Overview
Purpose
Last update date of this document: 2024-11-13 06:41:36 UTC.
DigiCert PKI Platform Web Services lets you integrate DigiCert’s certificate issuance and administration tasks into customer’s RA applications.
This document specifies the APIs that user can implement to consume DigiCert PKI platform web services. It details a set of RESTful APIs to allow issuance, management of certificates and users.
API Basics
All API requests are submitted via RESTful URLs using REST features including HEADER-based authentication and JSON request types. The requests are accepted through port 443, which is the default port for SSL. The character set encoding of data in API calls and responses is UTF-8. To ensure a well-formed request, make sure that the User-Agent and Content-Length headers are specified in the request.
Authentication
The REST API requires a DigiCert Developer API key which can be generated and managed using DigiCert Managed PKI portal.
Requests
Requests consist of two or three parts: Method, Endpoint, and Body. Every request has a method and endpoint, but some also include a body. The format of the body should match the format specified in the Content-Type header sent.
Method
The API uses the following standard HTTP methods: GET, POST, PUT, DELETE
Body and Content Type
All requests with a body require passing in JSON formatted data with the Content-Type header set to application/json. GET requests are the only ones that do not require sending formatted data. With some endpoints, GET requests will support passing in additional parameters to filter the results. To use REST API, create a header: Content-Type: application/json
A full cURL request may be something like
curl -X POST \ -H "X-API-KEY: $API KEY" \ -H "Content-Type: application/json" \ --data '{"foo":"bar"}' <REST Service URL>
NOTE: Use ptnr-pki-ws-rest.bbtest.net as FQDN for Partner Environment.
Responses
Responses consist of two parts: Headers and Body. The body is formatted based on the content type requested in the Accept header. Currently, the only supported response content type is application/json. Thus, a request will fail if a different content type is specified in the request Accept header.
Headers
Every response will include an appropriate HTTP response code. This header is based on the RFC 2616 specification.
HTTP Response Codes
| Code | Message | Description |
|---|---|---|
200 |
Success |
Success |
201 |
Created |
Success response for POST requests. The web service created a resource in response to the request. |
204 |
No content |
Success response when the server does not need to return content in the response. |
400 |
Bad request |
Incorrectly formed request. Occurs when the request body does not parse correctly. |
401 |
Unauthorized |
Invalid credentials. If call the API from a browser, an authentication pop-up may appear. |
405 |
Method not allowed |
The authenticated user is not allowed to use the requested HTTP method. |
406 |
Not acceptable |
The requested operation cannot generate an acceptable response based on the request headers. |
409 |
Conflict |
The request cannot be completed due to a conflict with the current state of the target resource. |
415 |
Unsupported media type |
The request contains an incorrect content type. |
422 |
Cannot process entity |
A request to modify or create a resource failed due to a validation error. |
500 |
Internal server error |
Generic, un-caught server error. |
503 |
The server is unavailable |
Occurs when the request rate limit has been reached or if the server is down for maintenance. Try the request again after 60 seconds. |
Successful Response
All success responses will return an HTTP code in the 200 – 399 range. Clients receiving these response codes will know that their request was successfully handled and will expect an appropriate response. As an example, a client submits a POST request to a /foo endpoint. It will expect an id that could be used in subsequent requests. It would expect a response similar to below.
Sample Response
HTTP/1.1 201 created
{
"id":"0f72906aaa58ad9100754536d24f9f6f"
}
Error response
Error response contains an HTTP code in 400+ range.
HTTP/1.1 400
{
"status": "BAD_REQUEST",
"timestamp": "13-05-2019 02:41:11",
"message": "The certificate profile id provided in the request is invalid."
}
Operations
The DigiCert PKI Platform Web Services supports following operations
| Operation | Resource | URL Parameter |
|---|---|---|
Health Check |
||
/api/v1/hello |
GET |
|
Certificate Enrollment Profile API |
||
/api/v1/profile/{profile_id} |
GET |
|
/api/vi/profile |
GET |
|
Certificate Enrollment and Management API |
||
/api/v1/certificate |
POST |
|
/api/v1/certificate/{certificate_id} |
GET |
|
/api/v1/certificate/{certificate_id}/revoke |
PUT |
|
/api/v1/certificate/{certificate_id}/revoke |
PUT |
|
/api/v1/certificate/{certificate_id}/revoke |
DELETE |
|
/api/v1/certificate/{certificate_id}/renew |
POST |
|
/api/v1/certificate/{certificate_id}/key |
GET |
|
Search Certificate API |
||
/api/v1/searchcert |
POST |
|
Seat Management API |
||
/api/v1/seat |
POST |
|
/api/v1/seat/{seat_id} |
GET |
|
/api/v1/seat/{seat_id} |
PUT |
|
/api/v1/seat/{seat_id} |
DELETE |
|
Enrollment API for non webservice profile |
||
/api/v1/enrollment |
POST |
|
/api/v1/enrollment/{enrollment_code} |
PUT |
|
/api/v1/enrollment/{enrollment_code} |
DELETE |
|
/api/v1/enrollment/{enrollment_code} |
GET |
|
Audit API |
||
api/v1/audit-log |
GET |
|
api/v1/audit-log/{auditId} |
GET |
|
Enroll Status API (Experimental) |
||
/api/v1/enrollstatus/{seat_id} |
POST |
|
Hello
Test connectivity with the server and make sure the user is authorized to make API requests.
Request Fields
Not applicable
Response Fields
Not applicable
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/hello' -i -X GET \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E'Sample Request
GET /mpki/api/v1/hello HTTP/1.1
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.comSample Response
HTTP/1.1 200 OK
X-Account-Id: 1233232
Content-Type: text/plain;charset=ISO-8859-1
Content-Length: 51
Hello from DigiCert PKI Platform REST Webservices!Get Profile
This API is used to get profile details for given profile OID. During account setup, the DigiCert Managed PKI administrator creates certificate profile, defines rules, data and features governing the certificate enrollment process. The certificate profile has the information that is needed for your RA application to construct a valid certificate enrollment request.
Request Fields
Not applicable
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
profile OID |
|
|
profile Name |
|
|
profile status (Active, Inactive, Deleted) |
|
|
signature algorithm |
|
|
indicates whether to publish public key to DigiCert PKI directory |
|
|
number of days when certificate can be renewed |
|
|
indicates if duplicate certificate is allowed by profile |
|
|
certificate delivery format |
|
|
object containing certificate information like subject dn attributes, extensions, validity etc |
|
|
object containing subject dn information |
|
|
list of all subject dn attributes (See Subject DN Attributes table for all possible values) |
|
|
object containing certificate validity information |
|
|
validity unit |
|
|
number of validity unit |
|
|
object containing certificate extensions information |
|
|
object containing san extension information |
|
|
criticality of san extension |
|
|
list of subject alt name attributes (See Subject Alt Name Attributes table for all possible values) |
|
|
object containing issuer certificate information |
|
|
object containing issuer chain (ICAs and/or root) |
|
|
list of private key attributes |
|
|
key size |
|
|
allowed key sizes |
|
|
key escrow policy |
|
|
key escrow enabled |
|
|
dual admin approval required |
|
|
key escrow deployment mode |
|
|
key recovery for additional enroll request |
|
|
is key exportable |
|
|
is key protect |
|
|
algorithm oid |
|
|
crypto providers |
|
|
provider |
|
|
enrollment |
|
|
enrollment client type id |
|
|
enrollment client type |
|
|
authentication |
|
|
authentication method id |
|
|
authentication method |
|
|
authentication approval (AUTO, MANUAL) |
|
|
list of all authentication fields attributes (See Authentication Field Attributes table for all possible values) |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/profile/2.16.840.1.113733.1.16.1.2.2.8.1.122532964' -i -X GET \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E'Sample Request
GET /mpki/api/v1/profile/2.16.840.1.113733.1.16.1.2.2.8.1.122532964 HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.comSample Response
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json;charset=UTF-8
Content-Length: 6089
{
"id" : "2.16.840.1.113733.1.16.1.2.2.8.1.122532964",
"name" : "smime-enc-only",
"status" : "ACTIVE",
"signature_algorithm" : "sha1WithRSAEncryption",
"publish_to_public_directory" : true,
"renewal_period_days" : 30,
"duplicate_cert_policy" : true,
"certificate_delivery_format" : "PKCS12",
"certificate" : {
"subject" : {
"attributes" : [ {
"type" : "common_name",
"mandatory" : true
} ]
},
"validity" : {
"unit" : "DAYS",
"duration" : 365
},
"extensions" : {
"san" : {
"critical" : true,
"attributes" : [ {
"type" : "rfc822Name",
"mandatory" : true,
"id" : "mail_email"
} ]
}
},
"issuer" : {
"serial_number" : "167307796698612677393372285064690296102",
"subject_dn" : "CN = Symantec Class 2 Shared Intermediate TEST Certificate Authority, OU = Terms of use at https://www.verisign.com/cps/testca (c)11, OU = VeriSign Trust Network, OU = FOR TEST PURPOSES ONLY, O = Symantec Corporation, C = US",
"certificate" : "MIIGhTCCBW2gAwIBAgIQfd5PP0Rn2xfkI+hPZbBlJjANBgkqhkiG9w0BAQUFADCB9jELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUIwQAYDVQQLEzlUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EgKGMpMDQxHzAdBgNVBAsTFkZvciBUZXN0IFB1cnBvc2VzIE9ubHkxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDIgVEVTVCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eS1HMzAeFw0xMTAzMDEwMDAwMDBaFw0yMTAyMjgyMzU5NTlaMIH8MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFkZPUiBURVNUIFBVUlBPU0VTIE9OTFkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxQjBABgNVBAsTOVRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzL3Rlc3RjYSAoYykxMTFIMEYGA1UEAxM/U3ltYW50ZWMgQ2xhc3MgMiBTaGFyZWQgSW50ZXJtZWRpYXRlIFRFU1QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuD0VJtirXQ62UjeJ+YjLoFPdIXqrQTI5uYBDV1L57tIQvaBflYWz5BLcNTTpyhyyKpDle81A9YXo1Cz7R8MkNdNmVcJgcSpxUyskJUKSbEyF9F9wj9YmFiUVxTSSRcc8a7EUi+O2lj2INltyz3UO2YD2pu2A+x2UZNOy4u8PXmHCOiwIH4p3lbA+PZkO/72aZqE2y0d89XL5KmbRDVdbMiWWEZXZAbdjVmma2Z4TGv9xUlUJ8YBMFm3Utnx8bhQCM4csG2ZgCFz5vUTDB3gOSQozYcRWSOaoqKk+FgJsINbj/by6ObO+uVYiHiYAzL4USSsCddDT/FYGZ2RYnjCUWwIDAQABo4ICBTCCAgEwEgYDVR0TAQH/BAgwBgEB/wIBADBLBgNVHSAERDBCMEAGCmCGSAGG+EUBBxUwMjAwBggrBgEFBQcCARYkaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EvMA4GA1UdDwEB/wQEAwIBBjBNBgNVHR8ERjBEMEKgQKA+hjxodHRwOi8vcGlsb3RvbnNpdGVjcmwudmVyaXNpZ24uY29tL09mZmxpbmVDQS90ZXN0cGNhMi1nMy5jcmwwHQYDVR0OBBYEFBsi04uABGfOJ/OHPp0HNw4CY2coMIIBHgYDVR0jBIIBFTCCARGhgfykgfkwgfYxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFCMEAGA1UECxM5VGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMvdGVzdGNhIChjKTA0MR8wHQYDVQQLExZGb3IgVGVzdCBQdXJwb3NlcyBPbmx5MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAyIFRFU1QgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHktRzOCEEIm9I6cjD0l5DHtDZ1beiswDQYJKoZIhvcNAQEFBQADggEBAADPds+UA3WUmMQjHFYwpiYiXFvi2/p4pNr37kSAcvmZuPT2kVBqar/BKxXGLn33O6jOXHK4+dvh2A9ppJL4/DbECNLtVatKO4haPVS71wei/RlCqPaWxCvBTMNY4m9t3r0PQ4e+ztPrKH9sXe05HU/h70hS8Idu1+4WdcblHEqcZbIPYbYQRccfyTSFl2dCoDSeI3INgvaxthaCdw4Z7d6HUNymBCkyeNXIMshyzOURTWwPuRIut5lDK2R84A4LIusHUf39x8TsS1cUtHcX62th+gs9sP5E6fDHeNxPoj6DYsQHc6K7Dtkp3BlzLmPTy9mdfMcjIrd3wCgNwC6zzXQ=",
"root" : false,
"chain" : [ {
"serial_number" : "87931315209220339004858855189940763179",
"subject_dn" : "CN=VeriSign Class 2 TEST Public Primary Certification Authority-G3,OU=For Test Purposes Only,OU=Terms of use at https://www.verisign.com/cps/testca (c)04,OU=VeriSign Trust Network,O=VeriSign\\\\, Inc.,C=US",
"certificate" : "MIIEcTCCA1kCEEIm9I6cjD0l5DHtDZ1beiswDQYJKoZIhvcNAQEFBQAwgfYxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFCMEAGA1UECxM5VGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMvdGVzdGNhIChjKTA0MR8wHQYDVQQLExZGb3IgVGVzdCBQdXJwb3NlcyBPbmx5MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAyIFRFU1QgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHktRzMwHhcNMDQwMzAyMDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB9jELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUIwQAYDVQQLEzlUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EgKGMpMDQxHzAdBgNVBAsTFkZvciBUZXN0IFB1cnBvc2VzIE9ubHkxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDIgVEVTVCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eS1HMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPQUJkB98LodegiioOC5jUO3387EMX6YXXeL91NNwX496w8LvPRtCDdbyhnoywqmt3SndcQKobBdH7yGwlU/MZWU8l4WBw+LDxwr84TvD5LMayeYz6q6Nf8U3EH9ks48hZJ47gKK+aPAHMKWAbR2xcR473nYfZsufTgIi7SJMGNJVHCEMXHqb1KuproqTvXTditX6NUpSAeaNyQTCw3CbFM2z99IYFnth0uftnPIjD3XhIPApo/qsdqBgKr7soegl1/1sq5JOVNOBth5paH8nhdaEs93S8CxG4igqcQLF4hOAw+W3Z4VJJR62zcASOlhVUolqMzK/qwvcgjAebF9s4ECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAX7u/jnU636mnXZXi4ky21f6R/RaVbQMRl2fgzEZknEquWPJ/JI0J2BwMkDBARs6Usdem6fbtkMO3eNacYsrqx7ZSTlgoFlmIsN52rsbYPwknALvDKVHJEQqwPbBij1AbwSjEJGY+ldcLm/1GTMl7eSp1fEfk+ejpYI/YAyJ3C78/1LPXlmd34P0PQ7tq/wKud4a0+heiCO3GngEN4lj9FqjzlrVDfTffyolqIoXX+SXG1UHjhaPYjXNhy6LUV9SWHGYyAYoT8PFIeRSJyVruHgg7Yidz3DnxwVHPLIYNOMPiu4nhYxLG26w9tY2Tbnt0W87mN0sJP3lbTq9BX23n4A==",
"root" : true
} ]
}
},
"private_key_attributes" : {
"key_size" : 2048,
"key_sizes" : [ 1536, 2048 ],
"key_escrow_policy" : {
"key_escrow_enabled" : true,
"key_recovery_dual_admin_approval_required" : false,
"key_escrow_deployment_mode" : "CLOUD",
"do_key_recovery_for_additional_enroll_request" : true
},
"key_exportable" : true,
"key_protect" : false,
"algorithm_oid" : "1.6.7.8.9",
"crypto_providers" : {
"provider" : [ ]
}
},
"enrollment" : {
"client_type_id" : "PKI_CLIENT",
"client_type" : "PKI Client"
},
"authentication" : {
"method_id" : "THIRDPARTY_INTEGRATION",
"method" : "3rd party application",
"approval" : "AUTO",
"attributes" : [ {
"type" : "auth_comments",
"mandatory" : false,
"display_name" : "Comments"
} ]
}
}Get All Profiles
This API is used to get profile details for all profiles in account. During account setup, the DigiCert Managed PKI administrator creates certificate profile, defines rules, data and features governing the certificate enrollment process. The certificate profile has the information that is needed for your RA application to construct a valid certificate enrollment request.
Request Fields
Not applicable
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
An array of Objects |
|
|
profile OID |
|
|
profile Name |
|
|
profile status (Active, Inactive, Deleted) |
|
|
signature algorithm |
|
|
indicates whether to publish public key to DigiCert PKI directory |
|
|
number of days when certificate can be renewed |
|
|
indicates if duplicate certificate is allowed by profile |
|
|
certificate delivery format |
|
|
object containing certificate information like subject dn attributes, extensions, validity etc |
|
|
object containing subject dn information |
|
|
list of all subject dn attributes (See Subject DN Attributes table for all possible values) |
|
|
object containing certificate validity information |
|
|
validity unit |
|
|
number of validity unit |
|
|
object containing certificate extensions information |
|
|
object containing san extension information |
|
|
criticality of san extension |
|
|
list of subject alt name attributes (See Subject Alt Name Attributes table for all possible values) |
|
|
object containing issuer certificate information |
|
|
object containing issuer chain (ICAs and/or root) |
|
|
list of private key attributes |
|
|
key size |
|
|
allowed key sizes |
|
|
key escrow policy |
|
|
key escrow enabled |
|
|
dual admin approval required |
|
|
key escrow deployment mode |
|
|
key recovery for additional enroll request |
|
|
is key exportable |
|
|
is key protect |
|
|
algorithm oid |
|
|
crypto providers |
|
|
provider |
|
|
enrollment |
|
|
enrollment client type id |
|
|
enrollment client type |
|
|
authentication |
|
|
authentication method id |
|
|
authentication method |
|
|
authentication approval (AUTO, MANUAL) |
|
|
list of all authentication fields attributes (See Authentication Field Attributes table for all possible values) |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/profile' -i -X GET \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E'Sample Request
GET /mpki/api/v1/profile HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.comSample Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 6093
[ {
"id" : "2.16.840.1.113733.1.16.1.2.2.8.1.122532964",
"name" : "smime-enc-only",
"status" : "ACTIVE",
"signature_algorithm" : "sha1WithRSAEncryption",
"publish_to_public_directory" : true,
"renewal_period_days" : 30,
"duplicate_cert_policy" : true,
"certificate_delivery_format" : "PKCS12",
"certificate" : {
"subject" : {
"attributes" : [ {
"type" : "common_name",
"mandatory" : true
} ]
},
"validity" : {
"unit" : "DAYS",
"duration" : 365
},
"extensions" : {
"san" : {
"critical" : true,
"attributes" : [ {
"type" : "rfc822Name",
"mandatory" : true,
"id" : "mail_email"
} ]
}
},
"issuer" : {
"serial_number" : "167307796698612677393372285064690296102",
"subject_dn" : "CN = Symantec Class 2 Shared Intermediate TEST Certificate Authority, OU = Terms of use at https://www.verisign.com/cps/testca (c)11, OU = VeriSign Trust Network, OU = FOR TEST PURPOSES ONLY, O = Symantec Corporation, C = US",
"certificate" : "MIIGhTCCBW2gAwIBAgIQfd5PP0Rn2xfkI+hPZbBlJjANBgkqhkiG9w0BAQUFADCB9jELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUIwQAYDVQQLEzlUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EgKGMpMDQxHzAdBgNVBAsTFkZvciBUZXN0IFB1cnBvc2VzIE9ubHkxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDIgVEVTVCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eS1HMzAeFw0xMTAzMDEwMDAwMDBaFw0yMTAyMjgyMzU5NTlaMIH8MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFkZPUiBURVNUIFBVUlBPU0VTIE9OTFkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxQjBABgNVBAsTOVRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzL3Rlc3RjYSAoYykxMTFIMEYGA1UEAxM/U3ltYW50ZWMgQ2xhc3MgMiBTaGFyZWQgSW50ZXJtZWRpYXRlIFRFU1QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuD0VJtirXQ62UjeJ+YjLoFPdIXqrQTI5uYBDV1L57tIQvaBflYWz5BLcNTTpyhyyKpDle81A9YXo1Cz7R8MkNdNmVcJgcSpxUyskJUKSbEyF9F9wj9YmFiUVxTSSRcc8a7EUi+O2lj2INltyz3UO2YD2pu2A+x2UZNOy4u8PXmHCOiwIH4p3lbA+PZkO/72aZqE2y0d89XL5KmbRDVdbMiWWEZXZAbdjVmma2Z4TGv9xUlUJ8YBMFm3Utnx8bhQCM4csG2ZgCFz5vUTDB3gOSQozYcRWSOaoqKk+FgJsINbj/by6ObO+uVYiHiYAzL4USSsCddDT/FYGZ2RYnjCUWwIDAQABo4ICBTCCAgEwEgYDVR0TAQH/BAgwBgEB/wIBADBLBgNVHSAERDBCMEAGCmCGSAGG+EUBBxUwMjAwBggrBgEFBQcCARYkaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EvMA4GA1UdDwEB/wQEAwIBBjBNBgNVHR8ERjBEMEKgQKA+hjxodHRwOi8vcGlsb3RvbnNpdGVjcmwudmVyaXNpZ24uY29tL09mZmxpbmVDQS90ZXN0cGNhMi1nMy5jcmwwHQYDVR0OBBYEFBsi04uABGfOJ/OHPp0HNw4CY2coMIIBHgYDVR0jBIIBFTCCARGhgfykgfkwgfYxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFCMEAGA1UECxM5VGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMvdGVzdGNhIChjKTA0MR8wHQYDVQQLExZGb3IgVGVzdCBQdXJwb3NlcyBPbmx5MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAyIFRFU1QgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHktRzOCEEIm9I6cjD0l5DHtDZ1beiswDQYJKoZIhvcNAQEFBQADggEBAADPds+UA3WUmMQjHFYwpiYiXFvi2/p4pNr37kSAcvmZuPT2kVBqar/BKxXGLn33O6jOXHK4+dvh2A9ppJL4/DbECNLtVatKO4haPVS71wei/RlCqPaWxCvBTMNY4m9t3r0PQ4e+ztPrKH9sXe05HU/h70hS8Idu1+4WdcblHEqcZbIPYbYQRccfyTSFl2dCoDSeI3INgvaxthaCdw4Z7d6HUNymBCkyeNXIMshyzOURTWwPuRIut5lDK2R84A4LIusHUf39x8TsS1cUtHcX62th+gs9sP5E6fDHeNxPoj6DYsQHc6K7Dtkp3BlzLmPTy9mdfMcjIrd3wCgNwC6zzXQ=",
"root" : false,
"chain" : [ {
"serial_number" : "87931315209220339004858855189940763179",
"subject_dn" : "CN=VeriSign Class 2 TEST Public Primary Certification Authority-G3,OU=For Test Purposes Only,OU=Terms of use at https://www.verisign.com/cps/testca (c)04,OU=VeriSign Trust Network,O=VeriSign\\\\, Inc.,C=US",
"certificate" : "MIIEcTCCA1kCEEIm9I6cjD0l5DHtDZ1beiswDQYJKoZIhvcNAQEFBQAwgfYxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFCMEAGA1UECxM5VGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMvdGVzdGNhIChjKTA0MR8wHQYDVQQLExZGb3IgVGVzdCBQdXJwb3NlcyBPbmx5MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAyIFRFU1QgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHktRzMwHhcNMDQwMzAyMDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB9jELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUIwQAYDVQQLEzlUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EgKGMpMDQxHzAdBgNVBAsTFkZvciBUZXN0IFB1cnBvc2VzIE9ubHkxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDIgVEVTVCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eS1HMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPQUJkB98LodegiioOC5jUO3387EMX6YXXeL91NNwX496w8LvPRtCDdbyhnoywqmt3SndcQKobBdH7yGwlU/MZWU8l4WBw+LDxwr84TvD5LMayeYz6q6Nf8U3EH9ks48hZJ47gKK+aPAHMKWAbR2xcR473nYfZsufTgIi7SJMGNJVHCEMXHqb1KuproqTvXTditX6NUpSAeaNyQTCw3CbFM2z99IYFnth0uftnPIjD3XhIPApo/qsdqBgKr7soegl1/1sq5JOVNOBth5paH8nhdaEs93S8CxG4igqcQLF4hOAw+W3Z4VJJR62zcASOlhVUolqMzK/qwvcgjAebF9s4ECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAX7u/jnU636mnXZXi4ky21f6R/RaVbQMRl2fgzEZknEquWPJ/JI0J2BwMkDBARs6Usdem6fbtkMO3eNacYsrqx7ZSTlgoFlmIsN52rsbYPwknALvDKVHJEQqwPbBij1AbwSjEJGY+ldcLm/1GTMl7eSp1fEfk+ejpYI/YAyJ3C78/1LPXlmd34P0PQ7tq/wKud4a0+heiCO3GngEN4lj9FqjzlrVDfTffyolqIoXX+SXG1UHjhaPYjXNhy6LUV9SWHGYyAYoT8PFIeRSJyVruHgg7Yidz3DnxwVHPLIYNOMPiu4nhYxLG26w9tY2Tbnt0W87mN0sJP3lbTq9BX23n4A==",
"root" : true
} ]
}
},
"private_key_attributes" : {
"key_size" : 2048,
"key_sizes" : [ 1536, 2048 ],
"key_escrow_policy" : {
"key_escrow_enabled" : true,
"key_recovery_dual_admin_approval_required" : false,
"key_escrow_deployment_mode" : "CLOUD",
"do_key_recovery_for_additional_enroll_request" : true
},
"key_exportable" : true,
"key_protect" : false,
"algorithm_oid" : "1.6.7.8.9",
"crypto_providers" : {
"provider" : [ ]
}
},
"enrollment" : {
"client_type_id" : "PKI_CLIENT",
"client_type" : "PKI Client"
},
"authentication" : {
"method_id" : "THIRDPARTY_INTEGRATION",
"method" : "3rd party application",
"approval" : "AUTO",
"attributes" : [ {
"type" : "auth_comments",
"mandatory" : false,
"display_name" : "Comments"
} ]
}
} ]Enroll Certificate
This API is used to enroll a certificate for a given profile. The enrollments for Manual approval profiles will be put in pending state, while other profiles will return a certificate.
Request Fields
| Parameter | Type | Optional | Description |
|---|---|---|---|
profile |
Object |
false |
object containing certificate profile oid for which seat is being enrolled |
profile.id |
String |
false |
certificate profile oid |
seat |
Object |
false |
object containing seat object |
seat.seat_id |
String |
false |
seat_id associated to the certificate |
seat.email |
String |
true |
email associated to the seat |
csr |
String |
true |
certificate signing request (base64 encoded CSR string), Note: Single line CSR permitted, escaped carriage return (\r) or line feed (\n) is allowed |
validity |
Object |
true |
object containing validity of certificate |
validity.unit |
String |
true |
validity unit (day/s, month/s, year/s) |
validity.duration |
Number |
true |
number of validity unit |
session_key |
String |
true |
session key |
attributes |
Object |
true |
List of mandatory attributes as defined in Appendix |
attributes.san |
Object |
true |
List of mandatory san attributes as defined in Appendix |
attributes.san.user_principal_name |
Array |
true |
user_principal_name is a type of SAN attributes which contains Attribute parameters defined in Appendix |
attributes.san.user_principal_name[].id |
String |
true |
value to id attribute in user_principal_name |
attributes.san.user_principal_name[].value |
String |
true |
value to value attribute in user_principal_name |
attributes.san.custom_attributes |
Object |
true |
SAN custom attributes |
attributes.san.directory_name |
String |
true |
Directory name |
attributes.san.dns_name |
Array |
true |
dns_name is a type which contains Attribute parameters defined in Appendix |
attributes.san.dns_name[].id |
String |
true |
value to id attribute in dns_name |
attributes.san.dns_name[].value |
String |
true |
value to value attribute in dns_name |
attributes.san.ip_address |
Array |
true |
ip_address is a type which contains Attribute parameters defined in Appendix |
attributes.san.ip_address[].id |
String |
true |
value to id attribute in ip_address |
attributes.san.ip_address[].value |
String |
true |
value to value attribute in ip_address |
attributes.san.other_name |
Array |
true |
other_name is a type which contains Attribute parameters defined in Appendix |
attributes.san.other_name[].id |
String |
true |
value to id attribute in other_name |
attributes.san.other_name[].value |
String |
true |
value to value attribute in other_name |
attributes.san.registered_id |
Array |
true |
registered_id is a type which contains Attribute parameters defined in Appendix |
attributes.san.registered_id[].id |
String |
true |
value to id attribute in registered_id |
attributes.san.registered_id[].value |
String |
true |
value to value attribute in registered_id, this should be in oid format |
attributes.san.rfc822_name |
Array |
true |
rfc822_name is a type which contains Attribute parameters defined in Appendix |
attributes.san.rfc822_name[].id |
String |
true |
value to id attribute in rfc822_name |
attributes.san.rfc822_name[].value |
String |
true |
value to value attribute in rfc822_name |
authentication |
Object |
true |
List of authentication field attributes as defined in Appendix |
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
serial number of the certificate |
|
|
type of certificate being returned |
|
|
certificate string |
|
|
password of pkcs12 certificate |
|
|
status of Manual approval enrollment (MANUAL_AUTH_PENDING_REQUEST), Note: only for Manual approval profiles |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/certificate' -i -X POST \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-d '{
"profile" : {
"id" : "2.16.840.1.113733.1.16.1.2.2.1.1.132764215"
},
"seat" : {
"seat_id" : "jane.doe@digicert.com",
"email" : "jane.doe@digicert.com"
},
"csr" : "MIICxDCCAawCAQAwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxCzAJBgNVBAsTAkVNMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjEdMBsGA1UEAxMUcGtpdGVzdC5kaWdpY2VydC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCstIieKhKgYXCJjYuiY2GTBm97wLDdIUZS2Zg4z1SrlaC2iKaFqIYnRW09POgxZYso+yfd6anMckE8bStiJLBPo0LcFKcs35RedCXFfMZBE3dsyud8uHlOi5YfiFc1a04GXnUDZiEiLkyBky4euZ22Hiqg70SievURvzaVuzcMqo/sa3bQJaz2JvimoZb1wJp0rFSFp5BhFxxjLL0lCZ3sNdRrjYiJelHyDMORCFkbg+vVadZk411+fbjpPdbWWlFyA/QA5RCzwbA93ly/Qg6EU3lX2/iSEB5U4/o+K1rXU1IT2BwVitDnwAM8qyS+y1bGABoh91hpuiUMffCA2gtLAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAYoMs9IHqGvKkFQE3ZojZVTGsj6EFIbHsKwi6HT/cMej0yRG8dLJYr7mX4w9jKrIvJsReQBAmqBGhJk28k6aasVYjfIxwgom9+jWzX9Yf11CdKWmuh13+3Uei6gHDsWOcoQF1QPzgoYt1HdXBm53aFk1prJyQltRT6R4uqO/a1b7Rzz+RdL689z8bzu+z2bG3aABYjH1bsoKOb5dTYAquA3y+x6f58DrS0DrQboWAN2qFxq/iitXEdScw6ohcHmp8aaZ7ueq0czF6sl3ODHTnnaw12XPaWL+0nagxbGpLvCutA5a5gIHrkBME8oRVczmuYygyllF1AtgJXL9aZbF5Nw==",
"validity" : {
"unit" : "days",
"duration" : 365
},
"attributes" : {
"common_name" : "Jane Doe",
"organization_name" : "Digicert",
"organization_unit" : [ {
"id" : "cert_org_unit1",
"value" : "Engg"
} ],
"san" : {
"directory_name" : "C=US,O=Digicert Inc.,OU=QA,CN=wssqa.net,ST=California,L=Mountain View",
"ip_address" : [ {
"id" : "san_ipAddress",
"value" : "127.0.0.1"
} ],
"other_name" : [ {
"id" : "otherNameHostGUID",
"value" : "ac 4b 29 06 aa d6 5d 4f a9 9c 4c bc b0 6a 65 d9"
} ],
"registered_id" : [ {
"id" : "registeredID",
"value" : "2.1.1.1"
} ],
"rfc822_name" : [ {
"id" : "mail_email",
"value" : "name@domain.com"
} ],
"dns_name" : [ {
"id" : "custom_encode_dnsName",
"value" : "server01.digicert.com"
}, {
"id" : "custom_encode_dnsName_multi",
"value" : "server02.digicert.com, server03.digicert.com"
} ],
"user_principal_name" : [ {
"id" : "otherNameUPN",
"value" : "user@domain.com"
} ],
"custom_attributes" : { }
},
"custom_attributes" : { }
},
"authentication" : {
"auth_comments" : "My comment",
"auth_first_name" : "Jane"
}
}'Sample Request
POST /mpki/api/v1/certificate HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.com
Content-Length: 2457
{
"profile" : {
"id" : "2.16.840.1.113733.1.16.1.2.2.1.1.132764215"
},
"seat" : {
"seat_id" : "jane.doe@digicert.com",
"email" : "jane.doe@digicert.com"
},
"csr" : "MIICxDCCAawCAQAwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxCzAJBgNVBAsTAkVNMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjEdMBsGA1UEAxMUcGtpdGVzdC5kaWdpY2VydC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCstIieKhKgYXCJjYuiY2GTBm97wLDdIUZS2Zg4z1SrlaC2iKaFqIYnRW09POgxZYso+yfd6anMckE8bStiJLBPo0LcFKcs35RedCXFfMZBE3dsyud8uHlOi5YfiFc1a04GXnUDZiEiLkyBky4euZ22Hiqg70SievURvzaVuzcMqo/sa3bQJaz2JvimoZb1wJp0rFSFp5BhFxxjLL0lCZ3sNdRrjYiJelHyDMORCFkbg+vVadZk411+fbjpPdbWWlFyA/QA5RCzwbA93ly/Qg6EU3lX2/iSEB5U4/o+K1rXU1IT2BwVitDnwAM8qyS+y1bGABoh91hpuiUMffCA2gtLAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAYoMs9IHqGvKkFQE3ZojZVTGsj6EFIbHsKwi6HT/cMej0yRG8dLJYr7mX4w9jKrIvJsReQBAmqBGhJk28k6aasVYjfIxwgom9+jWzX9Yf11CdKWmuh13+3Uei6gHDsWOcoQF1QPzgoYt1HdXBm53aFk1prJyQltRT6R4uqO/a1b7Rzz+RdL689z8bzu+z2bG3aABYjH1bsoKOb5dTYAquA3y+x6f58DrS0DrQboWAN2qFxq/iitXEdScw6ohcHmp8aaZ7ueq0czF6sl3ODHTnnaw12XPaWL+0nagxbGpLvCutA5a5gIHrkBME8oRVczmuYygyllF1AtgJXL9aZbF5Nw==",
"validity" : {
"unit" : "days",
"duration" : 365
},
"attributes" : {
"common_name" : "Jane Doe",
"organization_name" : "Digicert",
"organization_unit" : [ {
"id" : "cert_org_unit1",
"value" : "Engg"
} ],
"san" : {
"directory_name" : "C=US,O=Digicert Inc.,OU=QA,CN=wssqa.net,ST=California,L=Mountain View",
"ip_address" : [ {
"id" : "san_ipAddress",
"value" : "127.0.0.1"
} ],
"other_name" : [ {
"id" : "otherNameHostGUID",
"value" : "ac 4b 29 06 aa d6 5d 4f a9 9c 4c bc b0 6a 65 d9"
} ],
"registered_id" : [ {
"id" : "registeredID",
"value" : "2.1.1.1"
} ],
"rfc822_name" : [ {
"id" : "mail_email",
"value" : "name@domain.com"
} ],
"dns_name" : [ {
"id" : "custom_encode_dnsName",
"value" : "server01.digicert.com"
}, {
"id" : "custom_encode_dnsName_multi",
"value" : "server02.digicert.com, server03.digicert.com"
} ],
"user_principal_name" : [ {
"id" : "otherNameUPN",
"value" : "user@domain.com"
} ],
"custom_attributes" : { }
},
"custom_attributes" : { }
},
"authentication" : {
"auth_comments" : "My comment",
"auth_first_name" : "Jane"
}
}Sample Response
HTTP/1.1 201 Created
Content-Type: application/json;charset=UTF-8
Content-Length: 7250
{
"serial_number" : "68bf809b54de88433bb34413ca94e5fd",
"delivery_format" : "PKCS12",
"certificate" : "-----BEGIN CERTIFICATE REQUEST-----MIIUJAIBAzCCE94GCSqGSIb3DQEHAaCCE88EghPLMIITxzCCBYAGCSqGSIb3DQEH AaCCBXEEggVtMIIFaTCCBWUGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcN AQwBAzAOBAjDsA9L8ctTEAICBAAEggTIb5be+c4hrHdy42PKJz8w+udVn+9IOMgC /HO5dLzW/IlyUX5kMbLqOv9IYo0kZdyTr8xHi74LQ94VsDjwD9e0vxfijq7V2p6g wtBFxVirrabEUx/ME5azLYblggT8/udqTtO6j2QmxupkIWSE0GaQNZViwh27P2UX tNQkn9xsAcZZSFfq0at/fpNufqxcXPcEbxglzSdx7ltGk+IHB5c+VYKZXIguffk/ UKQ+dX/UIwPM75y/B0UQDbyk0VHz7DJXvnVLQt4muQ8YD71NMXa9Fw39rFKHCopI 5yVYwxB75QAJHgSi0Xz/IJ+wrTDPPEXLZgugks+eopHXDcx/EVb+rWvmFmejIimL JplNURcTQtL/xsB55eAZZpMzHbFJc0LMf7ulK8ILEmwgmGAklgtFn23Ha+2hm6cg 2s5XzP5RORwG81hdmjZmwj/CEWgN4iDSspJ6CJ3b6M0WTeFdyTPRR6mkBTFFJ77I Fo3qo9ilK1NRQkPdOekC4xBsZA8F/buyiHngWmNFuU+3Y17aO5SSlGZ9Sn48M6NE WumkZ1BJY4eK4W1eoCk2mbx8LdbWODVseC8xOvBdQVVJZHVKIe20joFavBcJKMmJ z5ydvu1tNPt/3KcHuUMHMvyVAGF7u684rxNsE1B1HeXG+shNpqiyIN94o7OarHAL sss/6cpfTT2DXVn6MhRycf9BkKeWrXZVYVxrljyNLcZH7ggSt5EAkTX6TYafVw77 y173zF6ZHX+9nt6OcogPzKy+NKuMy/2uSHYSollvcCt1RoTPuQbzc+2lT4oHKJNR JGJy8jvCddClfcHIoBVVkUA1tg2Jfdab2L5hy/0OWkRMAvIWtRodgG+X8Qo5Djwm ZNM9sY0rFBFmwJiULZYu4Xt502mnZzNPlGlwsu+4ZYYWIaRPjOQ8l349QwgdEZv9 +xr+PS6o8ihbqBTu+37JWoLMGCZrnWmXdr+guhB75a4w9QKVtkJ6J4kl77loUYUS sXPh33d/Wb9Mi57qN6l1JikpYhD9p76YiTvayhtzIxidb5nvObmBAU/YbLj3Oh3c kQygohsMgrJnj2Qasbe8AnajHeSA/2Ka/hvcn0TFcKNlgpHCgYP3o28bqGViT8Vu CFHh5nebGvB5PnlqUeaRBw9aHrUiRSYbY/HjYBm3ZAQh5CfQBU1W9aEy4UnWYQg5 Cr5VnAWy2NrGFMP9ywSZaWvop3b1BYFVlwZupzs9L2CqZupn6bv80lacnPJzpz54 TQFbUmjmbzEKJfo7ijXQD3x7I+65k/TIw2CiIZ6s7KtnT78blfPNcWiF+9odt9Tm ocqKLswZt6J8kB63em5f6d5ugdgbo66Y74h2x690fPMa+qmBKxNbgHNrQavnrJyF gaxrgHYD8WY3FGMvB2dt0xDlxKeacMUduKwu/Vvhaed/6zdP6Y/hedokw/qhRgFf +XgFGrt6IDXZ0JInbWwwY5JnRKPR+3vetbjyN+KBqmOR6Yy32ii+pvCofW3kuAZa iLnSjsfZnoAI7WffXiRGk60wiK3KJmxlE7q6BLTRtzv37B9PZv8WUHv1RJs6klt1 zFutV9tSi+Xi1yrjksHp1r4WKLGsaY/+AufraKnEFVkr7H/xtPNowzS1F6fznKbt MWQwEwYJKoZIhvcNAQkVMQYEBAEAAAAwTQYJKoZIhvcNAQkUMUAePgBKAG8AaABu ACAAUwBtAGkAdABoACcAcwAgAFQARABCACAAVABFAFMAVAAgAEkAQwBBACAAQwBB ACAASQBEMIIOPwYJKoZIhvcNAQcGoIIOMDCCDiwCAQAwgg4lBgkqhkiG9w0BBwEw HAYKKoZIhvcNAQwBAzAOBAi0hQObo/YcKQICBACAgg34JI2yvIaj9IBr3oTCiB4K 8qMNmzgOYTLLlXbTibOSZ7uozzw5dl35qLKARNgXTm8hCXRyAs4btSxHM5U3klhg bROaKo/oNHaYL8GfGz8RLefME29WhqYHB5VWQKPVMc7RIpBbz0AgzVRSC+7Qe0x2 jlf4iVfyAkSQw/6Ro2WEAiVNor4xdNjIS5V5IBl8Bx6CXXcTYy2lvpbIkTBnt1Dt 2WKOe3ZId6Jiye7Du9hHC0yEM2PUdWtyLc8ETsBW8+jPujs2T9KK5guWyAtXAfvy PziBbh8lsO39A/yGm9b/RPIs7k17ll0p2l56HlvpC7fE+RDdGMQqQlCCJxkwu5Ga cmSfSlu384Pd2uSdrYKSnnL3zaAa/NIVSOkVh3lutJ160LVoOgdMlfyshd0TWqry wrUlANLU4m9yi/QT6n5pksTcAuhtT85QBhhKPJFhP3aNmD0N3xMtsgtJNu8TAhCO b39NXQdorbq8NdAIhL0gWUBON7qYIGYo84Pojnx+z/rfrLKxVob6q7tL1gexMA0W j0aU879zVRkWt7CKWVBKWOdBo0Tvvc3pZBt7JJIkG4SiSBjfH6v41Z5FZ7pGCOFQ t9Vwbo61XVU1Cy7tW065PgZwRB8E+LyKdw3M54a1iC9A7pvgZyMbnhyAnDMiLY9c eI+3vJb/uKUEpzvlZ9TZFUvp1ivL/txDje/HbWZ39DWORpnM6PhS2WU0wtU+OhAD yuNkVBLk7vBXnUesimWJHtDPZ9eO9UhGnH4lvTc3tueM00t7rH0x91d6RdmjFR0d dypIP0zfi5Cn+B71AQo1G/0XQgB6TxdnW1ljy1sFcy8pP86seO9W64yfVMylhhGF f0Ds111GaeP5UTRYuJMErrVJjX5rkRtNEjOpqJRMeZvVCKd2tiiSg7eEsVdQXHX8 ArlN8rqiOGC035cJpC1kFikjoCZQDflTRYeO30PbjFFkE+G4l/FjMjkUPTDqf9Hz 6Nx5HEbTUMWHiE2LOKv/63lEXYzSHi60K9EQLvJD4uK9+IlcB496aJnbj3MHXc/U Xo+aXM8HGMAFTVyFL+VSriiJjmUyif578PS5emEyApxZMnkY83lhIDEM8LPMmUnj Dz6e7HXh8/B3U0F+rBTT4hMorCFscezhLo4WRpNx22+6MURgFgSSpBzyl1JNlG8f 0ywCSJy9wBgngGVZmA1u3ozzlP8SdmENaOtdM8+ReX1ppDysY31TrGW9B00s4XWG 7AoP+klnfbi/BzK4VLduVRPIVprS79CACMMt/vve3ypmTscQTAltRUche8ysDfjB cDGodoo4z7yjYG7QgPfP22u43ewWRnc5Vnt0vIi2K4OLrrw6y815GN4pNyoChUgf xJswdncVc5dJmBuSujyBLZV20a4cPFqMSR3c2sNHQ5OaXehAc3RUAwjfm4jNvhmE Y0ur72rUqHvcJ/gS7sDLXXpVKL2G196pGnEAAz9oBoMOXtmgRHPEJTIUxdZXnvkS Jsp82I0TWJ5KH8vj2eMNbTgqg1tl9VXTzWmBnogGGwpq8ioaKVOVGDWx0aG5ijxe hFI75SaZqso04Y6n4HVKH4s6YKJ/G1pO+1IBbSeJfbSGWXK6Ee6fRFRaIMNpRVzq Ne9XhsbUre2ioCSd5i+0UMLmkZW0/UlLM+OU/yzYKuiihlQTIcef0vxqk8C0cO2j s62YLBjTHf6TntHlQzoLjuPC/T9pdFQyUXLc0zO5jQYdD9Zux+eWBBrMUYZmNp/3 XEU7/5fQCmx27MuH9yOs2ZOYFsNG6/yXO485mrPw5pLjkxgOQ45zEs48Bn40UaKr GNpFzna2tdjucAiCP54dA5mQaSPFJM585kwn5GqP5JrxaREQaFc7fSqFsNVcn8Wn HLfU7N2lJHGqzJte8l8yASzTdqZt10OM6dzGCFQA24tyEdn4kUBT2eZ3MsVx0Gh4 fTU/gW+1ycIE4Hl/t6fD9Y3+bRonl7MWXae6s165QyW2A4cJD+W3AvrlQoKZO6wx r/YOJzgAlUpn2oeOcs6G7dToUap80tmiIb+PwWkAO/SBLt8YMD0hVyKPE5Dz5InM PRwF53O/UC9AkIeGJSios27tniOht5ILT4ttt7aahuL0FRoLnL4oL/F05lrUS+U5 aS9Huu5EuxCGQtL0OC10gIC/QAfS2zyy3wjDw7we/CXP5xvoCxNG1zZceJ7LAo1m 47fKNZoYmZQPoOdBUm41c6xQbPaUCZwBKt1gezdJfncrGgo+UD7i8pxiiDJQ6idF mrVUxPQ72GLBudZbFyEkSODKH4ArPeUs7DC3cWpvRwDh0xDm5GL1H3hmPsD5b5sN ivQe0DbcYD6LWEOCEJMgK3k/NtIctT88IbpQBxZWdte/CM8EF2l5LbQzOh1W8p/Q 4SJFwNnN8hDYvL+GChSsKC4lUXSHsmiadPr1VWDKwxNTxWUofEqPffvQrmuIVfkw K7cNH8Vz0NelMs/u175nbqJPB0AqbXDDMxYNCGJqsCBwWKJCSj2d+XKcg4aotXAO W7KsBSrI/R4s4sOY/O992dumUxF3RkCKL+TeFC8njaL4lUWYxeWK3vE4qVL5NbTm s9jk0h5MMyV3AWbli41gBMraMBHRyRlK3jtOOXcVZ+JbtYBkwd/556FXmC0afHHh DkO6MNIy4yPNdzRz53HIBgBMy7/0Wlkt5tU0VWgbLi7nGjWtYH0z+j9PrYjsSaNl 9QarWRiVKIjsu5fkjYCp5y+eA9Z6tapU+3x6pYpGH4lApq3hsCnhrsExqf1PZqCo sdRKD1qNpI+b7ZcvVnJyEMNL8AgDpNp/7YoXU8abUF+mpNtjW6VSAvQ8g/hd2s40 7Fm0r0KjSUkwi0jhKdXlcdTjQ6B1aWB3MtEaXk2/CghhfJ+yYUkB0el2yQ6c0wOB 1LvIALLM9hfhr7Az2owuEQeXQI/YB+ilaPDxVXqHXCmKsfKyNFj6P0D57Th3fht7 ErbOay9ZwpYRiKrMwjNQJUlL0+UYp971QmlV7bdBOuHOUcRy3ddINQPjlL7dOVIA Rr+gsgpR5RhJ/Ivm9Q32sy0pYc07nNKVydl8aDiKx5Ujj1Gz3Z33P0UjQBjZo5dP GpkE6/B64zjGGfyFV1ZC5HRNNlbMFA/bLDxaPmwER/pUbiPUmw2e9JtHM44IlacZ zLi/WTatL9o22yz59csQaoI+KV30pK13p0JN/1D0IGwgj3xypOzCZKPHfwLvkLWs axgbramGhu9akrJhfYbGvpXMEe6ip1wTDp4Pq+HkR+BJBthdeHomVYeN2QQNQ4ab F2XzrOjJQRRt95cSdVMtsMPFj2ptd7xhXE3+hMdWlplqIaTt3O3qrq2J68u0y6Ls HCnTLhWRkWR4W9zHojiaOOltJ+y/eISjrlQAAfeJqBYGTKBBd6WW5nKt8ktgY/j0 Do0hChvbcn6hRu5PtO6O9WKC1dMYAeO5RXpfHqwDS5DivxPSp2+rvraJdMnTj8d3 HAlu4M2r67m9CjLjRgxdPQrDHN/saYSnt8CqZzeyU1wDMwXDHHPG/ApQioKWXTF7 dSxNaWALTydxTW8hlnw9EXrqjAUBFPFk7wazTT1n7dcIipG1379OZJACZ2D6oCc8 zwasj956PFdT39M/TNQf1tkxuMA5VXs73AEy9zYia63h1Ipiv0O8xujoWm4cAWAW 2gfY8iAwmMHezZRpw07lgjA2KsZhiT2KE+OQZIvEFDvnzRN8Ew82rk/qZSZRSHVW soBuRFuLU+OX7aLM06fiPU8i8PAr1xUD8YGQ626y2q24hH1BCTVGF7MH66cEf7ac fYErKy42kNcCBFuz7lUQJzemHSo37laCsAwVZo61m5aTnsSP0rSBOrV60kkt6ns2 saH8Ys1DgrbfCgaCnK8LCmrPSF00D4uKLs0KjSyPAKBoBd51gfz+pBOENde0B8kk OPEA6wJ9nl3HY8DDjsXWEsWWxCy0ayE3R/zZRlQPeFBXEVBoH07Khf/QKQX1E/I7 yLWGwRYOB3g1FuKjaAK79P/sjxTffeOmhx5yTZCaV+g23kbH+dfOIyXVf5cA2omd yIui9c341AzmWVzlYsz66FK20rr9IFI1KEHKFjHUC00mNj1Zq+QrFsPd+mr6k18H P5IJTjLt/JXvW+8EJKl0T6haDuZ3PJOTlpqgFMPt75jkuW74FcH5VnW7rtSQlgix Fs4dnKZa8EJ92jLsDz/NnkkKvTHPlenLGfW4lD1qZHfrjSJNcMV+Vi48Rmi/UdoU xflnLW5+deCAa26+0+LyxU6kYnbe2oCY4YwfDm4KI+uJ6B8iZft6kmGEZj29Acjz aPZdcDmCu5uySLWFiiPKLtzdzTmr+gyRiQcpNMiatiQfCMl0lUnkqbA2IF9UAcDQ +9FAonDuqzjzjObWxUwERRtWJFgmqAJGJfrl7/S18ewD8fepaDzHdMyvbQmjiFaD PK4S3igliJeX4Mun01aKLcDPKkvJPQ3fpKJlmD0feCwT7i0aOzv0IsEjNLdc1Y0C HhNm4pA7sJf+ET4k1lFolHcOKpjqX6h0O+em4a96KWWXJVeBpAo8AYLE+rADP5Z9 rNJkTBFLp/XXvX4STy8dUjD0004QvrwSw0q4YLS0LQPDoGyDqXIH5D5SqAHUud1e hcdcstZBzioqMawNnSEFGcfBXFpiagA7KBVIWj1GNuTvORkZyBBrquaiCUyEUnwm 5wVAIm32ysp/0+J88/v423gRM34OJ4Z84ZrffqrpN1uAPo9786Af7jHm1osrJbUr HOM8RCWfGfiBMD0wITAJBgUrDgMCGgUABBRS1t2ew9k8x8uqT+XqgQh4gB4ZrAQU w7ADPOcepzPLsolIyUqWzFizjKUCAgQA -----END CERTIFICATE REQUEST-----",
"pkcs12_password" : "ICMS4XGT9WJv",
"status" : "MANUAL_AUTH_PENDING_REQUEST"
}Get Certificate
This API is used to get details of a certificate
Request Fields
Not applicable
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
object containing certificate profile information |
|
|
profile oid |
|
|
profile name |
|
|
object containing seat object |
|
|
seat_id associated to the certificate |
|
|
object containing account information |
|
|
account id |
|
|
certificate string |
|
|
common name of certificate |
|
|
certificate status |
|
|
certificate serial number |
|
|
certificate validity start date |
|
|
certificate validity end date |
|
|
object containing revocation information |
|
|
revocation reason if certificate is revoked |
|
|
revocation date if certificate is revoked |
|
|
revocation comments if certificate is revoked |
|
|
password for PKCS12 certificate |
|
|
is key escrowed |
|
|
enrollment notes |
|
|
webpin |
|
|
session key |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/certificate/674c97dc17d14de5cde5a25a9f0e5f9f' -i -X GET \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E'Sample Request
GET /mpki/api/v1/certificate/674c97dc17d14de5cde5a25a9f0e5f9f HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.comSample Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 2870
{
"profile" : {
"id" : "2.16.840.1.113733.1.16.1.2.3.1.1.128783251",
"name" : ""
},
"seat" : {
"seat_id" : "1"
},
"account" : {
"id" : 1111111
},
"certificate" : "TUlJRTBqQ0NBN3FnQXdJQkFnSVFaMHlYM0JmUlRlWE41YUphbnc1Zm56QU5CZ2txaGtpRzl3MEJBUXNGQURBOU1Rc3dDUVlEVlFRR0V3SlZVekVZTUJZR0ExVUVDaE1QUlc1bmFXNWxaWEpwYm1jZ1RWUldNUlF3RWdZRFZRUUxFd3RFWlhaTlZGWWdWR1ZoYlRBZUZ3MHhPVEF6TWprd01EQXdNREJhRncweE9UQTBNRE15TXpVNU5UbGFNRFF4RERBS0JnTlZCQU1NQXpFZ016RU1NQW9HQTFVRUR3d0RRMDlOTVJZd0ZBWURWUVFMREExTlZVeFVTUzFCVEV4UFYwVkVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW5yTFRxYWliNllDWEFHeUdRMzk2VWlKcmY0ekhUSlgxUlFJaW1LSmtBVTNINENRQkZ3MUFISmRMVWk4emlsZnBmQnBUOVhyazJvUVMySEloZ3NoaEdJR1dGblN4WG4zRWlIZUl3WDJZNHIzNU9VVEJyVWpOSG1UUjlZcFQ4U1dJU2pjVkJXdzIxY2E3TFhCNFBVb1JQcnY4a0ZFTVkxcTBvZHhZLytYanRvYXMvV05VQWhxQWpGcUUvck5yMlNzcHk0RnJadGVVUXp4a0w1b1FPLzAyZmpJM28xY21TNEZ5WTVrQU1rYXZPQnhmajNBd0FSc3Q1U2RtOFJ0a1lOekVjU2lwUzd2Yi94Y1MvQ2xsN2t3OG5GZHlwZlArL1pleHg4eUgzOTB2M1JaZk1qUGRrSi9qdlU4MXgyUGRscTk3ak4zdDNnR0FGQmZLajd3aEorbUlad0lEQVFBQm80SUIxVENDQWRFd0RBWURWUjBUQVFIL0JBSXdBREFPQmdOVkhROEJBZjhFQkFNQ0ErZ3dGZ1lEVlIwbEFRSC9CQXd3Q2dZSUt3WUJCUVVIQXdJd0hRWURWUjBPQkJZRUZEdGRSOHNPSUZ2dFVtMVg0dUhSek1HNFVHcFBNQndHQTFVZEVRUVZNQk9nRVFZS0t3WUJCQUdDTnhRQ0E2QUREQUUwTUVBR0ExVWRJQVE1TURjd05RWUxZSVpJQVliNFJRRUhOd013SmpBa0JnZ3JCZ0VGQlFjQ0FSWVlhSFIwY0hNNkx5OWtMbk41YldOaUxtTnZiUzlqY0hNek1HY0dBMVVkSHdSZ01GNHdYS0Jhb0ZpR1ZtaDBkSEE2THk5bWRDMWxiblF0WTNKc0xuTjViV0YxZEdndVltSjBaWE4wTG01bGRDOWpZVjh6TjJNMk5qWTVZVEpsT0RFd1pqazRZalJqWVRJd05tRmpNakZqT0dJek55OU1ZWFJsYzNSRFVrd3VZM0pzTUI4R0ExVWRJd1FZTUJhQUZFWWFaMXo0ZzZLVFZ3MHJNSEhNS2QxUlhldzZNQ01HQTFVZEVnUWNNQnFnR0FZSUt3WUJCQUhCQVFLZ0RCWUtPVGsxTXpJNE16QXROVEFzQmdwZ2hrZ0JodmhGQVJBREJCNHdIQVlTWUlaSUFZYjRSUUVRQVFJREFRRzl0S2NURmdZeU1EWTBOVFV3UFFZS1lJWklBWWI0UlFFUUJRUXZNQzBDQVFBV0tHRklVakJqU0UwMlRIazVhMXBZV1hSalIzUndURmhLYUV4dFNtbGtSMVo2WkVNMWRWcFlVVDB3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUgvVjhVOVFNSlpkcXordlppc1k3MnRTS00rYjdSSFRuMS9XSVFjTlFQbmQzTlluS2VxdzkyNTZZM2tmcVNlTUhHL3puTzY5Q1B1UmdzKzdaNS9NNVhYL2tLdjYvaXpuLzI2aXRUYU1NcUY3OTF0K3grVmtleldRSVN5cWNMUzZuT240TFlvMnB4TmVOOWQzcmxSRlYxOFJxQW4xVWN6cnRyQU9neXdmVjVrb3hZODNodDRLMzlqMGlzVmxCU1U4SVBWTTFGZDM1Q0JDN2VONEpuTXE5OXVZNEs3L1ZkZUQ0d1VrclR1RVZtajg5cXhNaTZudjRBQkxsNVgzSFpQUDZ4WDNrbFkzVDQydG9Tc05zS285bnZBWWZHQTMvUWs2TldUU2pxRFhvcUhtdWh6RDVzK0twMlBXVmNOM1V3Ty9Td3VTRCsxQXhMbjlEMWZlYjBYQU5Wbz0=",
"common_name" : "1 3",
"status" : "REVOKED",
"serial_number" : "674c97dc17d14de5cde5a25a9f0e5f9f",
"valid_from" : "1554335999",
"valid_to" : "1553817600",
"revocation" : {
"revocation_date" : "1554236894",
"reason" : "CessationOfOperation",
"comments" : "test revoke comments"
},
"password" : "f44fhthtyh56",
"is_key_escrowed" : false,
"enrollment_notes" : "Enrolled for a certificate",
"webpin" : "567432",
"session_key" : "678543"
}Revoke Certificate
This API is used to revoke a certificate.
Request Fields
| Parameter | Type | Optional | Description |
|---|---|---|---|
revocation_reason |
String |
false |
Reason for revoking certificate. For allowed values click [Here] |
Important Note:
-
“privilege_withdrawn“ and “aa_compromise” reason codes are no longer supported and will be replaced with “Superseded”
-
“ca_compromise” reason code is no longer supported and if used, it will be automatically replaced with “Cessation_of_operation”
Response Fields
Not Applicable
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/certificate/44e067360d274f684dbc2b2144842fc6/revoke' -i -X PUT \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-d '{
"revocation_reason" : "cessation_of_operation"
}'Sample Request
PUT /mpki/api/v1/certificate/44e067360d274f684dbc2b2144842fc6/revoke HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.com
Content-Length: 52
{
"revocation_reason" : "cessation_of_operation"
}Sample Response
HTTP/1.1 204 No Content
Content-Type: application/json;charset=UTF-8
Content-Length: 3
{ }Suspend Certificate
When revoke API is called with CertificateHold reason code, a certificate is suspended.
Request Fields
| Parameter | Type | Optional | Description |
|---|---|---|---|
revocation_reason |
String |
false |
Reason for revoking certificate. The allowed value is CertificateHold |
Note: Suspend or Resume operations are no longer supported for certificates issued under Public CA hierarchy
Response Fields
Not Applicable
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/certificate/44e067360d274f684dbc2b2144842fc6/revoke' -i -X PUT \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-d '{
"revocation_reason" : "CertificateHold"
}'Sample Request
PUT /mpki/api/v1/certificate/44e067360d274f684dbc2b2144842fc6/revoke HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.com
Content-Length: 45
{
"revocation_reason" : "CertificateHold"
}Sample Response
HTTP/1.1 204 No Content
Content-Type: application/json;charset=UTF-8
Content-Length: 3
{ }Resume Certificate
This API is used to resume a certificate which was revoked with CertificateHold reason.
Response Fields
Not Applicable
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/certificate/44e067360d274f684dbc2b2144842fc6/revoke' -i -X DELETE \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E'Sample Request
DELETE /mpki/api/v1/certificate/44e067360d274f684dbc2b2144842fc6/revoke HTTP/1.1
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.comSample Response
HTTP/1.1 204 No Content
Content-Type: application/json;charset=UTF-8
Content-Length: 3
{ }Renew Certificate
This API is used to renew any existing certificate.
Request Fields
| Parameter | Type | Optional | Description |
|---|---|---|---|
profile |
Object |
false |
object containing certificate profile oid for which seat is being enrolled |
profile.id |
String |
false |
certificate profile oid |
seat |
Object |
false |
object containing seat object |
seat.seat_id |
String |
false |
seat_id associated to the certificate |
seat.email |
String |
true |
email associated to the seat |
csr |
String |
true |
certificate signing request (base64 encoded CSR string), Note: Single line CSR permitted, escaped carriage return (\r) or line feed (\n) is allowed |
session_key |
String |
true |
session key |
attributes |
Object |
true |
List of mandatory attributes as defined in Appendix |
attributes.san |
Object |
true |
List of mandatory san attributes as defined in Appendix |
authentication |
Object |
true |
List of authentication field attributes as defined in Appendix |
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
serial number of the certificate |
|
|
type of certificate being returned |
|
|
certificate string |
|
|
password of pkcs12 certificate |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/certificate/0514b4fed739cec34c8c9ff92674764c/renew' -i -X POST \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-d '{
"profile" : {
"id" : "2.16.840.1.113733.1.16.1.2.2.1.1.132764215"
},
"seat" : {
"seat_id" : "jane.doe@digicert.com",
"email" : "jane.doe@digicert.com"
},
"csr" : "MIICxDCCAawCAQAwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxCzAJBgNVBAsTAkVNMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjEdMBsGA1UEAxMUcGtpdGVzdC5kaWdpY2VydC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCstIieKhKgYXCJjYuiY2GTBm97wLDdIUZS2Zg4z1SrlaC2iKaFqIYnRW09POgxZYso+yfd6anMckE8bStiJLBPo0LcFKcs35RedCXFfMZBE3dsyud8uHlOi5YfiFc1a04GXnUDZiEiLkyBky4euZ22Hiqg70SievURvzaVuzcMqo/sa3bQJaz2JvimoZb1wJp0rFSFp5BhFxxjLL0lCZ3sNdRrjYiJelHyDMORCFkbg+vVadZk411+fbjpPdbWWlFyA/QA5RCzwbA93ly/Qg6EU3lX2/iSEB5U4/o+K1rXU1IT2BwVitDnwAM8qyS+y1bGABoh91hpuiUMffCA2gtLAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAYoMs9IHqGvKkFQE3ZojZVTGsj6EFIbHsKwi6HT/cMej0yRG8dLJYr7mX4w9jKrIvJsReQBAmqBGhJk28k6aasVYjfIxwgom9+jWzX9Yf11CdKWmuh13+3Uei6gHDsWOcoQF1QPzgoYt1HdXBm53aFk1prJyQltRT6R4uqO/a1b7Rzz+RdL689z8bzu+z2bG3aABYjH1bsoKOb5dTYAquA3y+x6f58DrS0DrQboWAN2qFxq/iitXEdScw6ohcHmp8aaZ7ueq0czF6sl3ODHTnnaw12XPaWL+0nagxbGpLvCutA5a5gIHrkBME8oRVczmuYygyllF1AtgJXL9aZbF5Nw==",
"authentication" : { }
}'Sample Request
POST /mpki/api/v1/certificate/0514b4fed739cec34c8c9ff92674764c/renew HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.com
Content-Length: 1168
{
"profile" : {
"id" : "2.16.840.1.113733.1.16.1.2.2.1.1.132764215"
},
"seat" : {
"seat_id" : "jane.doe@digicert.com",
"email" : "jane.doe@digicert.com"
},
"csr" : "MIICxDCCAawCAQAwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxCzAJBgNVBAsTAkVNMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjEdMBsGA1UEAxMUcGtpdGVzdC5kaWdpY2VydC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCstIieKhKgYXCJjYuiY2GTBm97wLDdIUZS2Zg4z1SrlaC2iKaFqIYnRW09POgxZYso+yfd6anMckE8bStiJLBPo0LcFKcs35RedCXFfMZBE3dsyud8uHlOi5YfiFc1a04GXnUDZiEiLkyBky4euZ22Hiqg70SievURvzaVuzcMqo/sa3bQJaz2JvimoZb1wJp0rFSFp5BhFxxjLL0lCZ3sNdRrjYiJelHyDMORCFkbg+vVadZk411+fbjpPdbWWlFyA/QA5RCzwbA93ly/Qg6EU3lX2/iSEB5U4/o+K1rXU1IT2BwVitDnwAM8qyS+y1bGABoh91hpuiUMffCA2gtLAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAYoMs9IHqGvKkFQE3ZojZVTGsj6EFIbHsKwi6HT/cMej0yRG8dLJYr7mX4w9jKrIvJsReQBAmqBGhJk28k6aasVYjfIxwgom9+jWzX9Yf11CdKWmuh13+3Uei6gHDsWOcoQF1QPzgoYt1HdXBm53aFk1prJyQltRT6R4uqO/a1b7Rzz+RdL689z8bzu+z2bG3aABYjH1bsoKOb5dTYAquA3y+x6f58DrS0DrQboWAN2qFxq/iitXEdScw6ohcHmp8aaZ7ueq0czF6sl3ODHTnnaw12XPaWL+0nagxbGpLvCutA5a5gIHrkBME8oRVczmuYygyllF1AtgJXL9aZbF5Nw==",
"authentication" : { }
}Sample Response
HTTP/1.1 201 Created
Content-Type: application/json;charset=UTF-8
Content-Length: 7206
{
"serial_number" : "68bf809b54de88433bb34413ca94e5fd",
"delivery_format" : "PKCS12",
"certificate" : "-----BEGIN CERTIFICATE REQUEST-----MIIUJAIBAzCCE94GCSqGSIb3DQEHAaCCE88EghPLMIITxzCCBYAGCSqGSIb3DQEH AaCCBXEEggVtMIIFaTCCBWUGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcN AQwBAzAOBAjDsA9L8ctTEAICBAAEggTIb5be+c4hrHdy42PKJz8w+udVn+9IOMgC /HO5dLzW/IlyUX5kMbLqOv9IYo0kZdyTr8xHi74LQ94VsDjwD9e0vxfijq7V2p6g wtBFxVirrabEUx/ME5azLYblggT8/udqTtO6j2QmxupkIWSE0GaQNZViwh27P2UX tNQkn9xsAcZZSFfq0at/fpNufqxcXPcEbxglzSdx7ltGk+IHB5c+VYKZXIguffk/ UKQ+dX/UIwPM75y/B0UQDbyk0VHz7DJXvnVLQt4muQ8YD71NMXa9Fw39rFKHCopI 5yVYwxB75QAJHgSi0Xz/IJ+wrTDPPEXLZgugks+eopHXDcx/EVb+rWvmFmejIimL JplNURcTQtL/xsB55eAZZpMzHbFJc0LMf7ulK8ILEmwgmGAklgtFn23Ha+2hm6cg 2s5XzP5RORwG81hdmjZmwj/CEWgN4iDSspJ6CJ3b6M0WTeFdyTPRR6mkBTFFJ77I Fo3qo9ilK1NRQkPdOekC4xBsZA8F/buyiHngWmNFuU+3Y17aO5SSlGZ9Sn48M6NE WumkZ1BJY4eK4W1eoCk2mbx8LdbWODVseC8xOvBdQVVJZHVKIe20joFavBcJKMmJ z5ydvu1tNPt/3KcHuUMHMvyVAGF7u684rxNsE1B1HeXG+shNpqiyIN94o7OarHAL sss/6cpfTT2DXVn6MhRycf9BkKeWrXZVYVxrljyNLcZH7ggSt5EAkTX6TYafVw77 y173zF6ZHX+9nt6OcogPzKy+NKuMy/2uSHYSollvcCt1RoTPuQbzc+2lT4oHKJNR JGJy8jvCddClfcHIoBVVkUA1tg2Jfdab2L5hy/0OWkRMAvIWtRodgG+X8Qo5Djwm ZNM9sY0rFBFmwJiULZYu4Xt502mnZzNPlGlwsu+4ZYYWIaRPjOQ8l349QwgdEZv9 +xr+PS6o8ihbqBTu+37JWoLMGCZrnWmXdr+guhB75a4w9QKVtkJ6J4kl77loUYUS sXPh33d/Wb9Mi57qN6l1JikpYhD9p76YiTvayhtzIxidb5nvObmBAU/YbLj3Oh3c kQygohsMgrJnj2Qasbe8AnajHeSA/2Ka/hvcn0TFcKNlgpHCgYP3o28bqGViT8Vu CFHh5nebGvB5PnlqUeaRBw9aHrUiRSYbY/HjYBm3ZAQh5CfQBU1W9aEy4UnWYQg5 Cr5VnAWy2NrGFMP9ywSZaWvop3b1BYFVlwZupzs9L2CqZupn6bv80lacnPJzpz54 TQFbUmjmbzEKJfo7ijXQD3x7I+65k/TIw2CiIZ6s7KtnT78blfPNcWiF+9odt9Tm ocqKLswZt6J8kB63em5f6d5ugdgbo66Y74h2x690fPMa+qmBKxNbgHNrQavnrJyF gaxrgHYD8WY3FGMvB2dt0xDlxKeacMUduKwu/Vvhaed/6zdP6Y/hedokw/qhRgFf +XgFGrt6IDXZ0JInbWwwY5JnRKPR+3vetbjyN+KBqmOR6Yy32ii+pvCofW3kuAZa iLnSjsfZnoAI7WffXiRGk60wiK3KJmxlE7q6BLTRtzv37B9PZv8WUHv1RJs6klt1 zFutV9tSi+Xi1yrjksHp1r4WKLGsaY/+AufraKnEFVkr7H/xtPNowzS1F6fznKbt MWQwEwYJKoZIhvcNAQkVMQYEBAEAAAAwTQYJKoZIhvcNAQkUMUAePgBKAG8AaABu ACAAUwBtAGkAdABoACcAcwAgAFQARABCACAAVABFAFMAVAAgAEkAQwBBACAAQwBB ACAASQBEMIIOPwYJKoZIhvcNAQcGoIIOMDCCDiwCAQAwgg4lBgkqhkiG9w0BBwEw HAYKKoZIhvcNAQwBAzAOBAi0hQObo/YcKQICBACAgg34JI2yvIaj9IBr3oTCiB4K 8qMNmzgOYTLLlXbTibOSZ7uozzw5dl35qLKARNgXTm8hCXRyAs4btSxHM5U3klhg bROaKo/oNHaYL8GfGz8RLefME29WhqYHB5VWQKPVMc7RIpBbz0AgzVRSC+7Qe0x2 jlf4iVfyAkSQw/6Ro2WEAiVNor4xdNjIS5V5IBl8Bx6CXXcTYy2lvpbIkTBnt1Dt 2WKOe3ZId6Jiye7Du9hHC0yEM2PUdWtyLc8ETsBW8+jPujs2T9KK5guWyAtXAfvy PziBbh8lsO39A/yGm9b/RPIs7k17ll0p2l56HlvpC7fE+RDdGMQqQlCCJxkwu5Ga cmSfSlu384Pd2uSdrYKSnnL3zaAa/NIVSOkVh3lutJ160LVoOgdMlfyshd0TWqry wrUlANLU4m9yi/QT6n5pksTcAuhtT85QBhhKPJFhP3aNmD0N3xMtsgtJNu8TAhCO b39NXQdorbq8NdAIhL0gWUBON7qYIGYo84Pojnx+z/rfrLKxVob6q7tL1gexMA0W j0aU879zVRkWt7CKWVBKWOdBo0Tvvc3pZBt7JJIkG4SiSBjfH6v41Z5FZ7pGCOFQ t9Vwbo61XVU1Cy7tW065PgZwRB8E+LyKdw3M54a1iC9A7pvgZyMbnhyAnDMiLY9c eI+3vJb/uKUEpzvlZ9TZFUvp1ivL/txDje/HbWZ39DWORpnM6PhS2WU0wtU+OhAD yuNkVBLk7vBXnUesimWJHtDPZ9eO9UhGnH4lvTc3tueM00t7rH0x91d6RdmjFR0d dypIP0zfi5Cn+B71AQo1G/0XQgB6TxdnW1ljy1sFcy8pP86seO9W64yfVMylhhGF f0Ds111GaeP5UTRYuJMErrVJjX5rkRtNEjOpqJRMeZvVCKd2tiiSg7eEsVdQXHX8 ArlN8rqiOGC035cJpC1kFikjoCZQDflTRYeO30PbjFFkE+G4l/FjMjkUPTDqf9Hz 6Nx5HEbTUMWHiE2LOKv/63lEXYzSHi60K9EQLvJD4uK9+IlcB496aJnbj3MHXc/U Xo+aXM8HGMAFTVyFL+VSriiJjmUyif578PS5emEyApxZMnkY83lhIDEM8LPMmUnj Dz6e7HXh8/B3U0F+rBTT4hMorCFscezhLo4WRpNx22+6MURgFgSSpBzyl1JNlG8f 0ywCSJy9wBgngGVZmA1u3ozzlP8SdmENaOtdM8+ReX1ppDysY31TrGW9B00s4XWG 7AoP+klnfbi/BzK4VLduVRPIVprS79CACMMt/vve3ypmTscQTAltRUche8ysDfjB cDGodoo4z7yjYG7QgPfP22u43ewWRnc5Vnt0vIi2K4OLrrw6y815GN4pNyoChUgf xJswdncVc5dJmBuSujyBLZV20a4cPFqMSR3c2sNHQ5OaXehAc3RUAwjfm4jNvhmE Y0ur72rUqHvcJ/gS7sDLXXpVKL2G196pGnEAAz9oBoMOXtmgRHPEJTIUxdZXnvkS Jsp82I0TWJ5KH8vj2eMNbTgqg1tl9VXTzWmBnogGGwpq8ioaKVOVGDWx0aG5ijxe hFI75SaZqso04Y6n4HVKH4s6YKJ/G1pO+1IBbSeJfbSGWXK6Ee6fRFRaIMNpRVzq Ne9XhsbUre2ioCSd5i+0UMLmkZW0/UlLM+OU/yzYKuiihlQTIcef0vxqk8C0cO2j s62YLBjTHf6TntHlQzoLjuPC/T9pdFQyUXLc0zO5jQYdD9Zux+eWBBrMUYZmNp/3 XEU7/5fQCmx27MuH9yOs2ZOYFsNG6/yXO485mrPw5pLjkxgOQ45zEs48Bn40UaKr GNpFzna2tdjucAiCP54dA5mQaSPFJM585kwn5GqP5JrxaREQaFc7fSqFsNVcn8Wn HLfU7N2lJHGqzJte8l8yASzTdqZt10OM6dzGCFQA24tyEdn4kUBT2eZ3MsVx0Gh4 fTU/gW+1ycIE4Hl/t6fD9Y3+bRonl7MWXae6s165QyW2A4cJD+W3AvrlQoKZO6wx r/YOJzgAlUpn2oeOcs6G7dToUap80tmiIb+PwWkAO/SBLt8YMD0hVyKPE5Dz5InM PRwF53O/UC9AkIeGJSios27tniOht5ILT4ttt7aahuL0FRoLnL4oL/F05lrUS+U5 aS9Huu5EuxCGQtL0OC10gIC/QAfS2zyy3wjDw7we/CXP5xvoCxNG1zZceJ7LAo1m 47fKNZoYmZQPoOdBUm41c6xQbPaUCZwBKt1gezdJfncrGgo+UD7i8pxiiDJQ6idF mrVUxPQ72GLBudZbFyEkSODKH4ArPeUs7DC3cWpvRwDh0xDm5GL1H3hmPsD5b5sN ivQe0DbcYD6LWEOCEJMgK3k/NtIctT88IbpQBxZWdte/CM8EF2l5LbQzOh1W8p/Q 4SJFwNnN8hDYvL+GChSsKC4lUXSHsmiadPr1VWDKwxNTxWUofEqPffvQrmuIVfkw K7cNH8Vz0NelMs/u175nbqJPB0AqbXDDMxYNCGJqsCBwWKJCSj2d+XKcg4aotXAO W7KsBSrI/R4s4sOY/O992dumUxF3RkCKL+TeFC8njaL4lUWYxeWK3vE4qVL5NbTm s9jk0h5MMyV3AWbli41gBMraMBHRyRlK3jtOOXcVZ+JbtYBkwd/556FXmC0afHHh DkO6MNIy4yPNdzRz53HIBgBMy7/0Wlkt5tU0VWgbLi7nGjWtYH0z+j9PrYjsSaNl 9QarWRiVKIjsu5fkjYCp5y+eA9Z6tapU+3x6pYpGH4lApq3hsCnhrsExqf1PZqCo sdRKD1qNpI+b7ZcvVnJyEMNL8AgDpNp/7YoXU8abUF+mpNtjW6VSAvQ8g/hd2s40 7Fm0r0KjSUkwi0jhKdXlcdTjQ6B1aWB3MtEaXk2/CghhfJ+yYUkB0el2yQ6c0wOB 1LvIALLM9hfhr7Az2owuEQeXQI/YB+ilaPDxVXqHXCmKsfKyNFj6P0D57Th3fht7 ErbOay9ZwpYRiKrMwjNQJUlL0+UYp971QmlV7bdBOuHOUcRy3ddINQPjlL7dOVIA Rr+gsgpR5RhJ/Ivm9Q32sy0pYc07nNKVydl8aDiKx5Ujj1Gz3Z33P0UjQBjZo5dP GpkE6/B64zjGGfyFV1ZC5HRNNlbMFA/bLDxaPmwER/pUbiPUmw2e9JtHM44IlacZ zLi/WTatL9o22yz59csQaoI+KV30pK13p0JN/1D0IGwgj3xypOzCZKPHfwLvkLWs axgbramGhu9akrJhfYbGvpXMEe6ip1wTDp4Pq+HkR+BJBthdeHomVYeN2QQNQ4ab F2XzrOjJQRRt95cSdVMtsMPFj2ptd7xhXE3+hMdWlplqIaTt3O3qrq2J68u0y6Ls HCnTLhWRkWR4W9zHojiaOOltJ+y/eISjrlQAAfeJqBYGTKBBd6WW5nKt8ktgY/j0 Do0hChvbcn6hRu5PtO6O9WKC1dMYAeO5RXpfHqwDS5DivxPSp2+rvraJdMnTj8d3 HAlu4M2r67m9CjLjRgxdPQrDHN/saYSnt8CqZzeyU1wDMwXDHHPG/ApQioKWXTF7 dSxNaWALTydxTW8hlnw9EXrqjAUBFPFk7wazTT1n7dcIipG1379OZJACZ2D6oCc8 zwasj956PFdT39M/TNQf1tkxuMA5VXs73AEy9zYia63h1Ipiv0O8xujoWm4cAWAW 2gfY8iAwmMHezZRpw07lgjA2KsZhiT2KE+OQZIvEFDvnzRN8Ew82rk/qZSZRSHVW soBuRFuLU+OX7aLM06fiPU8i8PAr1xUD8YGQ626y2q24hH1BCTVGF7MH66cEf7ac fYErKy42kNcCBFuz7lUQJzemHSo37laCsAwVZo61m5aTnsSP0rSBOrV60kkt6ns2 saH8Ys1DgrbfCgaCnK8LCmrPSF00D4uKLs0KjSyPAKBoBd51gfz+pBOENde0B8kk OPEA6wJ9nl3HY8DDjsXWEsWWxCy0ayE3R/zZRlQPeFBXEVBoH07Khf/QKQX1E/I7 yLWGwRYOB3g1FuKjaAK79P/sjxTffeOmhx5yTZCaV+g23kbH+dfOIyXVf5cA2omd yIui9c341AzmWVzlYsz66FK20rr9IFI1KEHKFjHUC00mNj1Zq+QrFsPd+mr6k18H P5IJTjLt/JXvW+8EJKl0T6haDuZ3PJOTlpqgFMPt75jkuW74FcH5VnW7rtSQlgix Fs4dnKZa8EJ92jLsDz/NnkkKvTHPlenLGfW4lD1qZHfrjSJNcMV+Vi48Rmi/UdoU xflnLW5+deCAa26+0+LyxU6kYnbe2oCY4YwfDm4KI+uJ6B8iZft6kmGEZj29Acjz aPZdcDmCu5uySLWFiiPKLtzdzTmr+gyRiQcpNMiatiQfCMl0lUnkqbA2IF9UAcDQ +9FAonDuqzjzjObWxUwERRtWJFgmqAJGJfrl7/S18ewD8fepaDzHdMyvbQmjiFaD PK4S3igliJeX4Mun01aKLcDPKkvJPQ3fpKJlmD0feCwT7i0aOzv0IsEjNLdc1Y0C HhNm4pA7sJf+ET4k1lFolHcOKpjqX6h0O+em4a96KWWXJVeBpAo8AYLE+rADP5Z9 rNJkTBFLp/XXvX4STy8dUjD0004QvrwSw0q4YLS0LQPDoGyDqXIH5D5SqAHUud1e hcdcstZBzioqMawNnSEFGcfBXFpiagA7KBVIWj1GNuTvORkZyBBrquaiCUyEUnwm 5wVAIm32ysp/0+J88/v423gRM34OJ4Z84ZrffqrpN1uAPo9786Af7jHm1osrJbUr HOM8RCWfGfiBMD0wITAJBgUrDgMCGgUABBRS1t2ew9k8x8uqT+XqgQh4gB4ZrAQU w7ADPOcepzPLsolIyUqWzFizjKUCAgQA -----END CERTIFICATE REQUEST-----",
"pkcs12_password" : "ICMS4XGT9WJv"
}Get Key
This API is used to get private key information for key-escrowed certificate.
Request Fields
Not applicable
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
object containing certificate profile information |
|
|
profile oid |
|
|
profile name |
|
|
object containing seat object |
|
|
seat_id associated to the certificate |
|
|
object containing account information |
|
|
account id |
|
|
certificate string |
|
|
common name of certificate |
|
|
certificate status |
|
|
certificate serial number |
|
|
certificate validity start date |
|
|
certificate validity end date |
|
|
object containing revocation information |
|
|
revocation reason if certificate is revoked |
|
|
revocation date if certificate is revoked |
|
|
revocation comments if certificate is revoked |
|
|
password string |
|
|
is key escrowed |
|
|
enrollment notes |
|
|
webpin |
|
|
session key |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/certificate/674c97dc17d14de5cde5a25a9f0e5f9f/key' -i -X GET \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E'Sample Request
GET /mpki/api/v1/certificate/674c97dc17d14de5cde5a25a9f0e5f9f/key HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.comSample Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 6154
{
"profile" : {
"id" : "2.16.840.1.113733.1.16.1.2.3.1.1.128783251",
"name" : ""
},
"seat" : {
"seat_id" : "1"
},
"account" : {
"id" : 1111111
},
"certificate" : "MIIQEAIBAzCCD8oGCSqGSIb3DQEHAaCCD7sEgg+3MIIPszCCBYQGCSqGSIb3DQEHAaCCBXUEggVxMIIFbTCCBWkGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcNAQwBAzAOBAhrIEvRvWImfwICBAAEggTIhHtnEpbeHUUip+naip+FimXHBVzyAlm5TmYcVXk8ImVp+5ZfP2iIDiWwmnncCKZoqAsmTQdaD3LvbUJfwNHgXmbuk5nKN1WSvBn1CNMyo3d0FJ2e5FM3KYmiAWWsqocbfTIzYQcpYqRUHNEmjZeY5ACoGI3VG/F+CZ3grL6Ze2dtjKbakMH0KCwizh/3+5GRumFaswEDFSI2XHSxPKFpoJe/KqgXz0UBJ30bgrl4+7AR2J5r2zdl6RerRYoYkPvgdrtbzVG6rAiIF4dKI3CPbzUZGdAqlF6bx9sI/yhMh4SHknwdLPWV82YTqWxXIECdZdMQ8/fWLDafMglAJtt261ICwvUktOhyKc9VroIQomb7YZcBpMaGJ2iCifC6X9iHZn/YvrXsA0bslLK4T0vEd25hjqfJShF8jS0yH9JqjJFy0PdxPZmrINQYgk8kb8s+eInLlJWG8BOvmqmpg5KpYfM+PZhBq+sGFeMaUZZXfZ4tYQipnQ4FpIKWYv0TDXT1LEjNPdL7o4z3lywVtSdYZKXQMA5k4zyAEiYwTac+hA6nObdkINbuM+J72uiw8XV65rcg5WAD2xW+Y7UBUr/sHm1b7cPz+O1Q33Cc8evtJbbgeCmbzngAd4GJSJ/T9ema5fgv9o59cFYvq7kZaqGwgsEz+CiRcJvAqPmgb7ADOp3hIe8EeH+y7nfg2beWMCSWPfD/oZKzT520gWhJo9YwJ3yNeM5B3hmL/SwpWEFjYcTMkyCQA+LS/kFZ+oWKBR/jVrVMdCv6FjwusEqwtlOOjDSEtUzIrh3dhunXM/FXcX4vaw4cZeJmwDay3//WtfmhAnvp9vEFeMsD5aVLqnrEsxVb0eMf+2MZsUcvBpheawvLmQPOFPh+7ANgFOOdJaIlfqyFz28I6LTPHfs0F8zr0UzwhHB3zxsaxU888vDdL3ebfPR8EwwmLkaqqcxKvC1k20qQN+CRngnjtCc0yH9H8jc4xFFeyx1lFKgGTzyr72DwiHm1p4PXRmF7wZV6ZJicOtWk3X4kGAD+G+I8zCuiX8Sd4uVfEeSzS0yVkEzEbChj5E+eQLPd8dRq46B8v01iX3Ew2UpuXMhaqFrsf7jCGJDogz+du/TzitXM+50FSnYiisOR9zMAW4PK2DqCnyjdWSHlxXv2s6aNOD2sXkTUn9kfJ8DEA+5jUbAwXFeEwT2W6ZL4sUBtyBtezCarrcq0MnUY481ds7nvnzj5Y580XsIE+Sbc/UpYEh/kcoNJ2lezICtPAudVtN4gd0/Fl+AXivcv+TC9NU7rEBlPWNdiTQCYjGN42WP3JODo+elz3YiGB+mx+jzAICXXLnGKlvISr+/sk470e7YzL3ONtE08tCKCacLYo0WutsU816Uqf6PTBm4zFh3Ik7qt1ldJVCAWnI5MaCNzt13A6muLQD1HkCXpU+o/2k2Fk/8ihJJdcBFIEywrmt9BQkIoM8STqgSpQKbgu7rMvk6nm8+ifp6GJrr2lIzKNWfhM8o5G4GMM5iocekhzulIp47r3o2BsNP2Y6TuG7PC6SRG9kKlJpyl4shCR9sk3wDAmTB2tL7045pEYaw3j392RtOaj8EoTrhuYdZ4vpA5CMv98e0slYYPgCihPJTdNJPoMWgwEwYJKoZIhvcNAQkVMQYEBAEAAAAwUQYJKoZIhvcNAQkUMUQeQgAxAEEAdQBnACcAcwAgAFMAbQBpAHQAaABhACAAQwB1AHMAdABvAG0AIABQAHUAYgBsAGkAYwAgAEMAQQAgAEkARDCCCicGCSqGSIb3DQEHBqCCChgwggoUAgEAMIIKDQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQI5FznD1z8bMcCAgQAgIIJ4E4OlF4mgStdhwUU3/cBWDY9kJ8sMhSExwjNibNRC7t8cIdqTEOeTP4pSrrYHJ9yqOKiR15DaDigdJLsZLYnmJYMLZM6mjQSxAPEp5WpQZ7BKurZZc5XKazcCAcCCmqE7ghySsS4o0MmXOKoGvZOHKWXkTYS1S2XDjzuxNsg3WIaY4Lczs09jw73G/vfJVc35lSLFsIOydRjCamVsgIrSajFytPuy400AzV68a+l13aJNdj0JzP/YrzO+zRmAxhMgL0sRCWj5T1MRbDriI2ww9qLqY7csDO9907VUi3vJ2Xk9HgMzzQSiUvFP4Rb1KjRgKHCstcCgCQystYgIw6Ni2ud6EynxfUqjZzXofigbloDdZ/pSjnBoeisMAp0OnoqlqBly5cRuZKmT9qCHY+Xo4+i0ihPIn0Q4DeEEx7U4yqwXoQmlyR18uFjRYIuz8a4OjsM+UQxULwpyhdw6mAMYnL6xYkAtFW7Jr+WHbGWMH8Y4ZbLPWGiOzCMQF4mEcwR4HPI1xGX9PGKzZePB/eSohMs7sk9uxaPf0oO60U/pwbqqSgvz0dWDAReLLGQ6IHi6sKbwamKBdA4459gnxg6Tt3kfISVIiOu1BkQFz6X2i1qV+I33rNCr/gl2x3pzGbEIohM6gvvrICEAuTnHBBQFFkYuti6HVg0o9gsY72/P78pwYYrdeQeL9s6Oj3Owi6ugsykprFwfTmEfc6NVAcUMlMTwzKsVGMZkPhf0hejj5olQIEdAl63pYCZGp0GvpHu2z7FSOTycRs8pawaNF0eDIT9KmeycJ/8X8Vs9Fs987A3ziUpskIJav1qRbp7/6e2qBHgv6Ur+PuY6zD+OP9v0542gPKg3sdKJjKA9770lY5/25CJ6oHUlHwxyMe4mZ0uhmy7LIEcE75qYpFiXYaXRa8W//l4P+aMlq8tgjYW2e3k4b6aNI9E8xFgMQVHwDSaHnpm0y0AWY7gX8G1kvyJCNPdmSve+0z3yHqu8fnbiUkX+5zFwKrq+ezS1nzydeJjWQP9odzlKM3g2W3x9wT9LV3CVoeQ+8mbLHSqPiTfFdXAuHLVowd+WGCGlcndHrMXCz7Qztz0MqU/mO5ewFIzUxU0dYKkycX5MOu1VCuuBIz26Toiip3J6Ur7qp4mqMx0RJuN7w9osZDhKew0CXTlB1WbmvKGmtcOlCh9kBGn4xE5anGTiUbOwViiNS4NWYq8kEDcyHEnmdCjWRuDvFqFahzacIGYlofnPh3J38kN4aBXL5qPN8JmvpMtDSf/K0lT+ULhdgDIJ+0JW4vqR54JVPRx2b/JiJysyuVq41bk6s6/4O4nACbAAArCew/KhG4ekKNvLnJyEDmmh03QfkjzTi6IRxSvZXvAwv1YjB7K0r1TunT5q6NyWmGbPSpG4M03RgUaZt0l2hunSoh1PX2bcDIH0FpLdRmUVaOkFAVSL1ZzxEDA8KtQ2nFDKr8WJAf4hw2dCecQI+uo7kqXEBvzXlc50TJ1J+eVd4iiK2DWFtqXA9IlnunFZAj9oQPACacnWvxUvl5jpIW1n9zSHhZrKWbd48WwqsABDtg04JlZikgxHbUJFzJoynH3sFi7LtxPqGGlhtKmIrd3QSTUYzsyax8p6v58xCUOPA8U4psmelzIlsMKGmHmxMAYFOKDoKOo+q79LXy/eRqYNrljTXCVtjaeNVKE3gVuk0w98VNE+epCGSxpe+QMArA2Nnc3wCsv94jeRB4595fJbI8rwpyd6vdMl21pMwgazyMPvv0/aloB5bZvsNApd8nLYTPUndnOvTCZ37Roirm92C/o0T5u6MiO6sOawaufcfAgaRkcSSSJ5lHfCHfGvZeP1U+T4bUdkLyecE+oUMrJlBZl5Fp5lbUPuYdoBcg4l10ZqydKndKZBjyP0Ly4GS4wi8O0XqAMu7Ho68Fuo+eobplUZVJ0lrglOlX+Gn4U+Lts510YPmWksf2n7pMdC++26REBo+RuFZuSOZyF4Znt1Lmf1tuLNrDthyaTGksL7h6K59q3PK1SDkMn/SSc3tMoMcSyjYsAKmMxUwxvHAUTgVZ90czIOOezVuSfzxkFVLnfBQm+txrRsYA7UOoCx4Cj1WacINJyZaVY15ESqAk3XDCpc2vF0FIFEUr2XPO2TsU6JYHmxB6nrHFZfp8mrcOrJE/SlPLnZnPSYlZBspP3cr1UfoGHYdjmw/1yGObLeH6djaQrypDIvMSAwmJ7JBeFpUrljaqkelxoHf45NldrT6WxtmGj6elsyZki+gkxGbotyUnRjMUAzLhazYQLBrUNYFBlkU8MFIHwka3ekcnqfS7eY+VJ5+/n6VUnbqNTdCs8b2w0FQocTFNmgwD9TEf38umEk8ucSekEulc+hNgwTv3hFQkQveqamcl6blhgcPVn4IDS0iKdUSk8r5CYPZq4/qdKJoYzYEAEX+peslqamFKclqvYjw6dGwlocjFSV8WsxDOQNsr0pFVF5vQH14n42bc/fDPzdSbvsZZYeRq4cpASNzXL7aJcU/XGUcRMh6CxzNnWMsNtNCeSi1SMz8JpX6RAR5Ie19yq92CyFv6bwFVVIgojUmeKqZA0we0dtxB9EG5PcZhb1tkXwwY0HJB9ngKtDFW4hcmgAb/fDH2//SaQB6Hg780PZYCrmX/Z5xd3o8CQxZde+fhoyqSTzdgxsGlKikdXMdNZRM6ldJs8Di0mz3aR/kF+Gaun41ndvcpcsPD3hGEtlkL5aMeKu/ysaTMpcHAlIyvKanveu1K4fvNZNb9dp38uoXhWjw6zwcUf60elAGedNOoQ/06SQZP6t7jsoVXXlRmRJo/icr6uUK1S/dhME9Ckrvg/YDWhQ/Orkxm+bhuT4RlVbbken/bIJSFvUlhNyY1lJov1kwAdHoaFnA61aNAPf8F5gz/zpSF37ANH/UvUB6IZVIaBPHlBMhbVrZ61e1Y044INWsGbt7MyAjYooybGBc1NcWwvIxbVSQ7Twl79JOC/Wk1pJ3lSPWB1mBPJ+RmeYZBMCkBgjiV3AvZMo1FlMT6yGHhTT1+xnLC6cVd7sxugfIZpDQfXUNgoKvboNMzwwXZc3qtVz72E08fvAJ1nLwQvG+AM/nHb095f6CUL6Mj5vCsDD+AOmsEfAWbGRrvsONa0+awiFqN/t7LxXJDEQ0Tb/1mIyVqXor1l/5isec/+i1tclwthUpZA0sDg4M6L0wueZr1nidRZ00Mys3FbV3UOGXAm6VkFC9W9goT+iZfJbYdeviOPbXLwTLgtBMWE6ZN8t+5VkJp/VjawmVAm82gKdyFMYaHqeEhyvsTdiLKj3JpsIKlnkcs5Tzf6+MR+SYqvVEIlXReRfKXUB/WFqXlLXVqnb/20mwq3PQs9MD0wITAJBgUrDgMCGgUABBRV2HVzL2wmNDUflTiA9D0NUw35+QQUaRy7QnBZu/3r/TFDLordQht/oxsCAgQA",
"common_name" : "1 3",
"status" : "REVOKED",
"serial_number" : "674c97dc17d14de5cde5a25a9f0e5f9f",
"valid_from" : "1554335999",
"valid_to" : "1553817600",
"revocation" : {
"revocation_date" : "1554236894",
"reason" : "CessationOfOperation",
"comments" : "test revoke comments"
},
"password" : "f44fhthtyh56",
"is_key_escrowed" : false,
"enrollment_notes" : "Enrolled for a certificate",
"webpin" : "567432",
"session_key" : "678543"
}Search Certificate
This API is used to search for certificates.
Request Fields
| Parameter | Type | Optional | Description |
|---|---|---|---|
seat_id |
String |
true |
certificate seat_id filter, must specify at least one from 'seat_id', 'common_name', or 'serial_number' |
common_name |
String |
true |
certificate common name filter, must specify at least one from 'seat_id', 'common_name', or 'serial_number' |
serial_number |
String |
true |
certificate serial number filter, must specify at least one from 'seat_id', 'common_name', or 'serial_number' |
profile_id |
String |
true |
certificate profile oid filter |
status |
String |
true |
certificate status filter, specify one from 'VALID', 'EXPIRED', 'REVOKED', or 'SUSPENDED' |
String |
true |
certificate email address filter |
|
issuing_ca |
String |
true |
issuing ca certificate filter in PEM format (base64 encoded string), Note: Single line permitted, escaped carriage return (\r) or line feed (\n) is allowed |
valid_from |
String |
true |
datetime in ISO-8601 format, will only return certificates validity start is after this datetime |
valid_to |
String |
true |
datetime in ISO-8601 format, will only return certificates validity end is before this datetime |
start_index |
Number |
true |
offset of first certificate returned, since max certificate returned is 50, use to retrieve next set of results |
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
total search certificate count |
|
|
since max result is 50, indicates if there are more certificates available |
|
|
location of starting certificate |
|
|
search result list of certificates, maximum count is 50 (See Get Certificate - Response Fields for details) |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/searchcert' -i -X POST \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-d '{
"seat_id" : "jane.doe@digicert.com",
"common_name" : "Jane Joe",
"serial_number" : "674c97dc17d14de5cde5a25a9f0e5f9f",
"profile_id" : "2.16.840.1.113733.1.16.1.2.3.1.1.128783251",
"status" : "VALID",
"email" : "jane.doe@digicert.com",
"issuing_ca" : "MIIDgTCCAmmgAwIBAgIQQvOIulktOKrDkBdaBvG6rTANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJJbjEeMBwGA1UEChMVRGlnaWNlcnQgRlQgVGVzdCBSb290MR4wHAYDVQQDExVEaWdpY2VydCBGVCBUZXN0IFJvb3QwHhcNMjAwOTI4MDAwMDAwWhcNMzMwOTI4MjM1OTU5WjBNMQswCQYDVQQGEwJJbjEeMBwGA1UEChMVRGlnaWNlcnQgRlQgVGVzdCBSb290MR4wHAYDVQQDExVEaWdpY2VydCBGVCBUZXN0IFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVMImYMky9jPN1Ri8mPXlbjCoIYayIuFiyJYoEjyOqmi+aF3pfv94s+uQ41TXTBAfikDS2gKjT+k104HE3jnQ4/t5cIXED0tHyLZnSAfcuptAX9KuZqYrQHHvKcUy6IBUJL3fzhTI+hh+aVV7MGPp0ZwBI4EGTSnyuzaUyQiW450L5gyXODOs9k7iR3rcEnfNhtR2NhW893FBC6hsRXj+wM9bYpoazypJ9Oq5Huj3NI3thBE4o2K+/AY5vzo1Pq6tRHq7S7U6qQjWivhxRFXaBGpFPlVVtO5WM/XYjWU3gvi9eHMyZAXcJMgSRTFkhcOQHTiAiGWl9rxVDnMF5NAzlAgMBAAGjXTBbMBIGA1UdEwEB/wQIMAYBAf8CAQEwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgH+MB0GA1UdDgQWBBSj8gimXfIBv6Zf/m9rM03gC3PIxjANBgkqhkiG9w0BAQsFAAOCAQEAXX5kCME+HpjF3AUy2l3N9NnkG6IXlDonxsG2+DrhWPTLxfIykH3BypfZ38f887mkh+BjfNvBDUtDkZ6MsJ3tfxKGkFvwimSkSlgrx3TH5B+3cMSXBqH2xK+YGAdWs8oxm3WQ1jj7zPtsKmPg4EM1S1O683xAgjkH5wJjSm02LoJRCWEXKlfYRLc7uR3x9nmcSuaJi20lqjTazOFWxp7BWNp7LJORNw9gIgMmB5a8bXb1YXmgCeX98jBjuhV2PUlxP7EbAeZfpAz7NysXg4B7rhZ1IHuapVwnDtXG2UTdv4pgoKHvLBKKSh97L8Lqt6d7o0V0d/aFJmY6wtUyTmhZVg==",
"valid_from" : "2017-01-01T01:01:01.000Z",
"valid_to" : "20250101T010101+0100",
"start_index" : 1
}'Sample Request
POST /mpki/api/v1/searchcert HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.com
Content-Length: 1579
{
"seat_id" : "jane.doe@digicert.com",
"common_name" : "Jane Joe",
"serial_number" : "674c97dc17d14de5cde5a25a9f0e5f9f",
"profile_id" : "2.16.840.1.113733.1.16.1.2.3.1.1.128783251",
"status" : "VALID",
"email" : "jane.doe@digicert.com",
"issuing_ca" : "MIIDgTCCAmmgAwIBAgIQQvOIulktOKrDkBdaBvG6rTANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJJbjEeMBwGA1UEChMVRGlnaWNlcnQgRlQgVGVzdCBSb290MR4wHAYDVQQDExVEaWdpY2VydCBGVCBUZXN0IFJvb3QwHhcNMjAwOTI4MDAwMDAwWhcNMzMwOTI4MjM1OTU5WjBNMQswCQYDVQQGEwJJbjEeMBwGA1UEChMVRGlnaWNlcnQgRlQgVGVzdCBSb290MR4wHAYDVQQDExVEaWdpY2VydCBGVCBUZXN0IFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVMImYMky9jPN1Ri8mPXlbjCoIYayIuFiyJYoEjyOqmi+aF3pfv94s+uQ41TXTBAfikDS2gKjT+k104HE3jnQ4/t5cIXED0tHyLZnSAfcuptAX9KuZqYrQHHvKcUy6IBUJL3fzhTI+hh+aVV7MGPp0ZwBI4EGTSnyuzaUyQiW450L5gyXODOs9k7iR3rcEnfNhtR2NhW893FBC6hsRXj+wM9bYpoazypJ9Oq5Huj3NI3thBE4o2K+/AY5vzo1Pq6tRHq7S7U6qQjWivhxRFXaBGpFPlVVtO5WM/XYjWU3gvi9eHMyZAXcJMgSRTFkhcOQHTiAiGWl9rxVDnMF5NAzlAgMBAAGjXTBbMBIGA1UdEwEB/wQIMAYBAf8CAQEwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgH+MB0GA1UdDgQWBBSj8gimXfIBv6Zf/m9rM03gC3PIxjANBgkqhkiG9w0BAQsFAAOCAQEAXX5kCME+HpjF3AUy2l3N9NnkG6IXlDonxsG2+DrhWPTLxfIykH3BypfZ38f887mkh+BjfNvBDUtDkZ6MsJ3tfxKGkFvwimSkSlgrx3TH5B+3cMSXBqH2xK+YGAdWs8oxm3WQ1jj7zPtsKmPg4EM1S1O683xAgjkH5wJjSm02LoJRCWEXKlfYRLc7uR3x9nmcSuaJi20lqjTazOFWxp7BWNp7LJORNw9gIgMmB5a8bXb1YXmgCeX98jBjuhV2PUlxP7EbAeZfpAz7NysXg4B7rhZ1IHuapVwnDtXG2UTdv4pgoKHvLBKKSh97L8Lqt6d7o0V0d/aFJmY6wtUyTmhZVg==",
"valid_from" : "2017-01-01T01:01:01.000Z",
"valid_to" : "20250101T010101+0100",
"start_index" : 1
}Sample Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 4583
{
"count" : 2,
"more_certs_available" : false,
"index" : 1,
"certificates" : [ {
"profile" : {
"id" : "2.16.840.1.113733.1.16.1.2.3.1.1.128783251"
},
"seat" : {
"seat_id" : "jane.doe@digicert.com"
},
"account" : {
"id" : 1233232
},
"certificate" : "MIIE0jCCA7qgAwIBAgIQZ0yX3BfRTeXN5aJanw5fnzANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPRW5naW5lZXJpbmcgTVRWMRQwEgYDVQQLEwtEZXZNVFYgVGVhbTAeFw0xOTAzMjkwMDAwMDBaFw0xOTA0MDMyMzU5NTlaMDQxDDAKBgNVBAMMAzEgMzEMMAoGA1UEDwwDQ09NMRYwFAYDVQQLDA1NVUxUSS1BTExPV0VEMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrLTqaib6YCXAGyGQ396UiJrf4zHTJX1RQIimKJkAU3H4CQBFw1AHJdLUi8zilfpfBpT9Xrk2oQS2HIhgshhGIGWFnSxXn3EiHeIwX2Y4r35OUTBrUjNHmTR9YpT8SWISjcVBWw21ca7LXB4PUoRPrv8kFEMY1q0odxY/+Xjtoas/WNUAhqAjFqE/rNr2Sspy4FrZteUQzxkL5oQO/02fjI3o1cmS4FyY5kAMkavOBxfj3AwARst5Sdm8RtkYNzEcSipS7vb/xcS/Cll7kw8nFdypfP+/Zexx8yH390v3RZfMjPdkJ/jvU81x2Pdlq97jN3t3gGAFBfKj7whJ+mIZwIDAQABo4IB1TCCAdEwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA+gwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFDtdR8sOIFvtUm1X4uHRzMG4UGpPMBwGA1UdEQQVMBOgEQYKKwYBBAGCNxQCA6ADDAE0MEAGA1UdIAQ5MDcwNQYLYIZIAYb4RQEHNwMwJjAkBggrBgEFBQcCARYYaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMzMGcGA1UdHwRgMF4wXKBaoFiGVmh0dHA6Ly9mdC1lbnQtY3JsLnN5bWF1dGguYmJ0ZXN0Lm5ldC9jYV8zN2M2NjY5YTJlODEwZjk4YjRjYTIwNmFjMjFjOGIzNy9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaAFEYaZ1z4g6KTVw0rMHHMKd1RXew6MCMGA1UdEgQcMBqgGAYIKwYBBAHBAQKgDBYKOTk1MzI4MzAtNTAsBgpghkgBhvhFARADBB4wHAYSYIZIAYb4RQEQAQIDAQG9tKcTFgYyMDY0NTUwPQYKYIZIAYb4RQEQBQQvMC0CAQAWKGFIUjBjSE02THk5a1pYWXRjR3RwTFhKaExtSmlkR1Z6ZEM1dVpYUT0wDQYJKoZIhvcNAQELBQADggEBAH/V8U9QMJZdqz+vZisY72tSKM+b7RHTn1/WIQcNQPnd3NYnKeqw9256Y3kfqSeMHG/znO69CPuRgs+7Z5/M5XX/kKv6/izn/26itTaMMqF791t+x+VkezWQISyqcLS6nOn4LYo2pxNeN9d3rlRFV18RqAn1UczrtrAOgywfV5koxY83ht4K39j0isVlBSU8IPVM1Fd35CBC7eN4JnMq99uY4K7/VdeD4wUkrTuEVmj89qxMi6nv4ABLl5X3HZPP6xX3klY3T42toSsNsKo9nvAYfGA3/Qk6NWTSjqDXoqHmuhzD5s+Kp2PWVcN3UwO/SwuSD+1AxLn9D1feb0XANVo=",
"common_name" : "Jane Doe",
"status" : "VALID",
"serial_number" : "674c97dc17d14de5cde5a25a9f0e5f9f",
"valid_from" : "2019-03-29T00:00:00.000Z",
"valid_to" : "2019-04-03T23:59:59.000Z",
"is_key_escrowed" : false,
"enrollment_notes" : "Enrolled for a certificate"
}, {
"profile" : {
"id" : "2.16.840.1.113733.1.16.1.2.3.1.1.128783251"
},
"seat" : {
"seat_id" : "jane.doe@digicert.com"
},
"account" : {
"id" : 1233232
},
"certificate" : "MIIE0jCCA7qgAwIBAgIQZ0yX3BfRTeXN5aJanw5fnzANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPRW5naW5lZXJpbmcgTVRWMRQwEgYDVQQLEwtEZXZNVFYgVGVhbTAeFw0xOTAzMjkwMDAwMDBaFw0xOTA0MDMyMzU5NTlaMDQxDDAKBgNVBAMMAzEgMzEMMAoGA1UEDwwDQ09NMRYwFAYDVQQLDA1NVUxUSS1BTExPV0VEMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrLTqaib6YCXAGyGQ396UiJrf4zHTJX1RQIimKJkAU3H4CQBFw1AHJdLUi8zilfpfBpT9Xrk2oQS2HIhgshhGIGWFnSxXn3EiHeIwX2Y4r35OUTBrUjNHmTR9YpT8SWISjcVBWw21ca7LXB4PUoRPrv8kFEMY1q0odxY/+Xjtoas/WNUAhqAjFqE/rNr2Sspy4FrZteUQzxkL5oQO/02fjI3o1cmS4FyY5kAMkavOBxfj3AwARst5Sdm8RtkYNzEcSipS7vb/xcS/Cll7kw8nFdypfP+/Zexx8yH390v3RZfMjPdkJ/jvU81x2Pdlq97jN3t3gGAFBfKj7whJ+mIZwIDAQABo4IB1TCCAdEwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA+gwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFDtdR8sOIFvtUm1X4uHRzMG4UGpPMBwGA1UdEQQVMBOgEQYKKwYBBAGCNxQCA6ADDAE0MEAGA1UdIAQ5MDcwNQYLYIZIAYb4RQEHNwMwJjAkBggrBgEFBQcCARYYaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMzMGcGA1UdHwRgMF4wXKBaoFiGVmh0dHA6Ly9mdC1lbnQtY3JsLnN5bWF1dGguYmJ0ZXN0Lm5ldC9jYV8zN2M2NjY5YTJlODEwZjk4YjRjYTIwNmFjMjFjOGIzNy9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaAFEYaZ1z4g6KTVw0rMHHMKd1RXew6MCMGA1UdEgQcMBqgGAYIKwYBBAHBAQKgDBYKOTk1MzI4MzAtNTAsBgpghkgBhvhFARADBB4wHAYSYIZIAYb4RQEQAQIDAQG9tKcTFgYyMDY0NTUwPQYKYIZIAYb4RQEQBQQvMC0CAQAWKGFIUjBjSE02THk5a1pYWXRjR3RwTFhKaExtSmlkR1Z6ZEM1dVpYUT0wDQYJKoZIhvcNAQELBQADggEBAH/V8U9QMJZdqz+vZisY72tSKM+b7RHTn1/WIQcNQPnd3NYnKeqw9256Y3kfqSeMHG/znO69CPuRgs+7Z5/M5XX/kKv6/izn/26itTaMMqF791t+x+VkezWQISyqcLS6nOn4LYo2pxNeN9d3rlRFV18RqAn1UczrtrAOgywfV5koxY83ht4K39j0isVlBSU8IPVM1Fd35CBC7eN4JnMq99uY4K7/VdeD4wUkrTuEVmj89qxMi6nv4ABLl5X3HZPP6xX3klY3T42toSsNsKo9nvAYfGA3/Qk6NWTSjqDXoqHmuhzD5s+Kp2PWVcN3UwO/SwuSD+1AxLn9D1feb0XANVo=",
"common_name" : "Jane Doe",
"status" : "REVOKED",
"serial_number" : "674c97dc17d14de5cde5a25a9f0e5f9f",
"valid_from" : "2019-03-29T00:00:00.000Z",
"valid_to" : "2019-04-03T23:59:59.000Z",
"revocation" : {
"revocation_date" : "2021-01-29T13:33:27.000Z",
"reason" : "ca_compromise",
"comments" : "test revoke comments"
},
"is_key_escrowed" : false,
"enrollment_notes" : "Enrolled for a certificate"
} ]
}Create Seat
This API is used to create a seat. This seat can be used for a user, device, server or organization seat pool.
Request Fields
| Parameter | Type | Optional | Description |
|---|---|---|---|
seat_id |
String |
false |
Seat identifier. It can be email address, deviceName, serverName or organizationName |
seat_name |
String |
true |
Name of user/device/server/organization (if applicable) |
String |
true |
Email address (if applicable) |
|
phone |
String |
true |
Phone number (if applicable)) |
Response Fields
Not applicable
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/seat' -i -X POST \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-d '{
"email" : "johndoe@digicert.com",
"phone" : "408-999-8888",
"seat_id" : "John.Doe",
"seat_name" : "John Doe"
}'Sample Request
POST /mpki/api/v1/seat HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.com
Content-Length: 120
{
"email" : "johndoe@digicert.com",
"phone" : "408-999-8888",
"seat_id" : "John.Doe",
"seat_name" : "John Doe"
}Sample Response
HTTP/1.1 201 Created
Content-Type: application/json;charset=UTF-8
Content-Length: 3
{ }Get Seat
This API is used to get a seat details for given seat id. This seat can be used for a user, device, server or organization seat pool.
Request Fields
Not Applicable
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
The seat id |
|
|
The seat name |
|
|
email id |
|
|
desk phone number |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/seat/unitTest@digicert.com' -i -X GET \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-H 'Accept: application/json'Sample Request
GET /mpki/api/v1/seat/unitTest@digicert.com HTTP/1.1
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Accept: application/json
Host: pki-ws-rest.symauth.comSample Response
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json;charset=UTF-8
Content-Length: 133
{
"seat_id" : "unitTest@digicert.com",
"seat_name" : "Unit Test",
"email" : "unitTest@digicert.com",
"phone" : "1231231234"
}Update Seat
This API is used to update any information regarding a seat.
Request Fields
| Parameter | Type | Optional | Description |
|---|---|---|---|
seat_name |
String |
true |
Name of user/device/server/organization (if applicable) |
String |
true |
Email address (if applicable) |
|
phone |
String |
true |
Phone number (if applicable)) |
Response Fields
Not Applicable
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/seat/unitTest@digicert.com' -i -X PUT \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-d '{
"email" : "john.doe@digicert.com",
"phone" : "(408)9998877",
"seat_name" : "junit test"
}'Sample Request
PUT /mpki/api/v1/seat/unitTest@digicert.com HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.com
Content-Length: 97
{
"email" : "john.doe@digicert.com",
"phone" : "(408)9998877",
"seat_name" : "junit test"
}Sample Response
HTTP/1.1 204 No Content
Content-Disposition: inline;filename=f.txt
Content-Type: application/json;charset=UTF-8
Content-Length: 3
{ }Delete Seat
This API is used to delete a seat. Deleting a seat will revoke all the certificates associated to the specified seat.
Request Fields
Not Applicable
Response Fields
Not Applicable
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/seat/unitTest@digicert.com' -i -X DELETE \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-H 'Accept: application/json'Sample Request
DELETE /mpki/api/v1/seat/unitTest@digicert.com HTTP/1.1
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Accept: application/json
Host: pki-ws-rest.symauth.comSample Response
HTTP/1.1 204 No Content
Content-Disposition: inline;filename=f.txt
Content-Type: application/json;charset=UTF-8
Content-Length: 3
{ }Create Enrollment
This API is used to enroll a seat for a non-web service profiles. It is also used to reset the existing enrollment request for a seat. Resetting enrollment will generate new enrollment URL and enrollment code
Prerequisite: Seat must have been created before creating enrollment.
Request Fields
| Parameter | Type | Optional | Description |
|---|---|---|---|
profile |
Object |
false |
object containing certificate profile oid for which seat is being enrolled |
profile.id |
String |
false |
certificate profile oid |
seat |
Object |
false |
object containing seat object |
seat.seat_id |
String |
false |
seat_id associated to the certificate |
seat.email |
String |
true |
email associated to the seat |
attributes |
Object |
true |
List of mandatory attributes as defined in Appendix |
attributes.san |
Object |
true |
List of mandatory san attributes as defined in Appendix |
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
system generated enrollment code used by seat owner to enroll a certificate |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/enrollment' -i -X POST \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-d '{
"profile" : {
"id" : "2.16.840.1.113733.1.16.1.2.2.1.1.132764215"
},
"seat" : {
"seat_id" : "john.doe@digicert.com",
"email" : "john.doe@digicert.com"
},
"attributes" : {
"common_name" : "John Doe",
"country" : "US",
"locality" : "Lehi",
"organization_name" : "Digicert-Inc.",
"organization_unit" : [ {
"id" : "cert_org_unit",
"value" : "Development"
} ],
"postal_code" : "84123",
"state" : "UT",
"custom_attributes" : { }
}
}'Sample Request
POST /mpki/api/v1/enrollment HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.com
Content-Length: 500
{
"profile" : {
"id" : "2.16.840.1.113733.1.16.1.2.2.1.1.132764215"
},
"seat" : {
"seat_id" : "john.doe@digicert.com",
"email" : "john.doe@digicert.com"
},
"attributes" : {
"common_name" : "John Doe",
"country" : "US",
"locality" : "Lehi",
"organization_name" : "Digicert-Inc.",
"organization_unit" : [ {
"id" : "cert_org_unit",
"value" : "Development"
} ],
"postal_code" : "84123",
"state" : "UT",
"custom_attributes" : { }
}
}Sample Response
HTTP/1.1 201 Created
Content-Type: application/json;charset=UTF-8
Content-Length: 32
{
"enrollment_code" : "1234"
}Reset Enrollment
It is used to reset the existing enrollment request for a seat. Resetting enrollment will generate new enrollment URL and enrollment code.
Request Fields
| Parameter | Type | Optional | Description |
|---|---|---|---|
seat |
Object |
false |
object containing seat object |
seat.seat_id |
String |
false |
seat_id associated to the certificate |
seat.email |
String |
true |
email associated to the seat |
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
system generated enrollment code used by seat owner to enroll a certificate |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/enrollment/932617102' -i -X PUT \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-d '{
"seat" : {
"seat_id" : "john.doe@digicert.com",
"email" : "john.doe@digicert.com"
}
}'Sample Request
PUT /mpki/api/v1/enrollment/932617102 HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.com
Content-Length: 99
{
"seat" : {
"seat_id" : "john.doe@digicert.com",
"email" : "john.doe@digicert.com"
}
}Sample Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 37
{
"enrollment_code" : "932617102"
}Delete Enrollment
This API is used to delete existing enrollment request.
Request Fields
| Parameter | Type | Optional | Description |
|---|---|---|---|
seat |
Object |
false |
object containing seat object |
seat.seat_id |
String |
false |
seat_id associated to the enrollment |
seat.email |
String |
true |
email associated to the seat |
Response Fields
Not Applicable
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/enrollment/250173313' -i -X DELETE \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-d '{
"seat" : {
"seat_id" : "john.doe@digicert.com",
"email" : "john.doe@digicert.com"
}
}'Sample Request
DELETE /mpki/api/v1/enrollment/250173313 HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.com
Content-Length: 99
{
"seat" : {
"seat_id" : "john.doe@digicert.com",
"email" : "john.doe@digicert.com"
}
}Sample Response
HTTP/1.1 204 No Content
Content-Type: application/json;charset=UTF-8
Content-Length: 3
{ }Get Enrollment
This API is used to get an existing enrollment request.
Prerequisite: Seat must have been created before creating enrollment.
Request Fields
Not applicable
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
system generated enrollment code used by seat owner to enroll a certificate |
|
|
indicates whether enrollment url and code is redeemed or not |
|
|
expiry date of enrollment URL |
|
|
indicates number of bad attempts |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/enrollment/932617102?seat_id=jane.doe%40digicert.com' -i -X GET \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-H 'Accept: application/json'Sample Request
GET /mpki/api/v1/enrollment/932617102?seat_id=jane.doe%40digicert.com HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Accept: application/json
Host: pki-ws-rest.symauth.comSample Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 149
{
"enrollment_code" : "932617102",
"enrollment_code_status" : "NEW",
"enrollment_expiry_date" : 1561661225000,
"number_of_bad_attempts" : 0
}Get Audit
This API is used to get audit details for given audit ID.
Request Fields
Not applicable
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
Audit Message |
|
|
audit Id |
|
|
transaction type name |
|
|
transaction id |
|
|
source_ip of the audit detail |
|
|
app name |
|
|
object_type |
|
|
audit creation time in ISO-8601 format |
|
|
admin name |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/audit-log/5' -i -X GET \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-H 'Accept: application/json'Sample Request
GET /mpki/api/v1/audit-log/5 HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Accept: application/json
Host: pki-ws-rest.symauth.comSample Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 462
{
"message" : "{\"message\":\"audit.usrmgmt.user.enrolled\",\"changeInfo\":[],\"additionalInfo\":[{\"field\":\"SEAT_ID\",\"value\":\"dec21test12@yopmail.com\"}]}",
"audit_id" : 5,
"transaction_type" : "USER_ENROLLED",
"transaction_id" : "5824d97b98838a1e",
"source_ip" : "172.16.1.73",
"app_name" : "PKI_CERT_MANAGEMENT",
"object_type" : "PKI_CERT_ENROLL",
"created_at" : "2024-11-13T06:43:52.000Z",
"admin_name" : "testadminName@yopmail.com"
}Get Audits
This API is used to get audit details for given date range.
Important Note: dateFrom & dateTo are required query params, and time span cannot exceed 365 days.
Valid action param:
USER_ENROLLED, USER_ENROLL_EMAIL_SENT, USER_INFO_EDIT, USER_CERTIFICATE_REVOKED, USER_CERTIFICATE_RESUMED, USER_CERTIFICATE_SUSPENDED, CERT_RENEWAL_NOTIFICATION, BULK_CERTIFICATE_REVOKED, USER_PRIVATE_KEY_RECOVERED, LOCAL_KEY_RECOVERY_INITIATED, USER_ENROLLMENT_EMAIL_RESENT, USER_ENROLLMENT_CODE_RESET, USER_ENROLLMENT_DELETED, USER_CREATED, BULK_USER_ENROLLED, BULK_USER_CREATED, BULK_USER_INFO_EDIT, BULK_ENROLLMENT_RESET, ENROLLMENT_REQUEST_APPROVED, ENROLLMENT_REQUEST_INITIAL_APPROVAL, ENROLLMENT_REQUEST_REJECTED, ENROLLMENT_REQUEST_NOTES, USER_DELETED, BULK_USER_DELETED, BULK_IMPORT_CERTIFICATE, IMPORT_FOREIGN_CERTIFICATE, EXT_CERTIFICATE_POLICY_CREATED, EXT_CERTIFICATE_POLICY_EDIT, ENROLLMENT, KEY_RECOVERY, PASSCODE_CREATE_UPDATE, PASSCODE_READ, POLICY,RENEW, REVOCATION, SEARCH_CERTIFICATE
Action Values and Description
| Action | Description |
|---|---|
USER_ENROLLED |
Enrollment created |
USER_ENROLL_EMAIL_SENT |
Enrollment e-mail sent to the user |
USER_INFO_EDIT |
User information edited |
USER_CERTIFICATE_REVOKED |
Certificate for user revoked |
USER_CERTIFICATE_RESUMED |
Certificate resumed |
USER_CERTIFICATE_SUSPENDED |
Certificate suspended |
CERT_RENEWAL_NOTIFICATION |
Certificate renewal notification email sent |
BULK_CERTIFICATE_REVOKED |
Bulk user certificate revoked |
USER_PRIVATE_KEY_RECOVERED |
Certificate private key downloaded |
LOCAL_KEY_RECOVERY_INITIATED |
Key recovery initiated |
USER_ENROLLMENT_EMAIL_RESENT |
Enrollment e-mail resent |
USER_ENROLLMENT_CODE_RESET |
Enrollment pick-up code reset |
USER_ENROLLMENT_DELETED |
Enrollment deleted |
USER_CREATED |
User created |
USER_DELETED |
User deleted |
BULK_USER_ENROLLED |
Bulk user enrolled |
BULK_USER_CREATED |
Bulk user created |
BULK_USER_DELETED |
Bulk user deleted |
BULK_USER_INFO_EDIT |
Bulk users information edited |
BULK_ENROLLMENT_RESET |
Bulk enrollment reset |
BULK_IMPORT_CERTIFICATE |
Bulk Non-PKI Platform issued certificates imported |
IMPORT_FOREIGN_CERTIFICATE |
Non-PKI Platform issued certificate imported |
ENROLLMENT_REQUEST_APPROVED |
Manual enrollment request approved |
ENROLLMENT_REQUEST_REJECTED |
Manual enrollment request rejected |
ENROLLMENT_REQUEST_INITIAL_APPROVAL |
Certificate approved by 1st Administrator - pending 2nd Administrator approval |
ENROLLMENT_REQUEST_NOTES |
Manual enrollment request notes |
EXT_CERTIFICATE_POLICY_CREATED |
Non PKI Platform policy created |
EXT_CERTIFICATE_POLICY_EDIT |
Non PKI Platform policy edited |
ENROLLMENT |
Certificate enrolled WebService |
KEY_RECOVERY |
Private key recovered WebService |
PASSCODE_CREATE_UPDATE |
Passcode assigned or updated for user WebService |
PASSCODE_READ |
Passcode retrieved for user WebService |
POLICY |
Certificate enrollment policy retrieved WebService |
RENEW |
Certificate renewed WebService |
REVOCATION |
Certificate revoked WebService |
SEARCH_CERTIFICATE |
Certificate searched WebService |
Request Fields
Not applicable
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
Audit Message |
|
|
audit Id |
|
|
transaction type name |
|
|
transaction id |
|
|
source_ip of the audit detail |
|
|
app name |
|
|
object_type |
|
|
audit creation time in ISO-8601 format |
|
|
admin name |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/audit-log?limit=10&offset=0&dateFrom=2021-12-21T00%3A00%3A00.000Z&dateTo=2021-12-22T00%3A00%3A00.000Z&action=USER_ENROLLED&adminRA=testadminName%40yopmail.com&adminRA=REGISTRATION+AUTHORITY+111111111' -i -X GET \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E' \
-H 'Accept: application/json'Sample Request
GET /mpki/api/v1/audit-log?limit=10&offset=0&dateFrom=2021-12-21T00%3A00%3A00.000Z&dateTo=2021-12-22T00%3A00%3A00.000Z&action=USER_ENROLLED&adminRA=testadminName%40yopmail.com&adminRA=REGISTRATION+AUTHORITY+111111111 HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Accept: application/json
Host: pki-ws-rest.symauth.comSample Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 503
{
"audits" : [ {
"message" : "{\"message\":\"audit.usrmgmt.user.enrolled\",\"changeInfo\":[],\"additionalInfo\":[{\"field\":\"SEAT_ID\",\"value\":\"dec21test12@yopmail.com\"}]}",
"audit_id" : 5,
"transaction_type" : "USER_ENROLLED",
"transaction_id" : "5824d97b98838a1e",
"source_ip" : "172.16.1.73",
"app_name" : "PKI_CERT_MANAGEMENT",
"object_type" : "PKI_CERT_ENROLL",
"created_at" : "2024-11-13T06:43:53.000Z",
"admin_name" : "testadminName@yopmail.com"
} ]
}Enroll Status
(Experimental) This API is used to get status of enrollment request. Use the request parameter profile_id (optional) to filter results.
Request Fields
Not applicable
Response Fields
| Path | Type | Description |
|---|---|---|
|
|
an array of Objects |
|
|
profile OID |
|
|
enrollment status (MANUAL_AUTH_PENDING_REQUEST, MANUAL_AUTH_INPROGRESS, MANUAL_AUTH_WAIT_ADDTL_APPROVAL, MANUAL_AUTH_REJECT, NEW, REDEEMED, LOCKED, DELETED) |
|
|
creation datetime in ISO date format |
|
|
update datetime in ISO date format |
|
|
list of all certificate serial numbers issued for the profile |
Sample Curl Request
$ curl 'https://pki-ws-rest.symauth.com/mpki/api/v1/enrollstatus/jane.doe@digicert.com?profile_id=2.16.840.1.113733.1.16.1.2.2.8.1.122532964' -i -X GET \
-H 'Content-Type: application/json' \
-H 'X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E'Sample Request
GET /mpki/api/v1/enrollstatus/jane.doe@digicert.com?profile_id=2.16.840.1.113733.1.16.1.2.2.8.1.122532964 HTTP/1.1
Content-Type: application/json
X-API-Key: 01b7dedd17e11181f5_86305A0A21EB31D2169181FAEBC0A0ABBCE4C882E2CEEB0A97A8F309F3BB850E
Host: pki-ws-rest.symauth.comSample Response
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Type: application/json;charset=UTF-8
Content-Length: 287
[ {
"profile_id" : "2.16.840.1.113733.1.16.1.2.2.8.1.122532964",
"status" : "NEW",
"created_at" : "2024-11-13T06:43:54.000Z",
"updated_at" : "2024-11-13T06:43:54.000Z",
"certificates" : [ "167307796698612677393372285064690296102", "87931315209220339004858855189940763179" ]
} ]Error Response
//input field error
{
"errors": [{
"code": "invalid_input_field",
"field":"seatId",
"message": "seat_id size must be between 1 and 255"
}]
}
//business error
{
"errors": [{
"code": "profile_not_in_account",
"message": "profile_id doesn't belong to account"
}]
}
Error codes
NOTE: The below table describes the error codes returned by the REST API responses. For error codes displayed to end users completing a certificate pick-up using the DigiCert PKI Certificate Services web pages, please refer to the "Error Codes and Troubleshooting" section within the Web Services Developer’s Guide, which can be found at the following link.
| API Name | Error Code | Description |
|---|---|---|
Generic |
authentication_error |
The authentication failed for the request. Please review your request and try again. |
Generic |
internal_service_error |
An internal service error occurred. Retry the operation later. |
Generic |
invalid_input_field |
The input is invalid. Please fix the input field values as specified in the error response. |
Generic |
entity_not_found |
This exception happens when trying to update/delete/fetch any entity (account, user, template, etc) by ID, but no such entity is present. |
Generic |
profile_not_in_account |
The certificate profile ID provided in the request is invalid or doesn’t exist. |
Generic |
deleted_profile |
This operation is not supported for a deleted certificate profile. |
Generic |
mandatory_attribute_unavailable |
Enrollment information did not contain a mandatory attribute. |
Profile API |
profile_data_not_found |
Profile data can’t be retrieved from DB for some reason |
Profile API |
profile_definition_error |
Any error related to profile creation/editing: selected ICA or template is not for end entities, template issue types does not match CA issue types, duplicate or extra field description not allowed by template, mandatory field defined in template is not provided |
Seat Management API |
seat_id_already_exists |
Seat ID provided is already existing |
Enrollment API |
invalid_passcode_information |
The passcode information provided was invalid. Correct the request and retry the operation. |
Create Enrollment |
seat_id_not_in_account |
Could not find the Seat ID in the system |
Create Enrollment |
passcode_limit_error |
Limit on the allowable passcode creations for this profile exceeded. Please update profile to increase the allowed enrollments. |
Create Enrollment |
invalid_user_information |
User information in the request is invalid. Correct the request and retry the operation. |
Certificate Enrollment |
policy_verification_failed |
Your request is invalid. Policy verification failed. |
Certificate Enrollment |
certificate_already_exists |
A certificate has already been issued with this enrollment information |
Certificate Enrollment |
migrated_profile |
This operation is not supported for a migrated certificate profile. |
Certificate Enrollment |
inactive_profile |
The status of the requested certificate profile is inactive. |
Certificate Enrollment |
org_not_authenticated |
Organization is not authenticated |
Certificate Enrollment |
org_address_not_authenticated |
Organization address ('locality', 'state', 'street_address', 'country', or 'postal_code') is not authenticated. Please make sure the organization address matches the account organization address and is approved. |
Certificate Enrollment |
domain_not_authenticated |
Domain of email address is not authenticated |
Certificate Enrollment |
multiple_emails_not_supported |
Multiple emails not supported for smime profile. This includes 'common_name' if it is in email format. |
Certificate Enrollment |
configuration_error |
Failed to find subject DN information in the policy |
Certificate Enrollment |
manual_approval_enroll_pickup_pending |
Cannot enroll for the user who has pending certificate pickup. |
Revoke Certificate |
certificate_revoke_error |
Certificate status is not valid/suspended/expired. It might have been revoke |
Get Certificate |
certificate_serial_not_in_account |
Certificate serial not found in an account |
Renew Certificate |
certificate_outside_of_renewal_window |
To be renewed certificate is outside of the renewal grace period window. |
Appendix
| Subject Alt Name Attributes | Object Type | Desciption |
|---|---|---|
directory_name |
String |
|
dns_name |
List<Attribute> |
Refer [Attribute] |
ip_address |
List<Attribute> |
Refer [Attribute] |
other_name |
List<Attribute> |
Refer [Attribute], 'Value' in attribute is Hex encoded |
registered_id |
List<Attribute> |
Refer [Attribute] |
rfc822_name |
List<Attribute> |
Refer [Attribute] |
user_principal_name |
List<Attribute> |
Refer [Attribute] |
custom_attributes |
Map<String, String> |
| Subject DN Attributes | Object Type | Description |
|---|---|---|
common_name |
String |
|
content_type |
String |
|
counter_signature |
String |
|
country |
String |
|
dn_qualifier |
String |
|
domain_name |
String |
|
domain_component |
List<Attribute> |
Refer [Attribute] |
String |
||
given_name |
String |
|
ip_address |
String |
|
job_title |
String |
|
locality |
String |
|
message_digest |
String |
|
organization_name |
String |
|
organization_unit |
List<Attribute> |
Refer [Attribute] |
postal_code |
String |
|
pseudonym |
String |
|
serial_number |
String |
|
signing_time |
String |
|
state |
String |
|
street_address |
List<Attribute> |
Refer [Attribute] |
surname |
String |
|
unique_identifier |
String |
|
unstructured_address |
String |
|
unstructured_name |
String |
|
user_id |
String |
|
custom_attributes |
Map<String, String> |
| Authentication Field Attributes | Object Type | Description |
|---|---|---|
auth_comments |
String |
|
auth_first_name |
String |
|
auth_last_name |
String |
|
auth_employee_id |
String |
|
auth_phone_number |
String |
|
auth_custom_attr_<unique_id> |
String |
for example, "auth_custom_attr_161128071325649" |
| Parameter Name | Data Type | Description |
|---|---|---|
Attribute |
Object |
|
..value |
String |
value of the attribute |
..id |
String |
id of the object (returned by the Get Profile API) |
| Parameter Name | Allowed Values | Data Type |
|---|---|---|
revocation_reason |
key_compromise |
String |
affiliation_changed |
String |
|
cessation_of_operation |
String |
|
superseded |
String |