, 1 for Monday, 2 for Tuesday and etc. |
[Must be at least 1, Must be at most 7] |
year |
Number |
Year |
[] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v4/net_task' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6713' \
-H 'password: Password123!' \
-H 'customerUri: cst6713' \
-d '{"ranges":[{"address":"60.35.105.115/32","ports":"3"}],"agent":"org4Testzmmnf","name":"XDNOYRJQWGZFOVUFCOGLLFCCHYFFKREL","certBucketId":"26a0ce42-36d1-4980-bdcf-8e9b0d749159","frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":12,"dayOfMonth":31,"dayOfWeek":7,"year":2049}'Response headers
| Name | Description |
|---|---|
|
URL location of created task |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/discovery/v4/net_task/174004Update network scan task
Enables administrators to edit a network scan task.
V2 - Deprecated
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
taskId |
Number |
Task ID |
[Must be at least 1] |
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
agent |
String |
Agent name |
[Must not be empty] |
ranges |
Array |
Array of ranges |
[Must not be empty] |
ranges[].address |
String |
Range address |
|
ranges[].ports |
String |
Range port |
|
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month |
[Must be at most 11] |
dayOfMonth |
Number |
Day of month |
[Must be at most 30] |
dayOfWeek |
Number |
Day of week |
[Must be at most 6] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v2/net_task' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6359' \
-H 'password: Password123!' \
-H 'customerUri: cst6359' \
-d '{"taskId":157440,"ranges":[{"address":"26.98.21.128/32","ports":"3"}],"agent":"org4Testszjj8","name":"OCNOHZKFUJZLIXVIEUREZEZTVFEYVAMG","certBucketId":"6c705749-5472-4e0e-9a58-57e248f80f5f","frequency":"Monthly","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":0,"dayOfMonth":0,"dayOfWeek":0}'Example response
HTTP/1.1 200 OKV3 - Deprecated
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
agent |
String |
Agent name |
[Must not be empty] |
ranges |
Array |
Array of ranges |
[Must not be empty] |
ranges[].address |
String |
Range address |
|
ranges[].ports |
String |
Range port |
|
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month |
[Must be at most 11] |
dayOfMonth |
Number |
Day of month |
[Must be at most 30] |
dayOfWeek |
Number |
Day of week |
[Must be at most 6] |
Path parameters
| Parameter | Description |
|---|---|
|
ID of task whose details are being updated |
Example request
$ curl 'https://cert-manager.com/api/discovery/v3/net_task/169560' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6611' \
-H 'password: Password123!' \
-H 'customerUri: cst6611' \
-d '{"ranges":[{"address":"176.154.226.78/32","ports":"2"}],"agent":"org4Testmfi28","name":"TVXWMMDTLHXTZTOCVNACKCJWHPZWPNAD","certBucketId":"e83b54cc-1eb5-414a-9de5-74c0a3bb4eb4","frequency":"Monthly","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":0,"dayOfMonth":0,"dayOfWeek":0}'Example response
HTTP/1.1 200 OKV4
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
agent |
String |
Agent name |
[Must not be empty] |
ranges |
Array |
Array of ranges |
[Must not be empty] |
ranges[].address |
String |
Range address |
|
ranges[].ports |
String |
Range port |
|
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency. Possible values are [Manual, Daily, Weekly, Monthly, Quarterly, SemiAnnually, Annually, Once] |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month. Possible values is 1 for January, 2 for February and etc. |
[Must be at least 1, Must be at most 12] |
dayOfMonth |
Number |
Day of month. Possible values is 1 for 1st day of month, 2 for 2nd day of month and etc. |
[Must be at least 1, Must be at most 31] |
dayOfWeek |
Number |
Day of week. Possible values is 7 for Sunday, 1 for Monday, 2 for Tuesday and etc. |
[Must be at least 1, Must be at most 7] |
year |
Number |
Year |
[] |
Path parameters
| Parameter | Description |
|---|---|
|
ID of task whose details are being updated |
Example request
$ curl 'https://cert-manager.com/api/discovery/v4/net_task/176024' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6746' \
-H 'password: Password123!' \
-H 'customerUri: cst6746' \
-d '{"ranges":[{"address":"221.5.63.111/32","ports":"2"}],"agent":"org4Test51st7","name":"YKDPJMDRXTLWKSLTBIOIHIGAAPBTDQIU","certBucketId":"f1bb155e-4551-4e1d-98f6-8be6a0c87fb7","frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":12,"dayOfMonth":31,"dayOfWeek":7,"year":2049}'Example response
HTTP/1.1 200 OKGet network scan task
Enables the administrator to get the parameters of a particular task of network scanning which he/she is authorized to view and manage.
V2 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v2/net_task/156834' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6347' \
-H 'password: Password123!' \
-H 'customerUri: cst6347'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Task name |
|
|
Agent name |
|
|
Certificate bucket ID and name |
|
|
Array of ranges |
|
|
Range address |
|
|
Range port |
|
|
Task status. Values: [IN_PROCESS, FAILED, CANCELED, SUCCESSFUL, PARTIAL_SUCCESSFUL, PROCESSING_RESULT, null] |
|
|
Task frequency |
|
|
Time zone |
|
|
Time |
|
|
Hours |
|
|
Minutes |
|
|
Month |
|
|
Day of month |
|
|
Day of week |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 267
{"name":"Discovery task 0","agent":"Cloud","certificateBucket":{"id":"73312cb6-56d8-4248-baaa-44984676cbe7","name":"bucket1"},"ranges":[],"frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":7,"minutes":56},"status":"Scan in process"}V3 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v3/net_task/166126' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6524' \
-H 'password: Password123!' \
-H 'customerUri: cst6524'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Task name |
|
|
Agent name |
|
|
Certificate bucket ID and name |
|
|
Array of ranges |
|
|
Range address |
|
|
Range port |
|
|
Task status. Values: [IN_PROCESS, FAILED, CANCELED, SUCCESSFUL, PARTIAL_SUCCESSFUL, PROCESSING_RESULT, null] |
|
|
Task frequency |
|
|
Time zone |
|
|
Time |
|
|
Hours |
|
|
Minutes |
|
|
Month |
|
|
Day of month |
|
|
Day of week |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 267
{"name":"Discovery task 0","agent":"Cloud","certificateBucket":{"id":"2d2dd137-582f-4a29-8bae-8dc7f8acb845","name":"bucket1"},"ranges":[],"frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":7,"minutes":57},"status":"Scan in process"}V4
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v4/net_task/175822' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6743' \
-H 'password: Password123!' \
-H 'customerUri: cst6743'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Task name |
|
|
Agent name |
|
|
Certificate bucket ID and name |
|
|
Array of ranges |
|
|
Range address |
|
|
Range port |
|
|
Task status. Values: [IN_PROCESS, FAILED, CANCELED, SUCCESSFUL, PARTIAL_SUCCESSFUL, PROCESSING_RESULT, null] |
|
|
Task frequency. Possible values are [Manual, Daily, Weekly, Monthly, Quarterly, SemiAnnually, Annually, Once] |
|
|
Time zone |
|
|
Time |
|
|
Hours |
|
|
Minutes |
|
|
Month. Possible values is 1 for January, 2 for February and etc. |
|
|
Day of month. Possible values is 1 for 1st day of month, 2 for 2nd day of month and etc. |
|
|
Day of week. Possible values is 7 for Sunday, 1 for Monday, 2 for Tuesday and etc. |
|
|
Year |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 267
{"name":"Discovery task 0","agent":"Cloud","certificateBucket":{"id":"e6d7dfee-1442-4904-94c9-73930f2ca7e2","name":"bucket1"},"ranges":[],"frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":7,"minutes":57},"status":"Scan in process"}Get network scan task list
Enables the administrator to get the list of existing tasks of scanning the network(s) which he/she is authorized to view and manage.
V2 - Deprecated
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
Position shift |
|
Task name |
|
Task status. Values: [IN_PROCESS, FAILED, CANCELED, SUCCESSFUL, PARTIAL_SUCCESSFUL, PROCESSING_RESULT, null] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v2/net_task?size=10&position=0&name=Discovery+task+1&status=IN_PROCESS' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6470' \
-H 'password: Password123!' \
-H 'customerUri: cst6470'Response headers
| Name | Description |
|---|---|
|
Contains total number of network discovery tasks available according to the filtering applied |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of Scan Tasks |
|
|
Scan Task ID |
|
|
Name of Scan Task |
|
|
Scan Task Status |
Example response
HTTP/1.1 200 OK
X-Total-Count: 10
Content-Type: application/json
Content-Length: 753
[{"taskId":162894,"name":"Discovery task 0","status":"Scan in process"},{"taskId":162895,"name":"Discovery task 1","status":"Scan FAILED"},{"taskId":162896,"name":"Discovery task 2","status":"Scan CANCELED by user"},{"taskId":162897,"name":"Discovery task 3","status":"Scan completed (Successful)"},{"taskId":162898,"name":"Discovery task 4","status":"Scan completed (Partial SUCCESSFUL)"},{"taskId":162899,"name":"Discovery task 5","status":"Scan completed (Processing Result)"},{"taskId":162900,"name":"Discovery task 6","status":null},{"taskId":162901,"name":"Discovery task 7","status":"Scan in process"},{"taskId":162902,"name":"Discovery task 8","status":"Scan FAILED"},{"taskId":162903,"name":"Discovery task 9","status":"Scan CANCELED by user"}]V3
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
Position shift |
|
Task name |
|
Task status. Values: [IN_PROCESS, FAILED, CANCELED, SUCCESSFUL, PARTIAL_SUCCESSFUL, PROCESSING_RESULT, null] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v3/net_task?size=10&position=0&name=Discovery+task+1&status=IN_PROCESS' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6596' \
-H 'password: Password123!' \
-H 'customerUri: cst6596'Response headers
| Name | Description |
|---|---|
|
Contains total number of network discovery tasks available according to the filtering applied |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of Scan Tasks |
|
|
Scan Task ID |
|
|
Name of Scan Task |
|
|
Scan Task Status |
Example response
HTTP/1.1 200 OK
X-Total-Count: 10
Content-Type: application/json
Content-Length: 753
[{"taskId":168752,"name":"Discovery task 0","status":"Scan in process"},{"taskId":168753,"name":"Discovery task 1","status":"Scan FAILED"},{"taskId":168754,"name":"Discovery task 2","status":"Scan CANCELED by user"},{"taskId":168755,"name":"Discovery task 3","status":"Scan completed (Successful)"},{"taskId":168756,"name":"Discovery task 4","status":"Scan completed (Partial SUCCESSFUL)"},{"taskId":168757,"name":"Discovery task 5","status":"Scan completed (Processing Result)"},{"taskId":168758,"name":"Discovery task 6","status":null},{"taskId":168759,"name":"Discovery task 7","status":"Scan in process"},{"taskId":168760,"name":"Discovery task 8","status":"Scan FAILED"},{"taskId":168761,"name":"Discovery task 9","status":"Scan CANCELED by user"}]Start network scan task
Enables administrators to start a network(s) scan for a specific task
V2 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v2/net_task/163298/start' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6479' \
-H 'password: Password123!' \
-H 'customerUri: cst6479'Example response
HTTP/1.1 200 OKV3
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v3/net_task/169156/start' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6605' \
-H 'password: Password123!' \
-H 'customerUri: cst6605'Example response
HTTP/1.1 200 OKDelete network scan task
Enables administrators to delete a specific network scanning task.
V2 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v2/net_task/163096' -i -X DELETE \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6473' \
-H 'password: Password123!' \
-H 'customerUri: cst6473'Example response
HTTP/1.1 204 No ContentV3
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v3/net_task/168954' -i -X DELETE \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6599' \
-H 'password: Password123!' \
-H 'customerUri: cst6599'Example response
HTTP/1.1 204 No ContentMS AD Discovery Tasks
Add MS AD scan task
Enables administrators to create a scan task in search of SSL certificates.
V2 - Deprecated
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
agent |
String |
Agent name |
[] |
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month |
[] |
dayOfMonth |
Number |
Day of month |
[] |
dayOfWeek |
Number |
Day of week |
[] |
depth |
Number |
Max Depth of the Scan |
[] |
domainDefinition |
String |
Domains to Scan |
[] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v2/ad_task' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5855' \
-H 'password: Password123!' \
-H 'customerUri: cst5855' \
-d '{"depth":5,"agent":"d9df49bd-cd78-4534-92e0-8285e8193b3e","domainDefinition":"sectigo.com","name":"EDAHAWXGNLZAESYQSKXOWOALDOOLVJOK","certBucketId":"c5c9a5ec-3a3d-4c19-b1d0-dd5aa20af9e1","frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":0,"dayOfMonth":0,"dayOfWeek":0}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Task ID |
Example response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 22
{"taskId":-1086992077}V3 - Deprecated
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
agent |
String |
Agent name |
[Must not be empty] |
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month |
[Must be at most 11] |
dayOfMonth |
Number |
Day of month |
[Must be at most 30] |
dayOfWeek |
Number |
Day of week |
[Must be at most 6] |
depth |
Number |
Max Depth of the Scan |
[Must be at most 99, Must not be null] |
domainDefinition |
String |
Domains to Scan |
[Maximum length is 255 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v3/ad_task' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6149' \
-H 'password: Password123!' \
-H 'customerUri: cst6149' \
-d '{"depth":5,"agent":"c893743d-0767-4546-bc59-dcad08a2b822","domainDefinition":"sectigo.com","name":"RMBRBVKMFQBBUQMIEWRWBSFVOANYFVZB","certBucketId":"b9b2875b-f3d1-4a6a-9549-a1de50dd0498","frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":0,"dayOfMonth":0,"dayOfWeek":0}'Response headers
| Name | Description |
|---|---|
|
URL location of created task |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/discovery/v3/ad_task/-399610835V4
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
agent |
String |
Agent name |
[Must not be empty] |
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency. Possible values are [Manual, Daily, Weekly, Monthly, Quarterly, SemiAnnually, Annually, Once] |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month. Possible values is 1 for January, 2 for February and etc. |
[Must be at least 1, Must be at most 12] |
dayOfMonth |
Number |
Day of month. Possible values is 1 for 1st day of month, 2 for 2nd day of month and etc. |
[Must be at least 1, Must be at most 31] |
dayOfWeek |
Number |
Day of week. Possible values is 7 for Sunday, 1 for Monday, 2 for Tuesday and etc. |
[Must be at least 1, Must be at most 7] |
depth |
Number |
Max Depth of the Scan |
[Must be at most 99, Must not be null] |
domainDefinition |
String |
Domains to Scan |
[Maximum length is 255 characters or can be empty] |
year |
Number |
Year |
[] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v4/ad_task' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6251' \
-H 'password: Password123!' \
-H 'customerUri: cst6251' \
-d '{"depth":5,"agent":"78244d05-fffa-41b0-a0f4-a04850b38bd2","domainDefinition":"sectigo.com","name":"VDFXHILMBJCLMAYYZSCKIGTMPXRHUPBH","certBucketId":"0310af27-f2fc-455f-a94c-49726d89facd","frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":12,"dayOfMonth":31,"dayOfWeek":7,"year":2049}'Response headers
| Name | Description |
|---|---|
|
URL location of created task |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/discovery/v4/ad_task/151380Update MS AD scan task
Enables administrators to edit a ms ad scan task.
V2 - Deprecated
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
taskId |
Number |
Task ID |
[Must be at least 1] |
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
agent |
String |
Agent name |
[Must not be empty] |
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month |
[Must be at most 11] |
dayOfMonth |
Number |
Day of month |
[Must be at most 30] |
dayOfWeek |
Number |
Day of week |
[Must be at most 6] |
depth |
Number |
Max Depth of the Scan |
[Must be at most 99, Must not be null] |
domainDefinition |
String |
Domains to Scan |
[Maximum length is 255 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v2/ad_task' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5909' \
-H 'password: Password123!' \
-H 'customerUri: cst5909' \
-d '{"taskId":135624,"depth":2,"agent":"bf38a7df-daa6-4945-a9ce-49dd22fd1a26","domainDefinition":"sectigo.com","name":"OBYTIYIQZBRJELDEWWEBHJXNXHJXVVND","certBucketId":"7db10f5d-d5d0-4d49-9ef2-d0f4f01ea6d9","frequency":"Monthly","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":0,"dayOfMonth":0,"dayOfWeek":0}'Example response
HTTP/1.1 200 OKV3 - Deprecated
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
agent |
String |
Agent name |
[Must not be empty] |
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month |
[Must be at most 11] |
dayOfMonth |
Number |
Day of month |
[Must be at most 30] |
dayOfWeek |
Number |
Day of week |
[Must be at most 6] |
depth |
Number |
Max Depth of the Scan |
[Must be at most 99, Must not be null] |
domainDefinition |
String |
Domains to Scan |
[Maximum length is 255 characters or can be empty] |
Path parameters
| Parameter | Description |
|---|---|
|
ID of task whose details are being updated |
Example request
$ curl 'https://cert-manager.com/api/discovery/v3/ad_task/147138' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6152' \
-H 'password: Password123!' \
-H 'customerUri: cst6152' \
-d '{"depth":2,"agent":"f50e20f4-c9a3-4e4a-92a4-5a8f3b43bb9e","domainDefinition":"sectigo.com","name":"UTQWQSKUUHSPMNXBUIIHASKCOLNLXFTA","certBucketId":"73d374db-2c62-47be-8a47-5243ed9fcf3e","frequency":"Monthly","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":0,"dayOfMonth":0,"dayOfWeek":0}'Example response
HTTP/1.1 200 OKV4
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
agent |
String |
Agent name |
[Must not be empty] |
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency. Possible values are [Manual, Daily, Weekly, Monthly, Quarterly, SemiAnnually, Annually, Once] |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month. Possible values is 1 for January, 2 for February and etc. |
[Must be at least 1, Must be at most 12] |
dayOfMonth |
Number |
Day of month. Possible values is 1 for 1st day of month, 2 for 2nd day of month and etc. |
[Must be at least 1, Must be at most 31] |
dayOfWeek |
Number |
Day of week. Possible values is 7 for Sunday, 1 for Monday, 2 for Tuesday and etc. |
[Must be at least 1, Must be at most 7] |
depth |
Number |
Max Depth of the Scan |
[Must be at most 99, Must not be null] |
domainDefinition |
String |
Domains to Scan |
[Maximum length is 255 characters or can be empty] |
year |
Number |
Year |
[] |
Path parameters
| Parameter | Description |
|---|---|
|
ID of task whose details are being updated |
Example request
$ curl 'https://cert-manager.com/api/discovery/v4/ad_task/153804' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6290' \
-H 'password: Password123!' \
-H 'customerUri: cst6290' \
-d '{"depth":5,"agent":"f4d40787-f51a-492a-8d88-d2d042f2f63b","domainDefinition":"sectigo.com","name":"ZOBUHNNPSDAQDHFUQMALSCMFALOPVASA","certBucketId":"5bee3504-13a6-4327-ab16-5c30e276f135","frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":12,"dayOfMonth":31,"dayOfWeek":7,"year":2049}'Example response
HTTP/1.1 200 OKGet MS AD scan task
Enables the administrator to get the parameters of a particular task which he/she is authorized to view and manage.
V2 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v2/ad_task/135018' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5897' \
-H 'password: Password123!' \
-H 'customerUri: cst5897'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Task name |
|
|
Agent name |
|
|
Certificate bucket ID and name |
|
|
Task status. Values: [IN_PROCESS, FAILED, CANCELED, SUCCESSFUL, PARTIAL_SUCCESSFUL, PROCESSING_RESULT, null] |
|
|
Task frequency |
|
|
Time zone |
|
|
Time |
|
|
Hours |
|
|
Minutes |
|
|
Month |
|
|
Day of month |
|
|
Day of week |
|
|
Max Depth of the Scan |
|
|
Domains to Scan |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 282
{"name":"Discovery task 0","agent":"","certificateBucket":{"id":"669d3f12-0003-43f2-bf3f-7cce3ae16304","name":"bucket1"},"frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":7,"minutes":55},"status":"Scan in process","depth":0,"domainDefinition":""}V3 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v3/ad_task/143704' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6065' \
-H 'password: Password123!' \
-H 'customerUri: cst6065'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Task name |
|
|
Agent name |
|
|
Certificate bucket ID and name |
|
|
Task status. Values: [IN_PROCESS, FAILED, CANCELED, SUCCESSFUL, PARTIAL_SUCCESSFUL, PROCESSING_RESULT, null] |
|
|
Task frequency |
|
|
Time zone |
|
|
Time |
|
|
Hours |
|
|
Minutes |
|
|
Month |
|
|
Day of month |
|
|
Day of week |
|
|
Max Depth of the Scan |
|
|
Domains to Scan |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 282
{"name":"Discovery task 0","agent":"","certificateBucket":{"id":"69a5c987-91e2-4cc5-8e0f-1e18d620edac","name":"bucket1"},"frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":7,"minutes":56},"status":"Scan in process","depth":0,"domainDefinition":""}V4
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v4/ad_task/153602' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6287' \
-H 'password: Password123!' \
-H 'customerUri: cst6287'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Task name |
|
|
Agent name |
|
|
Certificate bucket ID and name |
|
|
Task status. Values: [IN_PROCESS, FAILED, CANCELED, SUCCESSFUL, PARTIAL_SUCCESSFUL, PROCESSING_RESULT, null] |
|
|
Task frequency. Possible values are [Manual, Daily, Weekly, Monthly, Quarterly, SemiAnnually, Annually, Once] |
|
|
Time zone |
|
|
Time |
|
|
Hours |
|
|
Minutes |
|
|
Month. Possible values is 1 for January, 2 for February and etc. |
|
|
Day of month. Possible values is 1 for 1st day of month, 2 for 2nd day of month and etc. |
|
|
Day of week. Possible values is 7 for Sunday, 1 for Monday, 2 for Tuesday and etc. |
|
|
Max Depth of the Scan |
|
|
Domains to Scan |
|
|
Year |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 282
{"name":"Discovery task 0","agent":"","certificateBucket":{"id":"441931ee-0de7-483e-a708-9b9e54f03859","name":"bucket1"},"frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":7,"minutes":56},"status":"Scan in process","depth":0,"domainDefinition":""}Get MS AD scan task list
Enables the administrator to get the list of existing tasks of scanning which he/she is authorized to view and manage.
V2 - Deprecated
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
Position shift |
|
Task name |
|
Task status. Values: [IN_PROCESS, FAILED, CANCELED, SUCCESSFUL, PARTIAL_SUCCESSFUL, PROCESSING_RESULT, null] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v2/ad_task?size=10&position=0&name=Discovery+task+1&status=IN_PROCESS' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6014' \
-H 'password: Password123!' \
-H 'customerUri: cst6014'Response headers
| Name | Description |
|---|---|
|
Contains total number of network discovery tasks available according to the filtering applied |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of Scan Tasks |
|
|
Scan Task ID |
|
|
Name of Scan Task |
|
|
Scan Task Status |
Example response
HTTP/1.1 200 OK
X-Total-Count: 10
Content-Type: application/json
Content-Length: 753
[{"taskId":140674,"name":"Discovery task 0","status":"Scan in process"},{"taskId":140675,"name":"Discovery task 1","status":"Scan FAILED"},{"taskId":140676,"name":"Discovery task 2","status":"Scan CANCELED by user"},{"taskId":140677,"name":"Discovery task 3","status":"Scan completed (Successful)"},{"taskId":140678,"name":"Discovery task 4","status":"Scan completed (Partial SUCCESSFUL)"},{"taskId":140679,"name":"Discovery task 5","status":"Scan completed (Processing Result)"},{"taskId":140680,"name":"Discovery task 6","status":null},{"taskId":140681,"name":"Discovery task 7","status":"Scan in process"},{"taskId":140682,"name":"Discovery task 8","status":"Scan FAILED"},{"taskId":140683,"name":"Discovery task 9","status":"Scan CANCELED by user"}]V3
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
Position shift |
|
Task name |
|
Task status. Values: [IN_PROCESS, FAILED, CANCELED, SUCCESSFUL, PARTIAL_SUCCESSFUL, PROCESSING_RESULT, null] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v3/ad_task?size=10&position=0&name=Discovery+task+1&status=IN_PROCESS' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6137' \
-H 'password: Password123!' \
-H 'customerUri: cst6137'Response headers
| Name | Description |
|---|---|
|
Contains total number of network discovery tasks available according to the filtering applied |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of Scan Tasks |
|
|
Scan Task ID |
|
|
Name of Scan Task |
|
|
Scan Task Status |
Example response
HTTP/1.1 200 OK
X-Total-Count: 10
Content-Type: application/json
Content-Length: 753
[{"taskId":146330,"name":"Discovery task 0","status":"Scan in process"},{"taskId":146331,"name":"Discovery task 1","status":"Scan FAILED"},{"taskId":146332,"name":"Discovery task 2","status":"Scan CANCELED by user"},{"taskId":146333,"name":"Discovery task 3","status":"Scan completed (Successful)"},{"taskId":146334,"name":"Discovery task 4","status":"Scan completed (Partial SUCCESSFUL)"},{"taskId":146335,"name":"Discovery task 5","status":"Scan completed (Processing Result)"},{"taskId":146336,"name":"Discovery task 6","status":null},{"taskId":146337,"name":"Discovery task 7","status":"Scan in process"},{"taskId":146338,"name":"Discovery task 8","status":"Scan FAILED"},{"taskId":146339,"name":"Discovery task 9","status":"Scan CANCELED by user"}]Start MS AD scan task
Enables administrators to start a ms ad scan for a specific task
V2 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v2/ad_task/141078/start' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6023' \
-H 'password: Password123!' \
-H 'customerUri: cst6023'Example response
HTTP/1.1 200 OKV3
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v3/ad_task/146734/start' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6146' \
-H 'password: Password123!' \
-H 'customerUri: cst6146'Example response
HTTP/1.1 200 OKDelete MS AD scan task
V2 - Deprecated
Enables administrators to delete a specific ms ad scanning task.
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v2/ad_task/140876' -i -X DELETE \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6017' \
-H 'password: Password123!' \
-H 'customerUri: cst6017'Example response
HTTP/1.1 204 No ContentV3
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v3/ad_task/146532' -i -X DELETE \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6140' \
-H 'password: Password123!' \
-H 'customerUri: cst6140'Example response
HTTP/1.1 204 No ContentAzure Key Vault Discovery Tasks
Add Azure Key Vault scan task
Enables administrators to create a scan task in search of SSL certificates.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency. Possible values are [Manual, Daily, Weekly, Monthly, Quarterly, SemiAnnually, Annually, Once] |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month. Possible values is 1 for January, 2 for February and etc. |
[Must be at least 1, Must be at most 12] |
year |
Number |
Year |
[] |
dayOfMonth |
Number |
Day of month. Possible values is 1 for 1st day of month, 2 for 2nd day of month and etc. |
[Must be at least 1, Must be at most 31] |
dayOfWeek |
Number |
Day of week. Possible values is 7 for Sunday, 1 for Monday, 2 for Tuesday and etc. |
[Must be at least 1, Must be at most 7] |
azureAccountId |
Number |
Azure account id |
[Must be positive, Must not be null] |
resourceGroup |
String |
Azure resource group name |
[Must not be empty] |
keyVault |
String |
Azure key vault name |
[Must not be empty] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/azure_task' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: nick-6766' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"azureAccountId":207,"resourceGroup":"resourceGroup","keyVault":"keyVault","name":"GEUBWBIZINDFITTYMZSTQVDXWBFKEUQZ","certBucketId":"f2f5f2ab-fc06-4de6-8788-7122e462f0c4","frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":1,"dayOfMonth":1,"dayOfWeek":3,"year":3044}'Response headers
| Name | Description |
|---|---|
|
URL location of created task |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/discovery/v1/azure_task/176431Update Azure Key Vault scan task
Enables administrators to edit an Azure Key Vault scan task.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Task name |
[Must not be empty, Size must be between 1 and 256 inclusive] |
certBucketId |
String |
Id of the bucket to which this task will be applied |
[Must not be null] |
frequency |
String |
Task frequency. Possible values are [Manual, Daily, Weekly, Monthly, Quarterly, SemiAnnually, Annually, Once] |
[Must not be empty] |
timeZone |
String |
Time zone |
[Must not be empty] |
time |
Object |
Time |
[Must not be null] |
time.hours |
Number |
Hours |
[] |
time.minutes |
Number |
Minutes |
[] |
month |
Number |
Month. Possible values is 1 for January, 2 for February and etc. |
[Must be at least 1, Must be at most 12] |
dayOfMonth |
Number |
Day of month. Possible values is 1 for 1st day of month, 2 for 2nd day of month and etc. |
[Must be at least 1, Must be at most 31] |
dayOfWeek |
Number |
Day of week. Possible values is 7 for Sunday, 1 for Monday, 2 for Tuesday and etc. |
[Must be at least 1, Must be at most 7] |
year |
Number |
Year |
[] |
azureAccountId |
Number |
Azure account id |
[] |
resourceGroup |
String |
Azure resource group name |
[] |
keyVault |
String |
Azure key vault name |
[] |
Path parameters
| Parameter | Description |
|---|---|
|
ID of task whose details are being updated |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/azure_task/176433' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: nick-6835' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"azureAccountId":230,"resourceGroup":"resourceGroup","keyVault":"keyVault","name":"IMQFFHITKYRRIUOUWPZMOOVFLZTQZZDW","certBucketId":"da117273-068a-4fd5-8b16-8c67a5e3bf4d","frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":0,"minutes":0},"month":1,"dayOfMonth":1,"dayOfWeek":3,"year":3044}'Example response
HTTP/1.1 200 OKGet Azure Key Vault scan task
Enables the administrator to get the parameters of a particular task which he/she is authorized to view and manage.
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/azure_task/176432' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: nick-6823' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Task name |
|
|
Task status. Values: [IN_PROCESS, FAILED, CANCELED, SUCCESSFUL, PARTIAL_SUCCESSFUL, PROCESSING_RESULT, null] |
|
|
Certificate bucket ID and name |
|
|
Task frequency. Possible values are [Manual, Daily, Weekly, Monthly, Quarterly, SemiAnnually, Annually, Once] |
|
|
Time zone |
|
|
Time |
|
|
Hours |
|
|
Minutes |
|
|
Month. Possible values is 1 for January, 2 for February and etc. |
|
|
Year |
|
|
Day of month. Possible values is 1 for 1st day of month, 2 for 2nd day of month and etc. |
|
|
Day of week. Possible values is 7 for Sunday, 1 for Monday, 2 for Tuesday and etc. |
|
|
Azure account id |
|
|
Azure resource group name |
|
|
Azure key vault name |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 314
{"name":"Discovery task 0","certificateBucket":{"id":"3ab02d37-30d8-4b55-a65b-f0027ce6ef5f","name":"bucket0"},"frequency":"Daily","timeZone":"UTC+00:00 - GMT, UCT, UTC, WET, EGST","time":{"hours":7,"minutes":57},"status":"Scan in process","azureAccountId":226,"resourceGroup":"resourceGroup","keyVault":"keyVault"}Get Azure Key Vault scan task list
Enables the administrator to get the list of existing tasks of scanning which he/she is authorized to view and manage.
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
Position shift |
|
Task name |
|
Task status. Values: [IN_PROCESS, FAILED, CANCELED, SUCCESSFUL, PARTIAL_SUCCESSFUL, PROCESSING_RESULT, null] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/azure_task?size=10&position=0' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: nick-6904' \
-H 'password: Password123!' \
-H 'customerUri: test'Response headers
| Name | Description |
|---|---|
|
Contains total number of network discovery tasks available according to the filtering applied |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of Scan Tasks |
|
|
Scan Task ID |
|
|
Name of Scan Task |
|
|
Scan Task Status |
Example response
HTTP/1.1 200 OK
X-Total-Count: 10
Content-Type: application/json
Content-Length: 753
[{"taskId":176462,"name":"Discovery task 9","status":"Scan CANCELED by user"},{"taskId":176461,"name":"Discovery task 8","status":"Scan FAILED"},{"taskId":176460,"name":"Discovery task 7","status":"Scan in process"},{"taskId":176459,"name":"Discovery task 6","status":null},{"taskId":176458,"name":"Discovery task 5","status":"Scan completed (Processing Result)"},{"taskId":176457,"name":"Discovery task 4","status":"Scan completed (Partial SUCCESSFUL)"},{"taskId":176456,"name":"Discovery task 3","status":"Scan completed (Successful)"},{"taskId":176455,"name":"Discovery task 2","status":"Scan CANCELED by user"},{"taskId":176454,"name":"Discovery task 1","status":"Scan FAILED"},{"taskId":176453,"name":"Discovery task 0","status":"Scan in process"}]Start Azure Key Vault scan task
Enables administrators to start an Azure Key Vault scan for a specific task
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/azure_task/176465/start' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: nick-6916' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 200 OKDelete Azure Key Vault scan task
Path parameters
| Parameter | Description |
|---|---|
|
Task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/azure_task/176464' -i -X DELETE \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: nick-6910' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 204 No ContentDiscovery Assignment Rules
Discovery Assignment Rule Filters
Filter Structure
Each filter object in the filters array contains the following fields:
-
filters[].filterType: Specifies the type of filter as a string. -
filters[].matchType: Defines the matching criteria for the filter. -
filters[].value: Represents the value to be matched against, based on thematchType.
Filter Types and Rules
The behavior of the filter depends on the filterType specified:
-
If
filters[].filterTypeis any value from the list:COMMON_NAME,ORGANIZATION,ORGANIZATION_UNIT,CITY,STATE,COUNTRY,SUBJECT_ALT_NAME,ISSUER,IP,PORT,DOMAIN_COMPONENT,TEMPLATE_NAME,KU,EKU,HOSTNAMEthenfilters[].matchTypemust correspond to a valid value from the list:-
MATCHES: Checks if the value matches exactly. -
STARTS_WITH: Checks if the value starts with a given substring. -
ENDS_WITH: Checks if the value ends with a given substring. -
CONTAINS: Checks if the value contains a given substring. -
MATCH_REGEX: Checks if the value matches a given regular expression.
-
filters[].value: Can be correct string representing the value that the filter should match according to the specified matchType.
-
If
filters[].filterTypeisEXPIRATION:-
filters[].matchTypemust beGREATER_THAN, which is the only allowed value in this context and corresponds tofilters[].valuewhich represents an integer value with specific meanings: -
0: Used to filter for non-expired SSL certificates only. -
1to365: Used to filter for non-expired certificates and include certificates that have expired no more than the specified number of days ago.
-
Filter Examples
-
Common filtering:
-
filters[].filterType:COMMON_NAME -
filters[].matchType:MATCHES -
filters[].value:example.com
-
This filter would match any records where the COMMON_NAME field matches the substring example.com.
-
Filtering with Expiration:
-
filters[].filterType:EXPIRATION -
filters[].matchType:GREATER_THAN -
filters[].value:30
-
This filter would include certificates that are still valid or have expired no more than 30 days ago.
Make sure to select the appropriate filterType, matchType, and value based on these rules to ensure the desired filtering behavior for assignment rules.
Create discovery assignment rule
Assignment Rules are associated with discovery tasks to assign 'Unmanaged' certificates (those not issued by SCM) to a particular Organization or Department
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Assignment rule name |
[Must not be null, Size must be between 1 and 128 inclusive] |
orgId |
Number |
Organization ID |
[Must be at least 1, Must not be null] |
certType |
String |
Certificate type. Default value is SSL for backward compatibility. Values: [SSL, SMIME, CodeSign, Device, BrandIndicator] |
[] |
filters[] |
Array |
Array of rule filters |
[Must not be empty] |
filters[].filterType |
String |
Rule filter type |
[] |
filters[].matchType |
String |
Rule match type |
[] |
filters[].value |
String |
Rule value |
[] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/assignmentrule' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer6980' \
-H 'password: Password123!' \
-H 'customerUri: cst6980' \
-d '{"name":"UOHTQDXIHLAUSLPIBULFIQPGFEDVVVJB","orgId":11441,"filters":[{"filterType":"ORGANIZATION","matchType":"MATCHES","value":"org4Test"}],"certType":"SSL"}'Response headers
| Name | Description |
|---|---|
|
Url location of created assignment rule |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/discovery/v1/assignmentrule/40599Update discovery assignment rule
Enables the administrator to edit the existing assignment rule.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
ruleId |
Number |
Assignment rule ID |
[Must be at least 1] |
name |
String |
Assignment rule name |
[Must not be null, Size must be between 1 and 128 inclusive] |
certType |
String |
Certificate type. Default value is SSL for backward compatibility. Values: [SSL, SMIME, CodeSign, Device, BrandIndicator] |
[] |
orgId |
Number |
Organization ID |
[Must be at least 1, Must not be null] |
filters[] |
Array |
Array of rule filters |
[Must not be empty] |
filters[].filterType |
String |
Rule filter type |
[] |
filters[].matchType |
String |
Rule match type |
[] |
filters[].value |
String |
Rule value |
[] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/assignmentrule' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer12726' \
-H 'password: Password123!' \
-H 'customerUri: cst12726' \
-d '{"ruleId":46054,"name":"IHJHMXBXQICRZUDFPTNMTLZXPOMASSTP","orgId":11471,"filters":[{"filterType":"ORGANIZATION","matchType":"STARTS_WITH","value":"org4Test"}],"certType":"SSL"}'Example response
HTTP/1.1 204 No ContentFind discovery assignment rule by ID
Enables the administrator to find the assignment rule by its ID.
Path parameters
| Parameter | Description |
|---|---|
|
Assignment rule ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/assignmentrule/45448' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer12108' \
-H 'password: Password123!' \
-H 'customerUri: cst12108'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Assignment rule name |
|
|
Assignment rule organization ID |
|
|
Assignment rule certificate type |
|
|
Array of rule filters |
|
|
Rule filter type |
|
|
Rule match type |
|
|
Rule value |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 120
{"name":"Assignment rule 12111 [organization: org4Test, customer ID: 7781]","orgId":11467,"filters":[],"certType":"SSL"}Get discovery assignment rules count
Enables administrators to get the number of existing assignment rules for the organization or department delegated to them.
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/assignmentrule/count' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer11490' \
-H 'password: Password123!' \
-H 'customerUri: cst11490'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Assignment rules count |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 13
{"count":202}Get discovery assignment rules ID list
Enables Admins to get the list of existing assignment rules IDs for the organization or department delegated to them.
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/assignmentrule/?size=10&position=0' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer19521' \
-H 'password: Password123!' \
-H 'customerUri: cst19521'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of assignment rule IDs |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 61
[52720,52721,52722,52723,52724,52725,52726,52727,52728,52729]Delete discovery assignment rule
Enables the administrator to delete a particular assignment rule that is applicable to the organization or department delegated to them.
Path parameters
| Parameter | Description |
|---|---|
|
Assignment rule ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/assignmentrule/52922' -i -X DELETE \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer19726' \
-H 'password: Password123!' \
-H 'customerUri: cst19726' \
-d '{"ruleId":0,"name":"HAANXXNOPMXMVVEHICUDUMALBTRMWNSH","orgId":11493,"filters":[{"filterType":"ORGANIZATION","matchType":"STARTS_WITH","value":"org4Test"}],"certType":"SSL"}'Example response
HTTP/1.1 204 No ContentDiscovery Certificate Buckets
Create discovery certificate bucket
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Cert Bucket name |
[Must not be null, Size must be between 1 and 128 inclusive] |
assignmentRules |
Array |
Assignment rule IDs |
[] |
orgDelegations |
Array |
Delegated organization IDs |
[] |
authenticationEnabled |
Boolean |
Is REST Authentication enabled |
[] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/bucket' -i -X POST \
-H 'Content-Type: application/json' \
-H 'login: admin_customer6939' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"name": "Cert Bucket Example", "assignmentRules": [40390], "orgDelegations":[11421] , "authenticationEnabled": true}'Response headers
| Name | Description |
|---|---|
|
Url location of created cert bucket |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/discovery/v1/bucket/a1d98daa-af77-496e-8cf6-ec393eb9353f
Content-Type: application/json
Content-Length: 105
{"clientId":"d2e32392-0bc6-4494-9f80-1a38f9d2c600","clientSecret":"7e2cff85-4700-420b-ad84-f536951d0d4d"}Update discovery certificate bucket
Path parameters
| Parameter | Description |
|---|---|
|
Cert Bucket ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Cert Bucket name |
[Must not be null, Size must be between 1 and 128 inclusive] |
assignmentRules |
Array |
Assignment rule IDs |
[] |
authenticationEnabled |
Boolean |
Is REST Authentication enabled |
[] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/bucket/58c74832-5b9c-486b-85f0-c49f58639ef9' -i -X PUT \
-H 'Content-Type: application/json' \
-H 'login: admin_customer6971' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"name": "Cert Bucket Example", "assignmentRules": [40394], "authenticationEnabled": true}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Cert Bucket ID |
|
|
Cert Bucket name |
|
|
Assignment rule IDs |
|
|
Delegated organization IDs |
|
|
Is REST Authentication enabled |
|
|
REST Authentication Client id. It will be shown all the time if authentication on a bucket is enabled, and will not be shown if authentication is disabled. |
|
|
REST Authentication Client secret. It will be shown only once if you decide to enable authentication on the bucket, if it was disabled before. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 258
{"clientId":"d98a0ac5-e87c-4fda-b60f-6b24ab6f71c4","clientSecret":"f49e24ca-48ca-4b6c-aaea-6226bafb0b4e","id":"58c74832-5b9c-486b-85f0-c49f58639ef9","name":"Cert Bucket Example","authenticationEnabled":true,"assignmentRules":[40394],"orgDelegations":[11437]}Reset discovery certificate buckets client secret
Path parameters
| Parameter | Description |
|---|---|
|
Cert Bucket ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/bucket/a837ae22-a361-4db6-8844-33a4a571eea4/reset-client-secret' -i -X PUT \
-H 'login: admin_customer6967' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
REST Authentication Client id. |
|
|
REST Authentication Client secret. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 105
{"clientId":"9b76198d-737d-4da5-8510-1ba529b7b36c","clientSecret":"32eada61-13bc-45ce-a7ce-879b5edefc7a"}Delegate organizations to existing discovery certificate bucket
Path parameters
| Parameter | Description |
|---|---|
|
Cert Bucket ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
delegationMode |
String |
Allowed values: [GLOBAL_FOR_CUSTOMER, CUSTOMIZED] |
[Must not be null] |
orgDelegations |
Array |
Delegated organization IDs. Should be absent for GLOBAL_FOR_CUSTOMER delegation mode |
[] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/bucket/6ec0e56e-abca-4226-93c2-11f816defccb/delegations' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer6945' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"delegationMode": "CUSTOMIZED", "orgDelegations": [11424]}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Cert Bucket ID |
|
|
Cert Bucket name |
|
|
Assignment rule IDs |
|
|
Delegated organization IDs |
|
|
Is REST Authentication enabled |
|
|
REST Authentication Client id |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 191
{"clientId":"09554a65-100b-48ea-9553-190b13ccc352","id":"6ec0e56e-abca-4226-93c2-11f816defccb","name":"test bucket","authenticationEnabled":true,"assignmentRules":[],"orgDelegations":[11424]}Find discovery certificate bucket by ID
Path parameters
| Parameter | Description |
|---|---|
|
Cert Bucket ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/bucket/1f854519-297d-4148-8a54-51905cc4bbe8' -i -X GET \
-H 'login: admin_customer6955' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Cert Bucket ID |
|
|
Cert Bucket name |
|
|
Assignment rule IDs |
|
|
Delegated organization IDs |
|
|
Is REST Authentication enabled |
|
|
REST Authentication Client id. It will be shown all the time if authentication on a bucket is enabled, and will not be shown if authentication is disabled. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 204
{"clientId":"9d4a1494-38e3-4a6e-9951-dcdfe7396823","id":"1f854519-297d-4148-8a54-51905cc4bbe8","name":"Example Cert Bucket","authenticationEnabled":true,"assignmentRules":[40392],"orgDelegations":[11429]}List discovery certificate buckets
Query parameters
| Parameter | Description |
|---|---|
|
Cert Bucket name |
|
Organization ID |
|
Delegation mode. Possible values: 'GLOBAL_FOR_CUSTOMER' and’CUSTOMIZED' |
|
the first position (entry) to return from the results of the query |
|
Count of entries |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/bucket?name=test&orgId=11431&delegationMode=CUSTOMIZED&position=0&size=10' -i -X GET \
-H 'login: admin_customer6959' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Certificate buckets list |
|
|
ID |
|
|
Name |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json
Content-Length: 68
[{"id":"06b18cf4-7203-4d07-a3d8-ae60969be01e","name":"test bucket"}]Delete discovery certificate bucket
Path parameters
| Parameter | Description |
|---|---|
|
Cert Bucket ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/bucket/86346ddc-08f9-44e5-abe3-4420e19e3baa' -i -X DELETE \
-H 'login: admin_customer6948' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 204 No ContentCertificates in discovery certificate bucket
Path parameters
| Parameter | Description |
|---|---|
|
Cert Bucket ID |
Query parameters
| Parameter | Description |
|---|---|
|
the first position (entry) to return from the results of the query |
|
Count of entries |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/bucket/3616e3ad-13cd-4a55-b07f-d2f95449a2c9/certificates?position=0&size=0' -i -X GET \
-H 'login: admin_customer6951' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Total count of founded certificates |
|
|
List of Certificates |
|
|
Certificate hash |
|
|
Certificate details |
|
|
Certificate common name |
|
|
Certificate issue date |
|
|
Certificate expiry date |
|
|
Certificate subject |
|
|
Certificate subject alternative names |
|
|
Certificate key algorithm |
|
|
Certificate key size |
|
|
Certificate signature algorithm |
|
|
Certificate serial number |
|
|
Certificate md5 hash |
|
|
Certificate sha1 hash |
|
|
Certificate key usage |
|
|
Certificate extended key usage |
|
|
Certificate issuer |
|
|
Precert certificate indicator |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 494
{"total":1,"data":[{"hash":"11a736dd5d67af1ed5b6a14fbf92ca8fe97df841","details":{"cn":"*.ssl.hwcdn.net","validFrom":"2025-12-04T07:57:46Z","validTo":"2025-12-04T07:57:46Z","issuer":{},"subject":{},"san":[],"keyAlgorithm":"RSA","keySize":2048,"signatureAlgorithm":"SHA256withRSA","sn":"32616335373265322D343361362D336331332D396537632D643330306338303130643332","md5Hash":"0e6d4f8af5d5a163676d0780b3b4b54e","sha1Hash":"11a736dd5d67af1ed5b6a14fbf92ca8fe97df841","ku":[],"eku":[],"precert":false}}]}Run rules against discovery certificate bucket
Path parameters
| Parameter | Description |
|---|---|
|
Cert Bucket ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/bucket/57e873b6-dfd9-4709-b120-735c4de90120/runrules' -i -X POST \
-H 'login: admin_customer6931' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 200 OKAssign certificates in discovery certificate bucket
Path parameters
| Parameter | Description |
|---|---|
|
Cert Bucket ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
hashes |
Array |
List of certificate hashes |
[Must not be empty] |
certType |
String |
Certificate type. Values: [SSL, SMIME, CodeSign, Device, BrandIndicator] |
[Must not be null] |
organizationId |
Number |
Organization ID |
[Must not be null] |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/bucket/a32dc02a-93e5-4cb4-8f43-170925258462/assign' -i -X POST \
-H 'Content-Type: application/json' \
-H 'login: admin_customer6935' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"hashes":["hash"],"certType":"SSL","organizationId":12}'Example response
HTTP/1.1 200 OKDiscovery Operations
Get discovery operations list
Path parameters
| Parameter | Description |
|---|---|
|
Discovery task type. Allowed values: [ad_task, net_task, azure_task] |
|
Discovery task ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/net_task/176429/operation' -i -X GET \
-H 'Accept: application/json' \
-H 'login: nick-6758' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Operations count. Deprecated, X-Total-Count header should be used instead |
|
|
List of operations |
|
|
Operation ID |
|
|
Operation status |
|
|
Operation create date (start scan) |
|
|
Operation last modification date |
|
|
ID of the respective certificate bucket |
|
|
Error description and details |
Example response
HTTP/1.1 200 OK
X-Total-Count: 0
Content-Type: application/json
Content-Length: 684
{"total":4,"data":[{"id":"2c9780878596231201859c0992dc0004","status":"failed","created":"2023-01-10T14:15:51.260Z","modified":"2023-01-10T14:15:51.358Z","bucketId":"123","error":"Internal error"},{"id":"2c9780878596231201859d39f42d0005","status":"failed","created":"2023-01-10T19:48:19.117Z","modified":"2023-01-10T19:48:19.216Z","bucketId":"123","error":"Internal error"},{"id":"2c978087859623120185a07545370006","status":"completed","created":"2023-01-11T10:51:58.135Z","modified":"2023-01-11T10:51:58.232Z","bucketId":"123"},{"id":"2c978087859623120185a0861ad20007","status":"completed","created":"2023-01-11T11:10:21.394Z","modified":"2023-01-11T11:10:21.491Z","bucketId":"123"}]}Stop discovery operation
Path parameters
| Parameter | Description |
|---|---|
|
Discovery task type. Allowed values: [ad_task, net_task, azure_task] |
|
Discovery task ID |
|
Operation ID |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/net_task/176430/operation/2c978087859623120185a07545370106/stop' -i -X POST \
-H 'login: nick-6763' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 200 OKGet result of discovery operation
Path parameters
| Parameter | Description |
|---|---|
|
Discovery task type. Allowed values: [ad_task, net_task, azure_task] |
|
Discovery task ID |
|
Operation ID |
Query parameters
| Parameter | Description |
|---|---|
|
the first position (entry) to return from the results of the query |
|
Count of entries |
Example request
$ curl 'https://cert-manager.com/api/discovery/v1/net_task/176428/operation/2c9b8087864fefb701865a26f77b0001/result' -i -X GET \
-H 'Accept: application/json' \
-H 'login: nick-6753' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Total count of founded certificates. Deprecated, X-Total-Count header should be used instead |
|
|
Array of founded certificates |
|
|
Operation details |
|
|
Operation ID |
|
|
Operation create date |
|
|
Certificate status |
|
|
Certificate status: tls version |
|
|
Certificate status: handshake MS |
|
|
Certificate status: ciper suite |
|
|
Certificate status: name lookup |
|
|
Certificate create date |
|
|
Certificate data |
|
|
Certificate hash |
|
|
Certificate managed id |
|
|
Is certificate hidden |
|
|
Date when certificate was discovered |
|
|
Certificate details |
|
|
Certificate common name |
|
|
Certificate issue date |
|
|
Certificate expiry date |
|
|
Certificate subject |
|
|
Certificate subject alternative names |
|
|
Certificate key algorithm |
|
|
Certificate key size |
|
|
Certificate signature algorithm |
|
|
Certificate serial number |
|
|
Certificate md5 hash |
|
|
Certificate sha1 hash |
|
|
Certificate issuer |
|
|
Certificate key usage |
|
|
Certificate key usage |
|
|
Precert certificate |
|
|
Certificate location |
|
|
Certificate location type |
|
|
Certificate location details |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json
Content-Length: 1282
{"total":1,"data":[{"certificate":{"hash":"09a736dd5d67af1ed5b6a14fbf92ca8fe97df839","metadata":{"managedId":"ssl:130","hidden":false,"discoveryTime":"2024-06-20T11:27:13.657Z"},"details":{"cn":"*.ssl.hwcdn.net","validFrom":"2022-12-30T00:00:00Z","validTo":"2024-01-19T23:59:59Z","issuer":{},"subject":{},"san":[],"keyAlgorithm":"RSA","keySize":2048,"signatureAlgorithm":"SHA256withRSA","sn":"2AC572E243A63C139E7CD300C8010D32","md5Hash":"0e6d4f8af5d5a163676d0780b3b4b54e","sha1Hash":"09a736dd5d67af1ed5b6a14fbf92ca8fe97df839","ku":[],"eku":[],"precert":false}},"location":{"type":"NETWORK_HOST","details":{"ip":"151.139.128.14","port":443,"address":"sectigo.com","name":null,"dn":null,"upn":null,"objectType":null,"requestId":null,"haGroupId":null,"template":null,"dateCreated":null,"type":null,"requesterEmail":null,"backend":null,"host":null,"requesterName":null,"site":null,"hostName":null,"id":null,"exportable":null,"reusable":null,"uri":null,"arn":null,"exported":null,"inUse":null,"inUseBy":null,"scope":null,"labels":null}},"status":{"tlsVersion":1,"cipherSuite":"123","handshakeMs":2,"nameLookupMs":3,"status":null,"additionalEmails":null},"operation":{"id":"2c9b8087864fefb701865a26f77b0001","created":"2023-02-16T12:15:48.604401Z"},"created":"2023-01-26T05:42:45.212Z"}]}Notifications
View notifications
List notifications
Query parameters
| Parameter | Description |
|---|---|
|
the first position (entry) to return from the results of the query |
|
Count of entries |
|
Notification ID |
|
Notification description |
|
Notification organization ID |
|
Selected organization type. Values: [ANY, ANYDEPT, SELECTED] |
|
Notification type. Values: [ClientCertExpiration, ClientCertRevoked, SSLApproved, SSLAwaitingApproval, SSLDeclined, SSLExpiration, SSLIssuanceFailed, SSLRevoked, DiscoveryScanSummary, SSLSAApprovedToRA, AdminCreation, DomainAwaitingApproval, DomainApproved, SSLEnrolled, CSCertInvitation, CSCertIssued, CSCertDownloaded, CSCertRevoked, CSCertExpiration, CSCertRequested, EmailValidation, EmailInvitation, DCVExpiration, DCVValidated, DCVNeeded, ExSSLCertificateInstalled, ExSSLInstallationFailed, IdPLoginEmailInvitation, CsRequestDeclined, CsRequestSigned, DeveloperCreated, DeveloperResetPassword, DeveloperNewEmail, CsRequestCreated, CsCsfRevoke, DeviceExpiration, DeviceRevoked, DeviceAwaitingApproval, ArFailed, ManualInstallReady, DeviceEnrolled, DeviceApproved, DeviceDeclined, AdminChangePasswordByApi, SSLBulkAwaitingApproval, SSLBulkEnrollCompleted, SSLEnrolledDl, SMIMEEnrolledDl, DeviceEnrolledDl, CsEnrolledDl, MsAgentChangeStatus, NetworkAgentDisconnected, WebFormLogin, WebFormInvitation, DomainAwaitingApprovalMrao, ReportGenerated, DcvAutoRenewFailed, SasLoginEmailInvitation, DnsConnectorDisconnected, CAConnectorDisconnected, PrivateCaExpiration, SubscriptionChange, CertificateUsageThreshold, CertificateUsageExceedsInventory, BrandCertificateExpiration, BrandCertificateIssued, BrandCertificateApproved, BrandCertificateAwaitingApproval, BrandCertificateIssuanceFailed, BrandCertificateRevoked, BrandCertificateDeclined, RaCertExpiration] |
|
Notification profile ID |
Example request
$ curl 'https://cert-manager.com/api/notification/v1?id=111&description=ssl-revoke&orgId=10451&selectedOrgType=ANYDEPT&type=SSLRevoked&certTypeId=5877' -i -X GET \
-H 'login: admin_customer4382' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of notifications. |
|
|
Notification ID |
|
|
Notification description |
|
|
Notification type |
|
|
Created date |
|
|
Name of the administrator who created the notification. |
|
|
Modified date |
|
|
Name of the administrator who last modified the notification. |
|
|
Data for organization configuration |
|
|
Type of organization selection. |
|
|
Selected organizations ID |
|
|
Data for recipients configuration |
|
|
Notify roles. |
|
|
Recipients to notify |
|
|
Type of recipient |
|
|
Value of recipient |
|
|
Additional data for notification configuration |
|
|
Number of remaining days |
|
|
Profile id that this notification belongs to |
|
|
Notification frequency |
|
|
For certificates, revoked by admin |
|
|
For certificates, revoked by user |
|
|
Notification type |
|
|
Notification ID |
|
|
Notification description |
|
|
For certificates, revoked by user |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json
Content-Length: 529
[{"description":"ssl-revoke","active":true,"orgData":{"selectedOrgType":"ANYDEPT","orgDelegations":[10451]},"recipientData":{"notifyRoles":["APPROVER","MRAO"],"recipients":[{"type":"EMAIL","value":"test@sectigo.com"}]},"additionalData":{"days":0,"certTypeId":5877,"freq":"ONCE","revokedByAdmin":true,"revokedByUser":false},"type":"SSLRevoked","id":111,"created":"2025-12-04T07:53:41.938Z","createdBy":"client-admin-4383 client-admin-4383","modified":"2025-12-04T07:53:41.938Z","modifiedBy":"client-admin-4383 client-admin-4383"}]Available notification types
Get the notification types that are available for the current administrator.
Example request
$ curl 'https://cert-manager.com/api/notification/v1/types' -i -X GET \
-H 'login: admin_customer4379' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Notification types |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 727
["ClientCertExpiration","ClientCertRevoked","SMIMEEnrolledDl","CSCertDownloaded","CSCertRevoked","CSCertExpiration","CSCertRequested","CsEnrolledDl","SSLApproved","SSLAwaitingApproval","SSLDeclined","SSLExpiration","SSLIssuanceFailed","SSLRevoked","DiscoveryScanSummary","ExSSLCertificateInstalled","ExSSLInstallationFailed","ArFailed","ManualInstallReady","SSLEnrolledDl","BrandCertificateExpiration","BrandCertificateApproved","BrandCertificateAwaitingApproval","BrandCertificateIssuanceFailed","BrandCertificateRevoked","BrandCertificateDeclined","AdminCreation","DomainAwaitingApproval","DomainAwaitingApprovalMrao","DomainApproved","MsAgentChangeStatus","NetworkAgentDisconnected","PrivateCaExpiration","RaCertExpiration"]Manage notifications
Create notification
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
description |
String |
Notification description |
[Size must be between 3 and 256 inclusive] |
type |
String |
Notification type |
[Must not be null] |
orgData |
Object |
Delegated organization details |
[] |
orgData.selectedOrgType |
String |
Organization selection type. Values: [ANY, ANYDEPT, SELECTED] |
[] |
orgData.orgDelegations |
Array |
Selected organization ID’s |
[] |
recipientData |
Object |
Notification recipient details |
[Must not be null] |
recipientData.notifyRoles |
Array |
Notify roles list |
[] |
recipientData.recipients |
Array |
Notification recipients |
[] |
recipientData.recipients.[].type |
String |
Notification recipient type |
[Must not be null] |
recipientData.recipients.[].value |
String |
Notification recipient value |
[] |
additionalData |
Object |
Notification additional details |
[] |
additionalData.revokedByAdmin |
Boolean |
For certificates, revoked by admin |
[] |
additionalData.revokedByUser |
Boolean |
For certificates, revoked by user |
[] |
additionalData.certTypeId |
Number |
Profile id that this notification belongs to |
[] |
additionalData.days |
Number |
Number of remaining days |
[] |
additionalData.freq |
String |
Notification frequency. Values: [ONCE, DAILY] |
[] |
active |
Boolean |
Status indicating whether the notification is active or not. Default value is true |
[] |
Example request
$ curl 'https://cert-manager.com/api/notification/v1' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4367' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"description":"ssl-revoke","active":true,"orgData":{"selectedOrgType":"SELECTED","orgDelegations":[10441]},"recipientData":{"notifyRoles":["MRAO","SSL_RAO","REQUESTER"],"recipients":[{"type":"EMAIL","value":"aaa@sectigo.com"}]},"additionalData":{"days":0,"certTypeId":5872,"freq":"ONCE","revokedByAdmin":false,"revokedByUser":true},"type":"SSLRevoked"}'Response headers
| Name | Description |
|---|---|
|
Url location of created notification |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/notification/v1/108Update notification
Path parameters
| Parameter | Description |
|---|---|
|
Notification ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
description |
String |
Notification description |
[Size must be between 3 and 256 inclusive] |
orgData |
Object |
Delegated organization details |
[] |
orgData.selectedOrgType |
String |
Organization selection type. Values: [ANY, ANYDEPT, SELECTED] |
[] |
orgData.orgDelegations |
Array |
Selected organization ID’s |
[] |
recipientData |
Object |
Notification recipient details |
[Must not be null] |
recipientData.notifyRoles |
Array |
Notify roles list |
[] |
recipientData.recipients |
Array |
Notification recipients |
[] |
recipientData.recipients.[].type |
String |
Notification recipient type |
[Must not be null] |
recipientData.recipients.[].value |
String |
Notification recipient value |
[] |
additionalData |
Object |
Notification additional details |
[] |
additionalData.revokedByAdmin |
Boolean |
For certificates, revoked by admin |
[] |
additionalData.revokedByUser |
Boolean |
For certificates, revoked by user |
[] |
additionalData.certTypeId |
Number |
Profile id that this notification belongs to |
[] |
additionalData.days |
Number |
Number of remaining days |
[] |
additionalData.freq |
String |
Notification frequency. Values: [ONCE, DAILY] |
[] |
active |
Boolean |
Status indicating whether the notification is active or not. Default value is true |
[] |
Example request
$ curl 'https://cert-manager.com/api/notification/v1/113' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4385' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"description":"ssl-revoke","active":true,"orgData":{"selectedOrgType":"SELECTED","orgDelegations":[10453]},"recipientData":{"notifyRoles":["MRAO","SSL_RAO","REQUESTER"],"recipients":[{"type":"EMAIL","value":"aaa@sectigo.com"}]},"additionalData":{"days":0,"certTypeId":5878,"freq":"ONCE","revokedByAdmin":false,"revokedByUser":true}}'Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 500
{"description":"ssl-revoke","active":true,"orgData":{"selectedOrgType":"SELECTED","orgDelegations":[10453]},"recipientData":{"notifyRoles":["SSL_RAO","MRAO","REQUESTER"],"recipients":[{"type":"EMAIL","value":"aaa@sectigo.com"}]},"additionalData":{"days":0,"certTypeId":5878,"freq":"ONCE","revokedByAdmin":false,"revokedByUser":true},"type":"SSLRevoked","id":113,"created":"2025-12-04T07:53:42.092Z","createdBy":"client-admin-4386 client-admin-4386","modifiedBy":"client-admin-4386 client-admin-4386"}Response fields
| Path | Type | Description |
|---|---|---|
|
|
Notification ID |
|
|
Notification description |
|
|
Notification type |
|
|
Created date |
|
|
Name of the administrator who created the notification. |
|
|
Modified date |
|
|
Name of the administrator who last modified the notification. |
|
|
Data for organization configuration |
|
|
Type of organization selection. |
|
|
Selected organizations ID |
|
|
Data for recipients configuration |
|
|
Notify roles. |
|
|
Recipients to notify |
|
|
Type of recipient |
|
|
Value of recipient |
|
|
Additional data for notification configuration |
|
|
Number of remaining days |
|
|
Notification frequency. |
|
|
Status indicating whether the notification is active or not |
|
|
Profile id that this notification belongs to |
|
|
Notification frequency |
|
|
For certificates, revoked by admin |
|
|
For certificates, revoked by user |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 500
{"description":"ssl-revoke","active":true,"orgData":{"selectedOrgType":"SELECTED","orgDelegations":[10453]},"recipientData":{"notifyRoles":["SSL_RAO","MRAO","REQUESTER"],"recipients":[{"type":"EMAIL","value":"aaa@sectigo.com"}]},"additionalData":{"days":0,"certTypeId":5878,"freq":"ONCE","revokedByAdmin":false,"revokedByUser":true},"type":"SSLRevoked","id":113,"created":"2025-12-04T07:53:42.092Z","createdBy":"client-admin-4386 client-admin-4386","modifiedBy":"client-admin-4386 client-admin-4386"}Delete notification
Path parameters
| Parameter | Description |
|---|---|
|
Notification ID |
Example request
$ curl 'https://cert-manager.com/api/notification/v1/109' -i -X DELETE \
-H 'login: admin_customer4373' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 200 OKAdministrators
View administrators
List administrators
List administrators according to the specified filter. Note: "IdP Template" administrators are not supported by current method and are filtered out. In order to receive a list of IdP templates, please use "List IdP Templates" method from "Template Administrators" section.
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
the first position (entry) to return from the results of the query |
|
Admin type filter. Allowed values: STANDARD, IDP, SAS, API, DYNAMIC_IDP_TEMPLATE |
|
Filter by login |
|
Filter by E-mail |
|
Filter by Active State Allowed values: ACTIVE, SUSPENDED |
|
Filter by Organization ID |
|
Filter by assigned IdP template ID |
|
Filter by Identity Provider ID |
|
Filter by role. Allowed values: MRAO, RAO_SSL, RAO_SMIME, RAO_CS, RAO_DEVICE, DRAO_SSL, DRAO_SMIME, DRAO_CS, DRAO_DEVICE, RAO_BRAND, DRAO_BRAND |
Example request
$ curl 'https://cert-manager.com/api/admin/v1?size=10&position=0' -i -X GET \
-H 'login: admin_customer4022' \
-H 'password: Password123!' \
-H 'customerUri: cst4022'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of requested admins |
|
|
Admin ID |
|
|
Admin type |
|
|
Admin login |
|
|
Admin E-mail |
|
|
Admin forename |
|
|
Admin surname |
Example response
HTTP/1.1 200 OK
X-Total-Count: 3
Content-Type: application/json
Content-Length: 484
[{"id":11676,"type":"STANDARD","login":"testadmin_customer4022","forename":"client-admin-4027","surname":"client-admin-4027","email":"TestAdmin_Customer4022@aa.com"},{"id":11675,"type":"STANDARD","login":"admindrao_customer4022","forename":"client-admin-4025","surname":"client-admin-4025","email":"4026aa@nobody.sectigo.com"},{"id":11674,"type":"STANDARD","login":"admin_customer4022","forename":"client-admin-4023","surname":"client-admin-4023","email":"Admin_Customer4022@aa.com"}]Get administrator details
Get detailed information about administrator.
Get standard administrator details
Path parameters
| Parameter | Description |
|---|---|
|
ID of admin whose details are being requested |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/11626' -i -X GET \
-H 'login: admin_customer3907' \
-H 'password: Password123!' \
-H 'customerUri: cst3907' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Admin identifier |
|
|
Admin account type |
|
|
Forename |
|
|
Surname |
|
|
|
|
|
Identifier of creator Admin |
|
|
Login |
|
|
Password reset date (if password has been reset). |
|
|
Last password change date |
|
|
Admin’s password state. Possible values: 'ALIVE', 'EXPIRED' and 'NEVER_EXPIRE' |
|
|
Password expiration date |
|
|
Authentication Certificate Serial Number |
|
|
Identifier of assigned Identity Provider |
|
|
Name of assigned Identity Provider |
|
|
Person Identifier (EPPN) in scope of Identity Provider |
|
|
Admin creation date |
|
|
Admin last modification date |
|
|
For deleted admins - the date when admin was deleted |
|
|
Title or position |
|
|
Administrator’s relationship to the company |
|
|
Telephone number |
|
|
City / locality name |
|
|
State or province name |
|
|
Country |
|
|
Postal code |
|
|
Admin’s locale |
|
|
Admin status. Deprecated. Value is always 'ACTIVE' for backward compatibility |
|
|
Deprecated, see 'activeStatus' instead. |
|
|
Active Status, possible values: ACTIVE and SUSPENDED |
|
|
Array of admin’s roles |
|
|
Admin’s role |
|
|
Organization / Department ID |
|
|
Array of admin’s privileges |
|
|
Number of failed attempts to log in |
|
|
Date of last failed attempt to log in |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 570
{"id":11626,"type":"STANDARD","status":"Active","forename":"client-admin-3914","surname":"client-admin-3914","login":"drao","email":"3915aa@nobody.sectigo.com","phone":"+123456789","created":"2025-12-04","modified":"2025-12-04","lastPasswordChange":"2025-12-04","credentials":[{"role":"DRAO_SSL","orgId":10333}],"passwordState":"ALIVE","passwordExpiryDate":"2026-03-04","authCert":"123456789AB","activeState":"Active","privileges":["allowManageDomains"],"failedAttempts":0,"identityProviderId":347,"idp":"Test Idp","idpPersonId":"admin.epp@test","activeStatus":"ACTIVE"}Get API administrator details
Path parameters
| Parameter | Description |
|---|---|
|
ID of admin whose details are being requested |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/11632' -i -X GET \
-H 'login: admin_customer3920' \
-H 'password: Password123!' \
-H 'customerUri: cst3920' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Admin identifier |
|
|
Admin account type |
|
|
Forename |
|
|
Surname |
|
|
|
|
|
Identifier of creator Admin |
|
|
Login |
|
|
Password reset date (if password has been reset). |
|
|
Last password change date |
|
|
Admin’s password state. Possible values: 'ALIVE', 'EXPIRED' and 'NEVER_EXPIRE' |
|
|
Password expiration date |
|
|
Authentication Certificate Serial Number |
|
|
Admin creation date |
|
|
Admin last modification date |
|
|
For deleted admins - the date when admin was deleted |
|
|
Title or position |
|
|
Administrator’s relationship to the company |
|
|
Telephone number |
|
|
City / locality name |
|
|
State or province name |
|
|
Country |
|
|
Postal code |
|
|
Admin’s locale |
|
|
Admin status. Deprecated. Value is always 'ACTIVE' for backward compatibility |
|
|
Deprecated, see 'activeStatus' instead. |
|
|
Active Status, possible values: ACTIVE and SUSPENDED |
|
|
Array of admin’s roles |
|
|
Admin’s role |
|
|
Organization / Department ID |
|
|
Array of admin’s privileges |
|
|
Number of failed attempts to log in |
|
|
Date of last failed attempt to log in |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 492
{"id":11632,"type":"API","status":"Active","forename":"client-admin-3927","surname":"client-admin-3927","login":"drao","email":"3928aa@nobody.sectigo.com","phone":"+123456789","created":"2025-12-04","modified":"2025-12-04","lastPasswordChange":"2025-12-04","credentials":[{"role":"DRAO_SSL","orgId":10336}],"passwordState":"ALIVE","passwordExpiryDate":"2026-03-04","authCert":"123456789AB","activeState":"Active","privileges":["allowManageDomains"],"failedAttempts":0,"activeStatus":"ACTIVE"}Get IDP administrator details
Path parameters
| Parameter | Description |
|---|---|
|
ID of admin whose details are being requested |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/11638' -i -X GET \
-H 'login: admin_customer3933' \
-H 'password: Password123!' \
-H 'customerUri: cst3933' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Admin identifier |
|
|
Admin account type |
|
|
Forename |
|
|
Surname |
|
|
|
|
|
Identifier of creator Admin |
|
|
Identifier of assigned Identity Provider |
|
|
Name of assigned Identity Provider |
|
|
Person Identifier (EPPN) in scope of Identity Provider |
|
|
The date when login invitation was sent to the admin’s email. |
|
|
For IdP admins created automatically by IdP template - identifier of the parent Idp template. |
|
|
Admin creation date |
|
|
Admin last modification date |
|
|
For deleted admins - the date when admin was deleted |
|
|
Title or position |
|
|
Administrator’s relationship to the company |
|
|
Telephone number |
|
|
City / locality name |
|
|
State or province name |
|
|
Country |
|
|
Postal code |
|
|
Admin’s locale |
|
|
Admin status. Deprecated. Value is always 'ACTIVE' for backward compatibility |
|
|
Deprecated, see 'activeStatus' instead. |
|
|
Active Status, possible values: ACTIVE and SUSPENDED |
|
|
Array of admin’s roles |
|
|
Admin’s role |
|
|
Organization / Department ID |
|
|
Array of admin’s privileges |
|
|
Number of failed attempts to log in |
|
|
Date of last failed attempt to log in |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 445
{"id":11638,"type":"IDP","status":"Active","forename":"client-admin-3940","surname":"client-admin-3940","email":"3941aa@nobody.sectigo.com","phone":"+123456789","created":"2025-12-04","modified":"2025-12-04","credentials":[{"role":"DRAO_SSL","orgId":10339}],"activeState":"Active","privileges":["allowManageDomains"],"failedAttempts":0,"identityProviderId":349,"idp":"Test Idp","idpPersonId":"eppn-3940@nobody.ccmqa.com","activeStatus":"ACTIVE"}Get SAS administrator details
Path parameters
| Parameter | Description |
|---|---|
|
ID of admin whose details are being requested |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/11642' -i -X GET \
-H 'login: admin_customer3942' \
-H 'password: Password123!' \
-H 'customerUri: cst3942' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Admin identifier |
|
|
Admin account type |
|
|
Forename |
|
|
Surname |
|
|
|
|
|
Identifier of creator Admin |
|
|
Admin creation date |
|
|
Admin last modification date |
|
|
For deleted admins - the date when admin was deleted |
|
|
Title or position |
|
|
Administrator’s relationship to the company |
|
|
Telephone number |
|
|
City / locality name |
|
|
State or province name |
|
|
Country |
|
|
Postal code |
|
|
Admin’s locale |
|
|
Admin status. Deprecated. Value is always 'ACTIVE' for backward compatibility |
|
|
Deprecated, see 'activeStatus' instead. |
|
|
Active Status, possible values: ACTIVE and SUSPENDED |
|
|
Array of admin’s roles |
|
|
Admin’s role |
|
|
Organization / Department ID |
|
|
Array of admin’s privileges |
|
|
Number of failed attempts to log in |
|
|
Date of last failed attempt to log in |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 360
{"id":11642,"type":"SAS","status":"Active","forename":"client-admin-3949","surname":"client-admin-3949","email":"3950aa@nobody.sectigo.com","phone":"+123456789","created":"2025-12-04","modified":"2025-12-04","credentials":[{"role":"DRAO_SSL","orgId":10341}],"activeState":"Active","privileges":["allowManageDomains"],"failedAttempts":0,"activeStatus":"ACTIVE"}Get available roles
Get roles the administrator can assign to other administrators who they may update.
Query parameters
| Parameter | Description |
|---|---|
|
Optional flag indicating that roles are intended for edit another admin. |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/roles?isForEdit=false' -i -X GET \
-H 'login: admin_customer4015' \
-H 'password: Password123!' \
-H 'customerUri: cst4015' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Admin roles. Possible values: 'MRAO', 'RAO_SSL', 'RAO_SMIME', 'RAO_DEVICE', 'RAO_CS', 'DRAO_SSL', 'DRAO_SMIME', 'DRAO_DEVICE', and 'DRAO_CS' |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 100
["MRAO","RAO_SSL","RAO_SMIME","RAO_CS","RAO_DEVICE","DRAO_SSL","DRAO_SMIME","DRAO_CS","DRAO_DEVICE"]Get available privileges
Get privileges the administrator can assign to other administrators who they may update.
Query parameters
| Parameter | Description |
|---|---|
|
Admin’s role. Multiple roles can be provided. |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/privileges?role=RAO_SSL&role=RAO_SMIME' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3976' \
-H 'password: Password123!' \
-H 'customerUri: cst3976' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Admin privileges. Possible names: 'allowCreate' - Add peer administrator; 'allowEdit' - Edit peer administrator; 'allowDelete' - Delete peer administrator; 'allowDCV' - Manage domain validations; 'autoApproveCertificates' - Automatically approve certificate requests; 'allowMsAdDiscovery' - MS agent management; 'allowKeyVault' - Download keys from Sectigo Key Vault; 'approveDomainDelegation' - Approve domain delegation; 'allowManageDomains' - Manage domains; 'sslRequest' - Request SSL certificates; 'sslRenew' - Renew SSL certificates; 'sslReplace' - Replace SSL certificates; 'sslRevoke' - Revoke SSL certificates; 'sslApprove' - Manage SSL certificate requests; 'sslManage' - Manage SSL certificates; 'sslImport' - Import SSL certificates; 'clientCertRequest' - Request client certificates; 'clientCertRevoke' - Revoke client certificates; 'clientCertManage' - Manage client certificates; 'clientCertImport' - Import client certificates; 'csRequest' - Request code signing certificates; 'csRevoke' - Revoke code signing certificates; 'csManage' - Manage code signing certificates; 'csImport' - Import code signing certificates; 'deviceRequest' - Request device certificates; 'deviceRenew' - Renew device certificates; 'deviceReplace' - Replace device certificates; 'deviceRevoke' - Revoke device certificates; 'deviceApprove' - Manage device certificate requests; 'deviceManage' - Manage device certificates; 'deviceImport' - Import device certificates; 'editOrganizationAndDepartment' - Manage organizations & departments; 'addOrganizationAndDepartments' - Add organizations & departments; 'addDepartments' - Add departments; 'editDepartments' - Manage departments; 'orgValidationManager' - Manage organization validations; 'viewUsage' - View usage; 'viewSubscriptions' - View subscriptions; 'manageSubscriptions' - Manage subscriptions; 'acceptCustomerLicenseAgreement' - Accept customer license agreements; 'brandRequest' - Request Brand certificates; 'brandApprove' - Manage Brand certificate requests; 'brandRevoke' - Revoke Brand certificates; 'brandManage' - Manage Brand certificates; 'certProfileCreate' - Add certificate profiles; 'certProfileManage' - Manage certificate profiles; 'customFieldView' - View custom fields; 'customFieldCreate' - Add custom fields; 'customFieldManage' - Manage custom fields; 'certProfileView' - View certificate profiles; 'allowSslAutoApprove' - Deprecated (falls back to 'autoApproveCertificates'). Please, use 'autoApproveCertificates' privilege instead.; 'wsApiUseOnly' - Deprecated (replaced with new admin type - 'API'). |
|
|
Description for privilege. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1867
[{"name":"addDepartments","description":"Add departments"},{"name":"allowCreate","description":"Add peer administrator"},{"name":"allowDelete","description":"Delete peer administrator"},{"name":"allowEdit","description":"Edit peer administrator"},{"name":"allowManageDomains","description":"Manage domains"},{"name":"approveDomainDelegation","description":"Approve domain delegation"},{"name":"autoApproveCertificates","description":"Automatically approve certificate requests"},{"name":"certProfileCreate","description":"Add certificate profiles"},{"name":"certProfileManage","description":"Manage certificate profiles"},{"name":"certProfileView","description":"View certificate profiles"},{"name":"clientCertImport","description":"Import client certificates"},{"name":"clientCertManage","description":"Manage client certificates"},{"name":"clientCertRequest","description":"Request client certificates"},{"name":"clientCertRevoke","description":"Revoke client certificates"},{"name":"customFieldCreate","description":"Add custom fields"},{"name":"customFieldManage","description":"Manage custom fields"},{"name":"customFieldView","description":"View custom fields"},{"name":"editDepartments","description":"Manage departments"},{"name":"manageSubscriptions","description":"Manage subscriptions"},{"name":"orgValidationManager","description":"Manage organization validations"},{"name":"sslApprove","description":"Manage SSL certificate requests"},{"name":"sslImport","description":"Import SSL certificates"},{"name":"sslRenew","description":"Renew SSL certificates"},{"name":"sslReplace","description":"Replace SSL certificates"},{"name":"sslRequest","description":"Request SSL certificates"},{"name":"sslRevoke","description":"Revoke SSL certificates"},{"name":"viewSubscriptions","description":"View subscriptions"},{"name":"viewUsage","description":"View usage"}]Get list of Identity Providers
Get list of available Identity Providers that can be assigned to Standard, IdP administrators and IdP templates.
Example request
$ curl 'https://cert-manager.com/api/admin/v1/idp' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer4029' \
-H 'password: Password123!' \
-H 'customerUri: cst4029' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of customer’s IdP |
|
|
IdP ID |
|
|
IdP name |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 30
[{"id":361,"name":"Test Idp"}]Manage Administrators
Supported administrator types:
| Type | Description |
|---|---|
|
Admin with the ability to log in with username/password, authentication certificate, and/or IdP. Standard can be used with APIs if the password or authentication certificate is set. |
|
Admin with the ability to use API only with username/password or authentication certificate. |
|
Admin with the ability to log in to the UI only via IdP. They cannot use an API. |
|
Admin created externally in Sectigo Authentication Service. |
Create administrator
Create administrator account. This method supports different admin types (see "Supported administrator types").
Create standard administrator
Create Standard administrator account. Note: This administrator type will be used by default if type is not specified in request.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Administrator type. 'STANDARD' |
[] |
login |
String |
Administrator login (mandatory) |
[Must match the regular expression |
password |
String |
Password (mandatory) |
[Maximum length is 64 characters or can be empty] |
certificateSerialNumber |
String |
Authentication Certificate Serial Number |
[Must match the regular expression |
forename |
String |
Forename (mandatory) |
[Must match the regular expression |
surname |
String |
Surname (mandatory) |
[Must match the regular expression |
identityProviderId |
Number |
Identifier of Identity Provider. Please use the "Get list of identity providers" API to get available IdPs. Can be specified if authentication via IdP is required. |
[Must be at least 1] |
idpPersonId |
String |
Person Identifier for given Identity Provider (EPPN). Mandatory in case 'identityProviderId' is specified. |
[Maximum length is 256 characters or can be empty] |
String |
Email address (mandatory) |
[Must be a well-formed email address, Must not be null, Maximum length is 128 characters or can be empty] |
|
title |
String |
Title or Position |
[Maximum length is 64 characters or can be empty] |
telephone |
String |
Telephone Number |
[Must match the regular expression |
street |
String |
Street Address |
[Maximum length is 128 characters or can be empty] |
locality |
String |
Locality name |
[Maximum length is 128 characters or can be empty] |
state |
String |
State name |
[Maximum length is 128 characters or can be empty] |
postalCode |
String |
Postal Code |
[Must match the regular expression |
country |
String |
Country |
[Maximum length is 2 characters or can be empty] |
relationship |
String |
Administrator’s relationship to the company |
[Maximum length is 256 characters or can be empty] |
privileges |
Array |
Privileges to assign. In order to get list of available privileges, please use the "Get available privileges" API. |
[] |
credentials.[] |
Array |
Credentials to assign. In order to get list of available roles, please use the "Get available roles" API. |
[Must not be empty] |
credentials.[].role |
String |
Role |
[] |
credentials.[].orgId |
Number |
Organization / department ID |
[] |
activeStatus |
String |
Allowed values: ACTIVE, SUSPENDED |
[] |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3744' \
-H 'password: Password123!' \
-H 'customerUri: cst3744' \
-H 'Accept: application/json' \
-d '{"type":"STANDARD","login":"admin","email":"standard@test.test","forename":"Admin","surname":"Admin","certificateSerialNumber":"123456789AB","password":"Password#1234","privileges":["allowEdit","allowDelete","allowCreate"],"credentials":[{"role":"RAO_SSL","orgId":10287}],"identityProviderId":324,"idpPersonId":"eppn@test","activeStatus":"ACTIVE"}'Response headers
| Name | Description |
|---|---|
|
URL location of created admin |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/admin/v1/11548Create API administrator
Create API administrator account.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Administrator type. 'API' |
[] |
login |
String |
Administrator login (mandatory) |
[Must match the regular expression |
password |
String |
Password (mandatory) |
[Maximum length is 64 characters or can be empty] |
certificateSerialNumber |
String |
Authentication Certificate Serial Number |
[Must match the regular expression |
forename |
String |
Forename (mandatory) |
[Must match the regular expression |
surname |
String |
Surname (mandatory) |
[Must match the regular expression |
String |
Email address (mandatory) |
[Must be a well-formed email address, Must not be null, Maximum length is 128 characters or can be empty] |
|
title |
String |
Title or Position |
[Maximum length is 64 characters or can be empty] |
telephone |
String |
Telephone Number |
[Must match the regular expression |
street |
String |
Street Address |
[Maximum length is 128 characters or can be empty] |
locality |
String |
Locality name |
[Maximum length is 128 characters or can be empty] |
state |
String |
State name |
[Maximum length is 128 characters or can be empty] |
postalCode |
String |
Postal Code |
[Must match the regular expression |
country |
String |
Country |
[Maximum length is 2 characters or can be empty] |
relationship |
String |
Administrator’s relationship to the company |
[Maximum length is 256 characters or can be empty] |
privileges |
Array |
Privileges to assign. In order to get list of available privileges, please use the "Get available privileges" API. |
[] |
credentials.[] |
Array |
Credentials to assign. In order to get list of available roles, please use the "Get available roles" API. |
[Must not be empty] |
credentials.[].role |
String |
Role |
[] |
credentials.[].orgId |
Number |
Organization / department ID |
[] |
activeStatus |
String |
Allowed values: ACTIVE, SUSPENDED |
[] |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3755' \
-H 'password: Password123!' \
-H 'customerUri: cst3755' \
-H 'Accept: application/json' \
-d '{"type":"API","login":"admin","email":"api@test.test","forename":"Admin","surname":"Admin","certificateSerialNumber":"123456789AB","password":"Password#1234","privileges":["allowEdit","allowDelete","allowCreate"],"credentials":[{"role":"RAO_SSL","orgId":10290}],"activeStatus":"ACTIVE"}'Response headers
| Name | Description |
|---|---|
|
URL location of created admin |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/admin/v1/11554Create IDP administrator
Create IdP administrator account that is not linked to an IdP Template. After admin is created, login invitation email is sent automatically to the specified admin’s email.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Administrator type. 'IDP' |
[] |
forename |
String |
Forename |
[Must match the regular expression |
surname |
String |
Surname |
[Must match the regular expression |
String |
Email address (mandatory) |
[Must be a well-formed email address, Must not be null, Maximum length is 128 characters or can be empty] |
|
title |
String |
Title or Position |
[Maximum length is 64 characters or can be empty] |
telephone |
String |
Telephone Number |
[Must match the regular expression |
street |
String |
Street Address |
[Maximum length is 128 characters or can be empty] |
locality |
String |
Locality name |
[Maximum length is 128 characters or can be empty] |
state |
String |
State name |
[Maximum length is 128 characters or can be empty] |
postalCode |
String |
Postal Code |
[Must match the regular expression |
country |
String |
Country |
[Maximum length is 2 characters or can be empty] |
relationship |
String |
Administrator’s relationship to the company |
[Maximum length is 256 characters or can be empty] |
privileges |
Array |
Privileges to assign. In order to get list of available privileges, please use the "Get available privileges" API. |
[] |
credentials.[] |
Array |
Credentials to assign. In order to get list of available roles, please use the "Get available roles" API. |
[Must not be empty] |
credentials.[].role |
String |
Role |
[] |
credentials.[].orgId |
Number |
Organization / department ID |
[] |
activeStatus |
String |
Allowed values: ACTIVE, SUSPENDED |
[] |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3766' \
-H 'password: Password123!' \
-H 'customerUri: cst3766' \
-H 'Accept: application/json' \
-d '{"type":"IDP","email":"idp@test.test","forename":"Admin","surname":"Admin","privileges":["allowEdit","allowDelete","allowCreate"],"credentials":[{"role":"RAO_SSL","orgId":10293}],"activeStatus":"ACTIVE"}'Response headers
| Name | Description |
|---|---|
|
URL location of created admin |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/admin/v1/11558Create SAS administrator
Create Sectigo Authentication Service administrator account.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Administrator type. 'SAS' |
[] |
forename |
String |
Forename |
[Must match the regular expression |
surname |
String |
Surname |
[Must match the regular expression |
String |
Email address (mandatory) |
[Must be a well-formed email address, Must not be null, Maximum length is 128 characters or can be empty] |
|
title |
String |
Title or Position |
[Maximum length is 64 characters or can be empty] |
telephone |
String |
Telephone Number |
[Must match the regular expression |
street |
String |
Street Address |
[Maximum length is 128 characters or can be empty] |
locality |
String |
Locality name |
[Maximum length is 128 characters or can be empty] |
state |
String |
State name |
[Maximum length is 128 characters or can be empty] |
postalCode |
String |
Postal Code |
[Must match the regular expression |
country |
String |
Country |
[Maximum length is 2 characters or can be empty] |
relationship |
String |
Administrator’s relationship to the company |
[Maximum length is 256 characters or can be empty] |
privileges |
Array |
Privileges to assign. In order to get list of available privileges, please use the "Get available privileges" API. |
[] |
credentials.[] |
Array |
Credentials to assign. In order to get list of available roles, please use the "Get available roles" API. |
[Must not be empty] |
credentials.[].role |
String |
Role |
[] |
credentials.[].orgId |
Number |
Organization / department ID |
[] |
activeStatus |
String |
Allowed values: ACTIVE, SUSPENDED |
[] |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3773' \
-H 'password: Password123!' \
-H 'customerUri: cst3773' \
-H 'Accept: application/json' \
-d '{"type":"SAS","email":"sas@test.test","forename":"Admin","surname":"Admin","privileges":["allowEdit","allowDelete","allowCreate"],"credentials":[{"role":"RAO_SSL","orgId":10295}],"activeStatus":"ACTIVE"}'Response headers
| Name | Description |
|---|---|
|
URL location of created admin |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/admin/v1/11562Update administrator
Update administrator account. Fields that are not changed can be omitted. This method also allows you to change admin type, available transitions are:
| Current Type | Allowed Types |
|---|---|
|
|
|
|
|
|
|
|
Note: Changing of admin type may require additional fields to be specified.
Update standard administrator
Update Standard administrator account.
Path parameters
| Parameter | Description |
|---|---|
|
ID of admin being updated |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Administrator type. 'STANDARD' |
[] |
login |
String |
Administrator login |
[Must be null or not blank, Must match the regular expression |
password |
String |
Password (mandatory) |
[Maximum length is 64 characters or can be empty] |
certificateSerialNumber |
String |
Authentication Certificate Serial Number |
[Must match the regular expression |
forename |
String |
Forename |
[Must be null or not blank, Must match the regular expression |
surname |
String |
Surname |
[Must be null or not blank, Must match the regular expression |
identityProviderId |
Number |
Identifier of Identity Provider. Please use the "Get list of identity providers" API to get available IdPs. Can be specified if authentication via IdP is required. |
[Must be at least 1] |
idpPersonId |
String |
Person Identifier for given Identity Provider (EPPN). Mandatory in case 'identityProviderId' is specified. |
[Maximum length is 256 characters or can be empty] |
String |
Email address |
[Must be a well-formed email address, Must be null or not blank, Maximum length is 128 characters or can be empty] |
|
title |
String |
Title or Position |
[Maximum length is 64 characters or can be empty] |
telephone |
String |
Telephone Number |
[Must match the regular expression |
street |
String |
Street Address |
[Maximum length is 128 characters or can be empty] |
locality |
String |
Locality name |
[Maximum length is 128 characters or can be empty] |
state |
String |
State name |
[Maximum length is 128 characters or can be empty] |
postalCode |
String |
Postal Code |
[Must match the regular expression |
country |
String |
Country |
[Maximum length is 2 characters or can be empty] |
relationship |
String |
Administrator’s relationship to the company |
[Maximum length is 256 characters or can be empty] |
privileges |
Array |
Privileges to assign. In order to get list of available privileges, please use the "Get available privileges" API. |
[] |
credentials.[] |
Array |
Credentials to assign. In order to get list of available roles, please use the "Get available roles" API. |
[Must be null or not empty] |
credentials.[].role |
String |
Role |
[] |
credentials.[].orgId |
Number |
Organization / department ID |
[] |
activeStatus |
String |
Allowed values: ACTIVE, SUSPENDED |
[] |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/11692' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer4055' \
-H 'password: Password123!' \
-H 'customerUri: cst4055' \
-H 'Accept: application/json' \
-d '{"type":"STANDARD","login":"rao","email":"4063aa@nobody.sectigo.com","forename":"RAO SSL","surname":"Admin","telephone":"+1 (888) 266-6361","certificateSerialNumber":"123456789AB","password":"Password#1234","privileges":["allowCreate","allowDelete","allowEdit"],"credentials":[{"role":"RAO_SSL","orgId":10372}],"identityProviderId":365,"idpPersonId":"new.eppn@test","activeStatus":"SUSPENDED"}'Example response
HTTP/1.1 200 OKUpdate API administrator
Update API administrator account.
Path parameters
| Parameter | Description |
|---|---|
|
ID of admin being updated |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Administrator type. 'API' |
[] |
login |
String |
Administrator login |
[Must be null or not blank, Must match the regular expression |
password |
String |
Password |
[Maximum length is 64 characters or can be empty] |
certificateSerialNumber |
String |
Authentication Certificate Serial Number |
[Must match the regular expression |
forename |
String |
Forename |
[Must be null or not blank, Must match the regular expression |
surname |
String |
Surname |
[Must be null or not blank, Must match the regular expression |
String |
Email address |
[Must be a well-formed email address, Must be null or not blank, Maximum length is 128 characters or can be empty] |
|
title |
String |
Title or Position |
[Maximum length is 64 characters or can be empty] |
telephone |
String |
Telephone Number |
[Must match the regular expression |
street |
String |
Street Address |
[Maximum length is 128 characters or can be empty] |
locality |
String |
Locality name |
[Maximum length is 128 characters or can be empty] |
state |
String |
State name |
[Maximum length is 128 characters or can be empty] |
postalCode |
String |
Postal Code |
[Must match the regular expression |
country |
String |
Country |
[Maximum length is 2 characters or can be empty] |
relationship |
String |
Administrator’s relationship to the company |
[Maximum length is 256 characters or can be empty] |
privileges |
Array |
Privileges to assign. In order to get list of available privileges, please use the "Get available privileges" API. |
[] |
credentials.[] |
Array |
Credentials to assign. In order to get list of available roles, please use the "Get available roles" API. |
[Must be null or not empty] |
credentials.[].role |
String |
Role |
[] |
credentials.[].orgId |
Number |
Organization / department ID |
[] |
activeStatus |
String |
Allowed values: ACTIVE, SUSPENDED |
[] |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/11698' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer4068' \
-H 'password: Password123!' \
-H 'customerUri: cst4068' \
-H 'Accept: application/json' \
-d '{"type":"API","login":"rao","email":"4076aa@nobody.sectigo.com","forename":"RAO SSL","surname":"Admin","telephone":"+1 (888) 266-6361","certificateSerialNumber":"123456789AB","password":"Password#1234","privileges":["allowCreate","allowDelete","allowEdit"],"credentials":[{"role":"RAO_SSL","orgId":10375}],"activeStatus":"SUSPENDED"}'Example response
HTTP/1.1 200 OKUpdate IDP administrator
Update IdP administrator account.
Note: If IdP administrator has IdP template assigned, then modification is limited to the personal fields only; privileges, credentials and Identity Provider are managed by the parent IdP template.
Path parameters
| Parameter | Description |
|---|---|
|
ID of admin being updated |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Administrator type. 'IDP' |
[] |
forename |
String |
Forename |
[Must be null or not blank, Must match the regular expression |
surname |
String |
Surname |
[Must be null or not blank, Must match the regular expression |
identityProviderId |
Number |
Identifier of Identity Provider. Please use the "Get list of identity providers" API to get available IdPs. Can be used to change assigned Identity Provider for activated IdP administrators. |
[Must be at least 1] |
idpPersonId |
String |
Person Identifier for given Identity Provider (EPPN). Mandatory in case 'identityProviderId' is specified. |
[Maximum length is 256 characters or can be empty] |
String |
Email address |
[Must be a well-formed email address, Must be null or not blank, Maximum length is 128 characters or can be empty] |
|
title |
String |
Title or Position |
[Maximum length is 64 characters or can be empty] |
telephone |
String |
Telephone Number |
[Must match the regular expression |
street |
String |
Street Address |
[Maximum length is 128 characters or can be empty] |
locality |
String |
Locality name |
[Maximum length is 128 characters or can be empty] |
state |
String |
State name |
[Maximum length is 128 characters or can be empty] |
postalCode |
String |
Postal Code |
[Must match the regular expression |
country |
String |
Country |
[Maximum length is 2 characters or can be empty] |
relationship |
String |
Administrator’s relationship to the company |
[Maximum length is 256 characters or can be empty] |
privileges |
Array |
Privileges to assign. In order to get list of available privileges, please use the "Get available privileges" API. |
[] |
credentials.[] |
Array |
Credentials to assign. In order to get list of available roles, please use the "Get available roles" API. |
[Must be null or not empty] |
credentials.[].role |
String |
Role |
[] |
credentials.[].orgId |
Number |
Organization / department ID |
[] |
activeStatus |
String |
Allowed values: ACTIVE, SUSPENDED |
[] |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/11704' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer4081' \
-H 'password: Password123!' \
-H 'customerUri: cst4081' \
-H 'Accept: application/json' \
-d '{"type":"IDP","email":"4089aa@nobody.sectigo.com","forename":"RAO SSL","surname":"Admin","telephone":"+1 (888) 266-6361","privileges":["allowCreate","allowDelete","allowEdit"],"credentials":[{"role":"RAO_SSL","orgId":10378}],"activeStatus":"SUSPENDED"}'Example response
HTTP/1.1 200 OKUpdate SAS administrator
Update Sectigo Authentication Service administrator account.
Path parameters
| Parameter | Description |
|---|---|
|
ID of admin being updated |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Administrator type. 'SAS' |
[] |
forename |
String |
Forename |
[Must be null or not blank, Must match the regular expression |
surname |
String |
Surname |
[Must be null or not blank, Must match the regular expression |
String |
Email address |
[Must be a well-formed email address, Must be null or not blank, Maximum length is 128 characters or can be empty] |
|
title |
String |
Title or Position |
[Maximum length is 64 characters or can be empty] |
telephone |
String |
Telephone Number |
[Must match the regular expression |
street |
String |
Street Address |
[Maximum length is 128 characters or can be empty] |
locality |
String |
Locality name |
[Maximum length is 128 characters or can be empty] |
state |
String |
State name |
[Maximum length is 128 characters or can be empty] |
postalCode |
String |
Postal Code |
[Must match the regular expression |
country |
String |
Country |
[Maximum length is 2 characters or can be empty] |
relationship |
String |
Administrator’s relationship to the company |
[Maximum length is 256 characters or can be empty] |
privileges |
Array |
Privileges to assign. In order to get list of available privileges, please use the "Get available privileges" API. |
[] |
credentials.[] |
Array |
Credentials to assign. In order to get list of available roles, please use the "Get available roles" API. |
[Must be null or not empty] |
credentials.[].role |
String |
Role |
[] |
credentials.[].orgId |
Number |
Organization / department ID |
[] |
activeStatus |
String |
Allowed values: ACTIVE, SUSPENDED |
[] |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/11708' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer4090' \
-H 'password: Password123!' \
-H 'customerUri: cst4090' \
-H 'Accept: application/json' \
-d '{"type":"SAS","email":"4098aa@nobody.sectigo.com","forename":"RAO SSL","surname":"Admin","telephone":"+1 (888) 266-6361","privileges":["allowCreate","allowDelete","allowEdit"],"credentials":[{"role":"RAO_SSL","orgId":10380}],"activeStatus":"SUSPENDED"}'Example response
HTTP/1.1 200 OKUnlink IdP administrator from template
This method removes the link to IdP template for IdP administrator, thus admin will no longer be managed by it.
Path parameters
| Parameter | Description |
|---|---|
|
ID of IdP admin to unlink from IdP template. |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/11687/unlink' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer4045' \
-H 'password: Password123!' \
-H 'customerUri: cst4045' \
-H 'Accept: application/json'Example response
HTTP/1.1 204 No ContentDelete administrator
Delete administrator account.
Path parameters
| Parameter | Description |
|---|---|
|
ID of admin being deleted |
Query parameters
| Parameter | Description |
|---|---|
|
Optional, specifies ID of the client administrator to be assigned as certificate requester instead of the one being deleted. If omitted, currently assigned requester is retained. The replacing requester should have type other than IdP Template and have Id that differs from Id of the client administrator being deleted. Use respective list API method with necessary filtering options to get suitable client administrators. |
Example request
$ curl 'https://cert-manager.com/api/admin/v1/11616?replacingRequesterId=11615' -i -X DELETE \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3884' \
-H 'password: Password123!' \
-H 'customerUri: cst3884'Example response
HTTP/1.1 204 No ContentGet password state
State of administrator password. Available for Standard and API administrators.
Example request
$ curl 'https://cert-manager.com/api/admin/v1/password' -i -X GET \
-H 'login: admin_customer3969' \
-H 'password: Password123!' \
-H 'customerUri: cst3969' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Admin password state. Possible values: 'ALIVE', 'EXPIRED' and 'NEVER_EXPIRE' |
|
|
Password expiration date. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 47
{"expirationDate":"2026-03-04","state":"ALIVE"}Change password
Change of administrator password. Available for Standard and API administrators.
Success case
Example request
$ curl 'https://cert-manager.com/api/admin/v1/changepassword' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3730' \
-H 'password: Password123!' \
-H 'customerUri: cst3730' \
-H 'Accept: application/json' \
-d '{"newPassword":"newPass122345"}'Example response
HTTP/1.1 204 No ContentFailed case
Example request
$ curl 'https://cert-manager.com/api/admin/v1/changepassword' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer3737' \
-H 'password: Password123!' \
-H 'customerUri: cst3737' \
-H 'Accept: application/json' \
-d '{"newPassword":"new"}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Code of error if error has occurred |
|
|
Error message |
Example response
HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 209
{"code":-7306,"description":"Password policy violated: Password must contain 1 or more uppercase characters. Password must contain 1 or more digit characters. Password must be 8 or more characters in length."}Template Administrators
Supported administrator types:
| Type | Description |
|---|---|
|
IdP admins are created automatically from a template. The IdP attribute mapping controls which template an admin will be linked to. |
View IdP templates
List IdP templates
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
the first position (entry) to return from the results of the query |
|
Filter by name |
|
Filter by organization ID |
|
Filter by Identity Provider ID |
Example request
$ curl 'https://cert-manager.com/api/admin-template/v1?size=10&position=0' -i -X GET \
-H 'login: admin_customer4316' \
-H 'password: Password123!' \
-H 'customerUri: cst4316'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of requested client admins |
|
|
IdP template admin ID |
|
|
IdP template name |
|
|
ID of assigned Identity Provider. |
Example response
HTTP/1.1 200 OK
X-Total-Count: 2
Content-Type: application/json
Content-Length: 131
[{"id":11815,"name":"client-admin-4322","identityProviderId":398},{"id":11814,"name":"client-admin-4321","identityProviderId":398}]Get IdP template details
Get detailed information about IdP template.
Manage IdP templates
Create IdP template
Create IdP Template.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Template name. |
[Must match the regular expression |
privileges |
Array |
Privileges that will be assigned to the admin, automatically created by this template. In order to get available privileges, please use "Get available privileges" method from the "Administrators" API. |
[] |
credentials.[] |
Array |
Credentials that will be assigned to the admin, automatically created by this template. In order to get available roles, please use "Get available roles" method from the "Administrators" API. |
[Must not be empty] |
credentials.[].role |
String |
Role |
[] |
credentials.[].orgId |
Number |
Organization ID |
[] |
identityProviderId |
Number |
Identity Provider ID that IdP Template can be used with. |
[Must be at least 1] |
idpMappingRules |
Array |
Mapping rules that should be applied in order to check whether user’s IdP attributes match the template.Should always include "groups" attribute. |
[Must not be empty] |
idpMappingRules.[].attribute |
String |
IdP attribute name. |
[] |
idpMappingRules.[].matchType |
String |
Matching type. Available options: MATCHES (default), CONTAINS. |
[] |
idpMappingRules.[].values |
Array |
Allowed values that IdP attribute value should match in whole or in part, depending of specified "matchType". Note: in case of collection attribute, rule is applied on its items - if at least one meets the rule, it will be considered as matched. |
[] |
Example request
$ curl 'https://cert-manager.com/api/admin-template/v1/' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer4200' \
-H 'password: Password123!' \
-H 'customerUri: cst4200' \
-H 'Accept: application/json' \
-d '{"name":"RAO SSL IdP Template","privileges":["autoApproveCertificates","editOrganizationAndDepartment"],"credentials":[{"role":"RAO_SSL","orgId":10408}],"identityProviderId":381,"idpMappingRules":[{"attribute":"groups","matchType":"MATCHES","values":["RAO SSL"]}]}'Response headers
| Name | Description |
|---|---|
|
URL location of created IdP Template admin. |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/admin-template/v1/11757Update IdP template
Update IdP Template. Fields that are not changed can be omitted in request. Please note that requested changes (except name) are automatically applied to all IdP admins assigned to this template. In order to get a list of administrators that are currently assigned to this template, please use "List administrators" method from the "Administrators" API with filter by "templateId" parameter.
Path parameters
| Parameter | Description |
|---|---|
|
ID of IdP admin template being updated |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Template name. |
[Must be null or not blank, Must match the regular expression |
privileges |
Array |
Privileges that will be assigned to the admin, automatically created by this template. In order to get available privileges, please use "Get available privileges" method from the "Administrators" API. |
[] |
credentials.[] |
Array |
Credentials that will be assigned to the admin, automatically created by this template. In order to get available roles, please use "Get available roles" method from the "Administrators" API. |
[Must be null or not empty] |
credentials.[].role |
String |
Role |
[] |
credentials.[].orgId |
Number |
Organization ID |
[] |
identityProviderId |
Number |
Identity Provider ID that IdP Template can be used with. |
[Must be at least 1] |
idpMappingRules |
Array |
Mapping rules that should be applied in order to check whether user’s IdP attributes match the template.Should always include "groups" attribute. |
[Must be null or not empty] |
idpMappingRules.[].attribute |
String |
IdP attribute name. |
[] |
idpMappingRules.[].matchType |
String |
Matching type. Available options: MATCHES (default), CONTAINS. |
[] |
idpMappingRules.[].values |
Array |
Allowed values that IdP attribute value should match in whole or in part, depending of specified "matchType". Note: in case of collection attribute, rule is applied on its items - if at least one meets the rule, it will be considered as matched. |
[] |
Example request
$ curl 'https://cert-manager.com/api/admin-template/v1/11818' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer4323' \
-H 'password: Password123!' \
-H 'customerUri: cst4323' \
-H 'Accept: application/json' \
-d '{"name":"Updated client-admin-4328","privileges":["allowCreate","allowDelete","allowEdit"],"credentials":[{"role":"RAO_SSL","orgId":10427}],"identityProviderId":399,"idpMappingRules":[{"attribute":"groups","matchType":"MATCHES","values":["RAO SSL"]}]}'Example response
HTTP/1.1 200 OKDelete IdP template
Delete IdP template. By default, all related administrators will be deleted automatically with the template. It is also possible to unlink all related administrators from this template. In order to get a list of administrators that are currently assigned to this template, please use "List administrators" method from the "Administrators" API with filter by "templateId" parameter.
Path parameters
| Parameter | Description |
|---|---|
|
ID of IdP template being deleted |
Query parameters
| Parameter | Description |
|---|---|
|
Option that specify required action for the related IdP admins that were created based on this template and still assigned to it. Allowed values: delete, unlink. Default value is 'unlink', which means that assigned admins will be unlinked from this template and will no longer be managed by it. When 'delete' action is specified, then related admins will be deleted together with this template. |
|
Optional, specifies ID of the client administrator to be assigned as certificate requester instead of those being deleted. If omitted, currently assigned requesters are retained. Has no effect if 'unlink' or no value is passed to 'relatedAdminsAction' request parameter. The replacing requester should have type other than IdP Template and have no parent template or have parent template whose Id differs from Id of the template being deleted. Use respective list API method with necessary filtering options to get suitable client administrators. |
Example request
$ curl 'https://cert-manager.com/api/admin-template/v1/11792?relatedAdminsAction=DELETE&replacingRequesterId=11791' -i -X DELETE \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer4268' \
-H 'password: Password123!' \
-H 'customerUri: cst4268'Example response
HTTP/1.1 204 No ContentPersons
View persons
List persons
Query parameters
| Parameter | Description |
|---|---|
|
the first position (entry) to return from the results of the query |
|
Count of entries |
|
Person name (url encoded) |
|
Organization ID |
|
Person email |
|
Person commonName |
|
Person phone |
|
Person Secondary Email |
Example request
$ curl 'https://cert-manager.com/api/person/v1?position=0&size=10&name=Tester&organizationId=11669&email=21046_.email%40domain.com&commonName=Tester&secondaryEmail=alt1.email%40domain.com&phone=3456789' -i -X GET \
-H 'login: admin_customer21043' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of persons |
|
|
Person ID |
|
|
Organization ID |
|
|
Person e-mail |
|
|
Person firstname |
|
|
Person lastname |
|
|
Person middlename |
|
|
Person validation type |
|
|
Person Phone |
|
|
Person CommonName |
|
|
Person Secondary Emails |
|
|
Person EPPN |
|
|
Person UPN |
|
|
Created date |
|
|
Name of the administrator who added the person |
|
|
Modified date |
|
|
Name of the administrator who last modified the person |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json
Content-Length: 352
[{"id":438,"firstName":"Tester","middleName":"","lastName":"","email":"21046_.email@domain.com","organizationId":11669,"validationType":"STANDARD","phone":"123456789","secondaryEmails":["alt1.email@domain.com","alt2.email@domain.com"],"commonName":"Tester","eppn":"","upn":"","created":"2025-12-04T07:58:10.636Z","modified":"2025-12-04T07:58:10.645Z"}]Response headers
| Name | Description |
|---|---|
|
Contains total number of persons available according to the filtering applied |
Find person by email
Will return ID for a person with given email.
Path parameters
| Parameter | Description |
|---|---|
|
Person e-mail. Must be formatted as valid e-mail string. Also might need to be properly encoded as required by URL syntax standard. For example, the '@' character should be replaced with the %40 code, '.' - with %2E and so on. |
Example request
$ curl 'https://cert-manager.com/api/person/v1/id/byEmail/21025_.email@domain.com' -i -X GET \
-H 'login: admin_customer21022' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Person ID |
Example response
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json
Content-Length: 16
{"personId":435}Get person details
Path parameters
| Parameter | Description |
|---|---|
|
Person ID |
Example request
$ curl 'https://cert-manager.com/api/person/v1/434' -i -X GET \
-H 'login: admin_customer21015' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-H 'Accept: application/json;charset=UTF-8'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Person ID |
|
|
Organization ID |
|
|
Person e-mail |
|
|
Person firstname |
|
|
Person lastname |
|
|
Person middlename |
|
|
Person validation type. Values: [STANDARD, HIGH] |
|
|
Person Phone |
|
|
Person CommonName |
|
|
Person Secondary Emails |
|
|
Person EPPN |
|
|
Person UPN |
|
|
Created date |
|
|
Name of the administrator who added the person |
|
|
Modified date |
|
|
Name of the administrator who last modified the person |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 350
{"id":434,"firstName":"Tester","middleName":"","lastName":"","email":"21018_.email@domain.com","organizationId":11661,"validationType":"STANDARD","phone":"123456789","secondaryEmails":["alt1.email@domain.com","alt2.email@domain.com"],"commonName":"Tester","eppn":"","upn":"","created":"2025-12-04T07:58:09.774Z","modified":"2025-12-04T07:58:09.782Z"}Manage persons
Create person
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
firstName |
String |
Person’s first name |
[Must not be blank, Maximum length is 64 characters or can be empty] |
middleName |
String |
Person’s middle name |
[Maximum length is 64 characters or can be empty] |
lastName |
String |
Person’s last name |
[Must not be blank, Maximum length is 64 characters or can be empty] |
String |
Person’s email |
[Must be a well-formed email address, Must not be empty, Maximum length is 128 characters or can be empty] |
|
validationType |
String |
Person’s validation type. Values: [STANDARD, HIGH] |
[Must not be null] |
organizationId |
Number |
Organization ID |
[Must be at least 1, Must not be null] |
phone |
String |
Person phone |
[Must match the regular expression |
commonName |
String |
Person commonName |
[Maximum length is 64 characters or can be empty] |
secondaryEmails |
Array |
Person Secondary Emails |
[] |
eppn |
String |
Person EPPN |
[Maximum length is 128 characters or can be empty] |
upn |
String |
Person UPN |
[Maximum length is 256 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/person/v1' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer20952' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"firstName":"First Name","middleName":"Middle Name","lastName":"Last Name","email":"test@email.com","organizationId":11643,"validationType":"STANDARD","phone":"1235","secondaryEmails":["alt1.email@domain.com","alt2.email@domain.com"],"commonName":"Tester123","eppn":"","upn":null}'Response headers
| Name | Description |
|---|---|
|
Url location of created person |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/person/v1/424Update person
Path parameters
| Parameter | Description |
|---|---|
|
Person ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
firstName |
String |
Person’s first name |
[Must be null or not blank, Maximum length is 64 characters or can be empty] |
middleName |
String |
Person’s middle name |
[Maximum length is 64 characters or can be empty] |
lastName |
String |
Person’s last name |
[Must be null or not blank, Maximum length is 64 characters or can be empty] |
String |
Person’s email |
[Must be a well-formed email address, Must be null or not blank, Maximum length is 128 characters or can be empty] |
|
validationType |
String |
Person’s validation type. Values: [STANDARD, HIGH] |
[] |
organizationId |
Number |
Organization ID |
[Must be at least 1] |
phone |
String |
Person phone |
[Must match the regular expression |
commonName |
String |
Person commonName |
[Must be null or not blank, Maximum length is 64 characters or can be empty] |
secondaryEmails |
Array |
Person Secondary Emails |
[] |
eppn |
String |
Person EPPN |
[Maximum length is 128 characters or can be empty] |
upn |
String |
Person UPN |
[Maximum length is 256 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/person/v1/442' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer21071' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"firstName":"First Name","middleName":"Middle Name","lastName":"Last Name","email":"test@email.com","organizationId":11677,"validationType":"STANDARD","phone":"1235","secondaryEmails":["alt1.email@domain.com","alt2.email@domain.com"],"commonName":"Tester123","eppn":"","upn":null}'Example response
HTTP/1.1 200 OKDelete person
V2
Path parameters
| Parameter | Description |
|---|---|
|
Person ID being deleted |
Example request
$ curl 'https://cert-manager.com/api/person/v2/454' -i -X DELETE \
-H 'login: admin_customer21155' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 204 No ContentV1 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
Person ID being deleted |
Example request
$ curl 'https://cert-manager.com/api/person/v1/433' -i -X DELETE \
-H 'login: admin_customer21008' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 200 OKImport private key
V2
Path parameters
| Parameter | Description |
|---|---|
|
Person ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
p12 |
String |
Base64 encoded pkcs12 file |
[Must not be empty] |
password |
String |
Password to access pkcs12 file |
Optional |
customFields |
Array |
An array of custom fields if required |
Optional |
Example request
$ curl 'https://cert-manager.com/api/person/v2/457/import-key' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer21176' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"p12":"MIIc9AIBAzCCHK4GCSqGSIb3DQEHAaCCHJ8EghybMIIclzCCBXwGCSqGSIb3DQEHAaCCBW0EggVpMIIFZTCCBWEGCyqGSIb3DQEMCgECoIIE+jCCBPYwKAYKKoZIhvcNAQwBAzAaBBRkrpqy0Rl09IE89cMzT+8i0+lhOAICBAAEggTIXoY6WMPXG7P4x888tra7Y49A4GYbv5szwUKjjddvux14IPB8yz0MPeAD4TO/5Qmp4ERF3V/TF6YBL5MxQw+IEHDF3r1P3drvdd/Ku4R/us6XSHfphqGHT9BVmP+qtZOLOkhe3r7NNLVETNw6GZNQPKRKMf6VbLJE9VpJO4evI23wSZxqUnfKZpkGYtoh+jIBLxV31erwxa4/ffBeVlFYPw+MNj38lMn7Q3Xr5vys6PmLBtUgRTnbER/jXxbo9vXP6pJobupZpwfQRabzqm3Gj7qk51NNAfj8I7hXG2u8VcCAB+LJuj6CqGf13zhkEcibjI+JlqHKI7FfzHFZFLNURrRciGpd6WxT4R27GTPUqiNwmK5XU+GTwgO/NNXQCQTFKJ3HZ1LJj4i3hbUBBAzABTD7OB7Zns6vdSzHx447Qc9hY2g907ZhluLhyAxKNSkZXrRArJKadDNYV+eD9zdY80/itKQGKqR0haFkZW1NMEs2ZQsWAPgMcvdyxkU47+QvGH7ETBnpWGJFVRH/x4juLo46y8IQ9/umiyxYmJ9q9TEy7wm/Fg4UqG9JXckXNN5Apsk4Y2Me7I+uPXFeHbmifzgngMRvrCb+2NppOaPrvCPFCbknVq3091dLHDd2Ajd0vTtP/467YI0xPyr+Yzx6RcFm7oFNtx5Z8JRKpJT4RFF6ZVMkMsKAozsAHJsbtCB9JBE7gRJzm6HPEVSqwZ+49CtIyJ5JTuzDV/DB0DDg39y+27NpAL/Gj4Em4wcEhdyGpnsAhMO+FNMLRDPQGDbdOhdrz3eKIVy3wqxIiJb6VEOuV+J8cLxF7rvqctj+tGQP5VVxsXSHJHQCFPeo5GHlBk/GqG/ZIbxqJdYag+Bpyf7C/XKd85VriiBO949Jio4HxDe/C62j/RwqbTeUoJ7FU/0JPsGhxkloPbmLNmoXv9aJlewwjYDgqSsHfjQpVGNopcRiX0X1HPZNMlF4XpZ8lEGK+RAbYJnHhp/RQKe80tKg4NY7WYmB9cHYhvax8a0VMuKmYlzpugHJRQlE0q+i3Gzh8nPeEjN4HX+RrwXBNbHDBtuUYdNBh6vSvdD64w1Jw22zF8RsfN5vRCDsBM64bwdWlUW7LYhV6eiqrle8X6JIEUUl2OIQLwUCL6m0LzUwzUh902+iEAZi28QnNSQB0bVoxfnCnN8P978+B5oVDhsbRjPhplSjD7BvSSBPiTpjesRFGIqPkzAMXlfbOszyXRwEErtwDNlqp/qj110hDxskuaV154HDcZLSyqJGvs/GxooBCNIDdxI75eATwnwMNHHxo+gebj9crLycA1AkHRr3/iFHbDZN0Hd2kIm7Z+beD7DmBCLFY8AcfeQBYmCxo4BLHVBIvr9hlqUxi1zU4KEWFhHgo8/S4qOXfR99c7LvfV3rOaE4qEyj7cxJean1smnEp9uc0chUXGbL+MsgrkAXOfafGNkxmAflwEh/WyhtsVjU9saDvWzRN3sJnkwlhuqBfqGfV0402TmHYpaGzyOeHqn7Wir/Nn7F5P0BmgnSmJIIG0bKE44hTJcvppcEju+qmyJUCM9NmahMSmwkZLTWAx9mhZDe2OqC6d4yqIRK9I/gHwMLqhlFuSOzwhDnpb+qwVY3QMw+MVQwIwYJKoZIhvcNAQkVMRYEFI3YZBRdwYCDyiA9uLphQZnGCtx2MC0GCSqGSIb3DQEJFDEgHh4AYQBkAG0AaQBuAEAAYwBjAG0AcQBhAC4AYwBvAG0wghcTBgkqhkiG9w0BBwagghcEMIIXAAIBADCCFvkGCSqGSIb3DQEHATAoBgoqhkiG9w0BDAEGMBoEFA6laLzuLYF2mkOyxGvWfC04PwIOAgIEAICCFsCgCj9qK1Vzx9McX8htHPTeg2LiplMfbMQhCGotrhNAq06NFlKSwIjkLnLijveF3oosyZ4mTYuNBy4Wqg9Q7uZpne5hWTKD87X4NUn1cSB3Xq8ATRTA6pVAF6uZCDQwLBtmUBaRCsIPRNjukLqAxvyQavSqAHmn1+v3Na0BIc8x4RRN6RxiJnMiHEAhwQecx8WT802xGMyXvga06N3fXYGr0w0sVMHckZm0yagJObQ8AMQci9YdiFJsUtfrL+SGkfWgG0SyG3PP77ZFALVciwtMs82Y+yPDC6ZJVsas15UqAzbWGtWyqy459fVpIUu0LNo4Mqg2UeG3toZTcBYF1SfnYalbRsPSN3miL9NQJmluTWv0l/jm3YZETDpeRsbgpm2wuDvkBGxzzS8mwlmwenjKXfPD8uGpbyLX7oxP0m0a+zrQvkApbNI2ZI7Ebgo/JjNOhr9JWXo5hEjOgNh+dRv+gqwKgNy0bxEbncHkQc/xxMpDGfyUpHNEFvZLWdMwrz+l1Xy+3lI8jHsyZ3uMj8e93ADQnWuMSPhGwihFqbTU0HwIGiQt0DgNK87jFxlc+/iZ5QEh6T62jTR7jXY+sVQ1PfTBWQ0UwGYhF1VavFpPzNa/UmTppo8mV8eGNfChcUn0nk1O5jQQOV7rx5uSmKFKgGUP2upTKkikIePrhjqIMXzFgalmMQ/loBimxi/5fEMlZIVb9YAx5cBNVtx6ZdwsJ4J72WiAuLYkIialoVfCeLHr3v5Sk1oZbwT/mFxv85rNFGobD3LpSU87iJPghAQInKJyWHgaoRzyTubHqgnKJRrMFEb45FJ/EtTP50XCknQVHW7u/geDMNhAmCCA4KSBuhmWDSs6DnmXiDHaG/Msd4E1o/0X56fbRI+qFr+iaMSWIoXrps/SmuUQC8QTLs9qJ1mESXCLPyhsY9dZRMhtX+7qBRPElC+IKHsVTdmYS4cpANy+adviTipJMlwWvNJm7cgRrOcRdFD7xOsxRX1cICCoEsaRKifzzts6xfOGJRE/1KFi+krlH3zQuVkooky/PWQXjgRKdRJvIUIX3RQNCwmDHeAA9IhmmlXARjJOtRMj/eHOOS93y0dYrsA5Md5p5NTX5FLQHWXF/rSvCD841345T7gF4c0zYYKj9toQ57qExx/TZvdrIQcNPoD80ZQk4YSd9O54f7KxD5uTOPjAmuzvFrrrb6y6Zxh7jU37x0KHJmiwPSa7fYCwzR9zuWwfFXJ+z0ztWWbKE39ZeVWPkM1Dx6il+Pew99ftslUzoglfeU+OMcdd+pQkX2MiTHzGC7gt8krSQqt79HqmgD8iptVc7mW+m3JsyI3xT4hKTssqEZKYy9+t6UTNxSus1iaj1jKo3wieI8odgKzVhEyKxr54qVPDsmlbI+z4HY5/lnmkwV/OIyuVfr76+3EMQ+PhPJcb9z4zHkYkMDbeu5i1vsWvYyg92RfbYSaLbdNDxHnZAjb+bExDnwksariQk5r0C75hvveu2v7+T9meF2EbOPod1lVPJNN7SU0TiptIIfyBFTheha8gwIRUoaMPwfnLiYc/XdDNCEkcoRwUxYb4Cdgxf1kcEzuBJy7dERlKyPibTT9xzoHrQpMm3KgcPIvFXj3fDABcDw23mC16ZEfs/a17N2cfsH+UXHvNiphM/VJIWCHORj1o6gqs6lfV7S5NDEjwNgS1q8zRZF8RGrtbSjlAdyFJ3LlHDAvOAvBsN+OQRR7AB+mJvP+JxDrihDAx9Kggz7qBcTzsyzp7de5eka7ju/D73NBNnalKbvaBMmp5hkDMVvAZGLsgRGK4gEwtAtf5tBb/bQKFtvbwdHs63vh0V/fpRU4v2JWegl8mgexw+vNhRv9Sv93Zpw6PUSMYRYiTF/csOk3aemdUwCBEVyoElOvL1CJX2pKYchYzbKVk+00zLaAWlOhlsBCeVmVnZhi6HirFcUPWmzJS1AEa66feuy6nuJREcUbMLaLpIvjmd44T7oTqzZPFYNIi/9jCtXREp1Lav4z17CUAtGEmaRSwMjoorBjTLGgPF3/+/04MClWf3h4oKLyhtj98ric9r5KDhZRDnYZHCUxBXbkvAo55svvmKopCuB2coB2B8H44DOfc/3wKNk/ud9MzcyD/J9C8pBLGGdjwm70g8DYyoJCBOEuMff1879kQWJblNcIJJAlKf70UfOHpwc4Nw+MD9e66TR3LWV74SqUqSRvtGrtWRGernQnPRoEe1/DlaxlUxDESIyL9FzrcXROQRXCuufspczS2cUucWCESbJAUwVVShCTgRKv3HhTakkbw4U5dy89kLx9VWX/Qj0NPJYOaelef7EI+PLeYqxhwHNDbicXih4dE8L9ImsyzybV4tpO9cBxTQVYJkAPo2DWGB8UFjvbZBq8hxOeQ/GRx+bSKn7nm21c4t6DDH3Sp+jSNqi3851StlLP/TtspQDk8fq9/+WgcAEGlRCloW+8M/mAfh6ZYTRNJoqN3Ey4WkRMzPc6ZTCBzcqagAizj3CZreLoYPBCKdwv01BqqJM5q+FbfVzk5k8AqWDlotcNW0O4q4vl8mk8AmHDP5J/zy8Co5S2vfqD65vZsGdbOSjES1u6WMyltSnrIxjXdVzo3xriFt33aNc/wW3d12ZGoD0dHO6fJJw1QSWlVJqmZVWGQBjouz3o15V9f3GVJu812P1R4BKQCqz8M288LrD9gOTUrlUR+kXHg0Q7tHDqLTkGHZ2wV4gJZ8PQzoXn4tthqH8fbkHFIXDUyLAg6CrGxaJX9KCRzJ7WeLpTmJf/ljXbwySpI/zkFvK9EJT0tmEfsxUXnzzJLpnmlr3f/gkXn9TYkzB9S3V1yIvsk2IaDh0thZC2RNnbT1A9i4OvNTnAL8JnTkW3t2GB7BLU5bseHUnsdec2fitddaCPcOWmnPO33KoJ7bDRJun1l7zjJP5ZntShAdEJRUHOaAyTaY2Jm4PPm7hrgcVdltNT+4PiMkv9smqNrbovOhmGyYETyS9CxPqaS1iLn3RLkp6HiQTi5xekJXmyZl5ya/DhC3I7kZycV9ca3qEqdvbwF7PMG7Z48kPpTX8PS7gRP83ASjCqTLQROLkHl20+6VgM2+5kPiNA28OFOXrpTWdVnkMH6rHOSxnxMjejeoZEv+5vtvUH4owL5B82FH/fJ9QeDSo6iM+V2v9Xc8nkxl/3HWuRdJWCJ730J49kOheyXpEA9wt9aw5YpPhqJeBPa84kI9JtP5Tlkr3gGAtD/L+jO2Y+jbedQxCffc5R4OVBCndPMFLS+3awrCOP1WNiDQO7+CohGUssFxiRBIBJ948Fx1D7M8ZE8qKliDz+q7EcT5md7nR1d4exUn4aILmwbcwXGKvSiWTJmBGfH7iwSdMbr/ZtCiSfCYMref8ZHG5uO/tGQ/cpCZn67KfsWW6mC35UGnpxnohyyd95rOUSzHkAqi4PJx5tu1LGNXosy4VOSQeQ6ChExKkx2u1j55whlZqaFAsuWA4CxQo1mcny9Qjt8IAFjE2YVbvtvLhMn/lcH3DQUukA6LJPB59udh0lgZDSuQSwRb35+9Q8jWdiCUUbWYJUR5TIwvSngtVt4g2P0eHncD0luHz21F9txsmrql6IOnr5YxU4KptQnU0SssvuYb5jfUO3oOBvvkqCM1vntzgDSKvS53hn0RdH+wY68gltoHsJDFjDVXmobhcHr5ubX3PK11r2uGbDOWApc/h+Bmkwf5rsVn8fCHbnWe+1wQTPSfyujpcC7PffJ/Knmv+vYLAWofMC4TbIY451HIJ4xUHlZfHnaGnnJGf6Hlnpn2P6cFI4AXFNGAzxfAjoNzQowuUQzKxtsEB4mng7hCEzKi5SdEcgTudd6qcMd9Kj1UJFED3gqu7Fo1tjM2EMWlinYOxQxlRSE1lpcd8Y8ZPljOUplZ3P0cSikSLyuGDVkXN94OagUMTNieF+oINFCZsU1aAqf/SxOMh7+tDUNvGj2VTIKa+kBlDTzl51aIGXGwCjj4d7HBJy4cbKH7nW4E2Q6xSKZLYf/UoF6jWao6lO5cpvWFENzGiI6o2fYEYfp2KVyRW+4liMKYT1g5na1NP4Z8VsfEKS6UNzOiiqoMcsiHz2L7qTtvDEL49wYVwuBNm8GHXQ32oZGexIDZz+uhO+nYfVJRRkNh2sKurLgA+NF7jAvP87nejqzwW+aI+SuSppnKe+QBvEfq2IeVaqdpau8qzdlmC3ke3vGC679m+9krN1YNmRdJAxEgs4WF2g1qjKG5hQKVA5uve5dQfFDbHv7y7jkd4zob32A2A1p37qjWESZoRYRtZVjuWduJXB8dG+2tqp8MonINGGbXNLfvahOs+RyiW12c0/17T8x72BSoXOK4DQuABOci0kS7OwjSpKD3joh/nn+Mg6Lmm6Luj+D8i8SB/+kv5+U9oWgbfKNKkz6ilY28px+D8H9P6wLwWFcsiSyO6Sb1vFMY0Wegdt5uXCupf4CVX7d9NEtSYpFKWP8Ufdc6zRvc5LofRJ8noxSpVou0I2+KTFUCfdhIA7LV62JmhC2k61QhN8YllYJcItQc5bgxrSYs/i7dVhwqPDUzbUAcO4q4xuQNtc4asozmjxb2YdidBtE4V2CMf7p//yTA9PGBqDbuv6Yx7RwavTdJW3bLBb+seQKrnYp8zV4u07DaOSOaEVUJfn9fTFt5QiCwOuo5Z2tr7hbn5rwvAA9pm6Br4lys5B5nMFetMp7jKByfZPjF8i1586IjWqgT3B+b7Jrp7qUs/FFmLA5jziVyeVzzGCiw/oXEI1g59Vn8hNPKY3CDXi5vsWVR6zQieA8wM1vXhXM4JdYdsU1fAwDqLf8s+XZND4zveACTdl836QIidvwpUQAkl2AoitI0lE5CNsDClqtY9KIf9TmTkwaWCPXtbQ3A+N/X6abreQn6Tv8w4cu7cu5+v2ebkAIomd9X/BtntSRUreLpZr1+yDOtu6+FNMX2d8c8lSjdO5CekVNXBXaJeyF47oKBmO5oOP3jfvHH7QqW+qXxFcor5x1SJI73eLv+9//z109sWnZ/Fc6aKi1eBe+/SSCisJs8Dh4/W2oLPxhfcMC6hhwvV6yB7dvKZ2eNYeuqR58JS9QwMD4DT3+Qq6Lu7CUcdUkgIQ2/SvnAOaPpRbC1VVoc+fZ/UuBA2DPafWPm0OZzoUA9wrSN5CBCcJLKvY0J2yW9FPuE2wy6CgXtN869K6sEQiHtXqd7hhqVEvmvykjmFFHX2THCEiDd0Jr/Upc7b/tM4tcrEe67AWa7qLCidhQx+lqviyuNgVLDKk73MlwcpFRyrFbZk34qf8H2y5A5DMXfUWr7/5mP4NMbb0b3CTsBWJfB5mu23EBJGifpv5iYGUaDh+n29lvv6X5cyDSJIEpNpDSdQliPaf0einf7EtlkIwVh1JPvxYmL2Xt2w0LXm5SP62zPYfGMYEY5lYW4c5qFSIzKeFjEU+dDA+9tIgtw5XAlkJFIQ2DBl1hIfJczbWJlj5lWX/jDsXk9gdJ13/kU3fRzmdtRhFWPuKWNHI6RJtmKq+6eUldgb7dPbLF8+nVALbSk47+DwqJs6AqKJr/jndJKHtfAdoob/1796/aQUdVHx7Qfzku//gsUEWEvOlUPGloOlBRwf6scvXtcsaGftIc52v6DmHh6A5ehmgdSFpZWoSmQ3BhfbEa2j3grUT9iuv54v4xMi8F1JDDu3tpQG8FwXg6fY2VvKjqHHf6hoS7Xtf5pFrggUbGbDc5gzx5QnPHPHnHuTdnAwcSVwPEh7/9oNe6zYCmhrrbOFEU3QKs7r3wsRe19yjLyyIAfLfrgFUjQ4eS9jNE/NCyDLecqZxg5As72j3uo9HjKnYM0iHC5S57+5IzGVUH7noqFJoyaVE/ATerqP0MqJ1ePaaKpbaE1dx822JWj2rQ0v0UtrsPwEiPMcfDQnxnuv2Norw0UFIm3tOHNQeD2XAcd/epyj43K1EWMc31IS7nPf6EitA0X+ziqFUyLzgqieRTXj9zmDdTzcSnYVdFOQJcMnJSlb9Q7FHfySyJlzGxGUe3ATalnq9psZ1V5ifnzmoAeLvRbdKWguOhPJDK6EemkJSYWvALkrOF+GJkabAhL2PzmOj6VUidgDLhjnwD5ZpmsC7gr8T+Nx1Vmu1ercVRuA66IClIfMijnoq4hjZLOMnvvVLop2yvVh3TMF6qOYQOg1v5Eoz9I0HFu20fn2UZHY2VThdnfCqRkvjYEROIPBRHJVhtPu5ypjS5RWxbVcn90YcBuqVKHDeFgfFPGq7x5fDdAaUNRZW5UZxLR4l9tk8wAAD/oVfoiuPpOXyD2kxqqbnn+UI22Dy0qHjd1JE+w0+WvNb263nTZAjAaM0qB538DHSd2lbsAKHF30C8lBWlsbAfxc8e9t0cqMiZ6R/fVJSwZJVQ507Z/lRVqpgTEFtSLysgBJw1NvUrhQPA1ISu89oEKiwHZDmkWpul7BgY+wYtRuZQBxb7Ji2Ny0y0j+SSBPCDmNZPV+i1Rt0l8YUbu7BH/mGjSMByIaNok4tEEh0pz79G+yZkUeMMUjPWTuiccEg85Jgwh25t62JQu/SnLpPEBjif0dDr3M3sA4jjWX6YxUiGN+Wlry89aoBhIfJFFiNBMtlN42EyonjJfYydof6t/rGeJAlehmfjzMcBRmZEkSUQ6sIqxf04NR3m7ylKv8Wb66DTJaVP5WYHBjuxqQip8hP+gxLb7atHuzV1DFJaU5O/UQ0QDK4FFeNaj1MZRMlAaTh0HBb/DTcZtdH7rDfcX/gft2pbCLwoCetuOiVZGCs0yiyafmUfDsO1QUcJ7PXFO8RGWmN/VXoTb9LJpJLIVGyL361E7IO+iDpeQ2z1L80g4USPzdUPxDDIm0m/eyKlBVZquF76UVvEc0EHiIZjbQa6SXQgzBj6yWm8eUuX4mmHGQEFUF/3X1nc7nXu8t9SwsfAsWk0JEpsQOSaVDmuFJ2G55GO/rgxp3G5szmX1wCQio8fSF04mhHrbuPAznRpHAtBNW6kFJDLbZ+5J3svwHfkS3PlR9Zfw2ko2ZT5LTNwxA/KS+aXEx7JcEwDaHR+0CBrHTI28SfoCyJnUFPnzN2shBTNkGE5gkx168ZAZDB4+mNI7PFR+/pzoa9dVe2zEcYh5N1AA3xF3Rh/beXrRGPRyDwQzGGs3jBMtxA6hXFsTeegzJwhJ6m0oJri5NII6a7/otWEQpx5EKVCN9YxFPwK7FbWuaNAYBPD20lMOYPVUNfwfdbERz2cIYatVW6joaoxiF9xvns13ZJMBk1b3byDKhZZ+8z7qUXCRtx+GZ+b/1462PoUt1BZX7oz6+8miC9CDF+iqixXQ2XcSRbqT7Oy5IkUXAPk1VEmXWh/7sinG2ohj79iwRFfqYWKXHThJO/T4qIBfUUgdsHuakuFNYM5EyZe6P9t1vQ+UrmGCkOiIdpklTEycG3ndHT9H+0wRoR547O3ilteVteuSVDdMR/XvyPZamIPZV6MbC4vgpodFO/1vdenTsIPQV/wqwwMkzoSe7wQZg1A81bFD4CeMgJmO8ZFfIBUczMLEw0s3kvg4o7vJ5yXMzVKjEob9V+D6w24kALruHy+EkilsOInqvYc2VJMy8XxMTUkCrCpkTamtVGcRBcHUn4KCPgoF3KFVJqOfNCFfnlq3JB+bwZ/cp1aF9JKvSotr6HEXGVkBILG7KDt3U3FEBu/+bYDi+kPP1/AgO8x28ZSVlESwaLORcv6Edt3t4lpQHvM9/+CV98I72ajisREmAb9MD0wITAJBgUrDgMCGgUABBRqgZ/wtxdW8d3M7waGVOjCkGjlQgQUGVtjR8gSWzJRRrxlbLNw5CafsKMCAgQA","password":"11","customFields":[]}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Key Store entry list |
|
|
Alias |
|
|
Client Certificate ID |
|
|
MD5 hash |
|
|
SHA1 hash |
|
|
Import operation status message. 'Imported successfully' - all is OK, 'Already exists' - key present in Key Vault, otherwise - error message |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 185
{"entries":[{"alias":"admin@ccmqa.com","clientCertId":261,"md5":"5f646a050e14d92b60c376128a79e691","sha1":"e99ed5c3bff4fd1dda576ee1dd2cd962e521d6e5","message":"Imported successfully"}]}V1 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
Person ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
p12 |
String |
Base64 encoded pkcs12 file |
[Must not be empty] |
password |
String |
Password to access pkcs12 file |
Optional |
customFields |
Array |
An array of custom fields if required |
Optional |
Example request
$ curl 'https://cert-manager.com/api/person/v1/436/import-key' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer21029' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"p12":"MIIc9AIBAzCCHK4GCSqGSIb3DQEHAaCCHJ8EghybMIIclzCCBXwGCSqGSIb3DQEHAaCCBW0EggVpMIIFZTCCBWEGCyqGSIb3DQEMCgECoIIE+jCCBPYwKAYKKoZIhvcNAQwBAzAaBBRkrpqy0Rl09IE89cMzT+8i0+lhOAICBAAEggTIXoY6WMPXG7P4x888tra7Y49A4GYbv5szwUKjjddvux14IPB8yz0MPeAD4TO/5Qmp4ERF3V/TF6YBL5MxQw+IEHDF3r1P3drvdd/Ku4R/us6XSHfphqGHT9BVmP+qtZOLOkhe3r7NNLVETNw6GZNQPKRKMf6VbLJE9VpJO4evI23wSZxqUnfKZpkGYtoh+jIBLxV31erwxa4/ffBeVlFYPw+MNj38lMn7Q3Xr5vys6PmLBtUgRTnbER/jXxbo9vXP6pJobupZpwfQRabzqm3Gj7qk51NNAfj8I7hXG2u8VcCAB+LJuj6CqGf13zhkEcibjI+JlqHKI7FfzHFZFLNURrRciGpd6WxT4R27GTPUqiNwmK5XU+GTwgO/NNXQCQTFKJ3HZ1LJj4i3hbUBBAzABTD7OB7Zns6vdSzHx447Qc9hY2g907ZhluLhyAxKNSkZXrRArJKadDNYV+eD9zdY80/itKQGKqR0haFkZW1NMEs2ZQsWAPgMcvdyxkU47+QvGH7ETBnpWGJFVRH/x4juLo46y8IQ9/umiyxYmJ9q9TEy7wm/Fg4UqG9JXckXNN5Apsk4Y2Me7I+uPXFeHbmifzgngMRvrCb+2NppOaPrvCPFCbknVq3091dLHDd2Ajd0vTtP/467YI0xPyr+Yzx6RcFm7oFNtx5Z8JRKpJT4RFF6ZVMkMsKAozsAHJsbtCB9JBE7gRJzm6HPEVSqwZ+49CtIyJ5JTuzDV/DB0DDg39y+27NpAL/Gj4Em4wcEhdyGpnsAhMO+FNMLRDPQGDbdOhdrz3eKIVy3wqxIiJb6VEOuV+J8cLxF7rvqctj+tGQP5VVxsXSHJHQCFPeo5GHlBk/GqG/ZIbxqJdYag+Bpyf7C/XKd85VriiBO949Jio4HxDe/C62j/RwqbTeUoJ7FU/0JPsGhxkloPbmLNmoXv9aJlewwjYDgqSsHfjQpVGNopcRiX0X1HPZNMlF4XpZ8lEGK+RAbYJnHhp/RQKe80tKg4NY7WYmB9cHYhvax8a0VMuKmYlzpugHJRQlE0q+i3Gzh8nPeEjN4HX+RrwXBNbHDBtuUYdNBh6vSvdD64w1Jw22zF8RsfN5vRCDsBM64bwdWlUW7LYhV6eiqrle8X6JIEUUl2OIQLwUCL6m0LzUwzUh902+iEAZi28QnNSQB0bVoxfnCnN8P978+B5oVDhsbRjPhplSjD7BvSSBPiTpjesRFGIqPkzAMXlfbOszyXRwEErtwDNlqp/qj110hDxskuaV154HDcZLSyqJGvs/GxooBCNIDdxI75eATwnwMNHHxo+gebj9crLycA1AkHRr3/iFHbDZN0Hd2kIm7Z+beD7DmBCLFY8AcfeQBYmCxo4BLHVBIvr9hlqUxi1zU4KEWFhHgo8/S4qOXfR99c7LvfV3rOaE4qEyj7cxJean1smnEp9uc0chUXGbL+MsgrkAXOfafGNkxmAflwEh/WyhtsVjU9saDvWzRN3sJnkwlhuqBfqGfV0402TmHYpaGzyOeHqn7Wir/Nn7F5P0BmgnSmJIIG0bKE44hTJcvppcEju+qmyJUCM9NmahMSmwkZLTWAx9mhZDe2OqC6d4yqIRK9I/gHwMLqhlFuSOzwhDnpb+qwVY3QMw+MVQwIwYJKoZIhvcNAQkVMRYEFI3YZBRdwYCDyiA9uLphQZnGCtx2MC0GCSqGSIb3DQEJFDEgHh4AYQBkAG0AaQBuAEAAYwBjAG0AcQBhAC4AYwBvAG0wghcTBgkqhkiG9w0BBwagghcEMIIXAAIBADCCFvkGCSqGSIb3DQEHATAoBgoqhkiG9w0BDAEGMBoEFA6laLzuLYF2mkOyxGvWfC04PwIOAgIEAICCFsCgCj9qK1Vzx9McX8htHPTeg2LiplMfbMQhCGotrhNAq06NFlKSwIjkLnLijveF3oosyZ4mTYuNBy4Wqg9Q7uZpne5hWTKD87X4NUn1cSB3Xq8ATRTA6pVAF6uZCDQwLBtmUBaRCsIPRNjukLqAxvyQavSqAHmn1+v3Na0BIc8x4RRN6RxiJnMiHEAhwQecx8WT802xGMyXvga06N3fXYGr0w0sVMHckZm0yagJObQ8AMQci9YdiFJsUtfrL+SGkfWgG0SyG3PP77ZFALVciwtMs82Y+yPDC6ZJVsas15UqAzbWGtWyqy459fVpIUu0LNo4Mqg2UeG3toZTcBYF1SfnYalbRsPSN3miL9NQJmluTWv0l/jm3YZETDpeRsbgpm2wuDvkBGxzzS8mwlmwenjKXfPD8uGpbyLX7oxP0m0a+zrQvkApbNI2ZI7Ebgo/JjNOhr9JWXo5hEjOgNh+dRv+gqwKgNy0bxEbncHkQc/xxMpDGfyUpHNEFvZLWdMwrz+l1Xy+3lI8jHsyZ3uMj8e93ADQnWuMSPhGwihFqbTU0HwIGiQt0DgNK87jFxlc+/iZ5QEh6T62jTR7jXY+sVQ1PfTBWQ0UwGYhF1VavFpPzNa/UmTppo8mV8eGNfChcUn0nk1O5jQQOV7rx5uSmKFKgGUP2upTKkikIePrhjqIMXzFgalmMQ/loBimxi/5fEMlZIVb9YAx5cBNVtx6ZdwsJ4J72WiAuLYkIialoVfCeLHr3v5Sk1oZbwT/mFxv85rNFGobD3LpSU87iJPghAQInKJyWHgaoRzyTubHqgnKJRrMFEb45FJ/EtTP50XCknQVHW7u/geDMNhAmCCA4KSBuhmWDSs6DnmXiDHaG/Msd4E1o/0X56fbRI+qFr+iaMSWIoXrps/SmuUQC8QTLs9qJ1mESXCLPyhsY9dZRMhtX+7qBRPElC+IKHsVTdmYS4cpANy+adviTipJMlwWvNJm7cgRrOcRdFD7xOsxRX1cICCoEsaRKifzzts6xfOGJRE/1KFi+krlH3zQuVkooky/PWQXjgRKdRJvIUIX3RQNCwmDHeAA9IhmmlXARjJOtRMj/eHOOS93y0dYrsA5Md5p5NTX5FLQHWXF/rSvCD841345T7gF4c0zYYKj9toQ57qExx/TZvdrIQcNPoD80ZQk4YSd9O54f7KxD5uTOPjAmuzvFrrrb6y6Zxh7jU37x0KHJmiwPSa7fYCwzR9zuWwfFXJ+z0ztWWbKE39ZeVWPkM1Dx6il+Pew99ftslUzoglfeU+OMcdd+pQkX2MiTHzGC7gt8krSQqt79HqmgD8iptVc7mW+m3JsyI3xT4hKTssqEZKYy9+t6UTNxSus1iaj1jKo3wieI8odgKzVhEyKxr54qVPDsmlbI+z4HY5/lnmkwV/OIyuVfr76+3EMQ+PhPJcb9z4zHkYkMDbeu5i1vsWvYyg92RfbYSaLbdNDxHnZAjb+bExDnwksariQk5r0C75hvveu2v7+T9meF2EbOPod1lVPJNN7SU0TiptIIfyBFTheha8gwIRUoaMPwfnLiYc/XdDNCEkcoRwUxYb4Cdgxf1kcEzuBJy7dERlKyPibTT9xzoHrQpMm3KgcPIvFXj3fDABcDw23mC16ZEfs/a17N2cfsH+UXHvNiphM/VJIWCHORj1o6gqs6lfV7S5NDEjwNgS1q8zRZF8RGrtbSjlAdyFJ3LlHDAvOAvBsN+OQRR7AB+mJvP+JxDrihDAx9Kggz7qBcTzsyzp7de5eka7ju/D73NBNnalKbvaBMmp5hkDMVvAZGLsgRGK4gEwtAtf5tBb/bQKFtvbwdHs63vh0V/fpRU4v2JWegl8mgexw+vNhRv9Sv93Zpw6PUSMYRYiTF/csOk3aemdUwCBEVyoElOvL1CJX2pKYchYzbKVk+00zLaAWlOhlsBCeVmVnZhi6HirFcUPWmzJS1AEa66feuy6nuJREcUbMLaLpIvjmd44T7oTqzZPFYNIi/9jCtXREp1Lav4z17CUAtGEmaRSwMjoorBjTLGgPF3/+/04MClWf3h4oKLyhtj98ric9r5KDhZRDnYZHCUxBXbkvAo55svvmKopCuB2coB2B8H44DOfc/3wKNk/ud9MzcyD/J9C8pBLGGdjwm70g8DYyoJCBOEuMff1879kQWJblNcIJJAlKf70UfOHpwc4Nw+MD9e66TR3LWV74SqUqSRvtGrtWRGernQnPRoEe1/DlaxlUxDESIyL9FzrcXROQRXCuufspczS2cUucWCESbJAUwVVShCTgRKv3HhTakkbw4U5dy89kLx9VWX/Qj0NPJYOaelef7EI+PLeYqxhwHNDbicXih4dE8L9ImsyzybV4tpO9cBxTQVYJkAPo2DWGB8UFjvbZBq8hxOeQ/GRx+bSKn7nm21c4t6DDH3Sp+jSNqi3851StlLP/TtspQDk8fq9/+WgcAEGlRCloW+8M/mAfh6ZYTRNJoqN3Ey4WkRMzPc6ZTCBzcqagAizj3CZreLoYPBCKdwv01BqqJM5q+FbfVzk5k8AqWDlotcNW0O4q4vl8mk8AmHDP5J/zy8Co5S2vfqD65vZsGdbOSjES1u6WMyltSnrIxjXdVzo3xriFt33aNc/wW3d12ZGoD0dHO6fJJw1QSWlVJqmZVWGQBjouz3o15V9f3GVJu812P1R4BKQCqz8M288LrD9gOTUrlUR+kXHg0Q7tHDqLTkGHZ2wV4gJZ8PQzoXn4tthqH8fbkHFIXDUyLAg6CrGxaJX9KCRzJ7WeLpTmJf/ljXbwySpI/zkFvK9EJT0tmEfsxUXnzzJLpnmlr3f/gkXn9TYkzB9S3V1yIvsk2IaDh0thZC2RNnbT1A9i4OvNTnAL8JnTkW3t2GB7BLU5bseHUnsdec2fitddaCPcOWmnPO33KoJ7bDRJun1l7zjJP5ZntShAdEJRUHOaAyTaY2Jm4PPm7hrgcVdltNT+4PiMkv9smqNrbovOhmGyYETyS9CxPqaS1iLn3RLkp6HiQTi5xekJXmyZl5ya/DhC3I7kZycV9ca3qEqdvbwF7PMG7Z48kPpTX8PS7gRP83ASjCqTLQROLkHl20+6VgM2+5kPiNA28OFOXrpTWdVnkMH6rHOSxnxMjejeoZEv+5vtvUH4owL5B82FH/fJ9QeDSo6iM+V2v9Xc8nkxl/3HWuRdJWCJ730J49kOheyXpEA9wt9aw5YpPhqJeBPa84kI9JtP5Tlkr3gGAtD/L+jO2Y+jbedQxCffc5R4OVBCndPMFLS+3awrCOP1WNiDQO7+CohGUssFxiRBIBJ948Fx1D7M8ZE8qKliDz+q7EcT5md7nR1d4exUn4aILmwbcwXGKvSiWTJmBGfH7iwSdMbr/ZtCiSfCYMref8ZHG5uO/tGQ/cpCZn67KfsWW6mC35UGnpxnohyyd95rOUSzHkAqi4PJx5tu1LGNXosy4VOSQeQ6ChExKkx2u1j55whlZqaFAsuWA4CxQo1mcny9Qjt8IAFjE2YVbvtvLhMn/lcH3DQUukA6LJPB59udh0lgZDSuQSwRb35+9Q8jWdiCUUbWYJUR5TIwvSngtVt4g2P0eHncD0luHz21F9txsmrql6IOnr5YxU4KptQnU0SssvuYb5jfUO3oOBvvkqCM1vntzgDSKvS53hn0RdH+wY68gltoHsJDFjDVXmobhcHr5ubX3PK11r2uGbDOWApc/h+Bmkwf5rsVn8fCHbnWe+1wQTPSfyujpcC7PffJ/Knmv+vYLAWofMC4TbIY451HIJ4xUHlZfHnaGnnJGf6Hlnpn2P6cFI4AXFNGAzxfAjoNzQowuUQzKxtsEB4mng7hCEzKi5SdEcgTudd6qcMd9Kj1UJFED3gqu7Fo1tjM2EMWlinYOxQxlRSE1lpcd8Y8ZPljOUplZ3P0cSikSLyuGDVkXN94OagUMTNieF+oINFCZsU1aAqf/SxOMh7+tDUNvGj2VTIKa+kBlDTzl51aIGXGwCjj4d7HBJy4cbKH7nW4E2Q6xSKZLYf/UoF6jWao6lO5cpvWFENzGiI6o2fYEYfp2KVyRW+4liMKYT1g5na1NP4Z8VsfEKS6UNzOiiqoMcsiHz2L7qTtvDEL49wYVwuBNm8GHXQ32oZGexIDZz+uhO+nYfVJRRkNh2sKurLgA+NF7jAvP87nejqzwW+aI+SuSppnKe+QBvEfq2IeVaqdpau8qzdlmC3ke3vGC679m+9krN1YNmRdJAxEgs4WF2g1qjKG5hQKVA5uve5dQfFDbHv7y7jkd4zob32A2A1p37qjWESZoRYRtZVjuWduJXB8dG+2tqp8MonINGGbXNLfvahOs+RyiW12c0/17T8x72BSoXOK4DQuABOci0kS7OwjSpKD3joh/nn+Mg6Lmm6Luj+D8i8SB/+kv5+U9oWgbfKNKkz6ilY28px+D8H9P6wLwWFcsiSyO6Sb1vFMY0Wegdt5uXCupf4CVX7d9NEtSYpFKWP8Ufdc6zRvc5LofRJ8noxSpVou0I2+KTFUCfdhIA7LV62JmhC2k61QhN8YllYJcItQc5bgxrSYs/i7dVhwqPDUzbUAcO4q4xuQNtc4asozmjxb2YdidBtE4V2CMf7p//yTA9PGBqDbuv6Yx7RwavTdJW3bLBb+seQKrnYp8zV4u07DaOSOaEVUJfn9fTFt5QiCwOuo5Z2tr7hbn5rwvAA9pm6Br4lys5B5nMFetMp7jKByfZPjF8i1586IjWqgT3B+b7Jrp7qUs/FFmLA5jziVyeVzzGCiw/oXEI1g59Vn8hNPKY3CDXi5vsWVR6zQieA8wM1vXhXM4JdYdsU1fAwDqLf8s+XZND4zveACTdl836QIidvwpUQAkl2AoitI0lE5CNsDClqtY9KIf9TmTkwaWCPXtbQ3A+N/X6abreQn6Tv8w4cu7cu5+v2ebkAIomd9X/BtntSRUreLpZr1+yDOtu6+FNMX2d8c8lSjdO5CekVNXBXaJeyF47oKBmO5oOP3jfvHH7QqW+qXxFcor5x1SJI73eLv+9//z109sWnZ/Fc6aKi1eBe+/SSCisJs8Dh4/W2oLPxhfcMC6hhwvV6yB7dvKZ2eNYeuqR58JS9QwMD4DT3+Qq6Lu7CUcdUkgIQ2/SvnAOaPpRbC1VVoc+fZ/UuBA2DPafWPm0OZzoUA9wrSN5CBCcJLKvY0J2yW9FPuE2wy6CgXtN869K6sEQiHtXqd7hhqVEvmvykjmFFHX2THCEiDd0Jr/Upc7b/tM4tcrEe67AWa7qLCidhQx+lqviyuNgVLDKk73MlwcpFRyrFbZk34qf8H2y5A5DMXfUWr7/5mP4NMbb0b3CTsBWJfB5mu23EBJGifpv5iYGUaDh+n29lvv6X5cyDSJIEpNpDSdQliPaf0einf7EtlkIwVh1JPvxYmL2Xt2w0LXm5SP62zPYfGMYEY5lYW4c5qFSIzKeFjEU+dDA+9tIgtw5XAlkJFIQ2DBl1hIfJczbWJlj5lWX/jDsXk9gdJ13/kU3fRzmdtRhFWPuKWNHI6RJtmKq+6eUldgb7dPbLF8+nVALbSk47+DwqJs6AqKJr/jndJKHtfAdoob/1796/aQUdVHx7Qfzku//gsUEWEvOlUPGloOlBRwf6scvXtcsaGftIc52v6DmHh6A5ehmgdSFpZWoSmQ3BhfbEa2j3grUT9iuv54v4xMi8F1JDDu3tpQG8FwXg6fY2VvKjqHHf6hoS7Xtf5pFrggUbGbDc5gzx5QnPHPHnHuTdnAwcSVwPEh7/9oNe6zYCmhrrbOFEU3QKs7r3wsRe19yjLyyIAfLfrgFUjQ4eS9jNE/NCyDLecqZxg5As72j3uo9HjKnYM0iHC5S57+5IzGVUH7noqFJoyaVE/ATerqP0MqJ1ePaaKpbaE1dx822JWj2rQ0v0UtrsPwEiPMcfDQnxnuv2Norw0UFIm3tOHNQeD2XAcd/epyj43K1EWMc31IS7nPf6EitA0X+ziqFUyLzgqieRTXj9zmDdTzcSnYVdFOQJcMnJSlb9Q7FHfySyJlzGxGUe3ATalnq9psZ1V5ifnzmoAeLvRbdKWguOhPJDK6EemkJSYWvALkrOF+GJkabAhL2PzmOj6VUidgDLhjnwD5ZpmsC7gr8T+Nx1Vmu1ercVRuA66IClIfMijnoq4hjZLOMnvvVLop2yvVh3TMF6qOYQOg1v5Eoz9I0HFu20fn2UZHY2VThdnfCqRkvjYEROIPBRHJVhtPu5ypjS5RWxbVcn90YcBuqVKHDeFgfFPGq7x5fDdAaUNRZW5UZxLR4l9tk8wAAD/oVfoiuPpOXyD2kxqqbnn+UI22Dy0qHjd1JE+w0+WvNb263nTZAjAaM0qB538DHSd2lbsAKHF30C8lBWlsbAfxc8e9t0cqMiZ6R/fVJSwZJVQ507Z/lRVqpgTEFtSLysgBJw1NvUrhQPA1ISu89oEKiwHZDmkWpul7BgY+wYtRuZQBxb7Ji2Ny0y0j+SSBPCDmNZPV+i1Rt0l8YUbu7BH/mGjSMByIaNok4tEEh0pz79G+yZkUeMMUjPWTuiccEg85Jgwh25t62JQu/SnLpPEBjif0dDr3M3sA4jjWX6YxUiGN+Wlry89aoBhIfJFFiNBMtlN42EyonjJfYydof6t/rGeJAlehmfjzMcBRmZEkSUQ6sIqxf04NR3m7ylKv8Wb66DTJaVP5WYHBjuxqQip8hP+gxLb7atHuzV1DFJaU5O/UQ0QDK4FFeNaj1MZRMlAaTh0HBb/DTcZtdH7rDfcX/gft2pbCLwoCetuOiVZGCs0yiyafmUfDsO1QUcJ7PXFO8RGWmN/VXoTb9LJpJLIVGyL361E7IO+iDpeQ2z1L80g4USPzdUPxDDIm0m/eyKlBVZquF76UVvEc0EHiIZjbQa6SXQgzBj6yWm8eUuX4mmHGQEFUF/3X1nc7nXu8t9SwsfAsWk0JEpsQOSaVDmuFJ2G55GO/rgxp3G5szmX1wCQio8fSF04mhHrbuPAznRpHAtBNW6kFJDLbZ+5J3svwHfkS3PlR9Zfw2ko2ZT5LTNwxA/KS+aXEx7JcEwDaHR+0CBrHTI28SfoCyJnUFPnzN2shBTNkGE5gkx168ZAZDB4+mNI7PFR+/pzoa9dVe2zEcYh5N1AA3xF3Rh/beXrRGPRyDwQzGGs3jBMtxA6hXFsTeegzJwhJ6m0oJri5NII6a7/otWEQpx5EKVCN9YxFPwK7FbWuaNAYBPD20lMOYPVUNfwfdbERz2cIYatVW6joaoxiF9xvns13ZJMBk1b3byDKhZZ+8z7qUXCRtx+GZ+b/1462PoUt1BZX7oz6+8miC9CDF+iqixXQ2XcSRbqT7Oy5IkUXAPk1VEmXWh/7sinG2ohj79iwRFfqYWKXHThJO/T4qIBfUUgdsHuakuFNYM5EyZe6P9t1vQ+UrmGCkOiIdpklTEycG3ndHT9H+0wRoR547O3ilteVteuSVDdMR/XvyPZamIPZV6MbC4vgpodFO/1vdenTsIPQV/wqwwMkzoSe7wQZg1A81bFD4CeMgJmO8ZFfIBUczMLEw0s3kvg4o7vJ5yXMzVKjEob9V+D6w24kALruHy+EkilsOInqvYc2VJMy8XxMTUkCrCpkTamtVGcRBcHUn4KCPgoF3KFVJqOfNCFfnlq3JB+bwZ/cp1aF9JKvSotr6HEXGVkBILG7KDt3U3FEBu/+bYDi+kPP1/AgO8x28ZSVlESwaLORcv6Edt3t4lpQHvM9/+CV98I72ajisREmAb9MD0wITAJBgUrDgMCGgUABBRqgZ/wtxdW8d3M7waGVOjCkGjlQgQUGVtjR8gSWzJRRrxlbLNw5CafsKMCAgQA","password":"11","customFields":[]}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
ID of created certificate based on imported payload |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 10
{"id":260}Send enrollment invitation
V2
Path parameters
| Parameter | Description |
|---|---|
|
Person ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
accountId |
Number |
Client Certificate Web Form Account ID |
Example request
$ curl 'https://cert-manager.com/api/person/v2/459/invitation/send' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer21190' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-H 'Accept: application/json' \
-d '{"accountId":173}'Example response
HTTP/1.1 202 AcceptedV1 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
Person ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
term |
Number |
Term for certificate in days |
|
keyType |
String |
Allowed Key Type |
|
profileId |
Number |
Profile ID |
Example request
$ curl 'https://cert-manager.com/api/person/v1/441/invitation/send' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer21064' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-H 'Accept: application/json' \
-d '{"profileId":6248,"term":365,"keyType":"RSA - 2048"}'Example response
HTTP/1.1 202 AcceptedList enrollment endpoints
Path parameters
| Parameter | Description |
|---|---|
|
Person ID |
Example request
$ curl 'https://cert-manager.com/api/person/v2/456/invitation/endpoint' -i -X GET \
-H 'login: admin_customer21169' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of Enrollment Form Endpoints |
|
|
Endpoint ID |
|
|
Endpoint name |
|
|
Endpoint url |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 117
[{"id":5600,"name":"test SMIME_WEB_FORM21175","url":"https://cert-manager.com/customer/test/smime/${URI_EXTENSION}"}]List enrollment endpoint accounts
Path parameters
| Parameter | Description |
|---|---|
|
Person ID |
|
Client Certificate Enrollment Form Endpoint ID |
Example request
$ curl 'https://cert-manager.com/api/person/v2/455/invitation/endpoint/5598/account' -i -X GET \
-H 'login: admin_customer21162' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of Enrollment Form Endpoint Accounts |
|
|
Account ID |
|
|
Account name |
|
|
Array of profiles names |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 128
[{"id":169,"name":"Client Cert Enrollment Form Account","profiles":["Client cert SASP 724216261","Client cert SASP 646758057"]}]Domains
View domains
List domains
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
the first position (entry) to return from the results of the query |
|
Filter by name |
|
Filter by state, possible values [active, inactive] |
|
Filter by status, possible values [requested, approved] |
|
Filter by organization ID |
Example request
$ curl 'https://cert-manager.com/api/domain/v1?size=10&position=0' -i -X GET \
-H 'login: admin_customer20819' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of requested domains |
|
|
Domain ID |
|
|
Domain |
Example response
HTTP/1.1 200 OK
X-Total-Count: 4
Content-Type: application/json
Content-Length: 137
[{"id":2022,"name":"example0.com"},{"id":2023,"name":"example1.com"},{"id":2024,"name":"example2.com"},{"id":2025,"name":"example3.com"}]Count domains
Deprecated
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
the first position (entry) to return from the results of the query |
|
Filter by name |
|
Filter by state, possible values [active, inactive] |
|
Filter by status, possible values [requested, approved] |
|
Filter by organization ID |
Example request
$ curl 'https://cert-manager.com/api/domain/v1/count?size=10&position=0' -i -X GET \
-H 'login: admin_customer20775' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Count for domains |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 11
{"count":4}Get domain details
Path parameters
| Parameter | Description |
|---|---|
|
Domain ID |
Example request
$ curl 'https://cert-manager.com/api/domain/v1/2031' -i -X GET \
-H 'login: admin_customer20837' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Domain ID |
|
|
Domain name |
|
|
Domain delegation status. Available values are: [ACTIVE, REQUESTED] |
|
|
Domain state. Available values are: [SUSPENDED, ACTIVE] |
|
|
Domain validation status. This field is shown only if DCV is enabled for customer. Available values are: [Not validated, Validated, Expired] |
|
|
Domain validation method. This field is shown only if DCV is enabled for customer. Available values are: [HTTP_CSR_HASH, CNAME_CSR_HASH, EMAIL, HTTPS_CSR_HASH, DNSTXT_RANDOM_VALUE] |
|
|
DCV validation date. This field is shown only if DCV is enabled for customer. Format: yyyy-MM-dd |
|
|
DCV expiration date. This field is shown only if DCV is enabled for customer. Format: yyyy-MM-dd |
|
|
CT Log monitoring feature enable/disable |
|
|
Include subdomains |
|
|
Certificate Bucket ID for monitored certificates |
|
|
CT Log monitoring feature enable/disable |
|
|
Include subdomains |
|
|
Certificate Bucket ID for monitored certificates |
|
|
List of domain delegations, filtered by client admin credentials. |
|
|
Organization id |
|
|
Certificate types. Available values are: [SSL, SMIME, CodeSign, BrandIndicator] |
|
|
Domain certificate request privileges. Available values are: [DOMAIN, SUBDOMAIN, WILDCARD_1ST_LEVEL, WILDCARD_2ND_LEVEL] |
|
|
Delegation status. Available values are: [ACTIVE, REQUESTED] |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 419
{"id":2031,"name":"ccmqa.com","delegationStatus":"ACTIVE","state":"ACTIVE","validationStatus":"VALIDATED","validationMethod":"EMAIL","dcvValidation":"2025-12-04","dcvExpiration":"2026-12-04","delegations":[{"orgId":11579,"certTypes":["SSL"],"domainCertificateRequestPrivileges":["DOMAIN"],"status":"ACTIVE"}],"ctLogMonitoring":{"bucketId":"f240fca3-906d-4017-b7bf-73b9c739a46e","enabled":true,"includeSubdomains":true}}Manage domains
Create domain
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Domain name |
[Must not be null, Size must be between 4 and 255 inclusive] |
description |
String |
Domain description (optional) |
[Maximum length is 255 characters or can be empty] |
active |
Boolean |
Required domain state |
Set 'false' if you want to create domain in suspended state |
ctLogMonitoring.enabled |
Boolean |
CT Log monitoring feature enable/disable |
Set 'false' if you want to disable CT Log monitoring. |
ctLogMonitoring.includeSubdomains |
Boolean |
Include subdomains |
[] |
ctLogMonitoring.bucketId |
String |
Certificate Bucket ID for monitored certificates. Required if CT Log monitoring is going to be enabled. |
[] |
delegations[] |
Array |
Domain delegations list |
[Must not be null, Size must be between 1 and 2147483647 inclusive] |
delegations[].orgId |
Number |
Organization ID |
|
delegations[].certTypes |
Array |
Domain delegation certificate types |
Allowed values: [SSL, SMIME, CodeSign, BrandIndicator] |
delegations[].domainCertificateRequestPrivileges |
Array |
Domain delegation domain certificate request privileges |
Allowed values: [DOMAIN, SUBDOMAIN, WILDCARD_1ST_LEVEL, WILDCARD_2ND_LEVEL] |
Example request
$ curl 'https://cert-manager.com/api/domain/v1' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer20802' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"name":"testdomain.com","description":"Domain created via REST API","active":true,"ctLogMonitoring":{"bucketId":"4ea7a8f7-819b-499d-b9a8-599bf88cfa38","enabled":true,"includeSubdomains":true},"delegations":[{"orgId":11556,"certTypes":["SSL"],"domainCertificateRequestPrivileges":["SUBDOMAIN","DOMAIN"]}]}'Response headers
| Name | Description |
|---|---|
|
Url location of created domain |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/domain/v1/2018Update/Enable/Disable Ct Log Monitoring for Domain
Path parameters
| Parameter | Description |
|---|---|
|
Domain ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
enabled |
Boolean |
CT Log monitoring feature enable/disable |
Set 'false' if you want to disable CT Log monitoring |
includeSubdomains |
Boolean |
Include subdomains |
[] |
bucketId |
String |
Certificate Bucket ID for monitored certificates. Required if CT Log monitoring is going to be enabled. |
[] |
Example request
$ curl 'https://cert-manager.com/api/domain/v1/2026/monitoring' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer20822' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"enabled": true,
"includeSubdomains": true,
"bucketId": "88a9795b-b3cf-411b-8e72-f365a0ab5e71"
}
'Example response
HTTP/1.1 200 OKDelete domain
| Master Registration Authority Officers (MRAO) can delete any domain. Registration Authority Officers (RAO) and Department Registration Authority Officers (DRAO) can only delete domains if they have permission to manage all organizations that the domain has been assigned to. |
Path parameters
| Parameter | Description |
|---|---|
|
Domain ID |
Example request
$ curl 'https://cert-manager.com/api/domain/v1/2020' -i -X DELETE \
-H 'login: admin_customer20810' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 204 No ContentActivate domain
Path parameters
| Parameter | Description |
|---|---|
|
Domain ID |
Example request
$ curl 'https://cert-manager.com/api/domain/v1/2005/activate' -i -X PUT \
-H 'login: admin_customer20751' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 200 OKSuspend domain
Path parameters
| Parameter | Description |
|---|---|
|
Domain ID |
Example request
$ curl 'https://cert-manager.com/api/domain/v1/2036/suspend' -i -X PUT \
-H 'login: admin_customer20861' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 200 OKDelegate domain
Path parameters
| Parameter | Description |
|---|---|
|
Domain ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
orgId |
Number |
Organization ID |
[Must be at least 1, Must not be null] |
certTypes |
Array |
Certificate types |
Allowed values: [SSL, SMIME, CodeSign, BrandIndicator] |
domainCertificateRequestPrivileges |
Array |
Domain certificate request privileges |
Allowed values: [DOMAIN, SUBDOMAIN, WILDCARD_1ST_LEVEL, WILDCARD_2ND_LEVEL] |
Example request
$ curl 'https://cert-manager.com/api/domain/v1/2006/delegation' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer20754' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"orgId":11523,"certTypes":["SSL"],"domainCertificateRequestPrivileges":["SUBDOMAIN","DOMAIN"]}'Example response
HTTP/1.1 200 OKDelegate domains
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
orgId |
Number |
Organization ID |
[Must be at least 1, Must not be null] |
certTypes |
Array |
Certificate types |
Allowed values: [SSL, SMIME, CodeSign, BrandIndicator] |
domainIds |
Array |
Domain IDs |
[Must not be null, Size must be between 1 and 1000 inclusive] |
domainCertificateRequestPrivileges |
Array |
Domain certificate request privileges |
[Size must be between 1 and 2147483647 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/domain/v1/delegation' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer20763' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"domainIds":[2009,2008],"orgId":11530,"certTypes":["SMIME","BrandIndicator","SSL"],"domainCertificateRequestPrivileges":["SUBDOMAIN","DOMAIN"]}'Example response
HTTP/1.1 200 OKRemove domain delegation
Path parameters
| Parameter | Description |
|---|---|
|
Domain ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
orgId |
Number |
Organization ID |
[Must be at least 1, Must not be null] |
certTypes |
Array |
Certificate types |
Allowed values: [SSL, SMIME, CodeSign, BrandIndicator] |
domainCertificateRequestPrivileges |
Array |
Domain certificate request privileges |
Allowed values: [DOMAIN, SUBDOMAIN, WILDCARD_1ST_LEVEL, WILDCARD_2ND_LEVEL] |
Example request
$ curl 'https://cert-manager.com/api/domain/v1/2034/delegation' -i -X DELETE \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer20852' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"orgId":11590,"certTypes":["SSL"],"domainCertificateRequestPrivileges":["SUBDOMAIN","DOMAIN"]}'Example response
HTTP/1.1 200 OKApprove delegation
Path parameters
| Parameter | Description |
|---|---|
|
Domain ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
orgId |
Number |
Organization ID |
[Must be at least 1, Must not be null] |
Example request
$ curl 'https://cert-manager.com/api/domain/v1/2010/delegation/approve' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer20766' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"orgId":11532}'Example response
HTTP/1.1 200 OKReject delegation
Path parameters
| Parameter | Description |
|---|---|
|
Domain ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
orgId |
Number |
Organization ID |
[Must be at least 1, Must not be null] |
Example request
$ curl 'https://cert-manager.com/api/domain/v1/2032/delegation/reject' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer20843' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"orgId":11583}'Example response
HTTP/1.1 200 OKOrganizations
|
EV details and Organization Identifier are no longer supported by this API. EV details were moved to the EV SSL validation details. Organization Identifier was moved to the OV S/MIME validation details. |
View organizations
List organizations
Example request
$ curl 'https://cert-manager.com/api/organization/v1' -i -X GET \
-H 'login: admin_drao_customer4702' \
-H 'password: Password123!' \
-H 'customerUri: cst4702'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of requested organizations |
|
|
Organization name |
|
|
Organization ID |
|
|
Departments array |
|
|
Department ID |
|
|
Department name |
|
|
Department’s parent organization name |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 241
[ {
"id" : 10589,
"name" : "org4Test",
"departments" : [ {
"id" : 10590,
"parentName" : "org4Test",
"name" : "department4Test"
}, {
"id" : 10591,
"parentName" : "org4Test",
"name" : "department4Test"
} ]
} ]List organizations by role
Path parameters
| Parameter | Description |
|---|---|
|
Client admin’s requested role |
Example request
$ curl 'https://cert-manager.com/api/organization/v1/managedBy/DRAO_SSL' -i -X GET \
-H 'login: admin_rao_customer4737' \
-H 'password: Password123!' \
-H 'customerUri: cst4737'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of requested organizations |
|
|
Organization ID |
|
|
Organization name |
|
|
Department’s parent organization name |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 160
[ {
"id" : 10605,
"name" : "department4Test",
"parentName" : "org4Test"
}, {
"id" : 10606,
"name" : "department4Test",
"parentName" : "org4Test"
} ]List organizations by certificate type
Get organization list related to specific certificate type.
Path parameters
| Parameter | Description |
|---|---|
|
Certificate type: SSL, Client, Device, CodeSign. |
Example request
$ curl 'https://cert-manager.com/api/organization/v1/report-type/SSL' -i -X GET \
-H 'login: admin_rao_customer4709' \
-H 'password: Password123!' \
-H 'customerUri: cst4709'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Array of requested organizations |
|
|
Organization ID |
|
|
Organization name |
|
|
Departments |
|
|
Department ID |
|
|
Department name |
|
|
Department’s parent organization name |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 241
[ {
"id" : 10592,
"name" : "org4Test",
"departments" : [ {
"id" : 10593,
"parentName" : "org4Test",
"name" : "department4Test"
}, {
"id" : 10594,
"parentName" : "org4Test",
"name" : "department4Test"
} ]
} ]Get organization details
Get organization details.
Path parameters
| Parameter | Description |
|---|---|
|
ID of organization whose details are being requested |
Example request
$ curl 'https://cert-manager.com/api/organization/v1/10580' -i -X GET \
-H 'login: admin_rao_customer4681' \
-H 'password: Password123!' \
-H 'customerUri: cst4681'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Organization name |
|
|
Organization ID |
|
|
Organization SCHAC code. (Deprecated, please refer to 'alias' instead). |
|
|
Organization alias |
|
|
Organization alternative name |
|
|
Contact emails, separated by comma |
|
|
Contact webhook url |
|
|
Contact Slack webhook url |
|
|
Contact Teams webhook url |
|
|
Address details |
|
|
Address details |
|
|
Address details |
|
|
City |
|
|
State or province |
|
|
Postal code |
|
|
Country |
|
|
Validation status. Deprecated, please use 'Organization validations' API to view organization validations. |
|
|
Secondary validation status. Deprecated, please use 'Organization validations' API to view organization validations. |
|
|
Allow Web / REST API operations for SSL certificates of this organization / department. |
|
|
Allow Web / REST API operations for Client certificates of this organization / department. |
|
|
Allow key recovery by Master admins |
|
|
Allow key recovery by Org admins |
|
|
Allow key recovery by Department admins |
|
|
Array of allowed certificate types |
|
|
Departments array |
|
|
Department ID |
|
|
Department name |
|
|
Department’s parent organization name |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 790
{
"id" : 10580,
"name" : "org4Test",
"certTypes" : [ "SSL" ],
"departments" : [ {
"id" : 10581,
"parentName" : "org4Test",
"name" : "department4Test"
}, {
"id" : 10582,
"parentName" : "org4Test",
"name" : "department4Test"
} ],
"contactEmails" : "aa@scm.com,bb@scm.com",
"contactWebhook" : "https://certmanager.com/webhook",
"address1" : "Deribasovskaya 1",
"address2" : "Street 2",
"address3" : "Street 3",
"city" : "Odesa",
"stateOrProvince" : "Odeska oblast",
"postalCode" : "65059",
"country" : "UA",
"clientCertificate" : {
"allowKeyRecoveryByMasterAdmins" : true,
"allowKeyRecoveryByOrgAdmins" : true,
"allowKeyRecoveryByDepartmentAdmins" : true
},
"sslCertsApiEnabled" : true,
"clientCertsApiEnabled" : true
}Manage organizations
Create organization
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Organization name |
[Must not be empty, Maximum length is 128 characters or can be empty] |
alternativeName |
String |
Organization/Department alternative name |
[Maximum length is 1024 characters or can be empty] |
schacHomeOrganization |
String |
Organization SCHAC code. (Deprecated, please use 'alias' instead). |
[Maximum length is 1024 characters or can be empty] |
alias |
String |
Organization alias |
[Maximum length is 1024 characters or can be empty] |
contactEmails |
String |
Contact emails, separated by comma |
[Must be a valid CSV list of emails, Maximum length is 512 characters or can be empty] |
contactWebhook |
String |
Contact webhook url |
[Maximum length is 2048 characters or can be empty] |
contactSlack |
String |
Contact Slack webhook url |
[Maximum length is 2048 characters or can be empty] |
contactTeams |
String |
Contact Teams webhook url |
[Maximum length is 2048 characters or can be empty] |
address1 |
String |
Address 1 |
[Must not be empty, Maximum length is 128 characters or can be empty] |
address2 |
String |
Address 2 |
[Maximum length is 128 characters or can be empty] |
address3 |
String |
Address 3 |
[Maximum length is 128 characters or can be empty] |
city |
String |
City |
[Maximum length is 32 characters or can be empty, Either 'city' or 'stateProvince' must not be blank at least] |
stateProvince |
String |
State or Province |
[Maximum length is 32 characters or can be empty, Either 'city' or 'stateProvince' must not be blank at least] |
postalCode |
String |
Postal Code |
[Maximum length is 10 characters or can be empty] |
clientCertificate |
Object |
Client certificate details |
[Must not be null] |
clientCertificate.allowKeyRecoveryByMasterAdmins |
Boolean |
Allow key recovery by Master admins |
[] |
clientCertificate.allowKeyRecoveryByOrgAdmins |
Boolean |
Allow key recovery by Org admins |
[] |
clientCertificate.allowKeyRecoveryByDepartmentAdmins |
Boolean |
Allow key recovery by Department admins |
[] |
country |
String |
Country |
[Must not be empty, Size must be between 2 and 2 inclusive] |
sslCertsApiEnabled |
Boolean |
Allow Web / REST API operations for SSL certificates of this organization. |
[] |
clientCertsApiEnabled |
Boolean |
Allow Web / REST API operations for Client certificates of this organization. |
[] |
Example request
$ curl 'https://cert-manager.com/api/organization/v1' -i -X POST \
-H 'Content-Type: application/json' \
-H 'login: admin_customer4667' \
-H 'password: Password123!' \
-H 'customerUri: cst4667' \
-d '{
"name" : "Organization",
"address1" : "First street, 123",
"address2" : "Block 2",
"address3" : "Office 34",
"city" : "Odesa",
"stateProvince" : "Odeska oblast",
"postalCode" : "65000",
"country" : "UA",
"clientCertificate" : {
"allowKeyRecoveryByMasterAdmins" : true,
"allowKeyRecoveryByOrgAdmins" : false,
"allowKeyRecoveryByDepartmentAdmins" : false
},
"sslCertsApiEnabled" : true,
"clientCertsApiEnabled" : true,
"contactEmails" : "bb123@cc,aa456@cc",
"contactWebhook" : "https://certmanager.com/webhook"
}'Response headers
| Name | Description |
|---|---|
|
URL location of created organization. |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/organization/v1/10574Create department
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
parentOrgName |
String |
Parent organization name. |
[Must not be empty, Maximum length is 128 characters or can be empty] |
name |
String |
Department name |
[Must not be empty, Maximum length is 128 characters or can be empty] |
address1 |
String |
Address 1 |
[Must not be empty, Maximum length is 128 characters or can be empty] |
address2 |
String |
Address 2 |
[Maximum length is 128 characters or can be empty] |
address3 |
String |
Address 3 |
[Maximum length is 128 characters or can be empty] |
city |
String |
City |
[Maximum length is 32 characters or can be empty, Either 'city' or 'stateProvince' must not be blank at least] |
stateProvince |
String |
State or Province |
[Maximum length is 32 characters or can be empty, Either 'city' or 'stateProvince' must not be blank at least] |
postalCode |
String |
Postal Code |
[Maximum length is 10 characters or can be empty] |
clientCertificate |
Object |
Client certificate details |
[Must not be null] |
clientCertificate.allowKeyRecoveryByMasterAdmins |
Boolean |
Allow key recovery by Master admins |
[] |
clientCertificate.allowKeyRecoveryByOrgAdmins |
Boolean |
Allow key recovery by Org admins |
[] |
clientCertificate.allowKeyRecoveryByDepartmentAdmins |
Boolean |
Allow key recovery by Department admins |
[] |
country |
String |
Country |
[Must not be empty, Size must be between 2 and 2 inclusive] |
sslCertsApiEnabled |
Boolean |
Allow Web / REST API operations for SSL certificates of this department. |
[] |
clientCertsApiEnabled |
Boolean |
Allow Web / REST API operations for Client certificates of this department. |
[] |
Example request
$ curl 'https://cert-manager.com/api/organization/v1' -i -X POST \
-H 'Content-Type: application/json' \
-H 'login: admin_customer4513' \
-H 'password: Password123!' \
-H 'customerUri: cst4513' \
-d '{
"parentOrgName" : "org4Test",
"name" : "Department",
"address1" : "First street, 123",
"address2" : "Block 2",
"address3" : "Office 34",
"city" : "Odesa",
"stateProvince" : "Odeska oblast",
"postalCode" : "65000",
"country" : "UA",
"clientCertificate" : {
"allowKeyRecoveryByMasterAdmins" : true,
"allowKeyRecoveryByOrgAdmins" : false,
"allowKeyRecoveryByDepartmentAdmins" : true
},
"sslCertsApiEnabled" : true,
"clientCertsApiEnabled" : true
}'Response headers
| Name | Description |
|---|---|
|
URL location of created department |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/organization/v1/10499Update organization or department
Path parameters
| Parameter | Description |
|---|---|
|
ID of organization whose details are being updated |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Organization/Department name |
[Maximum length is 128 characters or can be empty] |
alternativeName |
String |
Organization/Department alternative name |
[Maximum length is 1024 characters or can be empty] |
schacHomeOrganization |
String |
Organization SCHAC code. (Deprecated, please use 'alias' instead). |
[Maximum length is 1024 characters or can be empty] |
alias |
String |
Organization alias |
[Maximum length is 1024 characters or can be empty] |
contactEmails |
String |
Contact emails, separated by comma |
[Must be a valid CSV list of emails, Maximum length is 512 characters or can be empty] |
contactWebhook |
String |
Contact webhook url |
[Maximum length is 2048 characters or can be empty] |
contactSlack |
String |
Contact Slack webhook url |
[Maximum length is 2048 characters or can be empty] |
contactTeams |
String |
Contact Teams webhook url |
[Maximum length is 2048 characters or can be empty] |
address1 |
String |
Address 1 |
[Maximum length is 128 characters or can be empty] |
address2 |
String |
Address 2 |
[Maximum length is 128 characters or can be empty] |
address3 |
String |
Address 3 |
[Maximum length is 128 characters or can be empty] |
city |
String |
City |
[Maximum length is 32 characters or can be empty] |
stateProvince |
String |
State or Province |
[Maximum length is 32 characters or can be empty] |
postalCode |
String |
Postal Code |
[Maximum length is 10 characters or can be empty] |
country |
String |
Country |
[Size must be between 2 and 2 inclusive] |
sslCertsApiEnabled |
Boolean |
Allow Web / REST API operations for SSL certificates of this department. |
[] |
clientCertsApiEnabled |
Boolean |
Allow Web / REST API operations for Client certificates of this department. |
[] |
Example request
$ curl 'https://cert-manager.com/api/organization/v1/10640' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4814' \
-H 'password: Password123!' \
-H 'customerUri: cst4814' \
-d '{
"name" : "My org",
"address1" : "First street, 123",
"address2" : "Block 2",
"address3" : "Office 34",
"city" : "Odesa",
"stateProvince" : "Odeska oblast",
"postalCode" : "65000",
"country" : "UA",
"alternativeName" : "My organization",
"contactEmails" : "aa22@cc.com,bb33@cc.com",
"sslCertsApiEnabled" : true,
"clientCertsApiEnabled" : true
}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Organization name |
|
|
Organization secondary name |
|
|
Organization SCHAC code. (Deprecated, please use 'alias' instead). |
|
|
Organization alias |
|
|
Contact emails, separated by comma |
|
|
Contact webhook url |
|
|
Contact Slack webhook url |
|
|
Contact Teams webhook url |
|
|
Organization ID |
|
|
Address details |
|
|
Address details |
|
|
Address details |
|
|
City |
|
|
State or province |
|
|
Postal code |
|
|
Country |
|
|
Validation status. Deprecated, please use 'Organization validations' API to view organization validations. |
|
|
Secondary validation status. Deprecated, please use 'Organization validations' API to view organization validations. |
|
|
Allow Web / REST API operations for SSL certificates of this organization / department. |
|
|
Allow Web / REST API operations for Client certificates of this organization / department. |
|
|
Allow key recovery by Master admins |
|
|
Allow key recovery by Org admins |
|
|
Allow key recovery by Department admins |
|
|
Array of allowed certificate types |
|
|
Departments array |
|
|
Department ID |
|
|
Department name |
|
|
Department’s parent organization name |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 602
{
"id" : 10640,
"name" : "My org",
"certTypes" : [ "SMIME", "SSL", "CodeSign" ],
"secondaryName" : "My organization",
"contactEmails" : "aa22@cc.com,bb33@cc.com",
"address1" : "First street, 123",
"address2" : "Block 2",
"address3" : "Office 34",
"city" : "Odesa",
"stateOrProvince" : "Odeska oblast",
"postalCode" : "65000",
"country" : "UA",
"clientCertificate" : {
"allowKeyRecoveryByMasterAdmins" : false,
"allowKeyRecoveryByOrgAdmins" : false,
"allowKeyRecoveryByDepartmentAdmins" : false
},
"sslCertsApiEnabled" : true,
"clientCertsApiEnabled" : true
}Delete organization or department
Example request
$ curl 'https://cert-manager.com/api/organization/v1/10575' -i -X DELETE \
-H 'login: admin_customer4674' \
-H 'password: Password123!' \
-H 'customerUri: cst4674'Path parameters
| Parameter | Description |
|---|---|
|
Organization or department ID |
Example response
HTTP/1.1 204 No ContentOrganization validations
V1 - Deprecated
List organization validations
Path parameters
| Parameter | Description |
|---|---|
|
Organization ID |
Example request
$ curl 'https://cert-manager.com/api/organization/v2/10678/validations' -i -X GET \
-H 'login: admin_customer4885' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
An array of available validations |
|
|
Entity ID |
|
|
Validation level. Possible values: [OV_SSL, OV_SMIME, EV_SSL] |
|
|
Validation status |
|
|
Validation background status. Can be one of [PENDING, FAILED], successful background validation empties the field with 'status' field set to VALIDATED |
|
|
Submitted date |
|
|
Expires date |
|
|
Is alternative |
|
|
Backend ID |
|
|
Backend type |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 277
[{"id":1012,"validationLevel":"OV_SSL","status":"PENDING","alternative":false,"backendId":7666,"backendType":"SASP"},{"id":1013,"validationLevel":"OV_SSL","status":"VALIDATED","expires":"2026-06-04T07:54:07.858Z","alternative":false,"backendId":7667,"backendType":"DIGI_CERT"}]Get organization validation details
Path parameters
| Parameter | Description |
|---|---|
|
Organization ID |
|
Validation ID |
Example request
$ curl 'https://cert-manager.com/api/organization/v2/10676/validations/1011' -i -X GET \
-H 'login: admin_customer4882' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Entity ID |
|
|
Validation level. Possible values: [OV_SSL, OV_SMIME, EV_SSL] |
|
|
Validation status |
|
|
Validation background status. Can be one of [PENDING, FAILED], successful background validation empties the field with 'status' field set to VALIDATED |
|
|
Submitted date |
|
|
Expires date |
|
|
Is alternative |
|
|
CA Backend ID |
|
|
Validator |
|
|
Validator ID |
|
|
Validator name |
|
|
CA Backend type |
|
|
Validation settings. Tracking information for the CA backends. Possible settings: [EXTERNAL_ORG_NAME, EXTERNAL_ORG_ID, LEGACY_TRACKING_ID, LEGACY_BACKGROUND_TRACKING_ID, TRACKING_ID, BACKGROUND_TRACKING_ID, LAST_ERR_MSG_FROM_CA] |
|
|
Validated organization details. Available only for Sectigo CA backends |
|
|
General organization details |
|
|
Organization legal name |
|
|
Organization’s assumed/DBA name (doing business as). Available only for EV validations. |
|
|
Address line 1 |
|
|
Address line 2 |
|
|
Address line 3 |
|
|
City |
|
|
State or province |
|
|
Postal code |
|
|
Country code (ISO 3166-1 alpha-2) |
|
|
Organization identifier. Available only for OV S/MIME validation |
|
|
EV details. Available only for EV validations. |
|
|
Registration agency |
|
|
DUN and Bradstreet Number |
|
|
Company Registration Number |
|
|
Jurisdiction of city or town |
|
|
Jurisdiction of State |
|
|
Jurisdiction of Country. (ISO 3166-1 alpha-2 country code) |
|
|
City |
|
|
Date of incorporation |
|
|
Business category. Possible values: [PrivateOrganization, GovernmentEntity, BusinessEntity, NonCommercialEntity] |
|
|
Contract signer |
|
|
Forename |
|
|
Surname |
|
|
|
|
|
Phone Number |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 825
{"id":1011,"validationLevel":"EV_SSL","status":"VALIDATED","expires":"2026-06-04T07:54:07.728Z","alternative":false,"backendId":7665,"backendType":"SASP","settings":{"TRACKING_ID":"2052210231"},"organizationDetails":{"generalDetails":{"legalName":"New org4Test","assumedName":"Assumed Name","address1":"Addr 1","address2":"Street 2","address3":"Street 3","city":"Odesa","stateProvince":"Odeska oblast","postalCode":"65059","country":"UA"},"evDetails":{"registrationAgency":{"dunAndBradstreetNumber":"123456789","registrationNumber":"54564564","city":"Jurisdiction Locality","state":"Jurisdiction State","country":"CA","dateOfIncorporation":"2020-01-01","businessCategory":"PrivateOrganization"},"contractSigner":{"forename":"Signer Forename","surname":"Signer Surname","email":"signer@ccmqa.com","phoneNumber":"123456789"}}}}Submit organization validation
Path parameters
| Parameter | Description |
|---|---|
|
Organization ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
organizationDetails |
Object |
Organization details |
[Must not be null] |
organizationDetails.generalDetails |
Object |
General organization details. Required for all validation levels. |
[Must not be null] |
organizationDetails.evDetails |
Object |
EV details. Required for EV validations |
[] |
organizationDetails.organizationIdentifier |
String |
Organization identifier. Applicable only for OV S/MIME validations. Stands for the legal person identification based on one of the following identity type references allowed by ETSI 319 412-1 standard and Baseline Requirements: National Value Added Tax (VAT), National Trade Register (NTR), Global Legal Entity (LEI), International Organization (INT), Government Entity (GOV) |
[Maximum length is 128 characters or can be empty] |
organizationDetails.generalDetails.legalName |
String |
Organization legal name |
[Must not be empty, Maximum length is 64 characters or can be empty] |
organizationDetails.generalDetails.assumedName |
String |
Organization’s assumed/DBA name (doing business as). Applicable only for EV validations. |
[Maximum length is 256 characters or can be empty] |
organizationDetails.generalDetails.address1 |
String |
Address line 1 |
[Maximum length is 128 characters or can be empty] |
organizationDetails.generalDetails.address2 |
String |
Address line 2 |
[Maximum length is 128 characters or can be empty] |
organizationDetails.generalDetails.address3 |
String |
Address line 3 |
[Maximum length is 128 characters or can be empty] |
organizationDetails.generalDetails.city |
String |
City |
[Maximum length is 32 characters or can be empty] |
organizationDetails.generalDetails.stateProvince |
String |
State or province |
[Maximum length is 32 characters or can be empty] |
organizationDetails.generalDetails.postalCode |
String |
Postal code |
[Maximum length is 10 characters or can be empty] |
organizationDetails.generalDetails.country |
String |
Country code (ISO 3166-1 alpha-2) |
[Must not be empty, Size must be between 2 and 2 inclusive] |
organizationDetails.evDetails.registrationAgency |
Object |
Registration agency |
[] |
organizationDetails.evDetails.contractSigner |
Object |
Contract signer |
[] |
organizationDetails.evDetails.registrationAgency.dunAndBradstreetNumber |
String |
DUN and Bradstreet Number |
[Maximum length is 20 characters or can be empty] |
organizationDetails.evDetails.registrationAgency.registrationNumber |
String |
Company Registration Number |
[Maximum length is 256 characters or can be empty] |
organizationDetails.evDetails.registrationAgency.city |
String |
Jurisdiction of city or town |
[Maximum length is 128 characters or can be empty] |
organizationDetails.evDetails.registrationAgency.state |
String |
Jurisdiction of State |
[Maximum length is 128 characters or can be empty] |
organizationDetails.evDetails.registrationAgency.country |
String |
Jurisdiction of Country. (ISO 3166-1 alpha-2 country code) |
[Must not be empty, Size must be between 2 and 2 inclusive] |
organizationDetails.evDetails.registrationAgency.city |
String |
City |
[Maximum length is 128 characters or can be empty] |
organizationDetails.evDetails.registrationAgency.dateOfIncorporation |
String |
Date of incorporation. Format: yyyy-MM-dd. |
[Must be in the past] |
organizationDetails.evDetails.registrationAgency.businessCategory |
String |
Business category. Allowed values: [PrivateOrganization, GovernmentEntity, BusinessEntity, NonCommercialEntity] |
[] |
organizationDetails.evDetails.contractSigner.forename |
String |
Forename |
[Must not be empty, Maximum length is 64 characters or can be empty] |
organizationDetails.evDetails.contractSigner.surname |
String |
Surname |
[Must not be empty, Maximum length is 64 characters or can be empty] |
organizationDetails.evDetails.contractSigner.email |
String |
[Must not be empty, Maximum length is 255 characters or can be empty] |
|
organizationDetails.evDetails.contractSigner.phoneNumber |
String |
Phone number |
[Maximum length is 32 characters or can be empty] |
alternative |
Boolean |
Validation set. Primary (alternative = false) or Secondary (alternative = true). Note: Secondary validation sets are available only for accounts with the corresponding feature enabled. |
[] |
overwriteIfExists |
Boolean |
This flag is required to manage the processing when validation with such configuration already exists. By default, overwriting the existing validations is not allowed. |
[] |
backendId |
Number |
CA Backend ID. In order to get a list of available CA backends, please use "CA Backends" API. |
[Must not be null] |
validationLevel |
String |
Validation level |
[Must not be null, Allowed values: [OV_SSL, OV_SMIME, EV_SSL]] |
Example request
$ curl 'https://cert-manager.com/api/organization/v2/10688/validations/submit' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4900' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"validationLevel": "EV_SSL",
"alternative": false,
"backendId": 7674,
"overwriteIfExists": false,
"organizationDetails": {
"generalDetails": {
"legalName": "Organization legal name",
"assumedName": "Organization assumed name",
"address1": "Address line 1",
"address2": "Address line 2",
"address3": "Address line 3",
"city": "Odesa",
"stateProvince": "Odeska oblast",
"postalCode": "65000",
"country": "UA"
},
"evDetails": {
"registrationAgency": {
"dunAndBradstreetNumber": "87654321",
"registrationNumber": "12345678910",
"city": "Odesa",
"state": "Odeska oblast",
"country": "UA",
"dateOfIncorporation": "2025-03-12",
"businessCategory": "NonCommercialEntity"
},
"contractSigner": {
"forename": "Contract signer forename",
"surname": "Contract signer surname",
"email": "signer@email.com",
"phoneNumber": "+123456789"
}
}
}
}
'Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/organization/v2/10688/validations/1018Response headers
| Name | Description |
|---|---|
|
URL location of created validation |
Re-submit organization validation
Resets and submit the validation with the details provided in the request.
Path parameters
| Parameter | Description |
|---|---|
|
Organization ID |
|
Validation ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
organizationDetails |
Object |
Organization details. When not provided, re-validation will be started with the existing details. |
[] |
organizationDetails.generalDetails |
Object |
General organization details. Required for all validation levels. |
[Must not be null] |
organizationDetails.organizationIdentifier |
String |
Organization identifier. Applicable only for OV S/MIME validations. Stands for the legal person identification based on one of the following identity type references allowed by ETSI 319 412-1 standard and Baseline Requirements: National Value Added Tax (VAT), National Trade Register (NTR), Global Legal Entity (LEI), International Organization (INT), Government Entity (GOV) |
[Maximum length is 128 characters or can be empty] |
organizationDetails.evDetails |
Object |
EV details. Required for EV validations |
[] |
organizationDetails.generalDetails.legalName |
String |
Organization legal name |
[Must not be empty, Maximum length is 64 characters or can be empty] |
organizationDetails.generalDetails.assumedName |
String |
Organization’s assumed/DBA name (doing business as). Applicable only for EV validations. |
[Maximum length is 256 characters or can be empty] |
organizationDetails.generalDetails.address1 |
String |
Address line 1 |
[Maximum length is 128 characters or can be empty] |
organizationDetails.generalDetails.address2 |
String |
Address line 2 |
[Maximum length is 128 characters or can be empty] |
organizationDetails.generalDetails.address3 |
String |
Address line 3 |
[Maximum length is 128 characters or can be empty] |
organizationDetails.generalDetails.city |
String |
City |
[Maximum length is 32 characters or can be empty] |
organizationDetails.generalDetails.stateProvince |
String |
State or province |
[Maximum length is 32 characters or can be empty] |
organizationDetails.generalDetails.postalCode |
String |
Postal code |
[Maximum length is 10 characters or can be empty] |
organizationDetails.generalDetails.country |
String |
Country code (ISO 3166-1 alpha-2) |
[Must not be empty, Size must be between 2 and 2 inclusive] |
organizationDetails.evDetails.registrationAgency |
Object |
Registration agency |
[] |
organizationDetails.evDetails.contractSigner |
Object |
Contract signer |
[] |
organizationDetails.evDetails.registrationAgency.dunAndBradstreetNumber |
String |
DUN and Bradstreet Number |
[Maximum length is 20 characters or can be empty] |
organizationDetails.evDetails.registrationAgency.registrationNumber |
String |
Company Registration Number |
[Maximum length is 256 characters or can be empty] |
organizationDetails.evDetails.registrationAgency.city |
String |
Jurisdiction of city or town |
[Maximum length is 128 characters or can be empty] |
organizationDetails.evDetails.registrationAgency.state |
String |
Jurisdiction of State |
[Maximum length is 128 characters or can be empty] |
organizationDetails.evDetails.registrationAgency.country |
String |
Jurisdiction of Country. (ISO 3166-1 alpha-2 country code) |
[Must not be empty, Size must be between 2 and 2 inclusive] |
organizationDetails.evDetails.registrationAgency.city |
String |
City |
[Maximum length is 128 characters or can be empty] |
organizationDetails.evDetails.registrationAgency.dateOfIncorporation |
String |
Date of incorporation. Format: yyyy-MM-dd. |
[Must be in the past] |
organizationDetails.evDetails.registrationAgency.businessCategory |
String |
Business category. Allowed values: [PrivateOrganization, GovernmentEntity, BusinessEntity, NonCommercialEntity] |
[] |
organizationDetails.evDetails.contractSigner.forename |
String |
Forename |
[Must not be empty, Maximum length is 64 characters or can be empty] |
organizationDetails.evDetails.contractSigner.surname |
String |
Surname |
[Must not be empty, Maximum length is 64 characters or can be empty] |
organizationDetails.evDetails.contractSigner.email |
String |
[Must not be empty, Maximum length is 255 characters or can be empty] |
|
organizationDetails.evDetails.contractSigner.phoneNumber |
String |
Phone number |
[Maximum length is 32 characters or can be empty] |
Example request
$ curl 'https://cert-manager.com/api/organization/v2/10684/validations/1016/revalidate' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4894' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"organizationDetails": {
"generalDetails": {
"legalName": "Organization legal name",
"address1": "Address line 1",
"address2": "Address line 2",
"address3": "Address line 3",
"city": "Odesa",
"stateProvince": "Odeska oblast",
"postalCode": "65000",
"country": "UA"
},
"organizationIdentifier": "NTRBE-0876866142"
}
}
'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Entity ID |
|
|
Validation level. Possible values: [OV_SSL, OV_SMIME, EV_SSL] |
|
|
Validation status |
|
|
Validation background status. Can be one of [PENDING, FAILED], successful background validation empties the field with 'status' field set to VALIDATED |
|
|
Submitted date |
|
|
Expires date |
|
|
Is alternative |
|
|
CA Backend ID |
|
|
Validator |
|
|
Validator ID |
|
|
Validator name |
|
|
CA Backend type |
|
|
Validation settings. Tracking information for the CA backends. Possible settings: [EXTERNAL_ORG_NAME, EXTERNAL_ORG_ID, LEGACY_TRACKING_ID, LEGACY_BACKGROUND_TRACKING_ID, TRACKING_ID, BACKGROUND_TRACKING_ID, LAST_ERR_MSG_FROM_CA] |
|
|
Validated organization details. Available only for Sectigo CA backends |
|
|
General organization details |
|
|
Organization legal name |
|
|
Organization’s assumed/DBA name (doing business as). Available only for EV validations. |
|
|
Address line 1 |
|
|
Address line 2 |
|
|
Address line 3 |
|
|
City |
|
|
State or province |
|
|
Postal code |
|
|
Country code (ISO 3166-1 alpha-2) |
|
|
Organization identifier. Available only for OV S/MIME validation |
|
|
EV details. Available only for EV validations. |
|
|
Registration agency |
|
|
DUN and Bradstreet Number |
|
|
Company Registration Number |
|
|
Jurisdiction of city or town |
|
|
Jurisdiction of State |
|
|
Jurisdiction of Country. (ISO 3166-1 alpha-2 country code) |
|
|
City |
|
|
Date of incorporation |
|
|
Business category. Possible values: [PrivateOrganization, GovernmentEntity, BusinessEntity, NonCommercialEntity] |
|
|
Contract signer |
|
|
Forename |
|
|
Surname |
|
|
|
|
|
Phone Number |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 573
{"id":1016,"validationLevel":"OV_SMIME","status":"PENDING","expires":"2026-06-04T07:54:08.227Z","alternative":false,"backendId":7671,"backendType":"SASP","settings":{"TRACKING_ID":"12345678"},"validator":{"id":12077,"name":"client-admin-4895 client-admin-4895"},"organizationDetails":{"generalDetails":{"legalName":"Organization legal name","assumedName":null,"address1":"Address line 1","address2":"Address line 2","address3":"Address line 3","city":"Odesa","stateProvince":"Odeska oblast","postalCode":"65000","country":"UA"},"organizationIdentifier":"NTRBE-0876866142"}}Change validator
Updates organization validation admin according to the provided request
Path parameters
| Parameter | Description |
|---|---|
|
Organization ID |
|
Validation ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
adminId |
Number |
Validator admin ID |
[Must not be null] |
Example request
$ curl 'https://cert-manager.com/api/organization/v2/10672/validations/1009/validator' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4874' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"adminId": 12065
}
'Example response
HTTP/1.1 202 AcceptedReset organization validation
Resets and removes organization validation.
Path parameters
| Parameter | Description |
|---|---|
|
Organization ID |
|
Validation ID |
Example request
$ curl 'https://cert-manager.com/api/organization/v2/10682/validations/1015' -i -X DELETE \
-H 'login: admin_customer4891' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 204 No ContentSynchronize organization validation
Synchronizes the organization validation with the CA backend.
Path parameters
| Parameter | Description |
|---|---|
|
Organization ID |
|
Validation ID |
Example request
$ curl 'https://cert-manager.com/api/organization/v2/10694/validations/1020/sync' -i -X POST \
-H 'login: admin_customer4909' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Entity ID |
|
|
Validation level. Possible values: [OV_SSL, OV_SMIME, EV_SSL] |
|
|
Validation status |
|
|
Validation background status. Can be one of [PENDING, FAILED], successful background validation empties the field with 'status' field set to VALIDATED |
|
|
Submitted date |
|
|
Expires date |
|
|
Is alternative |
|
|
CA Backend ID |
|
|
Validator |
|
|
Validator ID |
|
|
Validator name |
|
|
CA Backend type |
|
|
Validation settings. Tracking information for the CA backends. Possible settings: [EXTERNAL_ORG_NAME, EXTERNAL_ORG_ID, LEGACY_TRACKING_ID, LEGACY_BACKGROUND_TRACKING_ID, TRACKING_ID, BACKGROUND_TRACKING_ID, LAST_ERR_MSG_FROM_CA] |
|
|
Validated organization details. Available only for Sectigo CA backends |
|
|
General organization details |
|
|
Organization legal name |
|
|
Organization’s assumed/DBA name (doing business as). Available only for EV validations. |
|
|
Address line 1 |
|
|
Address line 2 |
|
|
Address line 3 |
|
|
City |
|
|
State or province |
|
|
Postal code |
|
|
Country code (ISO 3166-1 alpha-2) |
|
|
Organization identifier. Available only for OV S/MIME validation |
|
|
EV details. Available only for EV validations. |
|
|
Registration agency |
|
|
DUN and Bradstreet Number |
|
|
Company Registration Number |
|
|
Jurisdiction of city or town |
|
|
Jurisdiction of State |
|
|
Jurisdiction of Country. (ISO 3166-1 alpha-2 country code) |
|
|
City |
|
|
Date of incorporation |
|
|
Business category. Possible values: [PrivateOrganization, GovernmentEntity, BusinessEntity, NonCommercialEntity] |
|
|
Contract signer |
|
|
Forename |
|
|
Surname |
|
|
|
|
|
Phone Number |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 401
{"id":1020,"validationLevel":"OV_SSL","status":"PENDING","alternative":false,"backendId":7677,"backendType":"SASP","settings":{"TRACKING_ID":"1546611052"},"organizationDetails":{"generalDetails":{"legalName":"New org4Test","assumedName":null,"address1":"Deribasovskaya 1","address2":"Street 2","address3":"Street 3","city":"Odesa","stateProvince":"Odeska oblast","postalCode":"65059","country":"UA"}}}Create external validation assignment
Creates the assignment to the external organization’s validation
Path parameters
| Parameter | Description |
|---|---|
|
Organization ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
alternative |
Boolean |
Validation set. Primary (alternative = false) or Secondary (alternative = true). Note: Secondary validation sets are available only for accounts with the corresponding feature enabled. |
[] |
overwriteIfExists |
Boolean |
This flag is required to manage the processing when validation with such configuration already exists. By default, overwriting the existing validations is not allowed. |
[] |
caBackendId |
Number |
External CA backend ID. Note: All CA backends except 'Sectigo' are considered external. |
[] |
externalOrgId |
String |
External CA backend organization ID |
[] |
externalOrgName |
String |
External CA backend organization name |
[] |
validationLevel |
String |
Validation level |
[Must not be null, Allowed values: [OV_SSL, OV_SMIME, EV_SSL]] |
Example request
$ curl 'https://cert-manager.com/api/organization/v2/10674/validations/assignment' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4879' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"validationLevel": "OV_SSL",
"externalOrgId": "809849576039",
"externalOrgName": "External CA backend organization name",
"alternative": false,
"caBackendId": 7664,
"overwriteIfExists": false
}
'Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/organization/v2/10674/validations/1010Response headers
| Name | Description |
|---|---|
|
URL location of created external assignment |
Change external validation assignment
Updates the assigned external organization’s validation
Path parameters
| Parameter | Description |
|---|---|
|
Organization ID |
|
Validation ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
externalOrgId |
String |
External CA backend organization ID |
[] |
externalOrgName |
String |
External CA backend organization name |
[] |
Example request
$ curl 'https://cert-manager.com/api/organization/v2/10680/validations/assignment/1014' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4888' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"externalOrgId": "586703957093",
"externalOrgName": "External CA backend organization name"
}
'Example response
HTTP/1.1 202 AcceptedCA Backends
Access to this API is allowed only for MRAO role admins.
List CA Backends
Example request
$ curl 'https://cert-manager.com/api/ca-backend/v1' -i -X GET \
-H 'login: nick-1197' \
-H 'password: Password123!' \
-H 'customerUri: ca_backends'Response fields
| Path | Type | Description |
|---|---|---|
|
|
CA Backend ID |
|
|
CA Backend name |
|
|
CA Backend type. Possible values are: [SASP, PRIVATE_CA, MS_CA, DIGI_CERT, ENTRUST, AWS_PCA, GOOGLE] |
|
|
Flag indicating whether the CA Backend is public |
|
|
Applicable only for the connector-based backends. The type of CA backend used in the connector command-line interface. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 337
[{"id":6786,"name":"Sectigo Public CA","type":"SASP","public":true},{"id":6787,"name":"Sectigo Private CA","type":"PRIVATE_CA","public":false},{"id":6788,"name":"Microsoft CA","type":"MS_CA","connectorBackendType":"msca","public":false},{"id":6789,"name":"DigiCert CA","type":"DIGI_CERT","connectorBackendType":"digicert","public":true}]Reports
Common codes
Certificate status codes
These codes can be used as parameters.
Code |
Status |
0 |
Any |
1 |
Requested |
2 |
Issued |
3 |
Revoked |
4 |
Expired |
5 |
Enrolled - Pending Download |
6 |
Not Enrolled |
7 |
Awaiting Approval (Deprecated, falls back to "Requested". "Requested" status should be used instead). |
8 |
Approved |
9 |
Applied |
10 |
Downloaded (Deprecated, Issued with "certificateDateAttribute" equal to "Date of Downloading" should be used instead) |
11 |
External (Deprecated, falls back to Issued. Issued with "certificateRequestSource" should be used instead) |
Date attribute type codes
These codes can be used as parameters.
Code |
Attribute Type |
0 |
Date of Enrollment |
1 |
Date of Downloading |
2 |
Date of Revocation |
3 |
Date of Expiration |
4 |
Date of Request |
5 |
Date of Issuance |
6 |
Date of Invitation |
Report APIs V2
SSL certificates report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Report type. Value: SSL_CERTS |
[Must not be null] |
certificateStatus |
String |
Certificate status for date |
[] |
dates |
Object |
Dates object parameter |
[] |
dates.type |
String |
Dates match type. Values: [LAST, NEXT, BEFORE, AFTER, RANGE] |
[] |
dates.days |
Number |
Dates match limit in days. |
[] |
dates.from |
String |
Dates match limit from date. |
[] |
dates.to |
String |
Dates match limit to date. |
[] |
currentStatus |
String |
Certificate’s current status. Values: [ANY, REQUESTED, ISSUED, REVOKED, EXPIRED, PENDING_DOWNLOAD, NOT_ENROLLED, AWAITING_APPROVAL, APPROVED, APPLIED, DOWNLOADED, EXTERNAL] |
[] |
requestVia |
String |
Filter certificate by request type. Values: [WEB_FORM, CLIENT_ADMIN, API, DISCOVERY, IMPORTED, SCEP, CD_AGENT, MS_AGENT, MS_CA, BULK_REQUEST, ACME, EST, REST] |
[] |
orgs |
Array |
Filter certificates by organization IDs |
[] |
Example request
$ curl 'https://cert-manager.com/api/report/v2/stream' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer21650' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"type" : "SSL_CERTS",
"certificateStatus" : "ENROLLED",
"dates" : {
"type" : "LAST",
"days" : 30
},
"currentStatus" : "ANY",
"requestVia" : "ACME",
"orgs" : [ 11937 ]
}'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream;charset=UTF-8
Content-Disposition: attachment; filename="report-2025-12-04-08-00-32.csv"
Content-Length: 7329
"Id","Type","Common Name","Subject Alternative Names","Issuer","Status","Requester","External Requester","Approver","Organization","Department","Order number","Serial Number","Servers","Server Type","Requested via","Term (days)","Comments","Valid from","Approved","Declined","Issued","Downloaded","Expires","Revoked","Replaced","City","State","Country","Signature Algorithm","Public Key Algorithm","Public Key Size / Curve","SHA1 Hash","MD5 Hash","Requested","Discovered","Type_Id","Org_Id","descr_deactivated","ssl custom UI","ssl custom rest","Server's Public IP (or IP Subnet)"
"1465","","*.google.com","*.appengine.google.com; *.bdn.dev; *.origin-test.bdn.dev; *.cloud.google.com; *.crowdsource.google.com; *.datacompute.google.com; *.google.ca; *.google.cl; *.google.co.in; *.google.co.jp; *.google.co.uk; *.google.com.ar; *.google.com.au; *.google.com.br; *.google.com.co; *.google.com.mx; *.google.com.tr; *.google.com.vn; *.google.de; *.google.es; *.google.fr; *.google.hu; *.google.it; *.google.nl; *.google.pl; *.google.pt; *.googleadapis.com; *.googleapis.cn; *.googlevideo.com; *.gstatic.cn; *.gstatic-cn.com; googlecnapps.cn; *.googlecnapps.cn; googleapps-cn.com; *.googleapps-cn.com; gkecnapps.cn; *.gkecnapps.cn; googledownloads.cn; *.googledownloads.cn; recaptcha.net.cn; *.recaptcha.net.cn; recaptcha-cn.net; *.recaptcha-cn.net; widevine.cn; *.widevine.cn; ampproject.org.cn; *.ampproject.org.cn; ampproject.net.cn; *.ampproject.net.cn; google-analytics-cn.com; *.google-analytics-cn.com; googleadservices-cn.com; *.googleadservices-cn.com; googlevads-cn.com; *.googlevads-cn.com; googleapis-cn.com; *.googleapis-cn.com; googleoptimize-cn.com; *.googleoptimize-cn.com; doubleclick-cn.net; *.doubleclick-cn.net; *.fls.doubleclick-cn.net; *.g.doubleclick-cn.net; doubleclick.cn; *.doubleclick.cn; *.fls.doubleclick.cn; *.g.doubleclick.cn; dartsearch-cn.net; *.dartsearch-cn.net; googletraveladservices-cn.com; *.googletraveladservices-cn.com; googletagservices-cn.com; *.googletagservices-cn.com; googletagmanager-cn.com; *.googletagmanager-cn.com; googlesyndication-cn.com; *.googlesyndication-cn.com; *.safeframe.googlesyndication-cn.com; app-measurement-cn.com; *.app-measurement-cn.com; gvt1-cn.com; *.gvt1-cn.com; gvt2-cn.com; *.gvt2-cn.com; 2mdn-cn.net; *.2mdn-cn.net; googleflights-cn.net; *.googleflights-cn.net; admob-cn.com; *.admob-cn.com; googlesandbox-cn.com; *.googlesandbox-cn.com; *.safenup.googlesandbox-cn.com; *.gstatic.com; *.metric.gstatic.com; *.gvt1.com; *.gcpcdn.gvt1.com; *.gvt2.com; *.gcp.gvt2.com; *.url.google.com; *.youtube-nocookie.com; *.ytimg.com; android.com; *.android.com; *.flash.android.com; g.cn; *.g.cn; g.co; *.g.co; goo.gl; www.goo.gl; google-analytics.com; *.google-analytics.com; google.com; googlecommerce.com; *.googlecommerce.com; ggpht.cn; *.ggpht.cn; urchin.com; *.urchin.com; youtu.be; youtube.com; *.youtube.com; youtubeeducation.com; *.youtubeeducation.com; youtubekids.com; *.youtubekids.com; yt.be; *.yt.be; android.clients.google.com; developer.android.google.cn; developers.android.google.cn; source.android.google.cn","CN=GTS CA 1C3,O=Google Trust Services LLC,C=US","Expired",,"",,"Advanced",,,"EF410A0FDB4F8C10A6B009A6CE10BFB",,"OTHER","Discovery","84","123","01/31/2023 10:20:42 GMT","",,"01/31/2023 10:20:42 GMT",,"04/25/2023 10:20:41 GMT",,,"Odesa","Odeska oblast","UA","SHA256WITHRSA","EC","P-256","702f78e7f62fa742a895ba1ffff2734f2dda782d","e2bef27a274ea13ec5ea36def05c6f11","02/16/2023 11:33:27 GMT","02/23/2023 14:21:32 GMT","-2","2",,,,
"328","Private UCC 2","greenradius.ppops.net","ccmqa.com; *.ccmqa.com",,"Invalid","admin admin","","admin admin","Advanced",,,,,"OTHER","Web API","365","1023",,"",,,,,,,"Odesa","Odeska oblast","UA","","RSA","4096",,,"03/29/2022 10:58:05 GMT",,"1023","2","22","","1122",""
"1643","Instant SSL","pk.ccmqa.com",,"CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB","Issued","admin admin","","admin admin","Advanced",,"5955837","99F7DA65E9B8D8BBE09F11AA609E9E78",,"OTHER","Client Admin","365","","11/02/2024 00:00:00 GMT","","11/02/2024 22:40:57 GMT","11/02/2024 00:00:00 GMT",,"11/02/2025 23:59:59 GMT",,,"Odesa","Odeska oblast","UA","SHA256WITHRSA","RSA","2048","912227e063e6e9fac44dfb54b1d507b81b2ca867","39d8a7663c2615021167dc2558fad73d","11/02/2024 22:41:17 GMT",,"1006","2","","11","",""
"1627","pca adv","ccmqa.com","ccmqa.com; *.ccmqa.com","CN=Adv.Cust Root CA,O=Adv.Cust,L=Odessa,ST=Odeska oblast,C=UA","Issued","admin admin","externalRequester@ccmqa.com","admin admin","Advanced",,"GADTi8Ws1d43h32SAAAAAA==","421B94D772E62EFBF9E7E7AE1FCEF20C",,"OTHER","REST API","365","1023","10/22/2024 16:34:14 GMT","","10/22/2024 16:34:13 GMT","10/22/2024 16:34:14 GMT",,"10/22/2025 16:34:14 GMT",,,"Odesa","Odeska oblast","UA","SHA256WITHRSA","RSA","2048","1409ab3b202793253485c5972e77e702b8648656","efa92ed2c5a4ebf5c3f84e745f632e7a","10/22/2024 16:34:13 GMT",,"1035","2","11","","1122",""
"1648","Private UCC 2","pk2.ccmqa.com",,"CN=QA RSA Intermediate CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB","Rejected","admin admin","","admin admin","Advanced",,"5958459","9243A4856D8201A4F054C2947F055094",,"OTHER","Client Admin","365","Renewed: Thu Nov 07 13:14:18 EET 2024","11/07/2024 00:00:00 GMT","","11/07/2024 11:14:18 GMT","11/07/2024 00:00:00 GMT",,"11/07/2025 23:59:59 GMT",,,"Odesa","Odeska oblast","UA","SHA256WITHRSA","RSA","2048","1c7ef8b7cf57038ddeb499e067262516a9c46703","fdfa74ea89dc6663e8615ef2a7dedbad","11/07/2024 11:14:18 GMT",,"1023","2","","11","",""
"1647","Private UCC 2","ccmqa.com","san1.ccmqa.com","CN=QA RSA Intermediate CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB","Issued","admin admin","","admin admin","Advanced",,"5958453","3BE7B4F3F4ABED1A4B80CCA61435B709",,"OTHER","Client Admin","365","Renewed: Thu Nov 07 13:05:39 EET 2024","11/07/2024 00:00:00 GMT","","11/07/2024 11:05:40 GMT","11/07/2024 00:00:00 GMT","12/05/2023 15:06:00 GMT","11/07/2025 23:59:59 GMT",,,"Odesa","Odeska oblast","UA","SHA256WITHRSA","RSA","2048","fe406bab369022981af7e23ea69399b5f64699b6","e59e9d830806ba61cf0aa15a828782e1","11/07/2024 11:05:40 GMT",,"1023","2","","111","",""
"1404","Multi-Domain Instant SSL Certificate","www.ccmqa.com",,"CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB","Expired","admin admin","","admin admin","Advanced",,"3418182","72CC026EDD39EDAF374CF91E38D7CE58",,"OTHER","Client Admin","365","","09/07/2022 00:00:00 GMT","","09/07/2022 10:15:10 GMT","09/07/2022 00:00:00 GMT",,"09/07/2023 23:59:59 GMT",,,"Odesa","Odeska oblast","UA","SHA256WITHRSA","RSA","2048","b880dc2b5e6fb0aeaaaaf89ef84099308477ede8","29dbe253afabd79fa25f25327ef33171","09/07/2022 10:15:10 GMT",,"1008","2","11","11","",""
"82","","eee eee",,"CN=Sectigo RSA Client Authentication and Secure Email CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB","Expired",,"admin@ccmqa.com","admin admin","Advanced",,,"2304169D59EACAD7C22559C75AC09385",,"OTHER","Imported","1096","","07/01/2020 00:00:00 GMT","",,"07/01/2020 00:00:00 GMT",,"07/01/2023 23:59:59 GMT",,,"Odesa","Odeska oblast","UA","SHA256WITHRSA","RSA","2048","da01e00cc0eca63e208abb4c9a1fb55346b2fd2b","b0c7bc000f8c48bff859e2db6f21016e","07/02/2020 20:05:22 GMT","07/02/2020 20:48:22 GMT","-2","2",,,,Activity report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Report type. Value: ACTIVITY_LOG |
[Must not be null] |
dates |
Object |
Dates object parameter |
[] |
dates.type |
String |
Dates match type. Values: [LAST, NEXT, BEFORE, AFTER, RANGE] |
[] |
dates.days |
Number |
Dates match limit in days. |
[] |
dates.from |
String |
Dates match limit from date. |
[] |
dates.to |
String |
Dates match limit to date. |
[] |
Example request
$ curl 'https://cert-manager.com/api/report/v2/stream' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer21623' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"type" : "ACTIVITY_LOG",
"dates" : {
"type" : "LAST",
"days" : 30
}
}'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream;charset=UTF-8
Content-Disposition: attachment; filename="report-2025-12-04-08-00-32.csv"
Content-Length: 1452
"Action","Admin","Person","Organization","Department","Cert subject","SSL Certificate","Notification","Customer name","Description","Access method","IP address","Date"
"notification email: create","admin",,"","",,,,,,"UI access","127.0.0.1","09/17/2025 07:51:48 GMT 07:51:48 GMT"
"admin: login success","admin",,"","",,,,,"admin admin successfully authenticated from 127.0.0.1","UI access","127.0.0.1","09/17/2025 08:12:45 GMT 08:12:45 GMT"
"admin: login success","admin",,"","",,,,,"admin admin successfully authenticated from 127.0.0.1","UI access","127.0.0.1","09/17/2025 08:39:26 GMT 08:39:26 GMT"
"certificate brand: issue success","",,"Advanced","",,,,,"Certificate 794A6F7AF56A25D570ECE46AD1E690FE has been issued.","SCM System access","SCM","09/17/2025 08:47:38 GMT 08:47:38 GMT"
"certificate brand: issue success","",,"Advanced","",,,,,"Certificate 794A6F7AF56A25D570ECE46AD1E690FE has been issued.","SCM System access","SCM","09/17/2025 08:51:40 GMT 08:51:40 GMT"
"admin: login success","admin",,"","",,,,,"admin admin successfully authenticated from 127.0.0.1","UI access","127.0.0.1","09/17/2025 09:04:07 GMT 09:04:07 GMT"
"certificate brand: issue success","",,"Advanced","",,,,,"Certificate 794A6F7AF56A25D570ECE46AD1E690FE has been issued.","SCM System access","SCM","09/17/2025 09:24:23 GMT 09:24:23 GMT"
"email notification prepare","",,"","",,,,,"Email: admin admin:11133332@xr.ccmqa.com","","","09/17/2025 09:24:23 GMT 09:24:23 GMT"Client certificate report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Report type. Value: CLIENT_CERTS |
[Must not be null] |
certificateStatus |
String |
Certificate status for date |
[] |
dates |
Object |
Dates object parameter |
[] |
dates.type |
String |
Dates match type. Values: [LAST, NEXT, BEFORE, AFTER, RANGE] |
[] |
dates.days |
Number |
Dates match limit in days. |
[] |
dates.from |
String |
Dates match limit from date. |
[] |
dates.to |
String |
Dates match limit to date. |
[] |
currentStatus |
String |
Certificate’s current status. Values: [ANY, REQUESTED, ISSUED, REVOKED, EXPIRED, PENDING_DOWNLOAD, NOT_ENROLLED, AWAITING_APPROVAL, APPROVED, APPLIED, DOWNLOADED, EXTERNAL] |
[] |
requestVia |
String |
Filter certificate by request type. Values: [Admin Enroll, Self Enroll, API Enroll, Auto Enroll, CSV Enroll, SCEP Enroll, IdP Enroll, MS Agent Enroll, Discovery, MS CA Enroll, Imported, EST Enroll, REST Enroll API] |
[] |
orgs |
Array |
Filter certificates by organization IDs |
[] |
Example request
$ curl 'https://cert-manager.com/api/report/v2/stream' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer21632' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"type" : "CLIENT_CERTS",
"certificateStatus" : "ENROLLED",
"dates" : {
"type" : "LAST",
"days" : 30
},
"currentStatus" : "ANY",
"requestVia" : "REST",
"orgs" : [ 11927 ]
}'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream;charset=UTF-8
Content-Disposition: attachment; filename="report-2025-12-04-08-00-32.csv"
Content-Length: 2617
"Id","Full Name","Organization","Department","Subject","Certificate Type","Email","Address 1","Address 2","Address 3","City","State/Province","Postal Code","Order Number","Serial Number","Enrolled","Downloaded","Revoked","Expire","Enroll Type","Key Escrow","Client Certificate person","Requested via","descr","descr2","descr3","descr4","Comments"
"50","Developers CCM","Advanced","","Developers CCM<ccm_dev@ccmqa.com>","Standard Persona Validated Cert","ccm_dev@ccmqa.com","","","","","","","1114888","C3:DB:6F:88:E7:20:DF:99:71:70:59:FB:D0:2D:29:B0","08/30/2013 09:51:10 GMT",,"01/27/2022 11:07:25 GMT","08/30/2014 23:59:59 GMT","Self Enroll","None","","SELF_ENROLL",,,,,""
"51","user qa","test [deleted]","","user qa<user@ccmqa.com>","Standard Persona Validated Cert","user@ccmqa.com","","","","","","","2334440","BF:6C:15:E2:15:15:1D:83:7A:AF:9E:D1:0B:DA:BD:55","04/06/2020 19:28:27 GMT",,"04/07/2020 12:46:57 GMT","04/06/2021 23:59:59 GMT","API Enroll","No Encryption","","API_ENROLL",,,,,""
"52","user qa","test [deleted]","","user qa<user@ccmqa.com>","Standard Persona Validated Cert","user@ccmqa.com","test","","","test","test","test","2334443","6F:BB:18:11:D5:A0:AC:EE:6D:B5:63:15:03:25:F1:D9","04/06/2020 19:30:23 GMT",,"04/07/2020 12:46:57 GMT","04/06/2021 23:59:59 GMT","API Enroll","No Encryption","","API_ENROLL",,,,,""
"53","user qa","test [deleted]","","user qa<user@ccmqa.com>","Standard Persona Validated Cert","user@ccmqa.com","","","","","","","2334784","7D:CD:EC:55:8A:1F:13:64:82:8C:13:F3:0E:4F:5D:62","04/07/2020 07:49:15 GMT",,"04/07/2020 12:46:57 GMT","04/07/2021 23:59:59 GMT","API Enroll","No Encryption","","API_ENROLL",,,,,""
"54","user qa","test [deleted]","","user qa<user@ccmqa.com>","Standard Persona Validated Cert","user@ccmqa.com","","","","","","","2334786","F7:DB:8B:33:66:C7:6C:EF:0B:05:35:DD:00:40:01:D2","04/07/2020 07:54:16 GMT",,"04/07/2020 12:46:57 GMT","04/07/2021 23:59:59 GMT","API Enroll","No Encryption","","API_ENROLL",,,,,""
"55","user qa","test [deleted]","","user qa<user@ccmqa.com>","Standard Persona Validated Cert","user@ccmqa.com","","","","","","","2334803","FA:DA:8B:24:61:24:2E:8E:1F:6C:2C:EF:D1:1A:C9:77","04/07/2020 09:04:24 GMT",,"04/07/2020 12:46:57 GMT","04/07/2021 23:59:59 GMT","API Enroll","No Encryption","","API_ENROLL",,,,,""
"56","user qa","test [deleted]","","user qa<user@ccmqa.com>","Standard Persona Validated Cert","user@ccmqa.com","","","","","","","2334804","E9:52:B5:04:73:5C:02:F6:38:6E:DC:29:02:E0:C0:B5","04/07/2020 09:06:12 GMT",,"04/07/2020 12:46:57 GMT","04/07/2021 23:59:59 GMT","API Enroll","No Encryption","","API_ENROLL",,,,,""Device certificate report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Report type. Value: DEVICE_CERTS |
[Must not be null] |
certificateStatus |
String |
Certificate status for date |
[] |
dates |
Object |
Dates object parameter |
[] |
dates.type |
String |
Dates match type. Values: [LAST, NEXT, BEFORE, AFTER, RANGE] |
[] |
dates.days |
Number |
Dates match limit in days. |
[] |
dates.from |
String |
Dates match limit from date. |
[] |
dates.to |
String |
Dates match limit to date. |
[] |
currentStatus |
String |
Certificate’s current status. Values: [ANY, REQUESTED, ISSUED, REVOKED, EXPIRED, PENDING_DOWNLOAD, NOT_ENROLLED, AWAITING_APPROVAL, APPROVED, APPLIED, DOWNLOADED, EXTERNAL] |
[] |
requestVia |
String |
Filter certificate by request type. Values: [API, DISCOVERY, API_APPROVAL, SELF_ENROLLMENT, SCEP_ENROLL, MS_CA, MS_CA_ENROLL_ON_BEHALF, UI, EST_ENROLL, REST_ENROLL, IMPORTED] |
[] |
orgs |
Array |
Filter certificates by organization IDs |
[] |
Example request
$ curl 'https://cert-manager.com/api/report/v2/stream' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer21641' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"type" : "DEVICE_CERTS",
"certificateStatus" : "ENROLLED",
"dates" : {
"type" : "RANGE",
"from" : "2020-04-08",
"to" : "2025-04-08"
},
"currentStatus" : "ANY",
"requestVia" : "REST_ENROLL",
"orgs" : [ 11933 ]
}'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream;charset=UTF-8
Content-Disposition: attachment; filename="report-2025-12-04-08-00-32.csv"
Content-Length: 2581
"Id","Common Name","Organization","Department","Status","Subject","Requester","City","State/Province","Country","Order Number","Serial Number","CA ID","CA Name","Certificate Type Name","KU","EKU","Enrolled","Downloaded","Revoked","Expire","Enroll Type","Key Size / Curve","Key Algorithm","Signature Algorithm","Approver","Requested via","device new","device new 2","Comments"
"50","msnpDifferent.danfoss.net","Advanced","","Requested","CN=msnpDifferent.danfoss.net","igor.shumilov@sectigo.com",,,,,"","","","device adv","","",,,,,"SELF_ENROLLMENT","","","","","SELF_ENROLLMENT","","",""
"51","msnpDifferent.danfoss.net","Advanced","","Expired","CN=msnpDifferent.danfoss.net","igor.shumilov@sectigo.com",,,,"2336459","BC:B7:96:EE:97:88:F0:A4:27:42:29:C6:E9:C1:B4:2E","","","device adv","Digital Signature, Key Encipherment, Data Encipherment","1.3.6.1.5.5.7.3.4, 1.3.6.1.5.5.7.3.2","04/08/2020 00:00:00 GMT",,,"04/08/2021 23:59:59 GMT","SELF_ENROLLMENT","2048","RSA","SHA256WITHRSA","admin admin","SELF_ENROLLMENT","","",""
"52","msnpDifferent.danfoss.net","Advanced","","Expired","CN=msnpDifferent.danfoss.net","igor.shumilov@sectigo.com",,,,"2336884","9F:09:D1:44:69:0D:7B:DF:D6:B7:10:44:47:D4:13:9D","","","device adv","Digital Signature, Key Encipherment, Data Encipherment","1.3.6.1.5.5.7.3.4, 1.3.6.1.5.5.7.3.2","04/09/2020 00:00:00 GMT",,,"04/09/2021 23:59:59 GMT","SELF_ENROLLMENT","2048","RSA","SHA256WITHRSA","admin admin","SELF_ENROLLMENT","","",""
"53","msnpDifferent.danfoss.net","Advanced","","Expired","CN=msnpDifferent.danfoss.net",,,,,"2339345","40:9F:F1:19:4B:11:B1:8C:FE:2B:B3:B7:2E:12:0E:4E","","","device adv","Digital Signature, Key Encipherment, Data Encipherment","1.3.6.1.5.5.7.3.4, 1.3.6.1.5.5.7.3.2","04/13/2020 00:00:00 GMT",,,"04/13/2021 23:59:59 GMT","API","2048","RSA","SHA256WITHRSA","","API","","",""
"54","msnpDifferent.danfoss.net","Advanced","","Expired","CN=msnpDifferent.danfoss.net",,,,,"2339346","97:78:B6:F0:1C:45:49:F4:FD:D8:09:0C:07:B8:56:80","","","device adv","Digital Signature, Key Encipherment, Data Encipherment","1.3.6.1.5.5.7.3.4, 1.3.6.1.5.5.7.3.2","04/13/2020 00:00:00 GMT",,,"04/13/2021 23:59:59 GMT","API","2048","RSA","SHA256WITHRSA","","API","","",""
"55","msnpDifferent.danfoss.net","Advanced","","Expired","CN=msnpDifferent.danfoss.net",,,,,"2339347","4C:DE:AE:2E:9D:D4:50:A9:1A:39:55:86:30:B1:8C:6E","","","device adv","Digital Signature, Key Encipherment, Data Encipherment","1.3.6.1.5.5.7.3.4, 1.3.6.1.5.5.7.3.2","04/13/2020 00:00:00 GMT",,,"04/13/2021 23:59:59 GMT","API","2048","RSA","SHA256WITHRSA","","API","","",""Client admin report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Report type. Value: ADMINS |
[Must not be null] |
Example request
$ curl 'https://cert-manager.com/api/report/v2/stream' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer21629' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"type" : "ADMINS"
}'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream;charset=UTF-8
Content-Disposition: attachment; filename="report-2025-12-04-08-00-32.csv"
Content-Length: 1666
"Id","Name","Login","Email","Certificate Auth","Active","Allow creation of peer admin users","Allow editing of peer admin users","Allow deleting of peer admin users","Allow DCV","Allow SSL details changing","Automatically approve certificate requests","Approve domain delegation","MS AD Discovery","Allow download keys from Key Vault","Allow to manage organizations / departments","Allow certificate revocation","Role","Organization","Department"
"2","admin admin","admin","11133332@xr.ccmqa.com","false","true","true","true","true","true","true","true","true","true","true","true","true","","",""
"","","","","","","","","","","","","","","","","","MRAO","",""
"3","rao rao","rao 1","rao@nobody.comodo.od.ua","false","true","true","true","true","true","false","false","false","false","false","true","true","","",""
"","","","","","","","","","","","","","","","","","RAO_SSL","Advanced",""
"","","","","","","","","","","","","","","","","","RAO_DEVICE","Advanced",""
"","","","","","","","","","","","","","","","","","RAO_SMIME","Advanced",""
"","","","","","","","","","","","","","","","","","RAO_CS","Advanced",""
"4","drao drao","drao","drao@nobody.comodo.od.ua","false","true","true","true","true","false","false","false","false","false","false","false","true","","",""
"","","","","","","","","","","","","","","","","","DRAO_SMIME","Advanced","CS"
"","","","","","","","","","","","","","","","","","","Advanced","biology"
"","","","","","","","","","","","","","","","","","DRAO_SSL","Advanced","CS"
"","","","","","","","","","","","","","","","","","","Advanced","philosophy"
"","","","","","","","","","","","","","","","","","","Advanced","chemistry"Code sign certificate report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Report type. Value: CS_CERTS |
[Must not be null] |
certificateStatus |
String |
Certificate status for date |
[] |
dates |
Object |
Dates object parameter |
[] |
dates.type |
String |
Dates match type. Values: [LAST, NEXT, BEFORE, AFTER, RANGE] |
[] |
dates.days |
Number |
Dates match limit in days. |
[] |
dates.from |
String |
Dates match limit from date. |
[] |
dates.to |
String |
Dates match limit to date. |
[] |
currentStatus |
String |
Certificate’s current status. Values: [ANY, REQUESTED, ISSUED, REVOKED, EXPIRED, PENDING_DOWNLOAD, NOT_ENROLLED, AWAITING_APPROVAL, APPROVED, APPLIED, DOWNLOADED, EXTERNAL] |
[] |
requestVia |
String |
Filter certificate by request type. Values: [WEB_FORM, WEB_SERVICES] |
[] |
orgs |
Array |
Filter certificates by organization IDs |
[] |
Example request
$ curl 'https://cert-manager.com/api/report/v2/stream' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer21635' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"type" : "CS_CERTS",
"certificateStatus" : "ENROLLED",
"dates" : {
"type" : "LAST",
"days" : 15
},
"currentStatus" : "ANY",
"requestVia" : "WEB_SERVICES",
"orgs" : [ 11929 ]
}'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream;charset=UTF-8
Content-Disposition: attachment; filename="report-2025-12-04-08-00-32.csv"
Content-Length: 2152
"Id","Full Name","Organization","Department","Email","Order Number","Serial Number","Requested","Issued","Downloaded","Revoked","Expire","Requested via"
"60","CCM QA","Advanced","","user@ccmqa.com","2851054","CF:5A:D3:8D:68:BC:73:EF:4B:CB:60:86:76:39:88:9C","04/23/2021 17:05:26 GMT","04/23/2021 17:08:56 GMT","04/23/2021 17:09:37 GMT",,"04/23/2022 23:59:59 GMT","Enrollment form"
"61","SCM Dev","Advanced","","dev@ccmqa.com","Fn-aDk9LCe3mX5XvAAAAAA==","47:F6:D0:BB:9D:1B:4A:C6:42:0E:F9:7E:0F:46:C7:1A","05/16/2021 16:49:35 GMT","05/16/2021 16:50:29 GMT",,,"05/16/2022 16:49:37 GMT","Enrollment form"
"62","SCM Dev","Advanced","","dev@ccmqa.com","Fn-aIvmEpe3mX5XvAAAAAA==","68:39:CC:5C:D5:55:C6:8A:4A:9B:58:E3:3A:4B:9E:87","05/16/2021 16:51:05 GMT","05/16/2021 16:51:28 GMT",,,"05/16/2022 16:51:05 GMT","Enrollment form"
"63","SCM Dev","Advanced","","dev@ccmqa.com","Fn-aLbq2vfHmX5XvAAAAAA==","59:80:DD:51:FA:45:20:63:27:14:3B:12:23:6F:53:74","05/16/2021 16:51:51 GMT","05/16/2021 16:52:28 GMT","05/16/2021 16:52:45 GMT",,"05/16/2022 16:51:52 GMT","Enrollment form"
"64","SCM Dev","Advanced","","dev@ccmqa.com","Fn_emdd0DG3mX5XvAAAAAA==","7D:B7:5B:3F:B8:DD:87:C8:A2:A5:07:14:9D:51:8E:0C","05/17/2021 13:45:41 GMT","05/17/2021 13:46:18 GMT",,,"05/17/2022 13:45:43 GMT","Enrollment form"
"67","Dev","Advanced","","dev@cert.ccmqa.com",,"","07/08/2022 20:28:33 GMT",,,,,"Enrollment form"
"68","dev","Advanced","","dev@cert.ccmqa.com",,"","07/08/2022 20:32:33 GMT",,,,,"Enrollment form"
"69","dev","Advanced","","dev@cert.ccmqa.com",,"","07/08/2022 20:35:33 GMT",,,,,"Enrollment form"
"70","dev","Advanced","","dev@123.mc.pproxy.ga","3369292","","07/08/2022 20:37:33 GMT",,,"07/08/2022 20:38:17 GMT",,"Enrollment form"
"71","CS Cert","Advanced","","cs@comodoca.com",,"","09/13/2022 20:21:25 GMT",,,,,"Enrollment form"
"72","CS Cert","Advanced","","cs@comodo.od.ua","FxLVBinYTPiBQnLbAAAAAA==","1B:03:4B:59:7A:6F:BE:BA:68:70:27:69:08:AF:A8:1F","09/08/2022 08:23:54 GMT","09/08/2022 08:24:56 GMT",,,"09/08/2023 08:23:55 GMT","Enrollment form"
"73","name getLastName","Advanced","","1user@ccmqa.com","3741245","","12/22/2022 16:51:07 GMT",,,,,"Enrollment form"Domain report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Report type. Value: DOMAINS |
[] |
status |
String |
Validation status. Value: [Not validated, Validated, Expired] |
[] |
dates |
Object |
Expiration dates filter |
[] |
dates.type |
String |
Dates match type. Values: [LAST, NEXT, BEFORE, AFTER, RANGE] |
[] |
dates.days |
Number |
Dates match limit in days. |
[] |
dates.from |
String |
Dates match limit from date. |
[] |
dates.to |
String |
Dates match limit to date. |
[] |
orgs |
Array |
Filter domains by organization IDs |
[] |
Example request
$ curl 'https://cert-manager.com/api/report/v2/stream' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer21638' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"type" : "DOMAINS",
"dates" : {
"type" : "RANGE",
"from" : "2020-04-08",
"to" : "2025-04-08"
},
"status" : "VALIDATED",
"orgs" : [ 11931 ]
}'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream;charset=UTF-8
Content-Disposition: attachment; filename="report-2025-12-04-08-00-32.csv"
Content-Length: 1150
"Name","Expiration Date","Status","Method","Order Status","Order Method","MD5","SHA256","Delegated To","Backend","Description"
"123.com",,"Not validated","EMAIL","Submitted","EMAIL","1193328308f6fe07c884b5f0b4350c32","dd878dd2b9582c6adc4f74d206d44101c485f2e7e2f9e7f82775aabfca148de1","Advanced;Advanced/biology;Advanced/chemistry","SECTIGO Public CA",""
"123.mc.pproxy.ga","08/25/2022 21:00:00 GMT","Expired","HTTP","Awaiting submission","HTTP","3db375230868810ec5d77302ae49718b","d5216001909da841d2bb75535ecb02ff5894ed32b89a2014c5e8373c4e4d3396","Advanced","SECTIGO Public CA",""
"123.sectigoqa.site","12/17/2024 22:00:00 GMT","Not validated","HTTP","Awaiting submission","HTTP","4b9a4bf18a54dfc2306cdab3b2132d5b","7e61c176af5fc87a81c623dd7a971e5d420f825c635f36e63c861a1cbcacccad","Advanced","SECTIGO Public CA",""
"123.tt2.ccmqa.com","11/02/2022 22:00:00 GMT","Expired","EMAIL","Not initiated","","","","Advanced","SECTIGO Public CA",""
"192.168.0.1",,"Not validated","","Not initiated","","","","Advanced;Advanced/biology;Advanced/chemistry","",""
"2a00:1450:400d:809::200e",,"Not validated","","Not initiated","","","","Advanced","","google.com"Notification activity report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Report type. Value: NOTIFICATION_ACTIVITY_LOG |
[Must not be null] |
dates |
Object |
Dates object parameter |
[] |
dates.type |
String |
Dates match type. Values: [LAST, NEXT, BEFORE, AFTER, RANGE] |
[] |
dates.days |
Number |
Dates match limit in days. |
[] |
dates.from |
String |
Dates match limit from date. |
[] |
dates.to |
String |
Dates match limit to date. |
[] |
Example request
$ curl 'https://cert-manager.com/api/report/v2/stream' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer21647' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"type" : "NOTIFICATION_ACTIVITY_LOG",
"dates" : {
"type" : "LAST",
"days" : 7
}
}'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream;charset=UTF-8
Content-Disposition: attachment; filename="report-2025-12-04-08-00-32.csv"
Content-Length: 738
"Notification Type","Email","Subject","Date"
"Brand Indicator Certificate Issued","admin admin:11133332@xr.ccmqa.com","Brand Indicator certificate for ccmqa.com has been issued","09/17/2025 09:24:23 GMT"
"CA Expiration","Subscriber:user@ccmqa.com","Your Sectigo Private CA is expiring soon!","09/17/2025 12:04:53 GMT"
"CA Expiration","ttt@ccmqa.com","Your Sectigo Private CA is expiring soon!","09/17/2025 12:04:53 GMT"
"CA Expiration","11133332@xr.ccmqa.com","Your Sectigo Private CA is expiring soon!","09/17/2025 12:04:53 GMT"
"CA Expiration","user@ccmqa.com","Your Sectigo Private CA is expiring soon!","09/17/2025 12:04:53 GMT"
"CA Expiration","delete@ccmqa.com","Your Sectigo Private CA is expiring soon!","09/17/2025 12:04:53 GMT"Private key agent activity report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Report type. Value: PK_CONTROLLER_ACTIVITY_LOG |
[Must not be null] |
dates |
Object |
Dates object parameter |
[] |
dates.type |
String |
Dates match type. Values: [LAST, NEXT, BEFORE, AFTER, RANGE] |
[] |
dates.days |
Number |
Dates match limit in days. |
[] |
dates.from |
String |
Dates match limit from date. |
[] |
dates.to |
String |
Dates match limit to date. |
[] |
Example request
$ curl 'https://cert-manager.com/api/report/v2/stream' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer21644' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"type" : "PK_CONTROLLER_ACTIVITY_LOG",
"dates" : {
"type" : "LAST",
"days" : 30
}
}'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream;charset=UTF-8
Content-Disposition: attachment; filename="report-2025-12-04-08-00-32.csv"
Content-Length: 273
"Id","Action","Date/Time","SSL cert","Description"
"50","Controller configuration updated","07/09/2020 11:52:43 GMT","",
"51","Controller configuration updated","07/09/2020 12:00:30 GMT","",
"61","Private Key and CSR generated","01/26/2021 16:43:53 GMT","","tt3.ccmqa.com"Brand certificate report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
type |
String |
Report type. Value: BRAND_CERTS |
[Must not be null] |
certificateStatus |
String |
Certificate status for date |
[] |
dates |
Object |
Dates object parameter |
[] |
dates.type |
String |
Dates match type. Values: [LAST, NEXT, BEFORE, AFTER, RANGE] |
[] |
dates.days |
Number |
Dates match limit in days. |
[] |
dates.from |
String |
Dates match limit from date. |
[] |
dates.to |
String |
Dates match limit to date. |
[] |
currentStatus |
String |
Certificate’s current status. Values: [ANY, REQUESTED, ISSUED, REVOKED, EXPIRED, PENDING_DOWNLOAD, NOT_ENROLLED, AWAITING_APPROVAL, APPROVED, APPLIED, DOWNLOADED, EXTERNAL] |
[] |
requestVia |
String |
Filter certificate by request type. Values: [WEB_FORM, CLIENT_ADMIN, API, DISCOVERY, IMPORTED, SCEP, CD_AGENT, MS_AGENT, MS_CA, BULK_REQUEST, ACME, EST, REST] |
[] |
orgs |
Array |
Filter certificates by organization IDs |
[] |
Example request
$ curl 'https://cert-manager.com/api/report/v2/stream' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer21626' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{
"type" : "BRAND_CERTS",
"certificateStatus" : "ENROLLED",
"dates" : {
"type" : "RANGE",
"from" : "2020-01-01",
"to" : "2025-01-01"
},
"currentStatus" : "ANY",
"requestVia" : "ACME",
"orgs" : [ 11924 ]
}'Example response
HTTP/1.1 200 OK
Content-Type: application/octet-stream;charset=UTF-8
Content-Disposition: attachment; filename="report-2025-12-04-08-00-32.csv"
Content-Length: 3551
"Id","Type","Common Name","Subject Alternative Names","Issuer","Status","Requester","Approver","Organization","Department","Order number","Serial Number","Requested via","Term (days)","Comments","Valid from","Approved","Declined","Issued","Downloaded","Expires","Revoked","City","State","Country","Signature Algorithm","Public Key Algorithm","Public Key Size / Curve","SHA1 Hash","MD5 Hash","Requested","Type_Id","Org_Id"
"251","BIMI","ccmqa.com",,"CN=SSL.com VMC Issuing ECC CA 1 - DEV,O=SSL Corporation,C=US","Issued","admin admin","admin admin","Advanced",,"7728539","794A6F7AF56A25D570ECE46AD1E690FE","Client Admin","365","","09/02/2025","","09/12/2025","09/02/2025","09/12/2025","09/02/2026",,"Odesa","5","UA","SHA384WITHECDSA","EC","P-256","40a9d7454de6aff7d3e683251051219de47a647d","740c41b1d1554c9ea06777be59881336","09/12/2025","1038","2"
"250","BIMI","ccmqa.com","test.ccmqa.com","ss","Issued","admin admin","admin admin","Advanced",,"7788266",,"Web API","365","""dddd""",,"","09/05/2025",,"09/01/2025",,,"Odesa","5","UA","''","","",,,"09/05/2025","1038","2"
"301","BIMI","ccmqa.com",,,"Applied","admin admin","admin admin","Advanced",,"7847489",,"Client Admin","365","",,"","09/12/2025",,,,,"Odesa","4","UA","","RSA","2048",,,"09/12/2025","1038","2"
"551","BIMI CMC","ccmqa.com",,"CN=SSL.com VMC Issuing ECC CA 1 - DEV,O=SSL Corporation,C=US","Issued","admin admin","admin admin","Advanced",,"7728539","794A6F7AF56A25D570ECE46AD1E690FE","Client Admin","365","","09/02/2025","","09/17/2025","09/02/2025","09/17/2025","09/02/2026",,"Odesa","5","UA","SHA384WITHECDSA","EC","P-256","40a9d7454de6aff7d3e683251051219de47a647d","740c41b1d1554c9ea06777be59881336","09/17/2025","1039","2"
"501","BIMI","ccmqa.com",,"CN=SSL.com VMC Issuing ECC CA 1 - DEV,O=SSL Corporation,C=US","Issued","admin admin","admin admin","Advanced",,"7728539","794A6F7AF56A25D570ECE46AD1E690FE","Client Admin","365","","09/02/2025","","09/16/2025","09/02/2025",,"09/02/2026",,"Odesa","5","UA","SHA384WITHECDSA","EC","P-256","40a9d7454de6aff7d3e683251051219de47a647d","740c41b1d1554c9ea06777be59881336","09/16/2025","1038","2"
"451","BIMI","ccmqa.com",,"CN=SSL.com VMC Issuing ECC CA 1 - DEV,O=SSL Corporation,C=US","Issued","admin admin","admin admin","Advanced",,"7728539","794A6F7AF56A25D570ECE46AD1E690FE","Client Admin","365","","09/02/2025","","09/12/2025","09/02/2025",,"09/02/2026",,"Odesa","5","UA","SHA384WITHECDSA","EC","P-256","40a9d7454de6aff7d3e683251051219de47a647d","740c41b1d1554c9ea06777be59881336","09/12/2025","1038","2"
"351","BIMI","ccmqa.com",,"CN=SSL.com VMC Issuing ECC CA 1 - DEV,O=SSL Corporation,C=US","Issued","admin admin","admin admin","Advanced",,"7728539","794A6F7AF56A25D570ECE46AD1E690FE","Client Admin","365","","09/02/2025","","09/12/2025","09/02/2025","09/17/2025","09/02/2026",,"Odesa","5","UA","SHA384WITHECDSA","EC","P-256","40a9d7454de6aff7d3e683251051219de47a647d","740c41b1d1554c9ea06777be59881336","09/12/2025","1038","2"
"401","BIMI","ccmqa.com",,"CN=SSL.com VMC Issuing ECC CA 1 - DEV,O=SSL Corporation,C=US","Issued","admin admin","admin admin","Advanced",,"7728539","794A6F7AF56A25D570ECE46AD1E690FE","Client Admin","365","","09/02/2025","","09/12/2025","09/02/2025",,"09/02/2026",,"Odesa","5","UA","SHA384WITHECDSA","EC","P-256","40a9d7454de6aff7d3e683251051219de47a647d","740c41b1d1554c9ea06777be59881336","09/12/2025","1038","2"
"601","BIMI","ccmqa.com",,,"Applied","admin admin","admin admin","Advanced",,"7878110",,"Client Admin","365","",,"","09/18/2025",,,,,"Odesa","4","UA","","RSA","2048",,,"09/18/2025","1038","2"Report APIs
Activity log report
Retrieves a log of SCM activities for a customer’s account, including actions on Certificates and actions of Agents.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
from |
String |
Filters the audit log records by 'created' date. Activity log includes the events that occurred from this date. |
ISO format, YYYY-MM-DD. Must be earlier than 'to' date. |
to |
String |
Filters the audit log records by 'created' date. Activity log includes the events that occurred not later than this date. |
ISO format, YYYY-MM-DD. Must not be earlier than 'from' date. |
Example request
$ curl 'https://cert-manager.com/api/report/v1/activity?output_type=buffered' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer21589' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"from":"2019-01-01T00:00:00.000Z","to":"2019-01-31T00:00:00.000Z"}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Report execution status code |
|
|
Array of reported activity log records with details |
|
|
Activity log record ID |
|
|
Activity log record GUID |
|
|
An access method used to perform the action |
|
|
Action timestamp |
|
|
Source IP address of the action request |
|
|
Activity log record description |
|
|
Action info |
|
|
Action ID |
|
|
Action name |
|
|
Organization info |
|
|
An organization name which this action is associated with |
|
|
Organization address line 1 |
|
|
Organization address line 2 |
|
|
Organization address line 3 |
|
|
Person info |
|
|
A person name which this action is associated with |
|
|
Person email |
|
|
Person GUID |
|
|
Admin user info |
|
|
An admin login which this action is associated with |
|
|
Admin full name |
|
|
Admin email |
|
|
Client certificate info |
|
|
Client certificate subject |
|
|
The obsolete parameter for the order identifier under which the client certificate request has been processed. backendCertId should be used instead |
|
|
Client certificate ID in enrolling backend |
|
|
SSL certificate info |
|
|
SSL certificate common name |
|
|
The obsolete parameter for the order identifier under which the SSL certificate request has been processed. backendCertId should be used instead |
|
|
SSL certificate ID in enrolling backend |
|
|
SSL certificate term (days) |
|
|
SSL certificate profile name |
|
|
Notification info |
|
|
Notification description |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Disposition: attachment; filename="rest_api_activity.json"
Cache-Control: must-revalidate
Pragma: public
Content-Length: 339
{"statusCode":0,"reports":[{"id":0,"guid":"f308bfa90e5845109adab1d11eaf5ded","action":{"id":0,"actionName":"ClientAdmin: login success"},"admin":{"login":"admin","fullName":"MRAO admin","email":"admin@somecompany.com"},"description":"Login success","accessMethod":"UI access","address":"37.214.176.150","date":"2025-12-04T08:00:20.472Z"}]}SSL certificates report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
organizationIds |
Array |
Unique identifiers of the organizations. The report contains SSL certificates associated with these organizations. |
[] |
commonName |
String |
The report will contain only certs with Common Name pattern like this |
[Must match the regular expression |
externalRequester |
String |
The report will contain only certs with External Requester pattern like this (case sensitive) |
[Maximum length is 512 characters or can be empty] |
certificateStatus |
Number |
Status ID of SSL certificates that are included in the report. |
The values applicable to this type of report are: [0(Any), 1(Requested), 2(Issued), 3(Revoked), 4(Expired)]. 11(External) - deprecated, see 'Certificate Status Codes' section for details. |
certificateDateAttribute |
Number |
Unique identifier of the date type. |
The values applicable to this type of report are: [2 (Revocation Date), 3 (Expiration Date), 4 (Request Date), 5 (Issuance Date)] |
from |
String |
The report contains SSL certificates which date, defined by 'certificateDateAttribute' request field, is not earlier than this date. |
ISO format, YYYY-MM-DD. Must be earlier than 'to' date. |
to |
String |
The report contains SSL certificates which date, defined by 'certificateDateAttribute' request field, is not later than this date. |
ISO format, YYYY-MM-DD. Must not be earlier than 'from' date. |
certificateRequestSource |
Number |
The source a certificate has been requested from. |
The values applicable to this type of report are: 0 (Enrollment Form) 1 (Client Admin) 2 (Web API) 3 (Discovery) 4 (Imported) 5 (SCEP) 7 (MS Agent) 9 (Bulk Request) 10 (ACME) 11 (EST) 12 (REST API) |
serialNumberFormat |
String |
Special format of a Serial Number, if required. |
If the value specified is 'HEXWithLeadingZeros', then report contains certificate serial numbers in HEX format without leading zeros stripped. |
includeIpAddresses |
Boolean |
Include certificate IP locations. Significantly affects report generation time. |
Example request
$ curl 'https://cert-manager.com/api/report/v1/ssl-certificates?output_type=buffered' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer21618' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"from":"2019-01-01T00:00:00.000Z","to":"2019-01-31T00:00:00.000Z","organizationIds":[11920],"certificateStatus":1,"certificateDateAttribute":1,"certificateRequestSource":0,"serialNumberFormat":"","includeIpAddresses":false}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Report execution status code |
|
|
Array of reported SSL certificates with details |
|
|
Certificate common name |
|
|
An ID using which this certificate can be renewed or revoked through Enrollment form |
|
|
An organization ID which this certificate is associated with |
|
|
An organization name which this certificate is associated with |
|
|
An organization city which this certificate is associated with |
|
|
An organization state which this certificate is associated with |
|
|
An organization country which this certificate is associated with |
|
|
The status of this certificate |
|
|
The obsolete parameter for the order identifier under which the certificate request has been processed. backendCertId should be used instead |
|
|
Certificate ID in enrolling backend |
|
|
Deprecated |
|
|
Deprecated |
|
|
Certificate Profile ID |
|
|
Certificate Profile name |
|
|
Term (days) |
|
|
The subject of the issuing CA certificate |
|
|
Requester |
|
|
Approver |
|
|
External requester |
|
|
Comments |
|
|
Requested date |
|
|
Approved date |
|
|
Declined date |
|
|
Downloaded date |
|
|
Expiration date |
|
|
Revocation date |
|
|
Replaced date |
|
|
IP addresses |
|
|
Key algorithm (deprecated, see "publicKeyType") |
|
|
Key size (deprecated, see "publicKeyType") |
|
|
Key type. For example: RSA - 2048, EC - P-256. |
|
|
Subject alternative names |
|
|
SSL Serial Number |
|
|
Requested Via. Possible values: 'Enrollment Form', 'Client Admin', 'Web API', 'Discovery', 'Imported', 'SCEP', 'CD Agent', 'MS Agent', 'MS CA', 'Bulk Request', 'ACME', 'EST', 'REST API' |
|
|
SHA1 Hash |
|
|
MD5 Hash |
|
|
Custom fields |
|
|
Custom field name |
|
|
Custom field value |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Disposition: attachment; filename="rest_api_ssl-certificates.json"
Cache-Control: must-revalidate
Pragma: public
Content-Length: 597
{"statusCode":0,"reports":[{"id":1048,"type":"SSL SASP -1174394378","typeId":6595,"orgId":11920,"commonName":"ccmqa.com","status":"Requested","requester":"21621_nobody@nobody.sectigo.com","organizationName":"org4Test","orderNumber":7344326,"backendCertId":"7344326","servers":1,"serverType":"OTHER","requestedVia":"Enrollment Form","term":365,"comments":"some comments","requested":"2025-12-04T08:00:23.039Z","downloaded":"2019-01-02T00:00:00.000Z","expires":"2026-12-04T08:00:23.020Z","issuer":"issuer","serialNumber":"","city":"Odesa","state":"Odeska oblast","country":"UA","sha1":"AAABBBCCC"}]}Brand certificates report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
organizationIds |
Array |
Unique identifiers of the organizations. The report contains Brand certificates associated with these organizations. |
[] |
commonName |
String |
The report will contain only certs with Common Name pattern like this |
[Must match the regular expression |
externalRequester |
String |
The report will contain only certs with External Requester pattern like this (case sensitive) |
[] |
certificateStatus |
Number |
Status ID of Brand certificates that are included in the report. |
The values applicable to this type of report are: [0(Any), 1(Requested), 2(Issued), 3(Revoked), 4(Expired)] |
certificateDateAttribute |
Number |
Unique identifier of the date type. |
The values applicable to this type of report are: [2 (Revocation Date), 3 (Expiration Date), 4 (Request Date), 5 (Issuance Date)] |
from |
String |
The report contains Brand certificates which date, defined by 'certificateDateAttribute' request field, is not earlier than this date. |
ISO format, YYYY-MM-DD. Must be earlier than 'to' date. |
to |
String |
The report contains Brand certificates which date, defined by 'certificateDateAttribute' request field, is not later than this date. |
ISO format, YYYY-MM-DD. Must not be earlier than 'from' date. |
certificateRequestSource |
Number |
The source a certificate has been requested from. |
The values applicable to this type of report are: 0 (Client Admin) 1 (REST) 2 (Imported) |
serialNumberFormat |
String |
Special format of a Serial Number, if required. |
If the value specified is 'HEXWithLeadingZeros', then report contains certificate serial numbers in HEX format without leading zeros stripped. |
Example request
$ curl 'https://cert-manager.com/api/report/v1/brand-certificates?output_type=buffered' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer21592' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"from":"2019-01-01T00:00:00.000Z","to":"2019-01-31T00:00:00.000Z","organizationIds":[11904],"certificateStatus":1,"certificateDateAttribute":1,"certificateRequestSource":0,"serialNumberFormat":""}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Report execution status code |
|
|
Array of reported Brand certificates with details |
|
|
Certificate common name |
|
|
An ID using which this certificate can be renewed or revoked through Enrollment form |
|
|
An organization ID which this certificate is associated with |
|
|
An organization name which this certificate is associated with |
|
|
An organization city which this certificate is associated with |
|
|
An organization state which this certificate is associated with |
|
|
An organization country which this certificate is associated with |
|
|
The status of this certificate |
|
|
Certificate ID in enrolling backend |
|
|
Certificate Profile ID |
|
|
Certificate Profile name |
|
|
Term (days) |
|
|
The subject of the issuing CA certificate |
|
|
Requester |
|
|
Approver |
|
|
Comments |
|
|
Requested date |
|
|
Approved date |
|
|
Downloaded date |
|
|
Expiration date |
|
|
Revocation date |
|
|
Signature algorithm |
|
|
Public key algorithm |
|
|
Key type. For example: RSA - 2048, EC - P-256. |
|
|
Subject alternative names |
|
|
Certificate Serial Number |
|
|
Requested Via. Possible values: 'Client Admin', 'REST', 'Imported' |
|
|
SHA1 Hash |
|
|
MD5 Hash |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Disposition: attachment; filename="rest_api_brand-certificates.json"
Cache-Control: must-revalidate
Pragma: public
Content-Length: 628
{"statusCode":0,"reports":[{"id":11,"profileName":"Brand Indicator Certificate SASP -640573127","commonName":"ccmqa.com","issuer":"issuer","requester":"client-admin-21593 client-admin-21593","organization":"org4Test","backendCertId":"7344326","serialNumber":"","requestedVia":"Client Admin","term":365,"comments":"some comments","requested":"2025-12-04T08:00:20.638Z","downloaded":"2019-01-02T00:00:00.000Z","expires":"2026-12-04T08:00:20.625Z","city":"Odesa","state":"Odeska oblast","country":"UA","signatureAlgorithm":"","publicKeyAlgorithm":"","publicKeyParam":"","sha1":"AAABBBCCC","md5":"","profileId":6590,"orgId":11904}]}Client certificates report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
organizationIds |
Array |
Unique identifiers of the organizations. The report contains Client certificates associated with these organizations. |
[] |
certificateStatus |
Number |
Status ID of Client certificates that are included in the report. |
The values applicable to this type of report are: [0(Any), 2(Enrolled), 3(Revoked), 4(Expired), 5(Enrolled - Pending Download), 6(Not Enrolled)]. 2(Enrolled) - Former 'Enrolled - Downloaded'. Use with "certificateDateAttribute" equal to "Date of Downloading" to get old semantic. Person list (without client certificates) will be present in the report as well for values: [0(Any), 6(Not Enrolled)] |
certificateDateAttribute |
Number |
Unique identifier of the date type. |
The values applicable to this type of report are: [0(Enrolled Date), 1(Downloaded Date), 2(Revocation Date), 3(Expiration Date)] |
from |
String |
The report contains Client certificates which date, defined by 'certificateDateAttribute' request field, is not earlier than this date. |
ISO format, YYYY-MM-DD. Must be earlier than 'to' date. |
to |
String |
The report contains Client certificates which date, defined by 'certificateDateAttribute' request field, is not later than this date. |
ISO format, YYYY-MM-DD. Must not be earlier than 'from' date. |
Example request
$ curl 'https://cert-manager.com/api/report/v1/client-certificates?output_type=buffered' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer21596' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"from":"2019-01-01T00:00:00.000Z","to":"2019-01-31T00:00:00.000Z","organizationIds":[11907],"certificateStatus":3,"certificateDateAttribute":1}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Report execution status code |
|
|
Array of reported client certificates with details |
|
|
An ID using which this certificate can be renewed or revoked through Enrollment form |
|
|
Certificate subject |
|
|
Certificate email |
|
|
The obsolete parameter for the order identifier under which the certificate request has been processed. backendCertId should be used instead |
|
|
Certificate ID in enrolling backend |
|
|
Enrolled date |
|
|
Download date |
|
|
Expiration date |
|
|
Enrollment type. Possible values: 'Admin Enroll', 'Self Enroll', 'API Enroll', 'Auto Enroll', 'CSV Enroll', 'SCEP Enroll', 'IdP Enroll', 'MS Agent Enroll', 'Discovery', 'MS CA Enroll', 'Imported', 'EST Enroll', 'REST Enroll API' |
|
|
Organization info |
|
|
Organization ID |
|
|
An organization name which this certificate is associated with |
|
|
Person info |
|
|
A person name which this certificate is associated with |
|
|
Person email |
|
|
Person GUID |
|
|
Custom fields |
|
|
Custom field name |
|
|
Custom field value |
|
|
Certificate comments |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Disposition: attachment; filename="rest_api_client-certificates.json"
Cache-Control: must-revalidate
Pragma: public
Content-Length: 484
{"statusCode":0,"reports":[{"id":266,"person":{"name":"Tester","email":"21601_nobody@nobody.sectigo.com","guid":"3095c3e4-f146-3133-a5e6-be134eb2ebe2"},"organization":{"id":"11907","name":"org4Test"},"subject":"test@email","email":"21601_nobody@nobody.sectigo.com","orderNumber":1,"backendCertId":"1","enrolled":"2019-01-02T00:00:00.000Z","downloaded":"2019-01-02T00:00:00.000Z","expire":"2020-01-02T00:00:00.000Z","enrollType":"Self Enroll","comments":"Enrolled by urgent request"}]}Device certificates report
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
organizationIds |
Array |
Unique identifiers of the organizations. The report contains Device certificates associated with these organizations. |
[] |
certificateStatus |
Number |
Status ID of Device certificates that are included in the report. |
The values applicable to this type of report are: [0 (Any), 1 (Requested), 8 (Approved), 9 (Applied), 2 (Issued), 3 (Revoked), 4 (Expired)]. Deprecated statuses: 10 (Downloaded), 7 (Awaiting Approval) - see 'Certificate Status Codes' section for details. |
certificateDateAttribute |
Number |
Unique identifier of the date type. |
The values applicable to this type of report are: [2(Revocation Date), 3(Expiration Date), 4(Request Date), 5(Issuance Date)] |
from |
String |
The report contains Device certificates which date, defined by 'certificateDateAttribute' request field, is not earlier than this date. |
ISO format, YYYY-MM-DD. Must be earlier than 'to' date. |
to |
String |
The report contains Device certificates which date, defined by 'certificateDateAttribute' request field, is not later than this date. |
ISO format, YYYY-MM-DD. Must not be earlier than 'from' date. |
serialNumberFormat |
String |
Special format of a Serial Number, if required. |
If the value specified is 'HEXWithLeadingZeros', then report contains certificate serial numbers in HEX format without leading zeros stripped. |
Example request
$ curl 'https://cert-manager.com/api/report/v1/device-certificates?output_type=buffered' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer21605' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"from":"2025-12-03T08:00:22.430Z","to":"2025-12-05T08:00:22.430Z","certificateStatus":8,"certificateDateAttribute":4,"serialNumberFormat":""}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Report execution status code |
|
|
Array of reported device certificates with details |
|
|
An ID using which this certificate can be renewed or revoked through Enrollment form |
|
|
Certificate common name |
|
|
Certificate subject |
|
|
Approver |
|
|
An organization city which this certificate is associated with |
|
|
An organization state which this certificate is associated with |
|
|
An organization country which this certificate is associated with |
|
|
The status of this certificate |
|
|
Device certificate serial number |
|
|
Certificate email |
|
|
The obsolete parameter for the order identifier under which the certificate request has been processed. backendCertId should be used instead |
|
|
Certificate ID in enrolling backend |
|
|
Enrolled date |
|
|
Expiration date |
|
|
Enrollment type. Possible values: 'API', 'DISCOVERY', 'API_APPROVAL', 'SELF_ENROLLMENT', 'SCEP_ENROLL', 'MS_CA', 'MS_CA_ENROLL_ON_BEHALF', 'UI', 'EST_ENROLL', 'REST_ENROLL', 'IMPORTED' |
|
|
Key algorithm (deprecated, see "keyType") |
|
|
Key size (deprecated, see "keyType") |
|
|
Key type. For example: RSA - 2048, EC - P-256. |
|
|
Signature algorithm |
|
|
Certificate Profile name |
|
|
Key usage extensions define the purpose of the public key contained in a certificate |
|
|
Extended key usage further refines key usage extensions |
|
|
Certificate authority ID |
|
|
Certificate authority name |
|
|
Organization info |
|
|
Organization ID |
|
|
An organization name which this certificate is associated with |
|
|
Custom fields |
|
|
Custom field name |
|
|
Custom field value |
|
|
Certificate comments |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Disposition: attachment; filename="rest_api_device-certificates.json"
Cache-Control: must-revalidate
Pragma: public
Content-Length: 649
{"statusCode":0,"reports":[{"id":389,"commonName":"34356576543tnl54hgnu49u90g","organization":{"id":"11911","name":"org4Test"},"deviceCertStatus":"Approved","subject":"C=UA,ST=Odessa,L=Odessa,O=Test,OU=Test,CN=Test,E=test@test.test","email":"Someone@nobody.sectigo.com","city":"Odesa","state":"Odesa","country":"Ukraine","orderNumber":100500,"backendCertId":"100500","serialNumber":"","certTypeName":"Device cert SASP -923528020","expire":"2026-12-04T08:00:22.413Z","enrollType":"API","keyAlgorithm":"RSA","keySize":2048,"keyType":"RSA - 2048","signatureAlgorithm":"","approver":"client-admin client-admin","comments":"Enrolled by urgent request"}]}Domains report
Example request
$ curl 'https://cert-manager.com/api/report/v1/domains' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer21611' \
-H 'password: Password123!' \
-H 'customerUri: test'Response body
{"statusCode":0,"reports":[{"id":2194,"name":"scmqa.com","status":"Active","requested":"2025-12-04T08:00:22.749Z","dcvStatus":"Validated","stickyUntil":"2019-01-03T00:00:00.000Z"}]}Response fields
| Path | Type | Description |
|---|---|---|
|
|
Report execution status code |
|
|
Array of reported domain records with details |
|
|
Domain id |
|
|
Domain name |
|
|
Domain state. Available values are: [Suspended, Active] |
|
|
Domain requested date |
|
|
DCV expiration date |
|
|
Domain control validation status. Possible values: 'Not Initiated', 'Validated', 'Action Required', 'Expired' |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Disposition: attachment; filename="rest_api_domains.json"
Cache-Control: must-revalidate
Pragma: public
Content-Length: 181
{"statusCode":0,"reports":[{"id":2194,"name":"scmqa.com","status":"Active","requested":"2025-12-04T08:00:22.749Z","dcvStatus":"Validated","stickyUntil":"2019-01-03T00:00:00.000Z"}]}ACME
Sectigo Public ACME
List Sectigo Public ACME servers
Query parameters
| Parameter | Description |
|---|---|
|
the first position (entry) to return from the results of the query |
|
Count of entries |
|
ACME server name |
|
ACME server URL |
|
ACME server validation type. Values: [DV, OV, EV] |
|
ACME server CA ID |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/server?position=0&size=10&name=OV+ACME+Server&url=https%3A%2Facmeserverfortest-OV&certValidationType=OV&caId=40485' -i -X GET \
-H 'login: nick-4961' \
-H 'password: Password123!' \
-H 'customerUri: cst4960'Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of ACME servers |
|
|
ACME server name |
|
|
ACME server validation type. Values: [DV, OV, EV] |
|
|
ACME server URL |
|
|
ACME server CA ID |
|
|
ACME server single product ID |
|
|
ACME server multi product ID |
|
|
ACME server WC product ID |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 169
[{"url":"https:/acmeserverfortest-OV","caId":40485,"name":"OV ACME Server","singleProductId":66362,"multiProductId":23234,"wcProductId":14608,"certValidationType":"OV"}]List Sectigo Public ACME accounts
V2
Query parameters
| Parameter | Description |
|---|---|
|
the first position (entry) to return from the results of the query |
|
Count of entries |
|
Organization ID. You can append '%2C-2' (e.g. organizationId=105%2C-2) URL-encoded suffix for none departments selection, only organization(e.g. with ID=105) itself. |
|
ACME account name |
|
ACME account server name |
|
ACME account server validation type. Values: [DV, OV, EV] |
Example request
$ curl 'https://cert-manager.com/api/acme/v2/account?position=0&size=10&organizationId=10754&name=OV+ACME+Account&acmeServer=OV+ACME+Server' -i -X GET \
-H 'login: nick-5246' \
-H 'password: Password123!' \
-H 'customerUri: cst5239'Response headers
| Name | Description |
|---|---|
|
Total count of filtered ACME accounts existing on Sectigo public CA side |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of ACME accounts |
|
|
ACME account entity ID |
|
|
ACME account name |
|
|
ACME account HMAC key |
|
|
ACME account key ID |
|
|
ACME account server name |
|
|
ACME account organization ID |
|
|
ACME account server validation type. Values: [DV, OV, EV] |
|
|
ACME account ID |
|
|
OV anchor certificate ID for OV accounts and EV tracking ID for EV accounts |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json
Content-Length: 343
[{"id":450,"accountId":"6d18026e-e935-4f6d-be57-14a118652ff6","macId":"6d18026e-e935-4f6d-be57-14a118652ff6","macKey":"0b1db6f9-752d-4f35-aa55-28ff2da64805","acmeServer":"OV ACME Server","name":"OV ACME Account","organizationId":10754,"certValidationType":"OV","ovOrderNumber":1724051766,"ovAnchorID":"1724051766","validationId":"1724051766"}]V1 - Deprecated
Query parameters
| Parameter | Description |
|---|---|
|
the first position (entry) to return from the results of the query |
|
Count of entries |
|
Organization ID. You can append '%2C-2' (e.g. organizationId=105%2C-2) URL-encoded suffix for none departments selection, only organization(e.g. with ID=105) itself. |
|
ACME account name |
|
ACME account server name |
|
ACME account server validation type. Values: [DV, OV, EV] |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/account?position=0&size=10&organizationId=10728&name=OV+ACME+Account&acmeServer=OV+ACME+Server' -i -X GET \
-H 'login: nick-5059' \
-H 'password: Password123!' \
-H 'customerUri: cst5052'Response headers
| Name | Description |
|---|---|
|
Total count of filtered ACME accounts existing on SASP public CA side |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of ACME accounts |
|
|
ACME account entity ID |
|
|
ACME account name |
|
|
ACME account HMAC key |
|
|
ACME account key ID |
|
|
ACME account server name |
|
|
ACME account organization ID |
|
|
ACME account server validation type. Values: [DV, OV, EV] |
|
|
ACME account ID |
|
|
OV order number (deprecated, see 'ovAnchorID') |
|
|
OV anchor certificate ID. |
|
|
ACME account’s organization pre-validation ID. |
|
|
ACME account domains |
|
|
ACME account domain name |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json
Content-Length: 415
[{"id":409,"accountId":"4d0d0080-28ee-4f79-b6c9-e50e98d7c14f","macId":"4d0d0080-28ee-4f79-b6c9-e50e98d7c14f","macKey":"ea68b582-d53b-4057-b15e-b5a2c14cc6c7","acmeServer":"OV ACME Server","name":"OV ACME Account","organizationId":10728,"certValidationType":"OV","ovOrderNumber":1992175752,"ovAnchorID":"1992175752","validationId":"1992175752","domains":[{"name":"domain.ccmqa.com"},{"name":"sub.domain.ccmqa.com"}]}]Get Sectigo Public ACME account details
V2
Path parameters
| Parameter | Description |
|---|---|
|
ACME account entity ID |
Example request
$ curl 'https://cert-manager.com/api/acme/v2/account/446' -i -X GET \
-H 'login: nick-5232' \
-H 'password: Password123!' \
-H 'customerUri: cst5225' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
ACME account entity ID |
|
|
ACME account name |
|
|
ACME account HMAC key |
|
|
ACME account key ID |
|
|
ACME account server name |
|
|
ACME account organization ID |
|
|
ACME account server validation type. Values: [DV, OV, EV] |
|
|
ACME account ID |
|
|
OV anchor certificate ID for OV accounts and EV tracking ID for EV accounts |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 338
{"id":446,"accountId":"d1e31e48-7c6d-4f9e-9b7a-deac56a827bc","macId":"d1e31e48-7c6d-4f9e-9b7a-deac56a827bc","macKey":"cd697877-b660-4ea5-9b33-973332a90193","acmeServer":"EV ACME Server","name":"EV ACME Account","organizationId":10752,"certValidationType":"EV","ovOrderNumber":471247411,"ovAnchorID":"471247411","validationId":"471247411"}V1 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
ACME account entity ID |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/account/405' -i -X GET \
-H 'login: nick-5045' \
-H 'password: Password123!' \
-H 'customerUri: cst5038' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
ACME account entity ID |
|
|
ACME account name |
|
|
ACME account HMAC key |
|
|
ACME account key ID |
|
|
ACME account server name |
|
|
ACME account organization ID |
|
|
ACME account server validation type. Values: [DV, OV, EV] |
|
|
ACME account ID |
|
|
For OV accounts only: OV order number (deprecated, see 'ovAnchorID') |
|
|
For OV accounts only: OV anchor certificate ID. |
|
|
ACME account’s organization pre-validation ID. |
|
|
ACME account domains |
|
|
ACME account domain name |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 378
{"id":405,"accountId":"c2a9a569-e21d-4852-87a9-46d828664bc9","macId":"c2a9a569-e21d-4852-87a9-46d828664bc9","macKey":"1c784a49-3be7-4d8b-b71a-03a525d7a930","acmeServer":"EV ACME Server","name":"EV ACME Account","organizationId":10726,"certValidationType":"EV","ovOrderNumber":286929242,"ovAnchorID":"286929242","validationId":"286929242","domains":[{"name":"domain.ccmqa.com"}]}Create Sectigo Public ACME account
V2
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
ACME account name |
[] |
acmeServer |
String |
ACME account server name |
[] |
organizationId |
Number |
ACME account organization ID |
[] |
Example request
$ curl 'https://cert-manager.com/api/acme/v2/account' -i -X POST \
-H 'Content-Type: application/json' \
-H 'login: nick-5115' \
-H 'password: Password123!' \
-H 'customerUri: cst5108' \
-d '{"acmeServer":"EV ACME Server","name":"EV ACME Account","organizationId":10736}'Response headers
| Name | Description |
|---|---|
|
New ACME account resource added on Private CA |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/acme/v2/account/424V1 - Deprecated
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
ACME account name |
[] |
acmeServer |
String |
ACME account server name |
[] |
organizationId |
Number |
ACME account organization ID |
[] |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/account' -i -X POST \
-H 'Content-Type: application/json' \
-H 'login: nick-5002' \
-H 'password: Password123!' \
-H 'customerUri: cst4995' \
-d '{"acmeServer":"EV ACME Server","name":"EV ACME Account","organizationId":10720}'Response headers
| Name | Description |
|---|---|
|
New ACME account resource added on Private CA |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/acme/v1/account/398Update Sectigo Public ACME account details
V2
Path parameters
| Parameter | Description |
|---|---|
|
ACME account entity ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
ACME account name |
[] |
Example request
$ curl 'https://cert-manager.com/api/acme/v2/account/431' -i -X PUT \
-H 'Content-Type: application/json' \
-H 'login: nick-5158' \
-H 'password: Password123!' \
-H 'customerUri: cst5151' \
-d '{"name":"EV ACME Account Updated"}'Example response
HTTP/1.1 200 OKV1 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
ACME account entity ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
ACME account name |
[] |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/account/414' -i -X PUT \
-H 'Content-Type: application/json' \
-H 'login: nick-5087' \
-H 'password: Password123!' \
-H 'customerUri: cst5080' \
-d '{"name":"EV ACME Account Updated"}'Example response
HTTP/1.1 200 OKDelete Sectigo Public ACME account
V2
Path parameters
| Parameter | Description |
|---|---|
|
ID of ACME account that being deleted |
Example request
$ curl 'https://cert-manager.com/api/acme/v2/account/426' -i -X DELETE \
-H 'login: nick-5130' \
-H 'password: Password123!' \
-H 'customerUri: cst5123'Example response
HTTP/1.1 204 No ContentV1 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
ID of ACME account that being deleted |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/account/400' -i -X DELETE \
-H 'login: nick-5017' \
-H 'password: Password123!' \
-H 'customerUri: cst5010'Example response
HTTP/1.1 204 No ContentAdd domains to Sectigo Public ACME account
V2
Path parameters
| Parameter | Description |
|---|---|
|
ACME account entity ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domains[] |
Array |
Domains list |
[Must not be empty] |
domains[].name |
String |
Domain name |
[Must not be blank, Size must be between 1 and 1024 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/acme/v2/account/436/domain' -i -X POST \
-H 'Content-Type: application/json' \
-H 'login: nick-5172' \
-H 'password: Password123!' \
-H 'customerUri: cst5165' \
-d '{"domains":[{"name":"domain.ccmqa.com"},{"name":"sub.domain.ccmqa.com"}]}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Domains not added to the ACME account upon update operation |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2
{}V1 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
ACME account entity ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domains[] |
Array |
Domains list |
[Must not be empty] |
domains[].name |
String |
Domain name |
[Must not be blank, Size must be between 1 and 1024 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/account/390/domains' -i -X POST \
-H 'Content-Type: application/json' \
-H 'login: nick-4970' \
-H 'password: Password123!' \
-H 'customerUri: cst4963' \
-d '{"domains":[{"name":"domain.ccmqa.com"},{"name":"sub.domain.ccmqa.com"}]}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Domains not added to the ACME account upon update operation |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2
{}Remove domains from Sectigo Public ACME account
V2
Path parameters
| Parameter | Description |
|---|---|
|
ACME account entity ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domains[] |
Array |
Domains list |
[Must not be empty] |
domains[].name |
String |
Domain name |
[Must not be blank, Size must be between 1 and 1024 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/acme/v2/account/444/domain' -i -X DELETE \
-H 'Content-Type: application/json' \
-H 'login: nick-5218' \
-H 'password: Password123!' \
-H 'customerUri: cst5211' \
-d '{"domains":[{"name":"domain.ccmqa.com.ua"},{"name":"sub.domain.ccmqa.com"},{"name":"unknown.ccmqa.com"}]}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Domains not removed from the ACME account upon update operation |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 65
{"notRemovedDomains":["domain.ccmqa.com.ua","unknown.ccmqa.com"]}V1 - Deprecated
Path parameters
| Parameter | Description |
|---|---|
|
ACME account entity ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
domains[] |
Array |
Domains list |
[Must not be empty] |
domains[].name |
String |
Domain name |
[Must not be blank, Size must be between 1 and 1024 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/account/403/domains' -i -X DELETE \
-H 'Content-Type: application/json' \
-H 'login: nick-5031' \
-H 'password: Password123!' \
-H 'customerUri: cst5024' \
-d '{"domains":[{"name":"domain.ccmqa.com.ua"},{"name":"sub.domain.ccmqa.com"},{"name":"unknown.ccmqa.com"}]}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Domains not removed from the ACME account upon update operation |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 65
{"notRemovedDomains":["domain.ccmqa.com.ua","unknown.ccmqa.com"]}List Sectigo Public ACME account’s domains
Path parameters
| Parameter | Description |
|---|---|
|
SCM internal ID of ACME account whose domains are requested. |
Query parameters
| Parameter | Description |
|---|---|
|
the first position (entry) to return from the results of the query |
|
Count of entries |
|
The RegExp that can be used as a filter to get ACME account domains whose names match against. Special characters should be URL-encoded e.g. \. ⇒ %5C%2E |
|
Number of days(from current date) that is used as a filter to get ACME account’s domains whose 'validUntil' field(date) falls within the specifies time period, so during which ACME account’s domain validation will be or already has(in case of negative number) expired.Zero number of days means today, negative number of days means before today, positive number of days means after today. |
|
Number of days(from current date) that is used as a filter to get ACME account’s domains whose 'stickyUntil' field(date) falls within the specifies time period, so during which ACME account domain validation sticky will be or already has(in case of negative number) expired. Zero number of days means today, negative number of days means before today, positive number of days means after today. |
Example request
$ curl 'https://cert-manager.com/api/acme/v2/account/459/domain?position=0&size=10&name=.*&expiresWithinNextDays=365&stickyExpiresWithinNextDays=365' -i -X GET \
-H 'login: nick-5288' \
-H 'password: Password123!' \
-H 'customerUri: cst5281'Response headers
| Name | Description |
|---|---|
|
Total count of filtered ACME account’s domains existing on Sectigo public CA side |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
ACME account’s domains |
|
|
ACME account domain name |
|
|
ACME account domain validation until date in ISO-8601 format |
|
|
ACME account domain validation sticky until date in ISO-8601 format. |
|
|
ACME account validated domain OV/EV order number from Sectigo public CA |
Example response
HTTP/1.1 200 OK
X-Total-Count: 2
Content-Type: application/json
Content-Length: 397
[{"name":"domain.ccmqa.com","validUntil":"2026-12-04T07:54:31.705Z","stickyUntil":"2026-12-04T07:54:31.705Z","ovAnchorOrderNumber":1280204347,"ovAnchorID":"1280204347","validationId":"1280204347"},{"name":"sub.domain.ccmqa.com","validUntil":"2026-12-04T07:54:31.705Z","stickyUntil":"2026-12-04T07:54:31.705Z","ovAnchorOrderNumber":1280204347,"ovAnchorID":"1280204347","validationId":"1280204347"}]List Sectigo Public ACME account’s clients
Path parameters
| Parameter | Description |
|---|---|
|
SCM internal ID of ACME account whose clients are requested. |
Query parameters
| Parameter | Description |
|---|---|
|
the first position (entry) to return from the results of the query |
|
Count of entries |
|
The any substring of ACME account client’s 'userAgent' field to match against |
|
The any substring of ACME account client’s 'ipAddress' field to match against |
|
The status string of ACME account client’s 'status' field to equal |
|
Number of days(from end of the current day to the past) that is used as a filter to get ACME account’s clients whose 'lastActivity' field(date) falls within the specifies time period, so during which ACME account’s client was last active (connected/requested the Sectigo public CA). |
|
The any substring of ACME account client’s 'contacts' field to match against |
Example request
$ curl 'https://cert-manager.com/api/acme/v2/account/453/client?position=0&size=10&userAgent=acme&ipAddress=10.1&contacts=%40contact.test&status=valid&lastActivityWithinPrevDays=1' -i -X GET \
-H 'login: nick-5260' \
-H 'password: Password123!' \
-H 'customerUri: cst5253'Response headers
| Name | Description |
|---|---|
|
Total count of filtered ACME account’s clients existing on Sectigo public CA side |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
ACME account’s clients |
|
|
ACME account client’s accountID. Note this identifier is concerning to the ACME client itself, but not to its parent ACME account. |
|
|
ACME account client’s user agent name |
|
|
IP address of host from where the ACME account’s client was last active |
|
|
ACME account client’s status |
|
|
Date when ACME account’s client was last active |
|
|
ACME account client’s contacts |
Example response
HTTP/1.1 200 OK
X-Total-Count: 2
Content-Type: application/json
Content-Length: 415
[{"accountId":"af4f3cd5-81a2-45ed-9afd-a62621b9c960","ipAddress":"1.1.1.1","userAgent":"lego-cli/4.2.0 xenolf-acme/4.2.0 (release; windows; amd64)","status":"valid","lastActivity":"2025-12-04T07:54:31.312Z"},{"accountId":"72005c4e-cde4-48cf-a1b4-bc8e738a079c","ipAddress":"1.1.1.1","userAgent":"lego-cli/4.2.0 xenolf-acme/4.2.0 (release; windows; amd64)","status":"valid","lastActivity":"2025-12-04T07:54:31.312Z"}]Delete Sectigo Public ACME account’s client
Method is no longer supported. Please, use "Deactivate Sectigo Public ACME account’s client" method instead.
Deactivate Sectigo Public ACME account’s client
Path parameters
| Parameter | Description |
|---|---|
|
ID of ACME account whose client will be deactivated |
|
UUID of ACME account’s client that being deactivated (accountId) |
Example request
$ curl 'https://cert-manager.com/api/acme/v2/account/438/client/e6634e75-f0b4-4308-b983-a0f48dd3588c' -i -X PUT \
-H 'login: nick-5190' \
-H 'password: Password123!' \
-H 'customerUri: cst5183'Example response
HTTP/1.1 204 No ContentUniversal ACME
List Universal ACME accounts
Query parameters
| Parameter | Description |
|---|---|
|
the first position (entry) to return from the results of the query |
|
Count of entries |
|
Organization ID |
|
Universal ACME account name |
|
Universal ACME account server name |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/pca/account?position=0&size=10&organizationId=10788&name=Universal+ACME+Account&acmeServer=Universal+ACME+Server' -i -X GET \
-H 'login: nick-5456' \
-H 'password: Password123!' \
-H 'customerUri: cst5451'Response headers
| Name | Description |
|---|---|
|
Total count of filtered ACME accounts existing on Private CA side |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of Universal ACME accounts |
|
|
Universal ACME account entity ID |
|
|
Universal ACME account name |
|
|
Universal ACME account HMAC key |
|
|
Universal ACME account key ID |
|
|
Universal ACME account server name |
|
|
Universal ACME account organization ID |
|
|
Universal ACME account ID |
|
|
Universal ACME account profile name |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json
Content-Length: 218
[{"id":333,"accountId":"c19e2b3b-8218-4c81-b056-76efe67e5cf0","macId":"","macKey":"","acmeServer":"Universal ACME Server","name":"Universal ACME Account","organizationId":10788,"profileName":"SSL PRIVATE_CA -6467236"}]Get Universal ACME account details
Path parameters
| Parameter | Description |
|---|---|
|
Universal ACME account entity ID |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/pca/account/332' -i -X GET \
-H 'login: nick-5446' \
-H 'password: Password123!' \
-H 'customerUri: cst5441' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Universal ACME account entity ID |
|
|
Universal ACME account name |
|
|
Universal ACME account HMAC key |
|
|
Universal ACME account key ID |
|
|
Universal ACME account server name |
|
|
Universal ACME account organization ID |
|
|
Universal ACME account ID |
|
|
Universal ACME account profile name |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 219
{"id":332,"accountId":"249e5c5c-5077-4284-b8cc-017c1d356c4a","macId":"","macKey":"","acmeServer":"Universal ACME Server","name":"Universal ACME Account","organizationId":10786,"profileName":"SSL PRIVATE_CA -2141764354"}Create Universal ACME account
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Universal ACME account name |
[Must not be blank, Size must be between 1 and 128 inclusive] |
acmeServer |
String |
Universal ACME account server name |
[Must not be blank, Size must be between 1 and 1024 inclusive] |
organizationId |
Number |
Universal ACME account organization ID |
[Must be at least 1, Must not be null] |
profileName |
String |
Universal ACME account profile name |
[Must not be empty] |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/pca/account' -i -X POST \
-H 'Content-Type: application/json' \
-H 'login: nick-5407' \
-H 'password: Password123!' \
-H 'customerUri: cst5402' \
-d '{"acmeServer":"Universal ACME Server","name":"Universal ACME Account","organizationId":10778,"profileName":"SSL PRIVATE_CA -556287052"}'Response headers
| Name | Description |
|---|---|
|
New ACME account resource added on Private CA |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/acme/v1/pca/account/328Update Universal ACME account details
Path parameters
| Parameter | Description |
|---|---|
|
Universal ACME account entity ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Universal ACME account name |
[] |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/pca/account/336' -i -X PUT \
-H 'Content-Type: application/json' \
-H 'login: nick-5486' \
-H 'password: Password123!' \
-H 'customerUri: cst5481' \
-d '{"name":"Universal ACME Account Updated"}'Example response
HTTP/1.1 200 OKDelete Universal ACME account
Path parameters
| Parameter | Description |
|---|---|
|
ID of Universal ACME account that being deleted |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/pca/account/330' -i -X DELETE \
-H 'login: nick-5426' \
-H 'password: Password123!' \
-H 'customerUri: cst5421'Example response
HTTP/1.1 204 No ContentList Universal ACME account’s clients
Path parameters
| Parameter | Description |
|---|---|
|
SCM internal ID of Universal ACME account whose clients are requested. |
Query parameters
| Parameter | Description |
|---|---|
|
the first position (entry) to return from the results of the query |
|
Count of entries |
|
The any substring of Universal ACME account client’s 'userAgent' field to match against |
|
The any substring of Universal ACME account client’s 'ipAddress' field to match against |
|
The status string of Universal ACME account client’s 'status' field to equal |
|
Number of days(from end of the current day to the past) that is used as a filter to get Universal ACME account’s clients whose 'lastActivity' field(date) falls within the specifies time period, so during which Universal ACME account’s client was last active (connected/requested the private CA). |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/pca/account/334/client?position=0&size=10&userAgent=acme&ipAddress=10.1&status=valid&status=pending&lastActivityWithinPrevDays=1' -i -X GET \
-H 'login: nick-5466' \
-H 'password: Password123!' \
-H 'customerUri: cst5461'Response headers
| Name | Description |
|---|---|
|
Total count of filtered ACME account’s clients existing on Private CA side |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
Universal ACME account’s clients |
|
|
Universal ACME account client’s accountID. Note this identifier is concerning to the ACME client itself, but not to its parent Universal ACME account. |
|
|
Universal ACME account client’s user agent name |
|
|
IP address of host from where the Universal ACME account’s client was last active |
|
|
Universal ACME account client’s status |
|
|
Date when Universal ACME account’s client was last active |
|
|
Contact(s) concerning of ACME client operations |
Example response
HTTP/1.1 200 OK
X-Total-Count: 2
Content-Type: application/json
Content-Length: 525
[{"accountId":"FmcZgzSqt6TpAtQFAAAAAA==","ipAddress":"10.17.7.152","userAgent":"lego-cli/4.2.0 xenolf-acme/4.2.0 (release; windows; amd64)","status":"valid","lastActivity":"2025-12-04T07:46:58.045Z","contacts":"email@ccmqa.com"},{"accountId":"FswPwHxLUh-caoO3AAAAAA==","ipAddress":"10.18.8.143","userAgent":"CertbotACMEClient/1.22.0 (certbot; Ubuntu 18.04.6 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.6.9","status":"pending","lastActivity":"2025-12-04T07:46:58.045Z","contacts":"email@ccmqa.com"}]Delete Universal ACME account’s client
Method is no longer supported. Please, use "Deactivate Universal ACME account’s client" method instead.
Deactivate Universal ACME account’s client
Path parameters
| Parameter | Description |
|---|---|
|
ID of Universal ACME account whose client will being deleted |
|
UUID of Universal ACME account’s client that being deleted (accountId) |
Example request
$ curl 'https://cert-manager.com/api/acme/v1/pca/account/329/client/FmcZgzSqt6TpAtQFAAAAAA==' -i -X PUT \
-H 'login: nick-5416' \
-H 'password: Password123!' \
-H 'customerUri: cst5411'Example response
HTTP/1.1 204 No ContentNetwork Agents
Used to perform operations on Network Agents.
View Network Agents
List Network Agents
List all Network Agents that match the requested filter.
Query parameters
| Parameter | Description |
|---|---|
|
The start position (offset) to get sub-list (page) of Network agents starting from. Optional. |
|
The max count (page size) of Network agents to be returned in sub-list (page) starting from 'position'. Max value = 200. Optional. |
|
The whole or part of Network agent name to match against to anywhere in the name with insensitive case compare when listing. Optional. |
|
Matching against ID of Organization to which the Network agent belongs. Optional. |
|
Denotes whether need to consider the departments of organization specified by 'orgId' parameters (if any) to match against when listing. Optional. |
|
Return active Network agents only (if =true), not active (if = false), or all (if not specified at all). Optional. |
|
The whole or part of Network agent version to match against to anywhere in the version. Optional. |
|
Return Network agents with specified status only. Optional. Allowed values: [NOT_AVAILABLE, NOT_CONNECTED, CONNECTED] |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network?size=200&position=0&orgId=10843&includeDepOfOrg=false&version=1&status=CONNECTED&active=true&name=-' -i -X GET \
-H 'Content-Type: */*;charset=UTF-8' \
-H 'login: nick-5568' \
-H 'password: Password123!' \
-H 'customerUri: cst5567'Response headers
| Name | Description |
|---|---|
|
Total count of filtered Network agents. |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of Network agents according to filter request parameters |
|
|
Network agent entity ID |
|
|
Network agent version |
|
|
Network agent name |
|
|
Whether Network agent active(=true), or disabled(=false) |
|
|
Network agent current status. Possible values: [NOT_AVAILABLE, NOT_CONNECTED, CONNECTED] |
Example response
HTTP/1.1 200 OK
X-Total-Count: 3
Content-Type: application/json;charset=UTF-8
Content-Length: 260
[{"version":"1.5","status":"CONNECTED","id":327,"active":true,"name":"NetworkAgent-15"},{"version":"1.3","status":"CONNECTED","id":315,"active":true,"name":"NetworkAgent-3"},{"version":"1.6","status":"CONNECTED","id":318,"active":true,"name":"NetworkAgent-6"}]Count Network Agents
Count all Network Agents that match the requested filter.
Query parameters
| Parameter | Description |
|---|---|
|
Denotes that expecting a total count only to be returned in 'X-Total-Count' response header, without return a really data in response body. Required with value =true. |
|
The whole or part of Network agent name to match against to anywhere in the name with insensitive case compare when counting. Optional. |
|
Matching against ID of Organization to which the Network agent belongs. Optional. |
|
Denotes whether need to consider the departments of organization specified by 'orgId' parameters (if any) to match against when counting. Optional. |
|
Count active Network agents only (if =true), not active (if = false), or all (if not specified at all). Optional. |
|
The whole or part of Network agent version to match against to anywhere in the version. Optional. |
|
Return Network agents with specified status only. Optional. Allowed values: [NOT_AVAILABLE, NOT_CONNECTED, CONNECTED] |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network?countOnly=true&orgId=10816&includeDepOfOrg=false&version=1&status=CONNECTED&active=true&name=-' -i -X GET \
-H 'Content-Type: */*;charset=UTF-8' \
-H 'login: nick-5535' \
-H 'password: Password123!' \
-H 'customerUri: cst5534'Response headers
| Name | Description |
|---|---|
|
Total count of filtered Network agents. |
Example response
HTTP/1.1 200 OK
X-Total-Count: 3Get Network Agent details
Path parameters
| Parameter | Description |
|---|---|
|
ID(310) of existed Network agent to get its details. Must be zero or positive integer. |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network/310' -i -X GET \
-H 'Content-Type: */*;charset=UTF-8' \
-H 'login: nick-5559' \
-H 'password: Password123!' \
-H 'customerUri: cst5558'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Network agent ID |
|
|
Network agent version |
|
|
Operating system on host where Network agent installed |
|
|
Network agent name |
|
|
Comments about Network agent |
|
|
Either Network agent active or not(disabled) |
|
|
Network agent current status. Possible values: [NOT_AVAILABLE, NOT_CONNECTED, CONNECTED] |
|
|
IP addresses list Network agent installed on |
|
|
Last Network agent activity timestamp. Optional. |
|
|
The ID of organization the Network agent belongs to |
|
|
Enabled or disabled Network agent auto update |
|
|
Secret key to authenticate Network agent on SCM |
|
|
The token which can be used during an installation of Network agent at client’s environment. Provided for new Network agents only or those which were not connected to SCM yet. Optional. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 469
{"id":310,"version":"1.1","os":"WINDOWS","autoUpdate":false,"localIp":"192.168.2.1","status":"NOT_AVAILABLE","installationToken":"eyJzY21VcmwiOiJodHRwczovL2NlcnQtbWFuYWdlci5jb20iLCJjdXN0b21lclVyaSI6ImNzdDU1NTgiLCJzZWNyZXQiOiJTb21lVmFsdWVPZlNlY3JldEtleTEiLCJrZXlzdG9yZVBhc3N3b3JkIjoiUFVjZVFRZjBHdnU5N3huV2VaWjJ3czNrVHY1SHp0aEsifQ==","secretKey":"SomeValueOfSecretKey1","orgId":10835,"comments":"Some comments about Network agent 1","active":true,"name":"NetworkAgent 1"}Manage Network Agents
Add Network Agent
Adds a new Network Agent and returns the installation token needed for agent installation.
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Network agent name |
[Must match the regular expression |
comments |
String |
Network agent comments |
[Maximum length is 256 characters or can be empty, Optional] |
orgId |
Number |
Network agent organization ID |
[Must be at least 0, Must not be null] |
active |
Boolean |
Denotes either Network agent active or not. |
[Must not be null] |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: nick-5544' \
-H 'password: Password123!' \
-H 'customerUri: cst5543' \
-d '{"name":"NetworkAgent-1","active":true,"comments":"This is the first network agent discovered on sub-net ... and located at ...","orgId":10825}'Response headers
| Name | Description |
|---|---|
|
The location of the newly added network agent resource in SCM. |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
The token which can be used during an installation of Network agent at client’s environment. |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/agent/v1/network/305
Content-Type: application/json;charset=UTF-8
Content-Length: 212
{"installationToken":"eyJzY21VcmwiOiJodHRwczovL2NlcnQtbWFuYWdlci5jb20iLCJjdXN0b21lclVyaSI6ImNzdDU1NDMiLCJzZWNyZXQiOiJINDVkejN1WHpMZUFNZjlKRW1ncCIsImtleXN0b3JlUGFzc3dvcmQiOiJVUnpKN2w5RUVEWGZzdzRYdnMxaW53PT0ifQ=="}Update Network Agent details
Path parameters
| Parameter | Description |
|---|---|
|
ID(335) of existed Network agent to update. Must be zero or positive integer. |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
New name for Network agent. |
[Must be null or not blank, Must match the regular expression |
comments |
String |
New comments for Network agent. |
[Maximum length is 256 characters or can be empty, Optional] |
active |
Boolean |
New state of Network agent that denotes either it should be active or not. |
[Optional] |
secretKey |
String |
New secret key used for Network agent lookup and authorization. |
[Size must be between 10 and 128 inclusive, Optional] |
keystorePwd |
String |
New password for the local keystore where Network agent stores certificates and keys. |
[Size must be between 10 and 128 inclusive, Optional] |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network/335' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: nick-5577' \
-H 'password: Password123!' \
-H 'customerUri: cst5576' \
-d '{"name":"NetworkAgent-2","active":true,"comments":"This is the second network agent discovered on sub-net ... and located at ...","secretKey":"Ap@rticul@rZecretQey","keystorePwd":"Ap@rticul@rQeySt0rePwd"}'Example response
HTTP/1.1 200 OKDelete Network Agent
Path parameters
| Parameter | Description |
|---|---|
|
ID(308) of existed Network agent to delete. Must be zero or positive integer. |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network/308' -i -X DELETE \
-H 'Content-Type: */*;charset=UTF-8' \
-H 'login: nick-5553' \
-H 'password: Password123!' \
-H 'customerUri: cst5552'Example response
HTTP/1.1 200 OKManage servers
List servers
List all servers that match the requested filter.
Path parameters
| Parameter | Description |
|---|---|
|
ID(334) of existed Network agent to get count of its discovered servers. |
Query parameters
| Parameter | Description |
|---|---|
|
The start position (offset) to get a sub-list (page) of servers discovered by Network agent. Optional. |
|
The max count (page size) of servers discovered by Network agent to be returned in sub-list (page) starting from 'position'. Max value = 200. Optional. |
|
The whole or part of name of server discovered by Network agent to match against to anywhere in the server name with insensitive case compare when counting. Optional. |
|
To match against a Vendor of server discovered by Network agent. Possible values: [APACHE_2, IIS, TOMCAT, F5_BIG_IP]. Optional. |
|
To match against a State of server discovered by Network agent. Possible values: [INIT, ACTIVE, INACTIVE, RESTART_REQUIRED, RESTARTING]. Optional. |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network/334/server?size=200&position=0&name=1&vendor=TOMCAT&status=INIT' -i -X GET \
-H 'Content-Type: */*;charset=UTF-8' \
-H 'login: nick-5574' \
-H 'password: Password123!' \
-H 'customerUri: cst5573'Response headers
| Name | Description |
|---|---|
|
Total count of filtered servers discovered by Network agent. |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of servers discovered by Network agent according to filter request parameters. |
|
|
ID of server discovered by Network agent |
|
|
Name of server discovered by Network agent |
|
|
Whether server discovered by Network agent active(=true), or disabled(=false) |
Example response
HTTP/1.1 200 OK
X-Total-Count: 2
Content-Type: application/json;charset=UTF-8
Content-Length: 111
[{"id":235,"active":false,"name":"DiscoveredServer 19"},{"id":227,"active":false,"name":"DiscoveredServer 11"}]Count servers
Count all servers that match the requested filter.
Path parameters
| Parameter | Description |
|---|---|
|
ID(304) of existed Network agent to get count of its discovered servers. |
Query parameters
| Parameter | Description |
|---|---|
|
Denotes that expecting a total count only to be returned in 'X-Total-Count' response header, without return a really data in response body. Required with value =true. |
|
The whole or part of name of server discovered by Network agent to match against to anywhere in the server name with insensitive case compare when counting. Optional. |
|
To match against a Vendor of server discovered by Network agent. Possible values: [APACHE_2, IIS, TOMCAT, F5_BIG_IP]Optional. |
|
To match against a State of server discovered by Network agent. Possible values: [INIT, ACTIVE, INACTIVE, RESTART_REQUIRED, RESTARTING]. Optional. |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network/304/server?countOnly=true&name=1&vendor=TOMCAT&status=INIT' -i -X GET \
-H 'Content-Type: */*;charset=UTF-8' \
-H 'login: nick-5541' \
-H 'password: Password123!' \
-H 'customerUri: cst5540'Response headers
| Name | Description |
|---|---|
|
Total count of filtered servers discovered by Network agent. |
Example response
HTTP/1.1 200 OK
X-Total-Count: 2Get server details
Path parameters
| Parameter | Description |
|---|---|
|
ID(311) of existed Network agent to get details of its discovered server. Must be zero or positive integer. |
|
ID(214) of existed server discovered by Network agent to get a few more its details. Must be zero or positive integer. |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network/311/server/214' -i -X GET \
-H 'Content-Type: */*;charset=UTF-8' \
-H 'login: nick-5562' \
-H 'password: Password123!' \
-H 'customerUri: cst5561'Response fields
| Path | Type | Description |
|---|---|---|
|
|
ID of server discovered by Network agent |
|
|
Name of server discovered by Network agent |
|
|
Vendor of server discovered by Network agent. Possible values: [APACHE_2, IIS, TOMCAT, F5_BIG_IP] |
|
|
Connection type to server discovered by Network agent. Possible values: [LOCAL, LOCAL_LEGACY_NATIVE_API, REMOTE_REST_API, REMOTE_SSH, REMOTE_WIN_RM, REMOTE_LEGACY_NATIVE_API], vendor dependent |
|
|
The state of server discovered by Network agent. Possible values: [INIT, ACTIVE, INACTIVE, RESTART_REQUIRED, RESTARTING] |
|
|
Hostname or IP of server discovered by Network agent |
|
|
Port number on server discovered by Network agent |
|
|
Path to root directory where server discovered by Network agent is installed. |
|
|
Alternative path to a directory where server discovered by Network agent stores certificates. |
|
|
Path to a directory where Network agent stores private key to authenticate on discovered server. |
|
|
Username(login) to gain access to server discovered by Network agent. |
|
|
The error occurred when Network agent was executing a command intended for this discovered server. |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 315
{"id":214,"vendor":"APACHE_2","connectionType":"LOCAL","name":"DiscoveredServer 1","path":"C:\\Windows\\System32\\inetsrv\\1","status":"INIT","errorMessage":"Some 1 error(s) occurred.","ip":"192.168.2.101","port":8081,"altPathForCert":"C:\\Users\\SomeUser\\Certs\\1","privateKeyPath":"C:\\Users\\SomeUser\\.ssh\\1"}Add server
Add a new server to a Network Agent.
Path parameters
| Parameter | Description |
|---|---|
|
ID(306) of existed Network agent to add a newly created server to it as discovered one. |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Name of server discovered by Network agent |
[Must match the regular expression |
vendor |
String |
Vendor of server discovered by Network agent |
[Must not be null, Possible values: [APACHE_2, IIS, TOMCAT, F5_BIG_IP]] |
connectionType |
String |
Connection type to server discovered by Network agent |
[Possible values: [LOCAL, LOCAL_LEGACY_NATIVE_API, REMOTE_REST_API, REMOTE_SSH, REMOTE_WIN_RM, REMOTE_LEGACY_NATIVE_API], vendor related.] |
ip |
String |
Hostname or IP address of server that’s creating as one discovered by Network agent |
[Maximum length is 255 characters or can be empty, Required for a remote server.] |
port |
Number |
Port number on server discovered by Network agent |
[Must be at least 0, Required for a remote server and for all except 'IIS' vendors.] |
path |
String |
Path to root directory(in case of 'TOMCAT' vendor) or to the 'apachectl' executable(in case of 'APACHE_2' vendor) of server discovered by Network agent. |
[Maximum length is 512 characters or can be empty, Can be specified for 'APACHE_2' and 'TOMCAT' vendors only. Optional.] |
altPathForCert |
String |
Alternative path to a directory where server discovered by Network agent stores certificates. |
[Can be specified for a remote server and for 'APACHE_2' vendor only. Optional.] |
privateKeyPath |
String |
Path to a directory where Network agent stores private key to authenticate on discovered server. |
[Maximum length is 128 characters or can be empty, Can be specified for a remote server and for 'APACHE_2' and 'TOMCAT' vendors only. Must be used in conjunction with 'passPhrase' but not with 'username'/'password' parameters and not with 'storeName'/'storeCredId' parameters. Optional.] |
passPhrase |
String |
Passphrase to gain access to keystore where Network agent preserves the private key to authenticate on discovered server. |
[Can be specified for a remote server and for 'APACHE_2' and 'TOMCAT' vendors only. Used together with 'privateKeyPath' but not with 'username'/'password' parameters and not with 'storeName'/'storeCredId' parameters. Optional.] |
username |
String |
Username(login) to gain access to server discovered by Network agent. |
[Maximum length is 64 characters or can be empty, Can be specified for a remote server and for all vendors. Must be used in conjunction with 'password' but not with 'privateKeyPath'/'passPhrase' parameters and not with 'storeName'/'storeCredId' parameters. Optional.] |
password |
String |
Password for username to gain access to server discovered by Network agent. |
[Can be specified for a remote server and for all vendors. Used together with 'username' but not with 'privateKeyPath'/'passPhrase' parameters and not with 'storeName'/'storeCredId' parameters. Optional.] |
storeName |
String |
Store name to gain access to server discovered by Network agent. |
[Can be specified for a remote server and for 'APACHE_2' and 'TOMCAT' vendors only. Must be used in conjunction with 'storeCredId' but not with 'username'/'password' parameters and not with 'privateKeyPath'/'passPhrase' parameters. Optional.] |
storeCredId |
String |
Store credential ID to gain access to server discovered by Network agent. |
[Can be specified for a remote server and for 'APACHE_2' and 'TOMCAT' vendors only. Must be used in conjunction with 'storeName' but not with 'username'/'password' parameters and not with 'privateKeyPath'/'passPhrase' parameters. Optional.] |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network/306/server' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: nick-5547' \
-H 'password: Password123!' \
-H 'customerUri: cst5546' \
-d '{"name":"NetworkAgent-1","vendor":"TOMCAT","connectionType":"LOCAL_LEGACY_NATIVE_API","path":"C:\\Windows\\System32\\inetsrv","username":"SomeUser","password":"S0meYserPwB"}'Response headers
| Name | Description |
|---|---|
|
The location of the newly created server resource added to the Network agent as one discovered on client side. |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/agent/v1/network/306/server/212Update server details
Path parameters
| Parameter | Description |
|---|---|
|
ID(336) of existed Network agent to update details of its discovered server. Must be zero or positive integer. |
|
ID(237) of existed server discovered by Network agent to update. Must be zero or positive integer. |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Name of server discovered by Network agent |
[Must match the regular expression |
vendor |
String |
Vendor of server discovered by Network agent |
[Must not be null, Possible values: [APACHE_2, IIS, TOMCAT, F5_BIG_IP]] |
connectionType |
String |
Connection type to server discovered by Network agent |
[Possible values: [LOCAL, LOCAL_LEGACY_NATIVE_API, REMOTE_REST_API, REMOTE_SSH, REMOTE_WIN_RM, REMOTE_LEGACY_NATIVE_API], vendor related.] |
ip |
String |
Hostname or IP address of server that’s creating as one discovered by Network agent |
[Maximum length is 255 characters or can be empty, Required for a remote server.] |
port |
Number |
Port number on server discovered by Network agent |
[Must be at least 0, Required for a remote server and for all except 'IIS' vendors.] |
path |
String |
Path to root directory(in case of 'TOMCAT' vendor) or to the 'apachectl' executable(in case of 'APACHE_2' vendor) of server discovered by Network agent. |
[Maximum length is 512 characters or can be empty, Can be specified for 'APACHE_2' and 'TOMCAT' vendors only. Optional.] |
altPathForCert |
String |
Alternative path to a directory where server discovered by Network agent stores certificates. |
[Can be specified for a remote server and for 'APACHE_2' vendor only. Optional.] |
privateKeyPath |
String |
Path to a directory where Network agent stores private key to authenticate on discovered server. |
[Maximum length is 128 characters or can be empty, Can be specified for a remote server and for 'APACHE_2' and 'TOMCAT' vendors only. Must be used in conjunction with 'passPhrase' but not with 'username'/'password' parameters. Optional.] |
passPhrase |
String |
Passphrase to gain access to keystore where Network agent preserves the private key to authenticate on discovered server. |
[Can be specified for a remote server and for 'APACHE_2' and 'TOMCAT' vendors only. Used together with 'privateKeyPath' but not with 'username' parameter. Optional.] |
username |
String |
Username(login) to gain access to server discovered by Network agent. |
[Maximum length is 64 characters or can be empty, Can be specified for a remote server and for all vendors. Must be used in conjunction with 'password' but not with 'privateKeyPath'/'passPhrase' parameters. Optional.] |
password |
String |
Password for username to gain access to server discovered by Network agent. |
[Can be specified for a remote server and for all vendors. Used together with 'username' but not with 'privateKeyPath' parameter. Optional.] |
storeName |
String |
Store name to gain access to server discovered by Network agent. |
[Can be specified for a remote server and for 'APACHE_2' and 'TOMCAT' vendors only. Must be used in conjunction with 'storeCredId' but not with 'username'/'password' parameters and not with 'privateKeyPath'/'passPhrase' parameters. Optional.] |
storeCredId |
String |
Store credential ID to gain access to server discovered by Network agent. |
[Can be specified for a remote server and for 'APACHE_2' and 'TOMCAT' vendors only. Must be used in conjunction with 'storeName' but not with 'username'/'password' parameters and not with 'privateKeyPath'/'passPhrase' parameters. Optional.] |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network/336/server/237' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: nick-5580' \
-H 'password: Password123!' \
-H 'customerUri: cst5579' \
-d '{"name":"NetworkAgent-1","vendor":"TOMCAT","connectionType":"LOCAL_LEGACY_NATIVE_API","path":"C:\\Windows\\System32\\inetsrv","username":"SomeUser","password":"S0meYserPwB"}'Example response
HTTP/1.1 200 OKDelete server
Path parameters
| Parameter | Description |
|---|---|
|
ID(309) of existed Network agent to delete its discovered server. Must be zero or positive integer. |
|
ID(213) of existed server discovered by Network agent to delete. Must be zero or positive integer. |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network/309/server/213' -i -X DELETE \
-H 'Content-Type: */*;charset=UTF-8' \
-H 'login: nick-5556' \
-H 'password: Password123!' \
-H 'customerUri: cst5555'Example response
HTTP/1.1 200 OKView server nodes
List server nodes
List all nodes that match the requested filter.
Path parameters
| Parameter | Description |
|---|---|
|
ID(333) of existed Network agent to get count of its discovered servers. |
|
ID(216) of existed server discovered by Network agent to get a total count of its nodes with using filtering.Must be zero or positive integer. |
Query parameters
| Parameter | Description |
|---|---|
|
The start position (offset) to get a sub-list (page) of nodes in server discovered by Network agent. Optional. |
|
The max count (page size) of nodes in server discovered by Network agent to be returned in sub-list (page) starting from 'position'. Max value = 200. Optional. |
|
The whole or part of name of node in server discovered by Network agent to match against to anywhere in the node name with insensitive case compare when counting. Optional. |
|
The whole or part of full name of node in server discovered by Network agent to match against to anywhere in the node full name with insensitive case compare when counting. Optional. |
|
To match against a Schema of protocol used to connect to node in server discovered by Network agent. Possible values: [HTTP, HTTPS, UNKNOWN] |
|
To match against an IP address of node in server discovered by Network agent |
|
To match against a Port number listening by node in server discovered by Network agent |
|
To match against an ID of entity of SSL certificate installed on server node and discovered by Network agent either from SSL connection or from server configuration |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network/333/server/216/node?size=200&position=0&name=full&alias=%201&protocol=HTTP&address=192.168.2.1' -i -X GET \
-H 'Content-Type: */*;charset=UTF-8' \
-H 'login: nick-5571' \
-H 'password: Password123!' \
-H 'customerUri: cst5570'Response headers
| Name | Description |
|---|---|
|
Total count of filtered nodes in server discovered by Network agent. |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of nodes in the specified server discovered by Network agent according to filter request parameters. |
|
|
ID of node in server discovered by Network agent |
|
|
Name of node in server discovered by Network agent |
Example response
HTTP/1.1 200 OK
X-Total-Count: 5
Content-Type: application/json;charset=UTF-8
Content-Length: 220
[{"id":212,"name":"DiscoveredServerNode 19"},{"id":209,"name":"DiscoveredServerNode 16"},{"id":206,"name":"DiscoveredServerNode 13"},{"id":203,"name":"DiscoveredServerNode 10"},{"id":194,"name":"DiscoveredServerNode 1"}]Count server nodes
Count all Network Agents that match the requested filter.
Path parameters
| Parameter | Description |
|---|---|
|
ID(303) of existed Network agent to get count of its discovered servers. |
|
ID(191) of existed server discovered by Network agent to get a total count of its nodes with using filtering.Must be zero or positive integer. |
Query parameters
| Parameter | Description |
|---|---|
|
Denotes that expecting a total count only to be returned in 'X-Total-Count' response header, without return a really data in response body. Required with value =true. |
|
The whole or part of name of node in server discovered by Network agent to match against to anywhere in the node name with insensitive case compare when counting. Optional. |
|
The whole or part of full name of node in server discovered by Network agent to match against to anywhere in the node full name with insensitive case compare when counting. Optional. |
|
To match against a Schema of protocol used to connect to node in server discovered by Network agent. Possible values: [HTTP, HTTPS, UNKNOWN] |
|
To match against an IP address of node in server discovered by Network agent |
|
To match against a Port number listening by node in server discovered by Network agent |
|
To match against an ID of entity of SSL certificate installed on server node and discovered by Network agent either from SSL connection or from server configuration |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network/303/server/191/node?countOnly=true&name=full&alias=%201&protocol=HTTP&address=192.168.2.1' -i -X GET \
-H 'Content-Type: */*;charset=UTF-8' \
-H 'login: nick-5538' \
-H 'password: Password123!' \
-H 'customerUri: cst5537'Response headers
| Name | Description |
|---|---|
|
Total count of filtered nodes in server discovered by Network agent. |
Example response
HTTP/1.1 200 OK
X-Total-Count: 5Get server node details
Path parameters
| Parameter | Description |
|---|---|
|
ID(312) of existed Network agent to get details of its discovered server. Must be zero or positive integer. |
|
ID(215) of existed server discovered by Network agent to get a few more details of its node. Must be zero or positive integer. |
|
ID(193) of existed node in server discovered by Network agent to get a few more its details. Must be zero or positive integer. |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/network/312/server/215/node/193' -i -X GET \
-H 'Content-Type: */*;charset=UTF-8' \
-H 'login: nick-5565' \
-H 'password: Password123!' \
-H 'customerUri: cst5564'Response fields
| Path | Type | Description |
|---|---|---|
|
|
ID of node in server discovered by Network agent |
|
|
Name of node in server discovered by Network agent |
|
|
Full name of node in server discovered by Network agent |
|
|
Schema of protocol used to connect to node in server discovered by Network agent. Possible values: [HTTP, HTTPS, UNKNOWN] |
|
|
IP address of node in server discovered by Network agent |
|
|
Port number listening by node in server discovered by Network agent |
|
|
The error occurred when Network agent was executing a command intended for node in server discovered by Network agent |
|
|
ID of entity of SSL certificate installed on server node and discovered by Network agent either from SSL connection or from server configuration |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 175
{"id":193,"alias":"DiscoveredServerNode 1","name":"SomeFullName","protocol":"HTTP","address":"192.168.2.1","port":8091,"errorMessage":"Some 1 error(s) occurred.","sslId":1025}MS Agents
Used to perform operations on MS Agents.
View MS Agents
List MS Agents
List all MS Agents that match the requested filter.
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
Position shift |
|
Filter by Agent name |
|
Filter by active |
|
Filter by status. Allowed values: [NOT_AVAILABLE, NOT_CONNECTED, CONNECTED] |
|
Filter by Agent version |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/ms?position=0&size=10' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5591' \
-H 'password: Password123!' \
-H 'customerUri: test'Response headers
| Name | Description |
|---|---|
|
Total count of filtered MS Agents |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
MS Agent ID |
|
|
MS Agent name |
|
|
MS Agent active state |
|
|
MS Agent version |
|
|
MS Agent current status |
Example response
HTTP/1.1 200 OK
X-Total-Count: 1
Content-Type: application/json
Content-Length: 109
[{"id":72,"name":"97cc0278-ae0d-418c-b113-edecbe772466","active":true,"version":"3.11","status":"CONNECTED"}]Get MS Agent details
Path parameters
| Parameter | Description |
|---|---|
|
MS Agent ID |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/ms/71' -i -X GET \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5588' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
MS Agent ID |
|
|
MS Agent name |
|
|
MS Agent active state |
|
|
MS Agent version |
|
|
MS Agent current status |
|
|
MS Agent comments |
|
|
The token which can be used during MS Agent installation |
|
|
MS Agent secret key |
|
|
Enabled or disabled MS Agent auto update |
|
|
IP addresses list Agent installed on |
|
|
Last Agent activity timestamp |
|
|
Is MS Agent installed as MS CA or not |
|
|
If true domains from list will be excluded from discovery. If false - only specified domains will be included to discovery |
|
|
List of domains to include or exclude from discovery |
|
|
Default Organization/Department to enroll certificates by MS Agent |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 362
{"installationToken":"token","id":71,"name":"bf518ed5-504b-42d7-a58e-383ebefb9188","active":true,"version":"3.11","status":"CONNECTED","secretKey":"testsecretkey","comments":"","autoUpdate":true,"localIp":"10.10.10.10","lastActivity":"2025-12-04T07:55:18Z","caProxyEnabled":false,"adDomainsList":"","adDomainsListRestricted":false,"defaultEnrollmentOrgId":10859}Manage MS Agents
Add MS Agent
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
MS Agent name |
[Must not be blank, Maximum length is 128 characters or can be empty] |
comments |
String |
MS Agent comments |
[Maximum length is 256 characters or can be empty] |
active |
Boolean |
MS Agent active state |
[] |
adDomainsListRestricted |
Boolean |
If true domains from list will be excluded from discovery. If false - only specified domains will be included to discovery |
[] |
adDomainsList |
String |
List of domains to include or exclude from discovery. Comma separated |
[Maximum length is 1024 characters or can be empty] |
defaultEnrollmentOrgId |
Number |
Default Organization/Department to enroll certificates by MS Agent |
[Must be at least 1] |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/ms/' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5582' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"name":"Agent name","comments":"Comments","active":true,"adDomainsList":"ad\\domain, ad\\otherdomain","adDomainsListRestricted":false,"defaultEnrollmentOrgId":123}'Response fields
| Path | Type | Description |
|---|---|---|
|
|
The token which can be used during MS Agent installation |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/agent/v1/ms/69
Content-Type: application/json
Content-Length: 29
{"installationToken":"token"}Update MS Agent details
Path parameters
| Parameter | Description |
|---|---|
|
MS Agent ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
MS Agent name |
[Must be null or not blank, Maximum length is 128 characters or can be empty] |
comments |
String |
MS Agent comments |
[Maximum length is 256 characters or can be empty] |
active |
Boolean |
MS Agent active state |
[] |
adDomainsListRestricted |
Boolean |
If true domains from list will be excluded from discovery. If false - only specified domains will be included to discovery |
[] |
adDomainsList |
String |
List of domains to include or exclude from discovery. Comma separated |
[Maximum length is 1024 characters or can be empty] |
defaultEnrollmentOrgId |
Number |
Default Organization/Department to enroll certificates by MS Agent |
[Must be at least 1] |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/ms/73' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5594' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"name":"Agent name","comments":"Comments","active":true,"adDomainsList":"ad\\domain, ad\\otherdomain","adDomainsListRestricted":false,"defaultEnrollmentOrgId":123}'Example response
HTTP/1.1 200 OKDelete MS Agent
Path parameters
| Parameter | Description |
|---|---|
|
MS Agent ID |
Example request
$ curl 'https://cert-manager.com/api/agent/v1/ms/70' -i -X DELETE \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer5585' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 200 OKDNS Connectors
View DNS Connector
List DNS Connectors
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
Position shift |
|
Filter by Connector name (contains) |
|
Filter by status |
|
Filter by organization ID (comma separated) |
Example request
$ curl 'https://cert-manager.com/api/connector/v1/dns?position=0&size=2&name=test&status=CONNECTED&orgIds=1%2C10868' -i -X GET \
-H 'login: admin_customer5600' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-H 'Accept: application/json'Response headers
| Name | Description |
|---|---|
|
Total count |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
Connector ID |
|
|
Connector name |
|
|
Connector comments |
|
|
Connector version |
|
|
Connector revision |
|
|
Connector hostname |
|
|
Connector current status. Possible values:[NOT_AVAILABLE, NOT_CONNECTED, CONNECTED] |
|
|
Connector os |
|
|
Connector delegationMode. Possible values:[GLOBAL_FOR_CUSTOMER, CUSTOMIZED] |
Example response
HTTP/1.1 200 OK
X-Total-Count: 3
Content-Type: application/json;charset=UTF-8
Content-Length: 584
[ {
"name" : "test 27b53c63824d41218882e891b4121af2",
"comments" : "test connector",
"id" : "27b53c63824d41218882e891b4121af2",
"version" : "1.0",
"revision" : "aabbccee",
"hostname" : "localhost",
"os" : "Windows",
"status" : "CONNECTED",
"delegationMode" : "CUSTOMIZED"
}, {
"name" : "test 0b50707f6dd84252b67675580f1c2a1d",
"comments" : "test connector",
"id" : "0b50707f6dd84252b67675580f1c2a1d",
"version" : "1.0",
"revision" : "aabbccee",
"hostname" : "localhost",
"os" : "Windows",
"status" : "CONNECTED",
"delegationMode" : "CUSTOMIZED"
} ]Get DNS Connector details
Path parameters
| Parameter | Description |
|---|---|
|
Connector ID |
Example request
$ curl 'https://cert-manager.com/api/connector/v1/dns/fd24f2f427b2487e96765b062a5c0c2c' -i -X GET \
-H 'login: admin_customer5597' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-H 'Accept: application/json'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Connector ID |
|
|
Connector name |
|
|
Connector comments |
|
|
Connector version |
|
|
Connector revision |
|
|
Connector hostname |
|
|
Connector current status. Possible values:[NOT_AVAILABLE, NOT_CONNECTED, CONNECTED] |
|
|
Connector os |
|
|
Connector delegationMode. Possible values:[GLOBAL_FOR_CUSTOMER, CUSTOMIZED] |
|
|
Connector delegated organizations ID and name |
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 371
{
"name" : "test fd24f2f427b2487e96765b062a5c0c2c",
"comments" : "test connector",
"id" : "fd24f2f427b2487e96765b062a5c0c2c",
"version" : "1.0",
"revision" : "aabbccee",
"hostname" : "localhost",
"os" : "Windows",
"status" : "CONNECTED",
"delegationMode" : "CUSTOMIZED",
"delegatedOrganizations" : [ {
"id" : 10865,
"name" : "org4Test"
} ]
}List DNS Connector’s providers
Path parameters
| Parameter | Description |
|---|---|
|
Connector ID |
Example request
$ curl 'https://cert-manager.com/api/connector/v1/dns/e8a5755a069048ffb134b01d58f4b3d3/provider' -i -X GET \
-H 'login: admin_customer5603' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-H 'Accept: application/json'Response headers
| Name | Description |
|---|---|
|
Total count |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of providers |
Example response
HTTP/1.1 200 OK
X-Total-Count: 2
Content-Type: application/json;charset=UTF-8
Content-Length: 23
[ "ovh", "cloudflare" ]Azure Key Vault Accounts
Manage Azure Key Vault resources.
Create Azure Key Vault account
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Azure account name |
[Must not be null, Size must be between 1 and 128 inclusive] |
applicationId |
String |
Azure application ID |
[Must not be null, Size must be between 1 and 36 inclusive] |
directoryId |
String |
Azure directory ID |
[Must not be null, Size must be between 1 and 36 inclusive] |
environment |
String |
Azure environment. Values: [AZURE, AZURE_US_GOVERNMENT, AZURE_GERMANY, AZURE_CHINA] |
[] |
applicationSecret |
String |
Azure application (client) secret |
[Must not be null, Size must be between 1 and 40 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/azure/v1/accounts' -i -X POST \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer4337' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d ' {
"name": "Azure Account",
"directoryId": "tenantId",
"applicationId": "applicationId",
"applicationSecret": "secret",
"environment": "AZURE"
}
'Response headers
| Name | Description |
|---|---|
|
URL location of created Azure account |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/azure/v1/accounts/42Update Azure Key Vault account
Path parameters
| Parameter | Description |
|---|---|
|
Azure account ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Azure account name |
[Maximum length is 128 characters or can be empty] |
applicationId |
String |
Azure application ID |
[Maximum length is 36 characters or can be empty] |
directoryId |
String |
Azure directory ID |
[Maximum length is 36 characters or can be empty] |
environment |
String |
Azure environment. Values: [AZURE, AZURE_US_GOVERNMENT, AZURE_GERMANY, AZURE_CHINA] |
[] |
applicationSecret |
String |
Azure application (client) secret |
[Size must be between 1 and 40 inclusive] |
Example request
$ curl 'https://cert-manager.com/api/azure/v1/accounts/42' -i -X PUT \
-H 'Content-Type: application/json;charset=utf-8' \
-H 'login: admin_customer4361' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"name":"Azure Account","applicationId":"applicationId","directoryId":"tenantId","environment":"AZURE","applicationSecret":"applicationSecret"}'Example response
HTTP/1.1 200 OKGet Azure Key Vault account details
Path parameters
| Parameter | Description |
|---|---|
|
Azure account ID |
Example request
$ curl 'https://cert-manager.com/api/azure/v1/accounts/42' -i -X GET \
-H 'login: admin_customer4349' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Delegation mode |
|
|
Azure account name |
|
|
Azure application ID |
|
|
Azure directory ID |
|
|
Azure environment |
|
|
Delegated organization IDs |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 159
{"name":"Azure Account","applicationId":"applicationId","directoryId":"tenantId","environment":"AZURE","delegationMode":"CUSTOMIZED","orgDelegations":[100500]}Delegate organizations to existing Azure Key Vault account
Path parameters
| Parameter | Description |
|---|---|
|
Azure account ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
delegationMode |
String |
Allowed values: [GLOBAL_FOR_CUSTOMER, CUSTOMIZED] |
[Must not be null] |
orgDelegations |
Array |
Delegated organization IDs. Will be ignored for GLOBAL_FOR_CUSTOMER delegation mode |
[] |
Example request
$ curl 'https://cert-manager.com/api/azure/v1/accounts/42/delegations' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer4343' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"delegationMode": "CUSTOMIZED", "orgDelegations": [100500]}'Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 27
{"orgDelegations":[100500]}Delete Azure Key Vault account
Path parameters
| Parameter | Description |
|---|---|
|
Azure account ID |
Example request
$ curl 'https://cert-manager.com/api/azure/v1/accounts/42' -i -X DELETE \
-H 'login: admin_customer4346' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 204 No ContentCheck Azure Key Vault account configuration
Path parameters
| Parameter | Description |
|---|---|
|
Azure account ID |
Example request
$ curl 'https://cert-manager.com/api/azure/v1/accounts/42/check' -i -X GET \
-H 'login: admin_customer4334' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Name of the account configuration to be checked |
|
|
Account check result message |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 101
[{"checkName":"Intune SCEP","message":"success"},{"checkName":"Azure Key Vault","message":"success"}]List Azure Key Vault accounts
Query parameters
| Parameter | Description |
|---|---|
|
Number of returned entries |
|
the first position (entry) to return from the results of the query |
Example request
$ curl 'https://cert-manager.com/api/azure/v1/accounts?position=0&size=10' -i -X GET \
-H 'login: admin_customer4352' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 200 OK
X-Total-Count: 2
Content-Type: application/json
Content-Length: 254
[{"name":"Azure Account","applicationId":"applicationId","directoryId":"tenantId","id":42,"delegationMode":"CUSTOMIZED"},{"name":"Azure Account Custom","applicationId":"applicationId2","directoryId":"tenantId2","id":100500,"delegationMode":"CUSTOMIZED"}]Response fields
| Path | Type | Description |
|---|---|---|
|
|
Azure account ID |
|
|
Delegation mode |
|
|
Azure account name |
|
|
Azure application ID |
|
|
Azure directory ID |
Response headers
| Name | Description |
|---|---|
|
Total count of Azure accounts |
List Azure Key Vault resource groups
Path parameters
| Parameter | Description |
|---|---|
|
Azure account ID |
Example request
$ curl 'https://cert-manager.com/api/azure/v1/accounts/42/resource-groups' -i -X GET \
-H 'login: admin_customer4355' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 199
[{"name":"name1","key":"key1","skuName":"","subscriptionId":"112965c1-4329-4a21-9368-c83ab4ffb041"},{"name":"name2","key":"key2","skuName":"","subscriptionId":"fb776816-d096-4e2f-89c0-1133725dced3"}]Response fields
| Path | Type | Description |
|---|---|---|
|
|
Azure resource group key |
|
|
Azure resource group name |
|
|
Azure resource group SKU name |
|
|
Azure resource group subscription ID |
List Azure Key Vaults
Path parameters
| Parameter | Description |
|---|---|
|
Azure account ID |
|
Azure subscriptionId ID |
|
Azure resource group name |
Example request
$ curl 'https://cert-manager.com/api/azure/v1/accounts/42/subscriptions/264e3633-4796-4e2a-9192-e9902ab2bf6b/resource-groups/ResourceGroupName/vaults' -i -X GET \
-H 'login: admin_customer4358' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 293
[{"name":"name1-kv","key":"subscriptions/264e3633-4796-4e2a-9192-e9902ab2bf6b/resource-groups/ResourceGroupName/vaults/name1-kv","skuName":"PREMIUM"},{"name":"name2-kv","key":"subscriptions/264e3633-4796-4e2a-9192-e9902ab2bf6b/resource-groups/ResourceGroupName/name2-kv","skuName":"STANDARD"}]Response fields
| Path | Type | Description |
|---|---|---|
|
|
Azure vault key |
|
|
Azure vault name |
|
|
Azure vault SKU name |
Enrollment Endpoints
Management of Enrollment endpoints, Delegations and Endpoint accounts.
Endpoints of any type can be viewed. Delegations management is supported for any endpoint type where applicable. Following endpoints and accounts only can be created, updated and deleted:
| Type | Description |
|---|---|
|
SSL certificates Web Forms |
|
Client certifictes (S/MIME) Web Forms |
|
Device certificates Web Forms |
|
Code Sign certificates Web Forms |
View enrollment endpoints
List enrollment endpoints
Query parameters
| Parameter | Description |
|---|---|
|
Count of entries |
|
the first position (entry) to return from the results of the query |
|
Name of the endpoint |
|
URI extension |
|
Endpoint types, allowed values: [SSL_WEB_FORM, SMIME_WEB_FORM, DEVICE_WEB_FORM, CODE_SIGN_WEB_FORM, BULK_ENROLLMENT_WEB_FORM, PUBLIC_ACME, PRIVATE_ACME, SMIME_SCEP, DEVICE_SCEP, SMIME_SCEP_INTUNE, DEVICE_SCEP_INTUNE, SSL_EST, SMIME_EST, DEVICE_EST, SSL_REST_API, CLIENT_REST_API, DEVICE_REST_API, CODE_SIGN_REST_API] |
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1?size=10&position=0&name=Best&uriExtension=my-own-wf&endpointTypes%5B%5D=SSL_WEB_FORM&endpointTypes%5B%5D=SMIME_WEB_FORM' -i -X GET \
-H 'login: nick' \
-H 'password: Password123!' \
-H 'customerUri: test'Response headers
| Name | Description |
|---|---|
|
Total count of filtered Enrollment endpoints existing in the system |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of Enrollment endpoints |
|
|
Endpoint ID |
|
|
Endpoint name |
|
|
Endpoint type |
|
|
Delegation mode |
Example response
HTTP/1.1 200 OK
X-Total-Count: 2
Content-Type: application/json
Content-Length: 205
[{"id":5039,"name":"Best-test SMIME_WEB_FORM3610","type":"SMIME_WEB_FORM","delegationMode":"CUSTOMIZED"},{"id":5038,"name":"Best-test SSL_WEB_FORM3609","type":"SSL_WEB_FORM","delegationMode":"CUSTOMIZED"}]Get details of enrollment endpoint
Path parameters
| Parameter | Description |
|---|---|
|
Enrollment endpoint ID |
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1/5036' -i -X GET \
-H 'login: nick' \
-H 'password: Password123!' \
-H 'customerUri: test'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Endpoint ID |
|
|
Endpoint name |
|
|
Endpoint type |
|
|
Delegation mode |
|
|
Endpoint URL |
|
|
Endpoint URI extension |
|
|
Web Form authentication methods. IDP is available for any supported endpoint type except CODE_SIGN_WEB_FORM and SECRET_ID is available for SMIME_WEB_FORM only |
|
|
Delegated organizations |
|
|
Organization ID |
|
|
Organization name |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 326
{"id":5036,"name":"Best-test SSL_WEB_FORM3607","type":"SSL_WEB_FORM","delegationMode":"CUSTOMIZED","url":"https://cert-manager.com/customer/test/ssl/my-own-wf-5036","uriExtension":"my-own-wf-5036","organizations":[{"id":10146,"name":"org4Test"},{"id":10148,"name":"department4Test"}],"webFormAuthTypes":["EMAIL_CONFIRMATION"]}Get config by endpoint id
Get Enrollment Endpoint config by Enrollment Endpoint id
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1/5009/config' -i -X GET \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: nick' \
-H 'password: Password123!' \
-H 'customerUri: test'HTTP request
GET /api/endpoint/v1/5009/config HTTP/1.1
Content-Type: application/json;charset=UTF-8
login: nick
password: Password123!
customerUri: test
Host: cert-manager.comExample response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 378
{"enrollmentHelp":"Lorem ipsum dolor sit amet, consectetur adipiscing elit. In quis quam mauris. Morbi dui mi, viverra vel dictum eget, portitor a risus. Pellentesque nec tellus fermentum, vulputate augue sit amet.","enrollmentLinkAddress":"https://it-msp.com/support","contactName":"Andrey Leonidas","contactEmail":"andrey.leonidas@it-msp.com","contactPhone":"+1 613 889 0008"}Response fields
| Path | Type | Description |
|---|---|---|
|
|
Enrollment endpoint help instructions |
|
|
Enrollment endpoint support URL |
|
|
Enrollment endpoint support URL label text |
|
|
Enrollment endpoint authentication types. Possible values: [EMAIL_CONFIRMATION, IDP, SECRET_ID] |
|
|
Enrollment endpoint responsive person name |
|
|
Enrollment endpoint responsive person e-mail |
|
|
Enrollment endpoint responsive person phone number |
Manage enrollment endpoints
Create enrollment endpoint
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Endpoint name |
[Must not be blank, Size must be between 1 and 256 inclusive] |
endpointType |
String |
Endpoint type |
[Must not be null, Allowed values: [SSL_WEB_FORM, SMIME_WEB_FORM, DEVICE_WEB_FORM, CODE_SIGN_WEB_FORM]] |
uriExtension |
String |
Endpoint URI extension |
[Must not be blank, Size must be between 1 and 58 inclusive] |
config |
Object |
Endpoint configuration |
[Must not be null] |
config.enrollmentHelp |
String |
Endpoint enrollment instructions |
[Maximum length is 2048 characters or can be empty] |
config.enrollmentLinkName |
String |
Endpoint enrollment external instructions URL name |
[Maximum length is 1024 characters or can be empty] |
config.enrollmentLinkAddress |
String |
Endpoint enrollment external instructions URL |
[Must match the regular expression |
config.webFormAuthTypes[] |
Array |
Web Form authentication methods. IDP is available for any supported endpoint type except CODE_SIGN_WEB_FORM and SECRET_ID is available for SMIME_WEB_FORM only |
[Allowed values: [EMAIL_CONFIRMATION, IDP, SECRET_ID]] |
orgDelegations |
Array |
Delegated organizations IDs. Non-delegated endpoint is available for all organizations. Can be managed any time later via delegations resource |
[Must be null or not empty] |
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: nick' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"name":"SSL Form Endpoint","endpointType":"SSL_WEB_FORM","uriExtension":"ssl-wf","config":{"enrollmentHelp":"Please contact support for enrollment help.","enrollmentLinkName":"Additional information","enrollmentLinkAddress":"https://example.com/additional-information","webFormAuthTypes":["IDP","EMAIL_CONFIRMATION"]},"orgDelegations":[10124,10122]}'Response headers
| Name | Description |
|---|---|
|
New endpoint location |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/endpoint/v1/5024Update enrollment endpoint
Path parameters
| Parameter | Description |
|---|---|
|
Enrollment endpoint ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Endpoint name |
[Must be null or not blank, Size must be between 1 and 256 inclusive] |
config |
Object |
Endpoint configuration |
[] |
config.enrollmentHelp |
String |
Endpoint enrollment instructions |
[Maximum length is 2048 characters or can be empty] |
config.enrollmentLinkName |
String |
Endpoint enrollment external instructions URL name |
[Maximum length is 1024 characters or can be empty] |
config.enrollmentLinkAddress |
String |
Endpoint enrollment external instructions URL |
[Must match the regular expression |
config.webFormAuthTypes[] |
Array |
Web Form authentication methods. IDP is available for any supported endpoint type except CODE_SIGN_WEB_FORM and SECRET_ID is available for SMIME_WEB_FORM only |
[Must be null or not empty, Allowed values: [EMAIL_CONFIRMATION, IDP, SECRET_ID]] |
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1/5053' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: nick' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '{"name":"SSL Form Updated Endpoint","config":{"enrollmentHelp":"Please contact support for enrollment help.","enrollmentLinkName":"Additional information","enrollmentLinkAddress":"https://example.com/additional-information","webFormAuthTypes":["IDP","EMAIL_CONFIRMATION"]}}'Example response
HTTP/1.1 204 No ContentUpdate config by endpoint id
Update Enrollment Endpoint config by Enrollment Endpoint id
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1/5041/config' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: nick' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d ' {
"enrollmentHelp":"Please contact support in case of issues.",
"enrollmentLinkAddress":"https://support.global/requests",
"contactName":"Global Support",
"contactEmail":"global.support@support.global",
"contactPhone":"+10050042"
}
'HTTP request
PUT /api/endpoint/v1/5041/config HTTP/1.1
Content-Type: application/json;charset=UTF-8
login: nick
password: Password123!
customerUri: test
Content-Length: 316
Host: cert-manager.com
{
"enrollmentHelp":"Please contact support in case of issues.",
"enrollmentLinkAddress":"https://support.global/requests",
"contactName":"Global Support",
"contactEmail":"global.support@support.global",
"contactPhone":"+10050042"
}Example response
HTTP/1.1 200 OKRequest fields
| Path | Type | Description | Constraints |
|---|---|---|---|
enrollmentHelp |
String |
Enrollment endpoint help instructions |
[Maximum length is 2048 characters or can be empty] |
enrollmentLinkAddress |
String |
Enrollment endpoint support URL |
[Must match the regular expression |
enrollmentLinkName |
String |
Enrollment endpoint support URL label text |
[Maximum length is 1024 characters or can be empty] |
webFormAuthTypes |
String |
Enrollment endpoint authentication types. Possible values: [EMAIL_CONFIRMATION, IDP, SECRET_ID] |
[Must be null or not empty] |
contactName |
String |
Enrollment endpoint responsive person name |
[Maximum length is 1024 characters or can be empty] |
contactEmail |
String |
Enrollment endpoint responsive person e-mail |
[Maximum length is 1024 characters or can be empty] |
contactPhone |
String |
Enrollment endpoint responsive person phone number |
[Maximum length is 32 characters or can be empty] |
Delete enrollment endpoint
Path parameters
| Parameter | Description |
|---|---|
|
Enrollment endpoint ID |
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1/5031' -i -X DELETE \
-H 'login: nick' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 204 No ContentDelegate enrollment endpoint
Create or update enrollment endpoint delegations
Subsequent requests add new delegations, existing delegations are not removed.
Path parameters
| Parameter | Description |
|---|---|
|
Enrollment endpoint ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
[] |
Array |
Delegated organization IDs |
Positive integer values |
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1/5019/delegations' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: nick' \
-H 'password: Password123!' \
-H 'customerUri: test' \
-d '[10113,10111]'Example response
HTTP/1.1 204 No ContentDelete enrollment endpoint delegations
Allowed only for MRAO role admins. Remove all delegations. The endpoint will be available for all existing organizations.
Path parameters
| Parameter | Description |
|---|---|
|
Enrollment endpoint ID |
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1/5029/delegations' -i -X DELETE \
-H 'login: nick' \
-H 'password: Password123!' \
-H 'customerUri: test'Example response
HTTP/1.1 204 No ContentEndpoint Accounts
List endpoint accounts
Path parameters
| Parameter | Description |
|---|---|
|
Enrollment endpoint ID |
Query parameters
| Parameter | Description |
|---|---|
|
Count of entries |
|
the first position (entry) to return from the results of the query |
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1/5068/account?size=10&position=0' -i -X GET \
-H 'login: admin_customer3677' \
-H 'password: Password123!' \
-H 'customerUri: cst3677'Response headers
| Name | Description |
|---|---|
|
Total count of filtered Endpoint accounts existing in the system |
Response fields
| Path | Type | Description |
|---|---|---|
|
|
List of Endpoint accounts |
|
|
Account ID |
|
|
Account name |
|
|
Endpoint type |
|
|
Account organization |
|
|
Organization ID |
|
|
Organization name |
|
|
Account organization department |
|
|
Organization department ID |
|
|
Organization department name |
|
|
Account ID token |
Example response
HTTP/1.1 200 OK
X-Total-Count: 2
Content-Type: application/json
Content-Length: 364
[{"id":80,"name":"My account 2","type":"SSL_WEB_FORM","idToken":"eyJpZCI6ODAsInR5cGUiOiJTU0xfV0VCX0ZPUk0ifQ==","organization":{"id":10222,"name":"org4Test"}},{"id":79,"name":"My account","type":"SSL_WEB_FORM","idToken":"eyJpZCI6NzksInR5cGUiOiJTU0xfV0VCX0ZPUk0ifQ==","organization":{"id":10223,"name":"org4Test","department":{"id":10224,"name":"department4Test"}}}]Get details of endpoint account
Path parameters
| Parameter | Description |
|---|---|
|
Enrollment endpoint ID |
|
Enrollment account ID |
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1/5067/account/78' -i -X GET \
-H 'login: admin_customer3673' \
-H 'password: Password123!' \
-H 'customerUri: cst3673'Response fields
| Path | Type | Description |
|---|---|---|
|
|
Account name |
|
|
Endpoint type |
|
|
Account organization |
|
|
Organization ID |
|
|
Organization name |
|
|
Account organization department |
|
|
Organization department ID |
|
|
Organization department name |
|
|
Account ID token |
|
|
Delegated profile IDs |
|
|
Access code |
|
|
CSR Generation method |
|
|
Account authentication method |
|
|
Automatically approve requests |
|
|
Allow auto renew |
|
|
Allow empty PKCS12 password |
|
|
Preferred Key Protection Algorithm |
|
|
Idp Mapping Rules |
|
|
Attribute name |
|
|
Match type |
|
|
Attribute values |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 423
{"name":"My account","type":"SSL_WEB_FORM","organization":{"id":10220,"name":"org4Test","department":{"id":10221,"name":"department4Test"}},"idToken":"eyJpZCI6NzgsInR5cGUiOiJTU0xfV0VCX0ZPUk0ifQ==","profileIds":[5778,5779],"accessCode":"1234","csrGenerationMethod":"BROWSER","accountAuthMethod":"ACCESS_CODE","preferredKeyProtectionAlgorithm":"AES256-SHA256","autoApprove":false,"allowAutoRenew":false,"allowEmptyPin":false}Create endpoint account
Path parameters
| Parameter | Description |
|---|---|
|
Enrollment endpoint ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Account name |
[Must not be null, Size must be between 3 and 128 inclusive] |
type |
String |
Endpoint type |
[Must not be null, Allowed values: [SSL_WEB_FORM, SMIME_WEB_FORM, DEVICE_WEB_FORM, CODE_SIGN_WEB_FORM]] |
organizationId |
Number |
Account organization ID |
[Must not be null] |
profileIds |
Array |
Delegated profile IDs. The IDs order might be respected for some account types.Only one profile ID is allowed for CODE_SIGN_WEB_FORM account type |
[Must not be empty] |
csrGenerationMethod |
String |
CSR Generation method. SERVER is available for any supported endpoint type except SSL_WEB_FORM, SECTIGOGEN is available for any except CODE_SIGN_WEB_FORM and TOKEN is available for CODE_SIGN_WEB_FORM only |
[Must not be null, Allowed values: [BROWSER, SERVER, PROVIDED, SECTIGOGEN, TOKEN]] |
autoApprove |
Boolean |
Automatically approve requests. Not applicable for SMIME_WEB_FORM and CODE_SIGN_WEB_FORM types. Must be explicitly set to 'true' for SECTIGOGEN CSR generation method |
[] |
allowAutoRenew |
Boolean |
Allow auto renew. Applicable for SSL_WEB_FORM type only |
[] |
allowEmptyPin |
Boolean |
Allow empty PKCS12 password |
[] |
accountAuthMethod |
String |
Account authentication method. Not applicable for CODE_SIGN_WEB_FORM type |
[Must not be null, Allowed values: [ACCESS_CODE, IDP_ASSERTIONS_MAPPING, NONE]] |
accessCode |
String |
Access code (mandatory and relevant for ACCESS_CODE authentication method only) |
[Must be null or not blank, Maximum length is 255 characters or can be empty] |
idpMappingRules |
Array |
IDP assertion mapping rules (mandatory and relevant for IDP_ASSERTIONS_MAPPING authentication method only) |
[Must be null or not empty] |
idpMappingRules[].key |
String |
Attribute name |
[Must not be blank, Allowed values are: [cn, displayname, entitlement, eppn, givenname, groups, mail, schachomeorganization, sn, uid]]. Allowed values can vary depending on the system configuration |
idpMappingRules[].matchType |
String |
Match type |
[Must not be null, Allowed values are: [MATCHES, CONTAINS]] |
idpMappingRules[].values |
Array |
Attribute values |
[Must not be empty] |
preferredKeyProtectionAlgorithm |
String |
Preferred key protection algorithm |
[Allowed values: [AES256-SHA256, TripleDES-SHA1]] |
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1/5063/account' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer3655' \
-H 'password: Password123!' \
-H 'customerUri: cst3655' \
-d '{"type":"SSL_WEB_FORM","name":"My account","type":"SSL_WEB_FORM","organizationId":10205,"profileIds":[5770,5771],"csrGenerationMethod":"PROVIDED","autoApprove":true,"allowAutoRenew":true,"accountAuthMethod":"IDP_ASSERTIONS_MAPPING","idpMappingRules":[{"key":"groups","matchType":"CONTAINS","values":["admin","user"]}],"preferredKeyProtectionAlgorithm":"TripleDES-SHA1"}'Response headers
| Name | Description |
|---|---|
|
New account location |
Example response
HTTP/1.1 201 Created
Location: https://cert-manager.com/api/endpoint/v1/5063/account/74Update endpoint account
Path parameters
| Parameter | Description |
|---|---|
|
Enrollment endpoint ID |
|
Enrollment account ID |
Request fields
| Path | Type | Description | Constraints |
|---|---|---|---|
name |
String |
Account name |
[Size must be between 3 and 128 inclusive] |
type |
String |
Endpoint type. Type can’t be updated once account is created |
[Must not be null, Allowed values: [SSL_WEB_FORM, SMIME_WEB_FORM, DEVICE_WEB_FORM, CODE_SIGN_WEB_FORM]] |
profileIds |
Array |
Delegated profile IDs. The IDs order might be respected for some account types.Only one profile ID is allowed for CODE_SIGN_WEB_FORM account type. If provided, all existing profile delegations will be replaced |
[Must be null or not empty] |
csrGenerationMethod |
String |
CSR Generation method. SERVER is available for any supported endpoint type except SSL_WEB_FORM, SECTIGOGEN is available for any except CODE_SIGN_WEB_FORM and TOKEN is available for CODE_SIGN_WEB_FORM only |
[Allowed values: [BROWSER, SERVER, PROVIDED, SECTIGOGEN, TOKEN]] |
autoApprove |
Boolean |
Automatically approve requests. Not applicable for SMIME_WEB_FORM and CODE_SIGN_WEB_FORM types. Must be explicitly set to 'true' for SECTIGOGEN CSR generation method |
[] |
allowAutoRenew |
Boolean |
Allow auto renew. Applicable for SSL_WEB_FORM type only |
[] |
allowEmptyPin |
Boolean |
Allow empty PKCS12 password |
[] |
accountAuthMethod |
String |
Account authentication method. Not applicable for CODE_SIGN_WEB_FORM type |
[Allowed values: [ACCESS_CODE, IDP_ASSERTIONS_MAPPING, NONE]] |
accessCode |
String |
Access code (mandatory and relevant for ACCESS_CODE authentication method only) |
[Must be null or not blank, Maximum length is 255 characters or can be empty] |
idpMappingRules |
Array |
IDP assertion mapping rules (mandatory and relevant for IDP_ASSERTIONS_MAPPING authentication method only). If provided, all existing rules will be replaced |
[Must be null or not empty] |
idpMappingRules[].key |
String |
Attribute name |
[Must not be blank, Allowed values are: [cn, displayname, entitlement, eppn, givenname, groups, mail, schachomeorganization, sn, uid]]. Allowed values can vary depending on the system configuration |
idpMappingRules[].matchType |
String |
Match type |
[Must not be null, Allowed values are: [MATCHES, CONTAINS]] |
idpMappingRules[].values |
Array |
Attribute values |
[Must not be empty] |
preferredKeyProtectionAlgorithm |
String |
Preferred key protection algorithm |
[Allowed values: [AES256-SHA256, TripleDES-SHA1]] |
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1/5072/account/84' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'login: admin_customer3694' \
-H 'password: Password123!' \
-H 'customerUri: cst3694' \
-d '{"type":"SSL_WEB_FORM","name":"My updated account","type":"SSL_WEB_FORM","profileIds":[5790,5791],"csrGenerationMethod":"BROWSER","autoApprove":true,"allowEmptyPin":true,"allowAutoRenew":false,"accountAuthMethod":"ACCESS_CODE","accessCode":"1234","preferredKeyProtectionAlgorithm":"TripleDES-SHA1"}'Example response
HTTP/1.1 204 No ContentDelete endpoint account
Path parameters
| Parameter | Description |
|---|---|
|
Enrollment endpoint ID |
|
Enrollment account ID |
Example request
$ curl 'https://cert-manager.com/api/endpoint/v1/5065/account/76' -i -X DELETE \
-H 'Content-Type: application/json' \
-H 'login: admin_customer3664' \
-H 'password: Password123!' \
-H 'customerUri: cst3664'Example response
HTTP/1.1 204 No Content