Restoring Deleted Azure Certificates
Use the post /v1/cckm/azure/certificates/{id}/restore
to restore a purged Azure certificate from backup. Only Azure certificates with the status DELETED can be restored from backup.
Syntax
curl -k '<IP>/api/v1/cckm/azure/certificates/{id}/restore' -X POST -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "key_vault": "<key_vault>"\n}' --compressed
Here, {id}
is the resource ID of the certificate on the CipherTrust Manager.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
key_vault | string | Name or ID of the Azure vault where the certificate will be restored. By default, the certificate will be restored to the vault from where it was deleted. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/certificates/71655dbf-5e71-4cf3-a773-9c31e828a4d3/restore' -X POST -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjRmMGExN2Y0LWQxOGUtNGE5YS04ZWM2LTU1ZjI2ZjJjNTMzMiIsImlhdCI6MTYwMTQ2MTEwNiwiZXhwIjoxNjAxNDYxNDA2fQ.P_d2ngOq_AlxqXhfG-saEvQRYZCSzQbzR2S6Jzv6Ogs' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "key_vault": "azure-vault::260ecbe7-777b-4d3c-84ea-887620498863"\n}' --compressed
Example Response
{
"id": "71655dbf-5e71-4cf3-a773-9c31e828a4d3",
"uri": "kylo:kylo:cckm:azure-cert:abcdefg-71655dbf-5e71-4cf3-a773-9c31e828a4d3",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-05-09T10:46:37.988945Z",
"updatedAt": "2022-05-09T10:58:36.64513732Z",
"synced_at": "2022-05-09T10:46:32Z",
"cloud_name": "AzureCloud",
"key_vault": "azure-vault::260ecbe7-777b-4d3c-84ea-887620498863",
"key_vault_id": "5fb27dcd-9a6f-4508-ba9c-5dc630162a83",
"region": "northcentralus",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"azure_created_at": "2022-05-09T10:46:32Z",
"azure_expire_at": "2023-05-09T10:46:32Z",
"azure_updated_at": "2022-05-09T10:46:32Z",
"backup": "ac1b43d844a742d9a0081f93d65bf9ec58077b9e2a224df798a794c694d1e197",
"backup_at": "2022-05-09T10:46:37.985596Z",
"cert_name": "certificate",
"cert_soft_deleted_in_azure": false,
"deleted": false,
"gone": false,
"cert_material_origin": "native",
"cert_source": "native",
"operation": "",
"soft_delete_enabled": false,
"status": "AVAILABLE",
"version": "02e3b1cf6b9e48a5b514b8315d62f369",
"azure_param": {
"cert": "MIIEHTCCAwWgAwIBAgIQB4ugjHs/RQCEw4Toeoy10jANBgkqhkiG9w0BAQsFADBsMRcwFQYDVQQDEw53d3cuY29udG9zby5jbzETMBEGA1UECxMKQ29udG9zbyBIUjEQMA4GA1UEChMHQ29udG9zbzEQMA4GA1UEBxMHUmVkbW9uZDELMAkGA1UECBMCV0ExCzAJBgNVBAYTAlVTMB4XDTIyMDUwOTEwMzYzMloXDTIzMDUwOTEwNDYzMlowbDEXMBUGA1UEAxMOd3d3LmNvbnRvc28uY28xEzARBgNVBAsTCkNvbnRvc28gSFIxEDAOBgNVBAoTB0NvbnRvc28xEDAOBgNVBAcTB1JlZG1vbmQxCzAJBgNVBAgTAldBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa67roT9b/RWzqEwqp0InWVR2z8a27J9j1tEioSx3JJfH1mliZA5JG4vq77jv1t2C0KM8ChRhG9l+rd5wSQ7Gogt+Qt7Mq6+2YbxLyvx+ookQIvu7CZT7ZWSQiKNwdzklVe/b29aBclCSAzGJR3+90ZkLT2xTBx6QYFGqPyLavRSk4+TfYVj+s5cdEm/ZcfPFS478LXSTQaCMaiIOmBOdbIrepCh3zUz3uhCjtuWTgUTgssadCbjh3Qwa4YThoB6vQsdeUJ9rqZXtnWr8aIAEG1WGAHuknrIxJxFH4rQcuWX+B/c/4h40/tkwbZO6QPrALSxrqVe+4nS8tgggoCf30CAwEAAaOBujCBtzAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0RBDQwMoERaGVsbG9AY29udG9zby5jb22CDmhyLmNvbnRvc28uY29tgg1tLmNvbnRvc28uY29tMB8GA1UdIwQYMBaAFLiRr8LhYyUC/KV7W1SeFHrj0j/GMB0GA1UdDgQWBBS4ka/C4WMlAvyle1tUnhR649I/xjANBgkqhkiG9w0BAQsFAAOCAQEAzg5xO6w0GLfbNKu/RFoynj632yMJNerpjYjwGNcbEaMVNEt2LH0BJyIGpGEdnhfpoHfxSubPRGvcFsUc2E9VvDqan6sGalqQn1INUQnuF2joj+Tg75f+VuQZEh/JyzWKKxmrcymmSUdE8uYC1ssBkcGAcpPPb0fZIT37ohd0DZv+J+KXabM4Bu1IaiCZ6ObynNee3rNuKroNCIln361JsAdqJ5bdsTVFXY38tob1guN2ch6cYHH3TUoEkOqbyu0Z/UwHKCe7deIcZV2AIqD+H/9iii2+v9Hl0va7YMaXoPY/i2oe77VebtNhjARzCXzD/6an1vZb6lGByMY0BKaILQ==",
"kid": "https://azure-vault.vault.azure.net/keys/abcdefg/02e3b1cf6b9e48a5b514b8315d62f369",
"sid": "https://azure-vault.vault.azure.net/secrets/abcdefg/02e3b1cf6b9e48a5b514b8315d62f369",
"x5t": "8abSuIEC7VXk00Wtl7-3TQMAw-4",
"lifetime_actions": [
{
"action": {
"action_type": "AutoRenew"
},
"trigger": {
"lifetime_percentage": 80
}
}
],
"crv": "",
"exportable": true,
"key_size": 2048,
"kty": "RSA",
"content_type": "application/x-pkcs12",
"ekus": [
"1.3.6.1.5.5.7.3.1",
"1.3.6.1.5.5.7.3.2"
],
"key_usage": [
"digitalSignature",
"keyEncipherment"
],
"sans": {
"emails": [
"hello@contoso.com"
],
"dns_names": [
"hr.contoso.com",
"m.contoso.com"
]
},
"subject": "C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.co",
"validity_months": 12,
"issuer_name": "Self",
"attributes": {
"created": 1652093192,
"enabled": true,
"exp": 1683629192,
"nbf": 1652092592,
"recovery_level": "Purgeable",
"updated": 1652093192
}
}
}
The sample output shows that the parameter status
becomes AVAILABLE
. This indicates that the certificate is restored.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.