Client Management
A client represents a machine where a supported product such as ProtectFile or CipherTrust Transparent Encryption (CTE) is installed. It can also represent a generic client using the REST, KMIP, or NAE protocol.
All clients with supported product installations (for example, ProtectFile, and CTE) can be managed on the CipherTrust Manager. An Administrator can register many clients with the CipherTrust Manager, view registered clients, view and modify details, revoke registrations, renew clients, and delete clients when they are no longer needed. We recommend to register a client whenever possible.
Client registration is supported with:
CTE Agents
CTE Userspace Agents
CTE for Kubernetes Agents
DPG
Custom KMIP clients
Custom NAE clients
Custom REST API clients
Registering a client with CipherTrust Manager allows you to better track client activity, through the assigned client identity.
The Loki audit records contain a client_id
value for every action a registered or public client takes.
ProtectFile, CTE, CipherTrust Data Protection Gateway (DPG), and KMIP clients need to be registered with the CipherTrust Manager to successfully authenticate and perform key and cryptographic operations. When successfully registered, the client is automatically added to the CipherTrust Manager. CipherTrust Manager currently allows unregistered clients of other types.
A client can be registered with the CipherTrust Manager by using a registration token generated on the CipherTrust Manager. This token is called the client registration token. The fingerprint of the server’s web interface certificate is also required for registering ProtectFile and CTE Userspace clients with the CipherTrust Manager.
The CipherTrust Manager provides options to manage registration tokens and clients.
Note
For client authentication to work in any domain, the issuer CA of that client certificate must be added in the domain and client_authentication
for that CA must be enabled. This is applicable only for the clients with authentication_mode
set as dn
.
Warning
As soon as a client is deleted from the CipherTrust Manager, all communication between the CipherTrust Manager and the client will stop immediately. It is recommended that the clients are decrypted before deletion, otherwise the encrypted data will become inaccessible.
Public Clients
The CipherTrust Manager pre-registers the following public clients:
ksctl
Web-UI
API playground
NAE
These public clients are shipped with the hard-coded client ids and names as follows:
client id | client name |
---|---|
c5890024-a6d4-408d-a592-5d4d5807c722 | nae |
17771cf2-f80b-4eb5-a19b-a2d0032179c3 | web-ui |
5ffb6fac-2cb5-4b91-8183-e20ad3b62577 | ksctl |
837c840d-75dd-4b4f-a318-79cb16ca248d | api-playground |
The client ids are pre-embedded in the respective public clients. When public clients call the /v1/auth/tokens endpoint API to generate a registration token, it includes the client_id
parameter with the password
grant type. The client_id
and client_name
are present in the issued JWT after the successful authentication.
These client ids are included in Loki audit records.
Registering Clients
The following table lists the parameters that are required when managing a client on the CipherTrust Manager:
Parameter | Description |
---|---|
Name | Name for the client to display on the CipherTrust Manager. |
Registration Token | Registration token to register the client with the CipherTrust Manager. |
For the most security, the client also provides a Certificate Signing Request (CSR) to be signed by a CipherTrust Manager local certification authority (CA).
The high-level registration flow varies based on product or protocol. CTE, CTE-U, CTE for Kubernetes, custom KMIP clients, custom NAE clients, and custom REST API clients require you to create a client profile, which contains settings for the CA which issues the client certificate. Other connectors obtain registration tokens through the Application Data Protection tile, and manage settings for the CA there. For these connectors, a client profile is created for display purposes after registration.
Note
On KMIP and REST interfaces, if the cert_duration
parameter is specified in both the client profile and registration token, then preference is given to the one specified in the client profile. Otherwise, its value is set to the system's default value, that is, 730 days.
Note
On KMIP and REST interfaces, if the ca-id
parameter is specified in both the client profile and registration token, then preference is given to the one specified in the registration token. Otherwise, its value is set to the system's default local CA value.
High-Level Registration Flow for CTE and Custom Clients
Note
KMIP and NAE have the option to automatically register their clients using existing certificates. This follows a different process than the manual registration described here. Consult KMIP or NAE documentation for information on automatic registration.
Create a client profile, which manages the CA that issue certificates for clients associated with the client profile. The three certificate authority settings options are, from most to least secure:
Provide a CSR issued by the client, to be signed by a CipherTrust Manager local CA.
Set an external CA which has been added to CipherTrust Manager.
If your client is not capable of generating a key pair or CSR, generate a CSR on CipherTrust Manager and use a local CA to sign it. Download the generated certificate and store it on the client.
Create a registration token associated with the client profile. Retain this registration token.
Have the client issue a client registration request to CipherTrust Manager, including the registration token, and relevant certificate-related parameters. The way you initiate this request is specific to the client type, but in all cases, you provide the registration token.
The client-side registration for specific client types is described at the following locations:
High-Level Registration Flow for Other Connectors
Add an Application in the Application Data Protection tile. As part of this process, you provide necessary CA and certificate settings, and receive a registration token.
Use the registration token with the client to register the client with CipherTrust Manager.
Caution
After registration, a client profile is created for the new client. This client profile is only to display settings. You can only modify client-related settings through the Applications menu in the Application Data Protection menus.
Tokens
A token is a string that is used to register clients with the CipherTrust Manager. The CipherTrust Manager provides options to create tokens, view existing tokens, view and modify their details, and delete them when they are no longer required.
Note
The registration token can be created without CA Admins
privilege. Such tokens can only be used with the default Local CA. To use the token with non-default CA, it is mandatory to add the user in the CA Admins
group. This enables the user to view the list of CAs in the domain.
Creating a Registration Token using GUI
A registration token can be created on the CipherTrust Manager. It is used when manually registering CipherTrust Manager clients with the CipherTrust Manager. A CipherTrust Manager administrator creates registration tokens.
To create a registration token for CTE, CTE-U, CTE for Kubernetes, KMIP, NAE and Custom REST Clients:
Note
You generate a registration token for other connectors by adding an Application in the Application Data Protection tile.
Log on to the CipherTrust Manager GUI as administrator.
In the left pane, click Access Management > Registration Tokens.
On the right, click Add Registration Token. The Create New Registration Token wizard is displayed. This is a three-step wizard.
Click Begin to start token creation. The Configure Token screen is displayed.
(Optional) Specify a Name Prefix. Prefix for the client name. This prefix is used to construct names for clients whose names are not specified during registration with the CipherTrust Manager using this token.
If the name prefix is specified as
ks_client
, client names will be constructed asks_client#
; for example,ks_client1
,ks_client2
,ks_client3
, and so on.If the name prefix is not specified, the CipherTrust Manager will construct a random name for clients.
However, if a client's name is specified during registration, this name prefix will not be used for that client.
Specify Token lifetime. This is the duration (in minutes, hours, or days) for which this token can be used for registering clients. For example, specify the lifetime as:
1 minutes
for 1 minute2 hours
for 2 hours3 days
for 3 daysunlimited
for a token that never expires.
By default, the token lifetime is
unlimited
. The token will never expire.Specify Client Capacity. This is the maximum number of clients that can be registered using this registration token. The default capacity is
100
clients.Click Select Profile. The Select Profile screen is displayed.
Select the desired Client Profile from the drop-down list. A client profile allows the CipherTrust Manager administrators to manage the local CAs that issue certificates for the clients associated with the given client profile.
If no client profile exists, you can create one before proceeding. Refer to Managing Client Profiles for details.
Note
If you automate registration token creation using the
/api/v1/client-management/regtokens
API endpoint, it is recommended to provide value for theclient_management_profile_id
attribute that points to an existing client profile. KMIP and NAE clients can automate registration in this way.This is not enforced for backward compatibility reasons.
Click Create Token. The Create Token screen is displayed. The screen displays the generated registration token in ASCII and Base64 encoding. The CipherTrust Manager accepts the registration token in ASCII format only. Select Base64 if the client application accepts the token in Base64 format only and converts the token to ASCII before sending the it to the CipherTrust Manager.
Select the desired encoding.
Click Copy next to the token. Save the copied token. This token will be used when registering and migrating clients.
Click Add Token.
Note
While creating a registration token, the CA chain will be validated for the intermediate local CAs.
Managing Registration Token using ksctl
Note
It is recommended to use the value of cert_duration
specified in the Client Profile. Going forward, the cert_duration
parameter will be deprecated from the registration token.
This section provides instructions to create and manage registration tokens on the CipherTrust Manager.
The following operations can be performed:
Create/Get/Update/Delete/Update registration tokens
List all client profiles
Creating Registration Token
To create a registration token, run
Syntax
ksctl clientmgmt tokens create --ca_id <ca-id> --cert-duration <validity-duration-of-certificate> --client-mgmt-profile-id <client-profile-id> --life-time <lifetime-of-token> --max-clients <maximum-number-of-client> --name-prefix <name-prefix>
ca-id
- ID of the trusted Certificate Authority that is used to sign client certificate during registration process.cert-duration
- duration (in days) for which the CipherTrust Manager client certificate is valid.client-mgmt-profile-id
- id of the client profile.life-time
- duration (in minutes, hours, or days) for which this token can be used for registering clients.max-clients
- maximum number of clients that can be registered using this registration token.name-prefix
- prefix for the client name. This prefix is used to construct names for clients whose names are not specified during registration with the CipherTrust Manager using this token. However, if a client's name is specified during registration, this name prefix will not be used for that client.
Example Request
ksctl clientmgmt tokens create --ca-id "950f1ef4-7b47-4cbb-9bfb-adee2f2c0283" --cert-duration 2 --client-mgmt-profile-id "ee910055-b8fc-42c2-9c67-49bdbd0f67b2" --life-time "10h" --max-clients 50 --name-prefix "test_prefix"
Example Response
{
"id": "669457e6-89cc-482d-8cb5-3b35f2b1a89c",
"uri": "kylo:kylo:munshi:tokens:669457e6-89cc-482d-8cb5-3b35f2b1a89c",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2023-11-30T20:35:05.841579Z",
"updatedAt": "2023-11-30T20:35:05.841579Z",
"token": "4u9xQXsTknLcGT2byBrY4IJCOp40gWKIhEP7jxEUFJM27QDM1RgE26Fz43oSog1j",
"valid_until": "2023-12-01T06:35:05.839849438Z",
"max_clients": 50,
"cert_duration": 2,
"clients_registered": 0,
"ca_id": "950f1ef4-7b47-4cbb-9bfb-adee2f2c0283",
"name_prefix": "test_prefix",
"label": null,
"client_management_profile_id": "ee910055-b8fc-42c2-9c67-49bdbd0f67b2"
}
Getting Registration Token Details
To get details of a registration token, run:
Syntax
ksctl clientmgmt tokens get --token-id <token-id>
Example Request
ksctl clientmgmt tokens get --token-id "669457e6-89cc-482d-8cb5-3b35f2b1a89c"
Example Response
{
"id": "669457e6-89cc-482d-8cb5-3b35f2b1a89c",
"uri": "kylo:kylo:munshi:tokens:669457e6-89cc-482d-8cb5-3b35f2b1a89c",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2023-11-30T20:35:05.841579Z",
"updatedAt": "2023-11-30T20:38:50.171348Z",
"token": "4u9xQXsTknLcGT2byBrY4IJCOp40gWKIhEP7jxEUFJM27QDM1RgE26Fz43oSog1j",
"valid_until": "2023-12-01T01:38:50.170988Z",
"max_clients": 20,
"cert_duration": 2,
"clients_registered": 0,
"ca_id": "",
"name_prefix": "test_prefix",
"label": null,
"client_management_profile_id": "c5ce40bf-073c-49bb-977b-5933d6d36b71"
}
Updating Registration Tokens
Caution
In a mixed cluster version setups, do not reset the value of cert-duration
specified during token creation for old nodes, this might lead to abnormal system behavior.
To update a registration token, run:
Syntax
ksctl clientmgmt tokens update --token-id <token-id> --cert-duration <validity-duration-of-certificate> --client-mgmt-profile-id <client-profile-id> --life-time <lifetime-of-token> --max-clients <maximum-number-of-client> --name-prefix <name-prefix>
Example Request
ksctl clientmgmt tokens update --token-id "669457e6-89cc-482d-8cb5-3b35f2b1a89c" --ca-id "950f1ef4-7b47-4cbb-9bfb-adee2f2c0283" --cert-duration 2 --life-time "5h" --max-clients 20 --client-mgmt-profile-id "c5ce40bf-073c-49bb-977b-5933d6d36b71"
Example Response
{
"id": "669457e6-89cc-482d-8cb5-3b35f2b1a89c",
"uri": "kylo:kylo:munshi:tokens:669457e6-89cc-482d-8cb5-3b35f2b1a89c",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2023-11-30T20:35:05.841579Z",
"updatedAt": "2023-11-30T20:38:50.171348Z",
"token": "4u9xQXsTknLcGT2byBrY4IJCOp40gWKIhEP7jxEUFJM27QDM1RgE26Fz43oSog1j",
"valid_until": "2023-12-01T01:38:50.170988864Z",
"max_clients": 20,
"cert_duration": 2,
"clients_registered": 0,
"ca_id": "950f1ef4-7b47-4cbb-9bfb-adee2f2c0283",
"name_prefix": "test_prefix",
"label": null,
"client_management_profile_id": "c5ce40bf-073c-49bb-977b-5933d6d36b71"
}
Getting List of Registration Tokens
To list all registration tokens, run;
Syntax
Example Request
ksctl clientmgmt tokens list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "ed307d73-695a-4c98-b1bd-a412d84b7b82",
"uri": "kylo:kylo:munshi:tokens:ed307d73-695a-4c98-b1bd-a412d84b7b82",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2023-11-29T11:19:41.044238Z",
"updatedAt": "2023-11-29T11:39:13.306853Z",
"token": "UD2lfsg4ZYJHGASOfWwJxPT6eqXFTLRgBBkDGxy5rrBcnGCs1uoM5MHluLZ65kW3",
"valid_until": "0001-01-01T00:00:00Z",
"max_clients": -1,
"clients_registered": 5,
"ca_id": "950f1ef4-7b47-4cbb-9bfb-adee2f2c0283",
"label": null,
"client_management_profile_id": "52d3041a-e958-4144-879e-eddbe6debc41"
}
]
}
Deleting Registration Tokens
To delete a registration token, run:
Syntax
ksctl clientmgmt token delete --token-id <token-id>
Example Request
ksctl clientmgmt token delete --token-id "669457e6-89cc-482d-8cb5-3b35f2b1a89c"
Example Response
There will be no response if token is deleted successfully.
Getting the Fingerprint of the Server's "web" Interface Certificate
The fingerprint of the server's "web" interface certificate is unique. It is used when registering ProtectFile and CTE UserSpace clients with the CipherTrust Manager. A CipherTrust Manager administrator can provide you the fingerprint.
Fingerprint of the server’s web interface certificate can be viewed on the GUI or the API playground.
On the API Playground
To get the fingerprint:
Acquire an authorization token.
In the left pane of the API playground, click Client-Management/Tokens.
Under Client-Management/Tokens, click Web Certificate Fingerprint. The Web Certificate Fingerprint section of the API playground is displayed in the right pane.
Click GET. View the fingerprint details in the response output.
The SHA256 and SHA512 fingerprints of the server’s web interface certificate are displayed.
On the UI
To get the fingerprint:
Log on to the CipherTrust Manager as administrator.
In the left pane, click Access Management > Registration Tokens. The list of existing registration tokens with details such as their name, expiry, remaining usage count, and usage count is displayed.
On the right, under Web Server Certificate Fingerprint, the fingerprint is displayed. You may need to scroll down the page.
The UI displays the SHA256 fingerprint. To get the SHA512 fingerprint, use the API playground.
Copy the fingerprint.
Save the fingerprint. This fingerprint will be used when migrating clients.
Managing Client Profiles
A client profile represents the data that can be used to create or renew the client certificates. Client profiles allow the CipherTrust Manager administrators to manage the local or external CAs that issue certificates for clients associated with the given client profiles. As well, client profiles are required to issue registration tokens for KMIP, NAE, custom REST API, CTE, CTE Userspace, and CTE for Kubernetes clients.
This section provides instructions to create and manage client profiles on the CipherTrust Manager.
The following operations can be performed:
Create/Get/Update/Delete/Update client profiles
List all client profiles
Creating Client Profiles
To create a client profile, run:
Syntax
ksctl clientmgmt profiles create --ca_id <ca-identifier> --csr-params <csr-parameters> --groups <list of groups> --cert-duration <validity-duration-of-certificate>
ca_id
- ID of the trusted Certificate Authority that will be used to sign the client certificate during registration process.csr-params
- the client certificate parameters.groups
- list of the groups to which the client will be added while registration.cert-duration
- duration (in days) for which the CipherTrust Manager client certificate is valid.
Note
During registration, the clients are added to the groups defined in the groups
parameter as well as to the All Clients
group by default.
Example Request
ksctl clientmgmt profiles create --ca_id 950f1ef4-7b47-4cbb-9bfb-adee2f2c0283 --csr_parameters '{"csr_cn": "admin"}' --groups "Key Admins,User Admins" --cert-duration 2
Example Response
{
"id": "ee910055-b8fc-42c2-9c67-49bdbd0f67b2",
"uri": "kylo:kylo:client-management:generic-client-profiles:ee910055-b8fc-42c2-9c67-49bdbd0f67b2",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-11-30T20:25:32.423768Z",
"updatedAt": "2023-11-30T20:25:32.423768Z",
"ca_id": "950f1ef4-7b47-4cbb-9bfb-adee2f2c0283",
"csr_params": {
"csr_cn": "admin"
},
"groups": [
"Key Admins",
"User Admins"
],
"cert_duration": 2
}
After you have created a client profile, it can then issue registration tokens.
Getting Client Profile Details
To get details of a client profile using id, run:
Syntax
ksctl clientmgmt profiles get --profile-id <client-profile-identifier>
Example Request
ksctl clientmgmt profiles get --profile-id ee910055-b8fc-42c2-9c67-49bdbd0f67b2
Example Response
{
"id": "ee910055-b8fc-42c2-9c67-49bdbd0f67b2",
"uri": "kylo:kylo:client-management:generic-client-profiles:ee910055-b8fc-42c2-9c67-49bdbd0f67b2",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-11-30T20:25:32.423768Z",
"updatedAt": "2023-11-30T20:25:32.423768Z",
"ca_id": "950f1ef4-7b47-4cbb-9bfb-adee2f2c0283",
"csr_params": {
"csr_cn": "admin"
},
"groups": [
"Key Admins",
"User Admins"
],
"cert_duration": 2
}
Updating Client Profiles
To update a client profile, run:
Syntax
ksctl clientmgmt profiles update --profile-id <profile-id> --ca_id <ca-identifier> --csr-params <csr-parameters> --groups <list of groups> --cert-duration <validity-duration-of-certificate>
Note
The updation of the list of groups applies only to newly registered clients, it will not impact the behavior of the existing clients.
The updated list of groups will overwrite the existing list of groups in the profile.
Example Request
ksctl clientmgmt profiles update --profile-id ee910055-b8fc-42c2-9c67-49bdbd0f67b2 --cert-duration 6 --groups "Connection Admins,Client Admins"
The value defined in the groups
parameter updates the list of the groups to which the client is added while registration.
Example Response
{
"id": "ee910055-b8fc-42c2-9c67-49bdbd0f67b2",
"uri": "kylo:kylo:client-management:generic-client-profiles:ee910055-b8fc-42c2-9c67-49bdbd0f67b2",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-11-30T20:25:32.423768Z",
"updatedAt": "2023-11-30T20:29:57.156777Z",
"ca_id": "950f1ef4-7b47-4cbb-9bfb-adee2f2c0283",
"csr_params": {
"csr_cn": "admin"
},
"groups": [
"Connection Admins",
"Client Admins"
],
"cert_duration": 6
}
Getting List of Client Profiles
To list all client profiles, run;
Syntax
Example Request
ksctl clientmgmt profiles list
Example Response
{
"id": "ee910055-b8fc-42c2-9c67-49bdbd0f67b2",
"uri": "kylo:kylo:client-management:generic-client-profiles:ee910055-b8fc-42c2-9c67-49bdbd0f67b2",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-11-30T20:25:32.423768Z",
"updatedAt": "2023-11-30T20:29:57.156777Z",
"ca_id": "950f1ef4-7b47-4cbb-9bfb-adee2f2c0283",
"csr_params": {
"csr_cn": "admin"
},
"groups": [
"Connection Admins",
"Client Admins"
],
"cert_duration": 6
}
Deleting Client Profiles
To delete a client profile, run:
Syntax
ksctl clientmgmt profiles delete --profile-id <profile-id>
Example Request
ksctl clientmgmt profiles delete --profile-id ee910055-b8fc-42c2-9c67-49bdbd0f67b2
Example Response
There will be no response if profile is deleted successfully.
Renewing Client Certificates
The CipherTrust Manager allows you to renew the certificate of a registered CipherTrust Manager client. The CipherTrust Manager provides the following renewal methods:
Admin's Renew Route - A member of the
Client Admins
oradmin
group can renew the certificate for a client.Self-renew Route - An authenticated client that is a part of
All Clients
group can renew its own client certificate.
Note
Self renewal is only supported for certificates signed by a Local CA of the CipherTrust Manager.
The
grant_type
of the client authentication should beclient_credentials
.
After the successful renewal, the renewed certificate and the key (optional) will be shared in the response.
The authentication of the renewed client certificate is based on the Subject DN
of the certificate.
Note
After the renewal of client certificates, the CipherTrust Manager continues to allow old client certificates unless they are revoked or expired.
A CipherTrust Manager client certificate cannot be renewed if it is revoked.
The following table lists the parameters that are required to renew client certificates:
Parameter | Description |
---|---|
cert_duration | Duration (in days) for which the CipherTrust Manager client certificate is valid. The default duration is 730 days. It is recommended not to use a duration longer than that. The certificate duration shouldn't be more than the CA duration. However, if the certificate duration exceeds the CA duration, the certificate duration is automatically set to CA's duration. For admin renew route, if For self-renew route, the |
ca_id | ID of the trusted Certificate Authority to be used for the certificate renewal. |
csr | CSR to be signed by one of the Local CAs (the CA which is the issuer of the current client certificate) of the CipherTrust Manager. |
do_not_modify_subject_dn | Specifies if Subject DN in the CSR is allowed to be modified or not. If this flag is set to true , then Subject DN must be unique across all the CipherTrust Manager clients, otherwise renewal will not be allowed. The default value is false . For details, refer to the section Renew Local CA Client Certificates. |
ext_cert | New client certificate signed by an external CA to renew an existing CipherTrust Manager client. |
subject_dn_field_to_modify | This field is used to make Subject DN unique so that the client can be identified uniquely. The default value is UID . For details, refer to the section Renew Local CA Client Certificates. |
subject_dn_template | CSR parameters used to generate a CSR for client certificate. |
key_gen_params | Parameters (algorithm, size, private_key_bytes, and so on) are used to generate and optionally encrypt the private key. |
Renew Local CA Client Certificates
A client certificate can be renewed using one of the following methods:
Client CSR
You can pass the CSR with
do_not_modify_subject_dn
flag. This flag specifies if theSubject DN
in the CSR is allowed to be modified by the CipherTrust Manager as part of renewal or not.If
do_not_modify_subject_dn
is set tofalse
, the server assignsclient_id
toSubject DN
of the field decided by thesubject_dn_field_to_modify
parameter.For example:
"/CN=admin/UID=1a26fd25-0c28-4afa-b392-a4fa970604a1"
This ensures that
Subject DN
is unique for each renewed client.However, if
do_not_modify_subject_dn
is set totrue
, the client does not permit the server to modifySubject DN
in the CSR. In this case, the client needs to provide a CSR withSubject DN
which is unique on the CipherTrust Manager.Note
It is highly recommended to set the
do_not_modify_subject_dn
field to false unless there are constraints preventing modifications in the CSR.Server CSR
The CSR parameters (
subject_dn_template
) and key generation parameters (key_gen_params
) can be passed to generate and optionally encrypt the private key.The server assigns
client_id
toSubject DN
of the field decided by thesubject_dn_field_to_modify
parameter. This ensures thatSubject DN
is unique for each renewed client.Without Client and Server CSRs
When the client CSR and server CSR parameters are not provided, the renewal parameters are taken from an internal client profile used at the time of registration. If no associated profile is found, the renewal fails.
The server assigns
client_id
toSubject DN
of the field decided by thesubject_dn_field_to_modify
parameter. This ensures thatSubject DN
is unique for each renewed client.
In case of renewing a client that is issued by a local CA, you can specify the certificate duration. The default value (duration) is 730 days.
Following are the possible values of the subject_dn_field_to_modify
field:
UID (
userid
)CN (
commonName
)SN (
serialNumber
)DNQ (
dnQualifier
)OU (
organizationalUnit
)
If none of the fields is selected, by default the UID
is used to modify the Subject DN
.
Warning
If any of these fields (except OU
) is selected, the original field values will be overridden by the CipherTrust Manager.
If OU
is selected, the OU
will be appended to Subject DN
with other attributes.
Note
It is recommended to select a field that is not already a part of CSR or CSR parameters (that is, select a not-in-use field).
Renew External CA Client Certificates
When renewing a client certificate that is issued by an external CA, you need to provide the new certificate signed by the external CA in the request. The renewed certificate must have a unique Subject DN
for each client. Also, Subject DN
of the new certificate should match Subject DN
of the old client's certificate.
Renew Client Certificates using ksctl
Note
If cert_duration
is available in both the request and in the profile attached to the client, the value specified in the request is used. Otherwise, its value is set to the system's default value, that is, 730 days.
To renew client certificate, run:
Syntax
ksctl clientmgmt clients renew --client-id <client-id> --cert-duration <Duration-in-days> --ext-cert <Certificate-file-signed-by-an-external-CA> --clientcsr <CSR-signed-by-local-CA> --subject-dn-field-to-modify <Subject-Distinguished-Name> --do-not-modify-subject-dn --alg <Algorithm> --cn <Common Name> --dns <Subject Alternative Names> --email <E-mail-Addresses> --enc-alg <Private Key Encryption Algorithm> --ips <IP-Addresses> --names <{O:organization, OU:organization unit, C:country, ST:state/province, L:location}> --pass <Password to PEM-encrypt the private key> --private-key-bytes <Private key bytes of the key> --size <Key size>
Example Request 1 for Local CA
ksctl clientmgmt clients renew --client-id 1a6b1e6c-bd80-4936-9db3-f85d1d547b01 --cert-duration 100 --alg ecdsa --dns *.thalesgroup.com --email contact@thalesgroup.com --enc-alg AES256 --ips 1.1.1.1 --names {O:Thales Group,OU:RnD,C:US,ST:MD,L:Belcamp} --pass KeySecure_1 --private-key-bytes -----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIEj1iesPsLdk0tM7Jv87sruegOPdmji9SY3s3ncdckxqoAoGCCqGSM49\nAwEHoUQDQgAEL8cvuduRZs6e/vsttMlhi9HxV+0FzhCg/zHUmXNmyH5KlmQgoaql\nVfwnHqQk79lf+55WSLD7uUwaxhYwGHIapw==\n-----END EC PRIVATE KEY----- --size 256
Example Response 1
{
"client_id": "1a6b1e6c-bd80-4936-9db3-f85d1d547b01",
"key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAnyfmh0/39UJAPAJooSLBbwFilA+OGBoG1zVJ3nmtx5kvnUJQ\nb4i7U+RKmvdqXnDcl+cVy+446jqwQQ4ixRKidmG0dexD3ErZ9JSMy2tbQsmd/Z4G\n5SQgSzwWDHNknzJ7+MDo22t7JNhRq9E4gNs7Wh26kvUh0lwPn5W9lGPAR1YpClvW\nOyPYBVTlwSQZpgShzXMSTrVlE9OqzdKg/Otjb8QvXFtxwstjB4GI+sjvo35+XqcG\nCRnea+gcsIigAXkKZP+CvCrpC3rF9X9Bt8iYsCEyo/X0SZc1eAEE+3Mjc/zSMQ4h\nyJwIQQ2su0+BPDINYVLIr6dtSN3eL3+KelDd7wIDAQABAoIBAF1Jt/gsSXz6vkfu\naYG5q4PzXeLHU1SRPN08IPZEgDX0dlJJInidvp+nuosm5rRAlyx6iO4lzjqM9+7J\n6Ft3Vr7o+iv8trITNboEsJozbSSypOaZkBUTndI7f/kAUkR2BPCDsnmagG3SVdzO\nH753wkxKDKhDAvYYfBfgX2TxKy0kSMfaG+H/WrAv6wQEHilGRZDy8XYw/z4IlwJE\nexAEDfk/mn/AUeITA8UYAJwJMGnY2Vp9+BlqNjzWpCnnamzWDf6I2bX7+AVxZIXs\nupLX5uXTcx2Q/RqaAoNjK9/UllVnMwDXDOTavXkmAowYN68tn2vInuEtf3BGHhfT\n4OVtRGECgYEA0nO544AOcWEhvDte1yGYTX8jOhaPuNkCr8bKetu1KTlIcR4X1Uqa\nJgbRt3H8Lpnd2jQ5iD/xfnuwHzr1IAOB64GuJgIuMhSzxtjqZa4c5IMs6EFvWIrk\nmnQWaTqWCRc6M9YAmFGjcedSmMgRKJvFpWQqc4ZDrV8M7+JWxROJ1mcCgYEAwZoQ\nv+HH/3f/o76+AgnFi2XOfTENqJxhwsaNVN6P3/GXX+9rtKh2S02sb16yTq+Llm2w\nDMBHZHaJhumF+5JtkLWON+hfVQDsmKxtZ2c07303TMOOcOjxB1b+swgTG95Xv4et\nHt0+LE9Wh6rTKPs8JzQBAl3VrWbQQxIkFoXwNzkCgYB0jA5YBST6eTY7jg2ZyksU\nL+KMWs5BKj0op0ie/Wm4aLbLnkTIpEX15TTjCMcF78RDAUUTRYYx68G/qeDyV77t\nc6XD+tUmevyMlLhKk0AA9Pw7q3FEcbbkKoH2yLEqW6ip6EvwDtYbUGYXokSOXqX4\nUB6KV8LHEqqRdqFjBs0A5QKBgDRpTwuDRi+E/vIHW00V9CLOxt3hf78bxuOB+RT2\nw6BuuPpByLi5unycZIgp7L+cin+I5lYtX6Z06LpbUehPNdYtMHk2MUjD3UlftKZ/\nrDcBgQ0JC/DJPycrh/xTvUiYIs05H8bxQjmgqN5FgrDfguNiErvfR0+QO+VMbfSj\nAesRAoGBAIxO3Vls5HiIZSpIjE2Ab9ojrgnbWPEbIowOcjhBzKZM7zcLfF6vibO2\n5mfKp9JLZ+YoVggJispBBvnBXhzSSgcePyrvfp1DASQaGs8LtAb42or/7KZvnIzd\nNehsZhUOPD4Lnv6Wh5pzorjVbIbm315uO1PKxD2OEB7k3G5xMRn+\n-----END RSA PRIVATE KEY-----\n",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICczCCAVsCAQAwEDEOMAwGA1UEAxMFdGFuZWowggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQCfJ+aHT/f1QkA8AmihIsFvAWKUD44YGgbXNUneea3HmS+d\nQlBviLtT5Eqa92pecNyX5xXL7jjqOrBBDiLFEqJ2YbR17EPcStn0lIzLa1tCyZ39\nngblJCBLPBYMc2SfMnv4wOjba3sk2FGr0TiA2ztaHbqS9SHSXA+flb2UY8BHVikK\nW9Y7I9gFVOXBJBmmBKHNcxJOtWUT06rN0qD862NvxC9cW3HCy2MHgYj6yO+jfn5e\npwYJGd5r6BywiKABeQpk/4K8KukLesX1f0G3yJiwITKj9fRJlzV4AQT7cyNz/NIx\nDiHInAhBDay7T4E8Mg1hUsivp21I3d4vf4p6UN3vAgMBAAGgHjAcBgkqhkiG9w0B\nCQ4xDzANMAsGA1UdEQQEMAKBADANBgkqhkiG9w0BAQsFAAOCAQEAELL6Si44XlK3\neelk7wXthn+I+Pa0BIjHx90koBTVW5RKLAALsaisYjjAjAPJlfisK8aQMVS3imD/\nucSGpCRgqhY1oOPOALTp/mwWTsDuranFd/hfNQc5DpqpGGOXj5NHTC4si7nYPuRL\nHqqn/qHN/gCgh984v4G07suJsxQ1zA5beeyxRORE9/UmSpkyjss/olw+c/ekbc+G\nr6+Fp41JwOhsH39kT/eLgF2LnDXdFWbuF2Q13Y7jRVfT1lMRI0xuyO0AnCIMayMj\noIyQNbnFTYxSzsRhgTZ/85tXtoaLva2h/dy+21f8ufiAxZTUQWPN914DgozGw4yN\nl9qKd9SKTw==\n-----END CERTIFICATE REQUEST-----\n",
"cert": "-----BEGIN CERTIFICATE-----\nMIIE5zCCAs+gAwIBAgIRAPPwaSrfpbwXqCG3dSBAA6MwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTEyMDExMDQ1NTZaFw0yNDA4MjcxMDQ1NTZaMEYxDjAMBgNVBAMTBXRhbmVqMTQw\nMgYKCZImiZPyLGQBARMkMWE2YjFlNmMtYmQ4MC00OTM2LTlkYjMtZjg1ZDFkNTQ3\nYjAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyfmh0/39UJAPAJo\noSLBbwFilA+OGBoG1zVJ3nmtx5kvnUJQb4i7U+RKmvdqXnDcl+cVy+446jqwQQ4i\nxRKidmG0dexD3ErZ9JSMy2tbQsmd/Z4G5SQgSzwWDHNknzJ7+MDo22t7JNhRq9E4\ngNs7Wh26kvUh0lwPn5W9lGPAR1YpClvWOyPYBVTlwSQZpgShzXMSTrVlE9OqzdKg\n/Otjb8QvXFtxwstjB4GI+sjvo35+XqcGCRnea+gcsIigAXkKZP+CvCrpC3rF9X9B\nt8iYsCEyo/X0SZc1eAEE+3Mjc/zSMQ4hyJwIQQ2su0+BPDINYVLIr6dtSN3eL3+K\nelDd7wIDAQABo4G7MIG4MA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFFjNnvvBFxGnHa+KiXmdOsib\nf+z6MAsGA1UdEQQEMAKBADBVBgNVHR8ETjBMMEqgSKBGhkRodHRwOi8va2V5c2Vj\ndXJlLmxvY2FsL2NybHMvOWZmZWJlMTgtYjQxMi00MDYzLTg0NTMtMzYzNzBiZjQ4\nZTg2LmNybDANBgkqhkiG9w0BAQsFAAOCAgEAzSV/HlVR7KJ80DG3obKmGbIbs+0y\nXKt6Js7BFjo58GlyguXtQYX+UTXr6OA5MiPWYYQSY4RbXWX79lqmo1XQLuIpPN7R\ntpDFk3rn9WYWF7fKWFLSMXPDz397cZJ5WHP93EootZyeDiSIqHmtTpSW+cJ1l/j7\numhY7e58nJ/UmL5bHc5npLeXNcEbzbwDcMVtOZ7P8nATexO4nXgQZemZ+VHRbVhn\napKG5rXRAtl0kg6ntqf8jfm4np9RN30gAhQaPIn+r5Cbvv/LbXkcwY1aY5KGV1KW\n0rbBl7CbeMQlkhhKW5l8nXbxdNj1ZgvPCi+KGcYdg5VOg4zCCS7dWPHYfNmEkJHu\nVhz7xeVwFLlxRdW7H6R4QhmBgPrzIwqtnfPzbs+gurtzfDGMrlCFF+49KASCxMev\ncVSZZROHcpkQ0PLAUhTYCOib/ZJfi9u57HYy0d0pfnP440qr2whsVlwJvEN9GS/D\nwEnumdN3VNTXE4NZlXG/tFK4kiUXuM8vGMqCvJr+10yxMmZdX6Qgi6z6VebGIJ4w\ncRt83FDou5qQmH7kRjXV8cXyGtIebBPwXcCKO3iMZNxpbs3P9LQx4yqwShQB3DcI\nM7MgMSgczHFTqrQJ3G3+vPpX2dzBXEWAC35VKjmvDQaSPk/woyjL4mVnlIDyrIpn\nnTNcbt1L9MVxlXw=\n-----END CERTIFICATE-----\n",
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIGJDCCBAygAwIBAgIQDOK/DLL6BXSYFbnlyJAjDDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTIx\nMTEzMDA1NDY0MloXDTI0MDMwNDA1NDY0MlowXDELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAwDgYDVQQKEwdHZW1hbHRvMRwwGgYD\nVQQDExN3ZWIua2V5c2VjdXJlLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A\nMIICCgKCAgEA3zVqkxg1hUkeYSGgzYM7v0vpjiERp6EPv3vDj+hCVgIEqjlV5vow\nd1X/mmEXBpzGDTZLnM50l06Mfj8jpz1TGooNe5/hPHLJEPUnLGs2FFiSYZ4KCZb7\nzV84iRKl63/OU47QntmtwuqPJg4SAQkBe6ekr7WrJr53ZlfsoN+c6ciKBA9MqCL9\noS1av2Q3f+WcFZrpbWEehrAyvlSEoletbjMtPQ92XGUjJuRcnp2rFuh1AR9NHGv8\nQX11oLo2vOR7GuUVScI8ZNHNXYkfoL5H6OeTh9es7clrM8lg3M0Ssgy9pH6F4/ej\nHvIqHBZK7SdBjUUQz3rSD6mtWxOsnoq37tvUscFsiYOMVrCmHS5xykIShHQhzs5W\nv3352Z/IcUN9BjvH/vVoQbMBSv4BZjy48GsSwe5lmCgTc/Z0jzuBYLzuhAd02Y+2\nxi/bhQvAFALmoXepbtnGmNoLDFI1CpfDTfGPlWrHShg9yJQjW7DzoWJZrasSFb9m\nhfqriDoueT6PNEfFAE77CIdILPELWSsFmsT56FlUQj1jveATjvou0nJiAHDdbkY/\nTNlTtINR6w7uxBfiHdPIRtVqyNGT9qyHJXXa9axBY2Sbo/pDGvc0X0R2IMtjwU08\nZ5FMqATI9H7P5bXGPTs5IXYAQTqTSSmn91rB2LQZIJR6cvUf6R7eD3sCAwEAAaOB\n4zCB4DAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0T\nAQH/BAIwADAfBgNVHSMEGDAWgBRYzZ77wRcRpx2viol5nTrIm3/s+jAzBgNVHREE\nLDAqghN3ZWIua2V5c2VjdXJlLmxvY2FsgRNzdXBwb3J0QGdlbWFsdG8uY29tMFUG\nA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly9rZXlzZWN1cmUubG9jYWwvY3Jscy85ZmZl\nYmUxOC1iNDEyLTQwNjMtODQ1My0zNjM3MGJmNDhlODYuY3JsMA0GCSqGSIb3DQEB\nCwUAA4ICAQCYi0/YtLHBnNIBj+IRGrGo3h1mFk+LaKR98D5dSBZd1Czj3/SMF0RQ\nqDWi4KLu0Ro+8R+ok+slp19ZAV5wo6wlUMZM/IMwFND8VE4SrO1X4wjPEdLmRWnO\njzHXUHNzEOozzwrsJOQP1wReY6Dtz0V/i7zS1KerctN6ZwQAIBM3ZQ3T+TvN4D8e\ncYfkPTcgo/HEBDjO9DhRxTE3wmU1eKDpY4Xv9iPMfELnm36Hm47Ob0Txdk+KD+G1\nNm+z9yWgJZ3POaNhROF4itefEwjiqmTkf8BGNTe5e6+pRzHwr1An3AtkydufPnuX\nQzveCajhQi5edQpUad72LDs9vgMcCUseeiUF0dcjq9Kj5mJUFUnfIPuRPY36oDph\nUJlT8P5TTd7wngMoxeGpz+qrJxkrZ7AIFdquA9GM8VLMFDi9ALIImnyNg4OPwjaK\nJfCDurIZ0d8Ba4cYqqiHLbuD0/a+/xYGwRvoQwCOM7OJ6oeeolO1JVOzJ1dV9PEI\nlJmQMt2XBH06wNV58xFQ3VPhtZM6JuvAQGd/o908qmOuDvhMcmMMu0FsJrCijxTc\njj9Q3XpwvZKAYb+NduyIbQ2DqcFBMisV4tgyhdBGHTtD7DILOy+Rx0fU9jwz0hny\nNyBpD4LvK1Y4ObWnViiwUAEQPzAEz3LWz/U2J9YMZpI1yvyfB+Xy8g==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAPx8MV+j0NqVPb2EhQpI3IQwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTExMzAwNTQ2MzBaFw0zMTExMjgwNTQ2MzBaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDb9AihTQfx/QoOuhyOEVmAfXF0W0EQhNApGIazTdpHZ1fkpe9qqZAR\neHPC5ME9no6N7KqaqgovHzNyYU/TA6tFhduS91bjI0W2aS4wAldGRLA7LIfcYnV8\nXuBp0x2otyjf+tJ1UAfmZyWkAmlJkfbcxHwXtBSoSV676qd/DnyqxS4Spj4GyHTl\nTJM1Q1utHjV6BiY2AcUAlKYWC4R7sKkf2dN8Ce3eyiI9RU6UFijcnCicuWI9W3MS\nX2E33RFgJy/etN3dBWxs9+xHFYgAbc11ORZU1Im4xbhwP94hhXBbfIoajHsDetL7\nCoP2GXPvODXUntJR4iQnN4ITlwEK62hGfjGGdq2a+1Xqz25bB0Qzj2FHSeCeeAuQ\nLWZKC/3CcvkTxBVSzzv66rzMKqmY9gSs8tenFbSuK58tGUxNR6HoklCBi/vsIokN\nfHLBvbA9BYAHA4mLMoBBPoj2uoGJphkm1J5J0YH4vvyLxG425Z8NP0WVlMdvL+OG\n5NPJg/+kiANpcy/RDMMySBY6dCbxdm7ojAtu9JM95/Z3V6VjQFalNMcKP6gCzRVx\nAoUQ9cKNuJHCIN+N0eSbBGm8/uSC1F/y5CiVLDEV3zKDxq/NZKPkUS3YGime7c14\nw3S39bi7uUr7NIdalPMzMrDtu4xNJY20vByJG2UeQTf2KH7ve4WFRQIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWM2e\n+8EXEacdr4qJeZ06yJt/7PowHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEAF4ZSNiC4SRjiia1yo8avfDVoXcqmfZJVE2Ym\n9rPh8oAG44MHu3k5tnt1U82cnv2bLRSsdci+SRFb9CAunWPGl68D2D8LmUubjVBT\nC7XxwTmaxXKxOEwdbK1VXjszw8kS3F17BguJ+9ZbobwphuszbwGWGqnT05QOTDdM\n/f/6VsJ5wG5mz+xBjiFqOT9DIzBpXb+TBOVnMa14Ie54BLOmhSo6y2HTfO8EYtG9\n+FQEq3udXcuKfhHGa563Fy1uiLPvD0xuYeJxmwCoTqWyRla06aYUG1LAksRLlJHD\nwtHOKExJBVTm46ITVZqiQHweoPVYnHLZQ6B+tF2EOb1rURGZ3DcZJ9Kr6/xE1yz2\nvmjeF0iBMmVr83LdDCFo75TVquYlY2+iMq4fpd5eh20vhvj5DMc9STDxNNAYiu31\n2kDnGXJMsrZaCqb7SFw/X5Lh0zImHZUoaqMxQzlzHl9xGfIGWXosX7X4MKZhWHBK\nM2ZNGifh9Kub8bdEKDP7SID/Mph7P3eDkAX8auHTRPQEM+iyTkWRx6ohvjpjgI+S\nawbGlrFwX5BAk+epiWVLimr644aLyAZh8tf5rT4EcbqtWeQQwpJZDhmd+ykk42Kn\nnDRcs5LpMNPX5IqsdZ0D8dPhhpShqheG+C7pCE6SgEZM8LtwHprKp1XjkIK9g5Yg\nRFAuSN8=\n-----END CERTIFICATE-----\n"
}
Example Request 2 for Local CA
ksctl clientmgmt clients renew --client-id 400a1593-c80c-48cb-86c6-466c1f0b7664 --cert-duration 100
Example Response
{
"client_id": "400a1593-c80c-48cb-86c6-466c1f0b7664",
"key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA6OYYStxJNTZPqJItHuiVvGM2ruKrMQVuhzPGn321QTJroKrA\n4gjOi4jEIg7i3f4MGHzaVfRRKm7+ciRJniAUyCIvohtFXe3DEyKEzspftaokejAy\n+8NkTZOEsDDpWRujF7VXZTF2be3MtOo1ie/dyuCwajmVL7t/DQU9C+I/gTHGAMz7\nx4vALfiolxNEmCdWgKCfOCoT4surirdZNGZpzI6h1QVovcfsGMVotiMsPL7a3svc\nS6EgrBJkYTSYuwyYGJ6CSwMm5CyhMflbkt4lsVAhHJGTZeGWzrGW0Ku0tFDSAygF\nHrKPjW6QqfrhY2uiKfG2X41ZYMV4A4v7DMPYSQIDAQABAoIBAQDfSTqhCvFlAtz8\nUKjRqUtlgfk7UjWumfaNySX0YyETkLN/JjYmfysGu+jOflcjXh1anNj273WhqShp\nZkDuSPOjrKLeWCb5Fqqf/cg2Oe/oy2aNfwhiN8JCXdwoz7voooaKhGF1syZH3mUU\nTjdmN4H8r85zCSHu0WPNp+gPLKqVwL5NBzru9CyTggLmxJ5lggG4DQxwPJ8PWhDa\neHaLZV46QuaoAX1/l+dDJWWmTDwqai0KMqPyLf94kmzitUF6R1UI1qkA6T5FfP2v\nvkqTbDxxmxiQy/pSU7jUYftEN4MtpHxb//czB+1VwunrQAJ1YDWCJ8+QHY9zTeHl\nPaSyWXsBAoGBAPYQHstd0F47Jyqv0a3cP75wGieKoqftaYARrZZYTDUoUdhWg3MA\na+2cvUJRYv7GXypjaRdstkmWmkJPmp6PIjjV2ESCO7gfd0VzynrXIhRGzXjCrgP7\nXcjKcFP7AqHREwcgWNY/sGZwzJH4VTR9cQKMAJMCwy0i19jqP6FqO2llAoGBAPJN\n4RHhCGPOxjAYo62jt7ceexsvSOhbXkHx3KVQKB31AL5eEz7QHKq8Yz/VyC+WKRhg\nZgk8MianWyqnI1CdcKpsg2oVG2Z+lWcIthq+xVNU5uDByGVgKF0ChBT7IhnXiouV\ntHE41+qKBSZWNfMV8qBCXH+jiESN3JX1pC91CbcVAoGAInlztw53yRwEisiDWhaH\nn8jZAT09OMXciCLx7SSF2NTDUsocNJqUhH/3TDlW41crsianbK7Ag2LkTfIVOa3Y\nH5pmaILOlydhcIuejMNjdO/OjeLIuqoXI7CpODrszXsbbV4s1CesMU4Qe0sNtQL2\nOGMhGXfDnKlLEIsRSy41ELkCgYEAyG0HGUTtLbHiWfJnob/kvUInTotEYX8CbsXj\nX5L4PB9nKBClFrYKoGgIKMtrNYGeKJ3EiSsTyMlyLcvm+E3i3fW4lk0zRwq6Bmo8\nR885Zf66o3tnigOKH7VvD/PTd1DFN0Tz5xu/7i+Qpu903Mhw04NRA/t/QkWeCyUP\nVHoZOSkCgYBjnkWTLZpN1z+P/hJ1ycOz5xoBwgGPmaED0Gl/6f1NcsDxNh8HFLyC\nOHtn79uSPjjRfouTXqOFNsoVqsIp+TogDDLgLpM5lsCTjXQBZTTa1Go7G3BFQkUr\nr0mPRUNEgzQJ5w2Lme1OSeHCD0xCH0WY2ur1yRW6k39T+ElJ3rD3uA==\n-----END RSA PRIVATE KEY-----\n",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICmDCCAYACAQAwNTEzMDEGA1UEAxMqdG9rZW4xZjI3YmZjNjYtNWZhNC00YzYz\nLThjODEtODlhYzgxMjVjMTUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEA6OYYStxJNTZPqJItHuiVvGM2ruKrMQVuhzPGn321QTJroKrA4gjOi4jEIg7i\n3f4MGHzaVfRRKm7+ciRJniAUyCIvohtFXe3DEyKEzspftaokejAy+8NkTZOEsDDp\nWRujF7VXZTF2be3MtOo1ie/dyuCwajmVL7t/DQU9C+I/gTHGAMz7x4vALfiolxNE\nmCdWgKCfOCoT4surirdZNGZpzI6h1QVovcfsGMVotiMsPL7a3svcS6EgrBJkYTSY\nuwyYGJ6CSwMm5CyhMflbkt4lsVAhHJGTZeGWzrGW0Ku0tFDSAygFHrKPjW6Qqfrh\nY2uiKfG2X41ZYMV4A4v7DMPYSQIDAQABoB4wHAYJKoZIhvcNAQkOMQ8wDTALBgNV\nHREEBDACgQAwDQYJKoZIhvcNAQELBQADggEBANdr9K2F96rLVv7y9AtZKGXm7ick\niq6A0TNVleqRBPYMtCDpU+YsmR+d+16zkyv+YkqASwQyk+jBoqykuxjPDyNZSlSV\nSsq8rCBmPQZCxu7pashPJZfXP5ilz3VLA04kvaUKY2GcJdjPrVVN+tkVXdYEqWH2\nGJBWCzfEQlAUQqu1WJwl5jUworu+TLBg2ZJuK5Jj4wx2tspt6Hu4sqK13w53LUxb\nXMVuGo5bL0/gC/TKZb9yTS8+wtB2ruGQ58A58yGUTqijyNl5TW9yMv5kW9ew2PHI\nWPcIoU49hbQK53KSjWzeQDBPDUVhkE5keJ7oEKAYUtnyrrsxf3mvR9LZ/aM=\n-----END CERTIFICATE REQUEST-----\n",
"cert": "-----BEGIN CERTIFICATE-----\nMIIFDDCCAvSgAwIBAgIRALVRaI/kybfrJgmQ4h9U//cwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTExMTcxMDQ0MDFaFw0yMjAyMjUxMDQ0MDFaMGsxMzAxBgNVBAMTKnRva2VuMWYy\nN2JmYzY2LTVmYTQtNGM2My04YzgxLTg5YWM4MTI1YzE1MTE0MDIGCgmSJomT8ixk\nAQETJDQwMGExNTkzLWM4MGMtNDhjYi04NmM2LTQ2NmMxZjBiNzY2NDCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOjmGErcSTU2T6iSLR7olbxjNq7iqzEF\nboczxp99tUEya6CqwOIIzouIxCIO4t3+DBh82lX0USpu/nIkSZ4gFMgiL6IbRV3t\nwxMihM7KX7WqJHowMvvDZE2ThLAw6Vkboxe1V2Uxdm3tzLTqNYnv3crgsGo5lS+7\nfw0FPQviP4ExxgDM+8eLwC34qJcTRJgnVoCgnzgqE+LLq4q3WTRmacyOodUFaL3H\n7BjFaLYjLDy+2t7L3EuhIKwSZGE0mLsMmBiegksDJuQsoTH5W5LeJbFQIRyRk2Xh\nls6xltCrtLRQ0gMoBR6yj41ukKn64WNroinxtl+NWWDFeAOL+wzD2EkCAwEAAaOB\nuzCBuDAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0T\nAQH/BAIwADAfBgNVHSMEGDAWgBTDoXJ+X/v5BV+0lfJsQ4ESkZERCDALBgNVHREE\nBDACgQAwVQYDVR0fBE4wTDBKoEigRoZEaHR0cDovL2tleXNlY3VyZS5sb2NhbC9j\ncmxzLzA1NDk3ZjY3LWNkMzgtNGJhZC1iNTExLTU3ZGUzYTgzNDBkYS5jcmwwDQYJ\nKoZIhvcNAQELBQADggIBAEe1QfNKnUZCDuDR9jpQgJ1B58nLre1c7S3Tgad6zzWG\nhkDPEdYms3tXAZie83fSfEjH7Bl3843vpmxDRAUB5HYViRdOWrzVi9dQ4Ui+iS+H\noYaH+3rIwen/2JiB271VkqnBIimPaqC9c9Blfa3a2P/QqID9eOHR1dAsW3g7U07V\nOfJVCNY5nnf1Qb1L7H8E/9smT5CAxZJJODY1xc7tCvdtBH/xI4ARWX2/anerXt+o\nbNmSYRW4CXFzjG9aMzvlnr1nxDT3hiM9FanSfcSoBEaApXurbQ0DqLm+zFTijkmM\nZCOjc7l0OI1DrUJw4H6xhlyIUYPe6MMWqcf9F4SoyZrNB/JOsGooBWmbgF+H+HAj\nMsHfwxZurUbfVPahloMnjKc+f0EokOGCaxljeYDBsH3lT1rt0xv5kGfJZ9hNnU2I\nHEu9qo3wXPY8uc6QLRDMBo/GHTWdcg4+oTKo8JtZ3Nt6gKsE2NxLya8iePEuD07I\nSOhGhYWBj4/imGZix0IgHQTjdjQ+sshzVAVaHmdoQvliWIcnCNH/QNRHz3Srvc9V\nw2awfMyYb3n/AieuMKjOrB+A756W4HgZE4ZcdHZ8XNGXRVhQJIBgiPbqXNbzhlpC\nIxeEh9SyF8HXqjKtged30Gz9FtJMwrG5EhgW+OirxnliFEasrT8Oi4YfrmWChOX/\n-----END CERTIFICATE-----\n",
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIGDzCCA/egAwIBAgIQEGnmm3c80WCH7akwX62ITjANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTIx\nMTExNzA5Mzc1N1oXDTI0MDIyMDA5Mzc1N1owXDELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAwDgYDVQQKEwdHZW1hbHRvMRwwGgYD\nVQQDExN3ZWIua2V5c2VjdXJlLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A\nMIICCgKCAgEAyNZ9j0JYbDqX5hQazNrXyuNifuUFiKCa4Od5/sXNALeFtSVYlcII\nct38icu3MSoA8CwnXxI2eMKzH2iXC0NxoweTwJzWd1glLbIdjUGHWW2tc71shEPP\nHxbduQQo61spiRwRnwpyeGhAGjIzzFKB9T0cLSLusuYW1g6LexjOe0+GqsUtLFdJ\niaWBIi3AERAlxqQKMhhn0drjTfUlXxa+h2Oxji8L+32MHgXZT8wKPR3hCrg1Mll+\nrrHg+bA8QlkYE5GhKpijRGIK8PmB085CWStJSTwDflb9ELbjQFAYpX7jgt3ueDj9\nMMDSL5QHET79C8e6g9PCbi2Je8PMro1DADX9CcKpJhxZ21/bp8a7i9bpmdpE07CG\nfoszxKP0c9KjVzJy3S8qBcsSoOg9L1eZG0/gQpTRMqa3WUJlCMxbXWqeAAOvVr3o\nrz2Wtp4S5d0sFwnMloq7Fq417WlpuFRqdzDyeXQkiUKli77cIVKUKn+wHNuR81aP\npipph7lrnGKV5rY/+c5ZfqOVDsGqc6UKLy/5If+Yo9u41bQdyfczdgZ7EVdeRIhe\nHWYeM4VBSb7HIPJu1SsQ73rGkXHlDx1CFEjcMvOwmUCUsLbBi7d65n0J+VeGwZgi\nho/ZTne1v6XjACipJ+eLXe6XsHWtE8BWAuY/j0gFFSm0ktmCXYZsRC0CAwEAAaOB\nzjCByzAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0T\nAQH/BAIwADAfBgNVHSMEGDAWgBTDoXJ+X/v5BV+0lfJsQ4ESkZERCDAeBgNVHREE\nFzAVgRNzdXBwb3J0QGdlbWFsdG8uY29tMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6\nLy9rZXlzZWN1cmUubG9jYWwvY3Jscy8wNTQ5N2Y2Ny1jZDM4LTRiYWQtYjUxMS01\nN2RlM2E4MzQwZGEuY3JsMA0GCSqGSIb3DQEBCwUAA4ICAQCGi568+o6bcESMM73n\nl8N5Fuj4pKsnuNG1FeUvIBE/5Y+IwuVMBasM5PMznp8u+ZmWwNlCx6kZsRk39UxG\nh0j9RPMOMkCND0UoU+Kr573vQhXRicCyUprsb+Gbkk9uwBmLbEHNhDUlPYef8B8M\nZiMrVa7ZGbr4Sn95KDonN1LaQzwc4pNNgKV9RY7b7yGuWqTSzWnfZ+7PE702ybi/\nM/CiPmKiDpI/zBFqB+8YXnoVuzK65DkKcuCf3VaDLdJDklOgt5OeAqXMnJlP6Aof\nblskPBzIY8SdPrWDUOwE41mqkIoG/Z24if/Gz2vzq/fFOpebp44arjVN+N6psmKU\nGndaJRItMaYjka3Vj90dZWbUEIiewQFqtHNmOvm0aU+5yFglH5cZ7XEIjDOVanxn\n6hn8H8qp9kXVzNe3NdU2Mqtrejcal69PEzu206RPxhuk13YhefWFe1n8HqHZQQPI\ne7veDVKYwgGSXYWDhBeKbkfMd8xcQAH3SmZk1RlOwKr0NiJ6ZVP03E99dUtvwiWm\n5ZMT1e8sY9sQfpk9sKtTaYhNFaD4Au8JZSWipW47Ns2qw4AdgKa+qvYj7cvLZSmQ\n4ocyYutg/vwtBAP9+tSEelP6xqhFJUxjTidwMfGpc5KycYASBpo1upZxoEr1y5rC\nxG0bXUDXI+FQBWY7Kp12AyoeOA==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFoDCCA4igAwIBAgIQaTaqi2oHz0l2L3YTFudOhjANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTIx\nMTExNzA5Mzc1NFoXDTMxMTExNTA5Mzc1NFowWjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAwDgYDVQQKEwdHZW1hbHRvMRowGAYD\nVQQDExFLZXlTZWN1cmUgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC\nAgoCggIBAJu/0CD4wQekPWqbidlB1DT3SOp8qWVzThnOqf9c8YcMMptlD8ca2AJG\nwv8yq6UP5xKPzIXSvP38MVtdQdkk/NS9/k23CQt5XxYFExgTy7bQhPNfUf3wp6iH\nD9/remnttB4yeunc+xwgFEJ48zXdlWwU8BVkpWK4DV7FB/3O/GX0QpQvrCpAffgj\nNEMVasgAtDBlDe9wG1/YATncSP4SrXjmUKXmCy4g9PDIKdY+YdE3uclmDok1o3UN\nE3c7tSUDuc8TJtZUXXn67X1d87oc1eCoRoPrUmpH2HrFIRzvZKy/SS9G5qM0JA1Y\nvzqAy/3ntXpJO3X2FvRh3sHbDmIrAQv1GWSMUedbQRMFPA8V3gKN86FQfovnQzhc\nQylfmV7cG2e+2m8Q8FudEeoPfI93CXRd9hqWNEYr+Va1fsQb4CR7w1rjsQl3Wo6j\nVAKxug4ficyEWYVrQUuz3xF2+86iXJsqiuCzK1P0vRTiW33Agu3XhqZjSzTH8y1P\nASnZgBp2+Avbn/RFHU66c6y+sqA1tK8wMkHf2dA7LH4Q6kAgPkm2WyBUCOi2kxYN\nxmjLFY7sMREDVf2UYek1Mw5XdxsTSOP6ije4+8M8I3CbqhVzWpDS3SwBZVSCU+VD\n4+p3hupy5TcQ78Tv0fUOgod0pwn0KHnQaDGdLaPhOi0WtrA7ttMlAgMBAAGjYjBg\nMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTDoXJ+\nX/v5BV+0lfJsQ4ESkZERCDAeBgNVHREEFzAVgRNzdXBwb3J0QGdlbWFsdG8uY29t\nMA0GCSqGSIb3DQEBCwUAA4ICAQBdeVQhdJJehxaChK3VF4MxxRgdRAjgjG8OtjQe\ngdziluPZNNiHDOt3QV/WYta5+ChDpbtSMf+HWyIKCo0IekljRHNjHz2LqnxO/Rnq\nqGVBZ6ctPiN/kF44naDezMxE6VEoa4XepbAIpIqA9WXohtLN2GHlGNXFLsPFrXxt\nVE0Do5hBRH41QagdC1cIRwwFykRENZmwQhkGTdDPN5NsZWEtzEoXJTRiOxNyGv8t\nzwV4dWm+fNjJfeGqdCuetv2RhF5RYb0TkecER0TpXc2/6wgFWOpAKvB1jDNXJFjg\nzJK0K+4Kkuwx0odI0brD/NdmivfW6gneMfKMuQxEpHc7AnVNst+OL4U6oky9vCOz\nvMyb3ysF7fXnE7ltRWgg8YrlqHucP+kAkU0XvNv664N8qlMb6gjFqb+xG2njrzHA\nHSNnDwRwNdjB0410kMgkBzo8v6doIjJcZGZQy0RGuzz8mse0KeqaCQwgAlEB+UW9\nN6dReEK03W7IS50JK6Bu2F82zA6teCKVWWhncDVfmDS+UYYYXYs5DRmOp7a+Ly1s\nEb9aDFDkEW1foheJakWXQAjdhWAgJYO4lMp7DKunFB5QunPWp38rX1hC1A4CKAkg\nxXVj92YLoLmTQWOHeG3IQ8mJZ1z2a86RqvWBsQzeMqA1VJRFEa/QE6p7c/oKOks+\n+fpqqQ==\n-----END CERTIFICATE-----\n"
}
Example Request 3 for Local CA
ksctl clientmgmt clients renew --client-id 47e5049f-770c-4be8-85d2-51bc9c39f0ba --subject-dn-field-to-modify UID
Example Response 3
{
"client_id": "47e5049f-770c-4be8-85d2-51bc9c39f0ba",
"key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA05wMhkXcSieR0XYGQKlXeJ4QBqs9wT2DsZnnAyFwyzWuW8Oq\nyb57t3bVXoZFh3RY7V3k0VTwOY/JjwTYfzWmc6it9YtGm/lFDskfVZ4R8iYgDHUF\nzxERcNGuiQPDJBQxxiFiQ/Y1gHNXdq1QS8UfYLrc4+DpAnTfQOJ9xZVq/jMOB9qa\nMWGzSn4G3rbzbUMRKf2mf5U8/5dBcEIbHQURZosdXs4nXj3+ZucidVx4/NTyX1Jm\nA1tN+TkgoSyta2m/G4vphjyMX6dWAjnOIATwQHxR/ZyPKDw8qc/RZx5TVu7lTExd\nLGepmB1AMwFMvh/mwJVaX0rifDMo2//jGTGKLQIDAQABAoIBAQCNGrCLVMhZNluY\n1d/DfGhUiOnc2JE8az2Gzz5pKwJgrvIORMJ89qTeqMIM3vI8KcwmtAahw8bQS143\nHR8UbH0LAL7HTlEOLsDq5Bgd6mLDGsMiK2JtOk9r8JY2zShxxXmPSbGR6fqxJbh7\n7YPukoqi4NfsqIwX1EEOrjj56PHIgKKBvunZuyUgMZZqyibE6AJBdp2udcjPN4Y2\nruuh7vHtfMJ1pwjFTgaQd3w2dqWHdI/jw6RdfIsAuMTiZIEevq4iN9kcY6rdQGc3\nBIvorbA9B52CoJNGPLD4/1NGiO+BlCQTKvRSnCoQgBgiZQdNXp7J+p8hdEgkEv4h\nFp9R0NUtAoGBAOij15pfIN5u32v9rT4u5DbWCoUXV417R467D4MLEyImxU+zTfqx\n1J9fyvc95Bcpn4OmocErx05aRGk9AMv3xQqw+Ync1qM6l/jB5e/FAsABjoU2y3Xp\nmJjFrK2694Acc5yMv/roRFj9P2Ns9drujR55MxXfz/mew+VqD52X8Z7HAoGBAOjb\nmyC3S3httTCYaECuV2gJKVnoNL0ne9FkB063mwm4BX3ktnhAU7iI87ulTXFvnFN5\nWa5pzkhbp6ImNwyBqafMfPj2wo8noU63E4lcUTaV97/dPBzpstWoF1P6b8TAFjlj\nA/FKobDxCWgvXtK3m9l98VkrnV5iyP01EdRccWtrAoGADSivWlkFJ+/HjXk04m6O\nlBd5UtvmJOeTPZyRHQ10UJs2z/JJd+O1Liqh9Wg3zaOaFT1Iqv+J74GlmvpLYD4s\nlBU8mDK4pVT8IaL+GZjgNfIgmKJn0cybyBBuWwlXVJTHaVSAy3V14D665inUokSa\nEN40KImXXvw/AmwEZBqjHSMCgYEA0iO02A5yDkk7NZKkqpJrENkLtzZFudoS9EEI\nEzLAuEGYuycWwGiU5Ti6dEHWJKOreO1PUIXtggEsw7km/qNY/rQcp/TQWa5S9R1k\nhRaJt/AYt84ofJMuL4BVJRUhnnYW2E0R9sP6LRso+RuewBywidMNZgJlLxOI/HDT\nGUkflecCgYEArDjreHvkBl2vkuCTMBIFBkNO6f9Ka34ljbtOh50RMrvX7X75XKGR\nDgVhIYjS1lXL6QdVDZekdoxcCnrtqyo8KgFnRLUTEGRHc/qsLwtBYYZwMJJR4siK\nv54xIPD4uHhfVvTcewJonL+rCltON8S3XsnCWG0g4RGOeWVzhlKBB6g=\n-----END RSA PRIVATE KEY-----\n",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICmDCCAYACAQAwNTEzMDEGA1UEAxMqdG9rZW4yMDk5YWI5MjktMTk0Zi00ZThi\nLTkwZWMtNTk1Mjc5NTgzYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEA05wMhkXcSieR0XYGQKlXeJ4QBqs9wT2DsZnnAyFwyzWuW8Oqyb57t3bVXoZF\nh3RY7V3k0VTwOY/JjwTYfzWmc6it9YtGm/lFDskfVZ4R8iYgDHUFzxERcNGuiQPD\nJBQxxiFiQ/Y1gHNXdq1QS8UfYLrc4+DpAnTfQOJ9xZVq/jMOB9qaMWGzSn4G3rbz\nbUMRKf2mf5U8/5dBcEIbHQURZosdXs4nXj3+ZucidVx4/NTyX1JmA1tN+TkgoSyt\na2m/G4vphjyMX6dWAjnOIATwQHxR/ZyPKDw8qc/RZx5TVu7lTExdLGepmB1AMwFM\nvh/mwJVaX0rifDMo2//jGTGKLQIDAQABoB4wHAYJKoZIhvcNAQkOMQ8wDTALBgNV\nHREEBDACgQAwDQYJKoZIhvcNAQELBQADggEBADxqW0s5s0l+d/8FwgYg3B0Aykt2\nGe9pbeIMoqxPgo60XARSXpdrnPYQguDl/MNuWR0vXGiFUrpmNVHgM4hy8rk18Jgz\navPJ07OAShGuSELgCVguwJ/isE6sjYyjbVIE5ax3Xgfrk8Td4HcInE8P/Ebl/6vX\nJ0E/3MWzKhJsfGbCKR8oteZcxVmoib54tndEvERYHXfWvwj+u2sQ9uR7wJflle32\ntC78RDy3kd4rH09J7qLDiD7nXilDqjomigH0dUgTIZsHEcVD/8GRQUVFCAX2c6jD\nA/kpf6gwTcK2d3FNbSz4wJ50BZX+HSjXV7FHKdk6oqGfnVOYljUcgxzlPAA=\n-----END CERTIFICATE REQUEST-----\n",
"cert": "-----BEGIN CERTIFICATE-----\nMIIFDDCCAvSgAwIBAgIRAPuCN6VgZoyDZySoxPL64JYwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTEwMzExMDQ2MjZaFw0yMzEwMzExMDQ2MjZaMGsxMzAxBgNVBAMTKnRva2VuMjA5\nOWFiOTI5LTE5NGYtNGU4Yi05MGVjLTU5NTI3OTU4M2FjZTE0MDIGCgmSJomT8ixk\nAQETJDQ3ZTUwNDlmLTc3MGMtNGJlOC04NWQyLTUxYmM5YzM5ZjBiYTCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOcDIZF3EonkdF2BkCpV3ieEAarPcE9\ng7GZ5wMhcMs1rlvDqsm+e7d21V6GRYd0WO1d5NFU8DmPyY8E2H81pnOorfWLRpv5\nRQ7JH1WeEfImIAx1Bc8REXDRrokDwyQUMcYhYkP2NYBzV3atUEvFH2C63OPg6QJ0\n30DifcWVav4zDgfamjFhs0p+Bt62821DESn9pn+VPP+XQXBCGx0FEWaLHV7OJ149\n/mbnInVcePzU8l9SZgNbTfk5IKEsrWtpvxuL6YY8jF+nVgI5ziAE8EB8Uf2cjyg8\nPKnP0WceU1bu5UxMXSxnqZgdQDMBTL4f5sCVWl9K4nwzKNv/4xkxii0CAwEAAaOB\nuzCBuDAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0T\nAQH/BAIwADAfBgNVHSMEGDAWgBSuU8XmF9BxCHnuzAbrFemGUZaYiTALBgNVHREE\nBDACgQAwVQYDVR0fBE4wTDBKoEigRoZEaHR0cDovL2tleXNlY3VyZS5sb2NhbC9j\ncmxzL2M1MDYyNjhmLTFjNTMtNGI5ZS04OTVlLWJlZmNmODQxODJiNS5jcmwwDQYJ\nKoZIhvcNAQELBQADggIBALHznumvBJDSpeGOgRTc1LPeq4JurgVsqrlwH6hppheI\nGSi5QqsnxkcjSjhpTOFbW1NYry3CQcte3WqES7joW+vV3pPmr8W958FezW6WWsfg\nbhcOrdnjAuGre5hQMBzv3fXRYKR1vRZjPNK8van/WleZBb9JZ1hoYDtFw68sAQY6\nD6Yw8Edq1uGJgAXSxaw8LQ15f30qzQT1ykuuY9mX/FLbl0RKDc8Q9LNLHRXMSFm8\nj0Ffo6CrloZn+MxywATLPpr5/rlSq/4n5v9FiH5NqGQye7nqwlNPjlfZMmyQFoFB\nlqzrKo2f/Rj9K9eE/wM9e5/etnhLm4pFkbc+vtRs6CE+vdQj9X7G+u5RRvZ9AhKV\nka6wsd44SnmlABKJ37n4Ld2RXFvcoB6nBTckDBilJXNNypK618Pw6Ep5dP3+q3Uu\n2N0dxb/nMdjrSxIgDDM/LdYedhUQS6S2Esqg9jbtQtV0Skauk2PyJKRZzrhNzLIk\nyCJfr6Bi91ubnvBqnfpB0wcT1GSSY5ZpoI3hqfByFo63Kxy5hGT1pxIzD7S9A+R4\nYfK7sj6iKDjsVlMt0SIZ+JIbXDO/eqHMkpkDKZczd+hJN0UR08ER/n8/K0q6YIVy\nWvh5qq88xWmKmZxxfq59a4a0ggxdINKG7NHvqvDrJRPw3ouhO5+kB+ktJrBgDn9p\n-----END CERTIFICATE-----\n",
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAP7Ey0klaWO58b3EHqrNyS4wDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTEwMzExMDQxMDZaFw0zMTEwMjkxMDQxMDZaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDGA3nahTIT/WlDzURGLgFDN0kDwwDn+fuJ4VAk5Jy5MW73elibQoRP\nXdcM5v7AYRl97IjhRGTOprTxqzXmLhjY+XDZ1bPCEzzE6ZKNtHpDL6Ul47DFYc7H\nq4TfkLpV7fWnXjleZCEhU8Z8XNjqGNdnh4tq6MJ2C+C2tlNbbhmlYdSRwULzt+md\nbeuO74Ko6DGEJ26rNGfTyAm79k1+YamcWbk1T+ct3bhnce6pf2MM3jI4cWLBmXwS\naKReZmf9uBFGbVhjMnWGIxBgGDnY6mgEHLXSqEvhw93EEhOHNYOf8Hy1HQTNDPSY\nMDtkI5kQ0/XjEH3dSSFjwOvlXJGryx2W5BqD0UQHXSIIZOm+ao/+URKj/LcZ+V6y\n4rGJU7jrPwiYsDqxzEMeZ6o17QHfuQBfoGFqRIzvgPNN75WYhT0TgG3BmTW3KAmD\n0zEM+nvwMDPElU7SgzX1Ufj83XqoCLsGLzWH4InY3S0HlT7HVATay2zgjpkH/Sp8\nOTht71LFARyGo9PvxI3tdjZNYMd+/rXA5qA5fmq94DlGikJHMZ5n2NP+lQ+I+rsv\npmtKDZ6QQ1WzpOORGM8KOHkJgYkHwv5NdmmhxgCqzzVS1HGnWrcqiKuwWw1Dh7VI\nYYgo+INGKdBNqnLwI77vdjGWkCgjYi9uIXtNz4n0zH60CreKDgOpfQIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUrlPF\n5hfQcQh57swG6xXphlGWmIkwHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEACEE+oAGb2HTtEvshvAu4iSJe3Z3mx31Ei3/o\nMSEkyoP/aotxfrVsgFNQNtPvvGfCJJxBCO6YZUnCLHZ67Aa2wGClguL/NESUdaK4\nX7HXZhAK4Bhc+eFGKjdUzVSg65OToYnq1IVdZ+AO6JIi9xHAQthZoHu2c3ylrT/k\n/phd8Ro23sfFYs47zkk169vL/A4pKofgSjfPLhrVuEOFFZRFcl8nPt9tSUNXmQcN\nzYvDnfep4Ka81KIrMmxtocuHdDQoZvUy6U+Akrf9GNiGYUBfNCnxFQflmXKArknL\n3RqBjZWwS0zKnSN4QV/1CKHOlC5xnkviRTNNoYbSL5mRvuGiJ7+iGRu0c5NFoBM3\nuVA9Sar5VZ8xS780ONB2ud4Ci1cwdGhOqGPJugSo/qSXJuKYH7Y8W+T/Aaqg96lz\nwdSlrl7tQVkM50/eyNRsWo9lxu3Gbnf/ccdsFADAvwzyJTU8Wum8yFEHPkAHx2r7\n4fEBVi94LLz4msqGvsIBU/GUWieDVwPysZzMVABFGpS1jFYltZ3MvkJJn5h8CasA\nvOPeqLUdGSG/P7aHzyJR58s3f3Y15/tQgM5McyOvBtK0lSOKWRrmvMpF8wwiNwik\n0gz2OzryK/BkXO7iNO4GRFNj/ynmMXFZuSwlL8HRLjU0yEjwXKLZmGPUFzgpW9LX\nJW+cMJE=\n-----END CERTIFICATE-----\n"
}
Example Request 4 for Local CA
ksctl clientmgmt clients renew --client-id 1e04f15f-0de7-4e13-9c5d-2a84e26ee947 --clientcsr ./csr.pem
Example Response 4
{
"client_id": "1e04f15f-0de7-4e13-9c5d-2a84e26ee947",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICejCCAWICAQAwNTEzMDEGA1UEAxMqdG9rZW4yMDk5YWI5MjktMTk0Zi00ZThi\nLTkwZWMtNTk1Mjc5NTgzYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAsKKO2wJspkm8eeVJZ6r9aexy4Nk+7vlaMsVgTBjI2yZrtgbkbNFQah1cwKny\nC3ZNF5X4USFGhFs+msgoCEFUb3leMQb7WS6yPsRgM4Z4E3WIu9bDNBp9MUXuSE1k\nz6uv9qbDLD9TVghkMIIU6wJuCS3OidIww8ZtZEkhQvU91QpmGSOAhWYonCdRvNaC\noqKGbDrfRU+7siK8+L0rea+lcn1frdWjkYB//GzuhhqJ2zitxRo+Zukx1PAS59Gi\n2sAnWJTmAdw/eCyMJo2HG9R2dKmAtmMx+dgO9nNnB0+FK0sEC1SHTNWaGALmX5rT\nlIdDxeHUrjE5K/7dLC32qcqC1QIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAAbJ\nUpqzjZwgq+RV0ph33GMK2s2fyv4tbOQ+jwdsWFQrYVdBJevxu9xD1/Ou9QN+4L2T\nhXFs1WLyDWYxZyCu+4vPVYLBXzEnOqZblixiljmJ8wykYk2dyttNPOQo22ZPLTHx\nviMZ81qZu/oGGk4ia9YBsvjMLPsbFzW34xWLTiEYgiNDlPhsZxQbxOwQ6H2VsCAQ\n6c/cF0LkbZZvKunrNb//KnfF7VmPFhZQkdtuagwAX/lLdymVGockFLviYcxTP6nO\n7xUzUVcBRadZib+8dQYeRnUW2+qAQeWFfLFqQrFG9xr8UWQt8ShDWuTwZPvWnA9V\n8JmUnCIUOuoaJWZxP+Y=\n-----END CERTIFICATE REQUEST-----",
"cert": "-----BEGIN CERTIFICATE-----\nMIIE/jCCAuagAwIBAgIQIzY+3boBkdC35RH2NMxgfDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTIx\nMTAzMTEwNTQzM1oXDTIzMTAzMTEwNTQzM1owazEzMDEGA1UEAxMqdG9rZW4yMDk5\nYWI5MjktMTk0Zi00ZThiLTkwZWMtNTk1Mjc5NTgzYWNlMTQwMgYKCZImiZPyLGQB\nARMkMWUwNGYxNWYtMGRlNy00ZTEzLTljNWQtMmE4NGUyNmVlOTQ3MIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKKO2wJspkm8eeVJZ6r9aexy4Nk+7vla\nMsVgTBjI2yZrtgbkbNFQah1cwKnyC3ZNF5X4USFGhFs+msgoCEFUb3leMQb7WS6y\nPsRgM4Z4E3WIu9bDNBp9MUXuSE1kz6uv9qbDLD9TVghkMIIU6wJuCS3OidIww8Zt\nZEkhQvU91QpmGSOAhWYonCdRvNaCoqKGbDrfRU+7siK8+L0rea+lcn1frdWjkYB/\n/GzuhhqJ2zitxRo+Zukx1PAS59Gi2sAnWJTmAdw/eCyMJo2HG9R2dKmAtmMx+dgO\n9nNnB0+FK0sEC1SHTNWaGALmX5rTlIdDxeHUrjE5K/7dLC32qcqC1QIDAQABo4Gu\nMIGrMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMB\nAf8EAjAAMB8GA1UdIwQYMBaAFK5TxeYX0HEIee7MBusV6YZRlpiJMFUGA1UdHwRO\nMEwwSqBIoEaGRGh0dHA6Ly9rZXlzZWN1cmUubG9jYWwvY3Jscy9jNTA2MjY4Zi0x\nYzUzLTRiOWUtODk1ZS1iZWZjZjg0MTgyYjUuY3JsMA0GCSqGSIb3DQEBCwUAA4IC\nAQAYMDPTgxvfRtgvlSeBKvJUKTAfaonnUe5KT6nb/AixPCPY3qNRRZ6nhqlGMHro\nVBzoFAupdR8INAp/N8lx8WUGMrBJ6nuHulzf5KnXTNAa5M26BDloCIugNyBrxIuf\ndlczzF5qPBb7JGIzOcpemvOVi4ObHkWzw4S12MIn+4fIXhv6G8vHl0QgGNyK5Iy7\nbc6+BwVEQmXITfEaWrkmeVxjZKnqiI78qjoxqGKb67G9ob+oCJPVVJg2Ex67n/9k\nq32GlOqlc7Oh4Zgj7tWm6Qvnq8snl4VfCyfSdO17QZrB456197OZ8qQhBhdWw5MY\n77IbHp5w60O/zqQFahBxSiQfpreKZbUFY26NE6ghmEKlu93i3CKYbmEeibn2sjyV\n9zzvTD5pFd0mPoeTZKBXddsK8mcqZhiAGvkKRUyONJkRSRMUMqzBjzCaO4t7xcDU\nRAstoefu4FbvtrHo79/qZFAsNQm2JskpmTvyXj4uS7j+W6SH/w0mkjTk3XIxIXMK\nT4guoP8Zk+DpfFTtcs73WRY4AjBqIa7y2dL2VyevWTe6S5bJHNMLlHqxOM3bDPbx\n14GJpi+q44/fu85eZSDWo23zAFfh6DTg/UhTbIV6OKmbPH6mvFetG5tU2YnmX55d\nJYAu7jmgBLs7iIGV4kEyyUKhjzGjZKlyMVL6CnHj7PdXGg==\n-----END CERTIFICATE-----\n",
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAP7Ey0klaWO58b3EHqrNyS4wDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTEwMzExMDQxMDZaFw0zMTEwMjkxMDQxMDZaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDGA3nahTIT/WlDzURGLgFDN0kDwwDn+fuJ4VAk5Jy5MW73elibQoRP\nXdcM5v7AYRl97IjhRGTOprTxqzXmLhjY+XDZ1bPCEzzE6ZKNtHpDL6Ul47DFYc7H\nq4TfkLpV7fWnXjleZCEhU8Z8XNjqGNdnh4tq6MJ2C+C2tlNbbhmlYdSRwULzt+md\nbeuO74Ko6DGEJ26rNGfTyAm79k1+YamcWbk1T+ct3bhn ce6pf2MM3jI4cWLBmXwS\naKReZmf9uBFGbVhjMnWGIxBgGDnY6mgEHLXSqEvhw93EEhOHNYOf8Hy1HQTNDPSY\nMDtkI5kQ0/XjEH3dSSFjwOvlXJGryx2W5BqD0UQHXSIIZOm+ao/+URKj/LcZ+V6y\n4rGJU7jrPwiYsDqxzEMeZ6o17QHfuQBfoGFqRIzvgPNN75WYhT0TgG3BmTW3KAmD\n0zEM+nvwMDPElU7SgzX1Ufj83XqoCLsGLzWH4InY3S0HlT7HVATay2zgjpkH/Sp8\nOTht71LFARyGo9PvxI3tdjZNYMd+/rXA5qA5fmq94DlGikJHMZ5n2NP+lQ+I+rsv\npmtKDZ6QQ1WzpOORGM8KOHkJgYkHwv5NdmmhxgCqzzVS1HGnWrcqiKuwWw1Dh7VI\nYYgo+INGKdBNqnLwI77vdjGWkCgjYi9uIXtNz4n0zH60CreKDgOpfQIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUrlPF\n5hfQcQh57swG6xXphlGWmIkwHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEACEE+oAGb2HTtEvshvAu4iSJe3Z3mx31Ei3/o\nMSEkyoP/aotxfrVsgFNQNtPvvGfCJJxBCO6YZUnCLHZ67Aa2wGClguL/NESUdaK4\nX7HXZhAK4Bhc+eFGKjdUzVSg65OToYnq1IVdZ+AO6JIi9xHAQthZoHu2c3ylrT/k\n/phd8Ro23sfFYs47zkk169vL/A4pKofgSjfPLhrVuEOFFZRFcl8nPt9tSUNXmQcN\nzYvDnfep4Ka81KIrMmxtocuHdDQoZvUy6U+Akrf9GNiGYUBfNCnxFQflmXKArknL\n3RqBjZWwS0zKnSN4QV/1CKHOlC5xnkviRTNNoYbSL5mRvuGiJ7+iGRu0c5NFoBM3\nuVA9Sar5VZ8xS780ONB2ud4Ci1cwdGhOqGPJugSo/qSXJuKYH7Y8W+T/Aaqg96lz\nwdSlrl7tQVkM50/eyNRsWo9lxu3Gbnf/ccdsFADAvwzyJTU8Wum8yFEHPkAHx2r7\n4fEBVi94LLz4msqGvsIBU/GUWieDVwPysZzMVABFGpS1jFYltZ3MvkJJn5h8CasA\nvOPeqLUdGSG/P7aHzyJR58s3f3Y15/tQgM5McyOvBtK0lSOKWRrmvMpF8wwiNwik\n0gz2OzryK/BkXO7iNO4GRFNj/ynmMXFZuSwlL8HRLjU0yEjwXKLZmGPUFzgpW9LX\nJW+cMJE=\n-----END CERTIFICATE-----\n"
}
Example Request 5 for Local CA
ksctl clientmgmt clients renew --client-id 1e04f15f-0de7-4e13-9c5d-2a84e26ee947 --clientcsr ./csr.pem --do-not-modify-subject-dn
The CSR file must be in the PEM
format as:
-----BEGIN CERTIFICATE REQUEST-----
MIICejCCAWICAQAwNTEzMDEGA1UEAxMqdG9rZW4yMDk5YWI5MjktMTk0Zi00ZThi
LTkwZWMtNTk1Mjc5NTgzYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsKKO2wJspkm8eeVJZ6r9aexy4Nk+7vlaMsVgTBjI2yZrtgbkbNFQah1cwKny
C3ZNF5X4USFGhFs+msgoCEFUb3leMQb7WS6yPsRgM4Z4E3WIu9bDNBp9MUXuSE1k
z6uv9qbDLD9TVghkMIIU6wJuCS3OidIww8ZtZEkhQvU91QpmGSOAhWYonCdRvNaC
oqKGbDrfRU+7siK8+L0rea+lcn1frdWjkYB//GzuhhqJ2zitxRo+Zukx1PAS59Gi
2sAnWJTmAdw/eCyMJo2HG9R2dKmAtmMx+dgO9nNnB0+FK0sEC1SHTNWaGALmX5rT
lIdDxeHUrjE5K/7dLC32qcqC1QIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAAbJ
UpqzjZwgq+RV0ph33GMK2s2fyv4tbOQ+jwdsWFQrYVdBJevxu9xD1/Ou9QN+4L2T
hXFs1WLyDWYxZyCu+4vPVYLBXzEnOqZblixiljmJ8wykYk2dyttNPOQo22ZPLTHx
viMZ81qZu/oGGk4ia9YBsvjMLPsbFzW34xWLTiEYgiNDlPhsZxQbxOwQ6H2VsCAQ
6c/cF0LkbZZvKunrNb//KnfF7VmPFhZQkdtuagwAX/lLdymVGockFLviYcxTP6nO
7xUzUVcBRadZib+8dQYeRnUW2+qAQeWFfLFqQrFG9xr8UWQt8ShDWuTwZPvWnA9V
8JmUnCIUOuoaJWZxP+Y=
-----END CERTIFICATE REQUEST-----
Example Response 5
{
"client_id": "1e04f15f-0de7-4e13-9c5d-2a84e26ee947",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICejCCAWICAQAwNTEzMDEGA1UEAxMqdG9rZW4yMDk5YWI5MjktMTk0Zi00ZThi\nLTkwZWMtNTk1Mjc5NTgzYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAsKKO2wJspkm8eeVJZ6r9aexy4Nk+7vlaMsVgTBjI2yZrtgbkbNFQah1cwKny\nC3ZNF5X4USFGhFs+msgoCEFUb3leMQb7WS6yPsRgM4Z4E3WIu9bDNBp9MUXuSE1k\nz6uv9qbDLD9TVghkMIIU6wJuCS3OidIww8ZtZEkhQvU91QpmGSOAhWYonCdRvNaC\noqKGbDrfRU+7siK8+L0rea+lcn1frdWjkYB//GzuhhqJ2zitxRo+Zukx1PAS59Gi\n2sAnWJTmAdw/eCyMJo2HG9R2dKmAtmMx+dgO9nNnB0+FK0sEC1SHTNWaGALmX5rT\nlIdDxeHUrjE5K/7dLC32qcqC1QIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAAbJ\nUpqzjZwgq+RV0ph33GMK2s2fyv4tbOQ+jwdsWFQrYVdBJevxu9xD1/Ou9QN+4L2T\nhXFs1WLyDWYxZyCu+4vPVYLBXzEnOqZblixiljmJ8wykYk2dyttNPOQo22ZPLTHx\nviMZ81qZu/oGGk4ia9YBsvjMLPsbFzW34xWLTiEYgiNDlPhsZxQbxOwQ6H2VsCAQ\n6c/cF0LkbZZvKunrNb//KnfF7VmPFhZQkdtuagwAX/lLdymVGockFLviYcxTP6nO\n7xUzUVcBRadZib+8dQYeRnUW2+qAQeWFfLFqQrFG9xr8UWQt8ShDWuTwZPvWnA9V\n8JmUnCIUOuoaJWZxP+Y=\n-----END CERTIFICATE REQUEST-----",
"cert": "-----BEGIN CERTIFICATE-----\nMIIE/jCCAuagAwIBAgIQc7nFh3ZoAiv0UpnsQjiJiTANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTIx\nMTAzMTEwNTUxNVoXDTIzMTAzMTEwNTUxNVowazEzMDEGA1UEAxMqdG9rZW4yMDk5\nYWI5MjktMTk0Zi00ZThiLTkwZWMtNTk1Mjc5NTgzYWNlMTQwMgYKCZImiZPyLGQB\nARMkMWUwNGYxNWYtMGRlNy00ZTEzLTljNWQtMmE4NGUyNmVlOTQ3MIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKKO2wJspkm8eeVJZ6r9aexy4Nk+7vla\nMsVgTBjI2yZrtgbkbNFQah1cwKnyC3ZNF5X4USFGhFs+msgoCEFUb3leMQb7WS6y\nPsRgM4Z4E3WIu9bDNBp9MUXuSE1kz6uv9qbDLD9TVghkMIIU6wJuCS3OidIww8Zt\nZEkhQvU91QpmGSOAhWYonCdRvNaCoqKGbDrfRU+7siK8+L0rea+lcn1frdWjkYB/\n/GzuhhqJ2zitxRo+Zukx1PAS59Gi2sAnWJTmAdw/eCyMJo2HG9R2dKmAtmMx+dgO\n9nNnB0+FK0sEC1SHT NWaGALmX5rTlIdDxeHUrjE5K/7dLC32qcqC1QIDAQABo4Gu\nMIGrMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMB\nAf8EAjAAMB8GA1UdIwQYMBaAFK5TxeYX0HEIee7MBusV6YZRlpiJMFUGA1UdHwRO\nMEwwSqBIoEaGRGh0dHA6Ly9rZXlzZWN1cmUubG9jYWwvY3Jscy9jNTA2MjY4Zi0x\nYzUzLTRiOWUtODk1ZS1iZWZjZjg0MTgyYjUuY3JsMA0GCSqGSIb3DQEBCwUAA4IC\nAQCZvKyj6GK9hmFdz3p6EdAp0WyItAPwTRZ3zF/byj9aj/nDnLfpu7IUjwleuoF9\nA38k1RPTouuydEIXZZ+Fj1/ymZvQo5Bx/4Kbhjoss5PDrbqoCI1NXk3BRUXAKFxV\nd+U8MXvYdXV/YjlxUNypMbOY6apWZnxbrNXw8MF+LUqHBaG7YknrmQq36DUJSUgi\nyH+oFbsqfd7Ol2tsBHq6UwNuo99ehsI62gyBPAxd5Tbp4HmoYSKpAxneZRmInZCN\nbBVlgW1vBpoCgMf7ylCLElRQB88boYLnkunUDUDdSRwtcaz9ybLy23jkeYKN32as\nH9bp/TCdQxXdXiWAo4X3XL5IaFmpOGwfn9PeA3MHcrIMxDnXO/2MC7s+WIJIVQDA\nsU7drlPVoVOqWjbUX3Iut/yRzTMbJTE5YigxUMone3iDJevAl5Rb+3nDQPyzqHSw\nYbqS90TtEOdv+OQsdBq9tnw4MK/ceFT5X+smDv8D9Bm7D2wFvU4Ua9QdOOLUMsAp\nuVD/J7tjyZbPPZMkq1p6SHEUFrt/w6gM6kltRQS6S4MAUXrpq/7USEufN6spFmnG\ngcUl/tssr0Ba/3tBL2JaWvQQVR5EW/rzho6pIkdKczy+kN5iwTIexd0nCvpOLcDl\nf+pYXAZOcn629GVvbMccKHSBPHElGLYCaKntSUVQEGHrCQ==\n-----END CERTIFICATE-----\n",
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAP7Ey0klaWO58b3EHqrNyS4wDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTEwMzExMDQxMDZaFw0zMTEwMjkxMDQxMDZaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDGA3nahTIT/WlDzURGLgFDN0kDwwDn+fuJ4VAk5Jy5MW73elibQoRP\nXdcM5v7AYRl97IjhRGTOprTxqzXmLhjY+XDZ1bPCEzzE6ZKNtHpDL6Ul47DFYc7H\nq4TfkLpV7fWnXjleZCEhU8Z8XNjqGNdnh4tq6MJ2C+C2tlNbbhmlYdSRwULzt+md\nbeuO74Ko6DGEJ26rNGfTyAm79k1+YamcWbk1T+ct3bhnce6pf2MM3jI4cWLBmXwS\naKReZmf9uBFGbVhjMnWGIxBgGDnY6mgEHLXSqEvhw93EEhOHNYOf8Hy1HQTNDPSY\nMDtkI5kQ0/XjEH3dSSFjwOvlXJGryx2W5BqD0UQHXSIIZOm+ao/+URKj/LcZ+V6y\n4rGJU7jrPwiYsDqxzEMeZ6o17QHfuQBfoGFqRIzvgPNN75WYhT0TgG3BmTW3KAmD\n0zEM+nvwMDPElU7SgzX1Ufj83XqoCLsGLzWH4InY3S0HlT7HVATay2zgjpkH/Sp8\nOTht71LFARyGo9PvxI3tdjZNYMd+/rXA5qA5fmq94DlGikJHMZ5n2NP+lQ+I+rsv\npmtKDZ6QQ1WzpOORGM8KOHkJgYkHwv5NdmmhxgCqzzVS1HGnWrcqiKuwWw1Dh7VI\nYYgo+INGKdBNqnLwI77vdjGWkCgjYi9uIXtNz4n0zH60CreKDgOpfQIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUrlPF\n5hfQcQh57swG6xXphlGWmIkwHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEACEE+oAGb2HTtEvshvAu4iSJe3Z3mx31Ei3/o\nMSEkyoP/aotxfrVsgFNQNtPvvGfCJJxBCO6YZUnCLHZ67Aa2wGClguL/NESUdaK4\nX7HXZhAK4Bhc+eFGKjdUzVSg65OToYnq1IVdZ+AO6JIi9xHAQthZoHu2c3ylrT/k\n/phd8Ro23sfFYs47zkk169vL/A4pKofgSjfPLhrVuEOFFZRFcl8nPt9tSUNXmQcN\nzYvDnfep4Ka81KIrMmxtocuHdDQoZvUy6U+Akrf9GNiGYUBfNCnxFQflmXKArknL\n3RqBjZWwS0zKnSN4QV/1CKHOlC5xnkviRTNNoYbSL5mRvuGiJ7+iGRu0c5NFoBM3\nuVA9Sar5VZ8xS780ONB2ud4Ci1cwdGhOqGPJugSo/qSXJuKYH7Y8W+T/Aaqg96lz\nwdSlrl7tQVkM50/eyNRsWo9lxu3Gbnf/ccdsFADAvwzyJTU8Wum8yFEHPkAHx2r7\n4fEBVi94LLz4msqGvsIBU/GUWieDVwPysZzMVABFGpS1jFYltZ3MvkJJn5h8CasA\nvOPeqLUdGSG/P7aHzyJR58s3f3Y15/tQgM5McyOvBtK0lSOKWRrmvMpF8wwiNwik\n0gz2OzryK/BkXO7iNO4GRFNj/ynmMXFZuSwlL8HRLjU0yEjwXKLZmGPUFzgpW9LX\nJW+cMJE=\n-----END CERTIFICATE-----\n"
}
Example Request 6 for External CA
ksctl clientmgmt clients renew --client-id b6a182a8-4f4f-4d0f-a04f-ff191d1471b5 --ext-cert ./cert.pem
The CSR file must be in the PEM
format as:
-----BEGIN CERTIFICATE-----
MIIEuTCCAqGgAwIBAgIQQW5X4dR3NWdQSsID8AZKtzANBgkqhkiG9w0BAQsFADBa
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO
BgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTIx
MDUwNjA0MTkzN1oXDTIzMDUwNjA0MTkzN1owJjEOMAwGA1UEAxMFYWRtaW4xFDAS
BgoJkiaJk/IsZAEBEwQxMjMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8OJhDVdDwRjsbu7s6a3i3sP1gXtzx6W5oE1ReqfYsjPyYmWfaTDn3lS0rUI8
Y+lH3QUovyTKcZiGzPqbEV18MOJvH3IXzTgl/vfynq6nuIV3XU8Yg/8Ic+u52wMv
70GYmziMLiHaE/tnM1VGUxd2SmJ+dbVkP6CL4kWa5j1J+GMjVxkwFZbC8+LXwbmI
6kSOanbgVaksNdvaa8eOlOoO+76APTk8Jv/5sUB7QVUpNEk1yyJ6yU107MGGKRZF
Q65DNFKVkqya2zkB5vKS5cypEC3Uv5Yd8th17Q2Mfr1FJJCOSsF8+zv6XnHTFz1o
8pN6VZSzUkHOUDZbMxxnOiv6SQIDAQABo4GuMIGrMA4GA1UdDwEB/wQEAwIDiDAT
BgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCGv
ql+ixlAz/iCYYKLs95bo2RhDMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly9rZXlz
ZWN1cmUubG9jYWwvY3Jscy84ZWM2MWIzNC04NWRlLTQyMzEtYTRhMC1jZjkzMWVm
NzZmYTYuY3JsMA0GCSqGSIb3DQEBCwUAA4ICAQBSFyOg1y5cUeN7y+t3gOGnJx3Z
8ZtRkRTNAD1CO6a7fKm1qMmVO18dpERCn5MIef0dggydqzFzIxUDXjHTgFppHtkv
4JtDPe6Mx0Esxz/25zJVRp2B77+v4VVWPgZx07Yr5r6+4UI4M6TZDNAICF/ooYC+
7KVyBaZdG3rz1Y8JlbXWRJb2ofo4bpb2RO03KZtP2tFmXoAQ07cu7ETJ/lhlBaJW
Pp8FdGHX9zwhJL+wxhuZiafa3frIF1pvNf7IQoY/3QCFtuP/jnLvinXjlRjaxejO
ikxvVp4aC15mNDnlOaUXhORyEg9XdGS3z3cvr4akCa1KgoQqL081O00/yDyu8VF8
1OXEqFBm5OecPPHtNanx5xKsfVKhyQ6pYU7uo6w6Z9SnGlWEoOtwirALIXXY/GSe
CHB0e/1wTeMSSaqGHRWITVMisnIQdGJpZb0fSD/3e6Fe4deRLP+jEJo213maKLFr
27y8VH8UEK6NQiETXhj+YDXaYF4B/NHcKEMNuq155FBPR6jTYeA+sMjoXjTUMMPP
mDrUjbYu3CmhlrQfvohtbXeoa99/feaDq4hU0lNgvLjmvrco6FAAXvZtfrAIeSMs
pkfmh52sM98sBRiCLvalG7VTz71L7JdIXBfhbzjYiSEkv84hyGyjBCx1Ie8euMgC
LD0p+ZYbY0hdcGMwIg==
-----END CERTIFICATE-----
Example Response 6
{
"client_id": "b6a182a8-4f4f-4d0f-a04f-ff191d1471b5",
"key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEoQIBAAKCAQEAtMyZxEVwy0M/FtVKjWhkXeSxaGP8vlsfQuZJldgCFqmp72eF\n4IO6v8L+Xy/3qL26RcY9o2V51yafm6pRHZP+Flr+KeSW3i0v5l5RlWWL+q05y55i\nY9DmF6pFvB8kFnWCvhoytSxj+tlxaMGXZnrAGz+v/oxnhjCad6MQOH81SV6Qb/lI\n7nf2zXDgi194CWfM2s+Gg47KUJiprkzWiA+4Ku+KtmuehphjQhRGY2GPtfCXn6bx\nlDhjh+Q51Y/9JZEpyAN66hXU1nADQKBCyZp74te7anMss7Ye+k23Dsr9tuOAPvwY\n8EdvFXlo6Q8WY5ceuGc5rDIOAAIq6kp4/RSDCQIDAQABAoH/CeMmhZVGldcXnCgN\n663Jz1iyWwMcz0wsaXwuigNGGfctU+pVZ/HMRLBlOM9mu9OkXCx7MnRaNWnnUJv/\n055ERvSy8ZeOqJfQBskhrQngndTbVEdVGiBSdPja127cil3iyIKmQ0IqNY2upgvw\nO6p61wKknUcQYkZGLES+nlhWkayCr633PnQTVW2NPb5olkv/P/qNS9SEI3BEA/We\nyi5iW3NjL3pOgE4LEUf/oQm9URsr9t0LGYbf3wviTUrizEgGhnCOTZRJZD/hTBOp\nmBGIt3UMp5jzqs6WHqmTUxv8kB4AAfZu/LgeL+8oAnV9xvz9QgBMaOwCDwRlPmyT\nbm4BAoGBANGX8fPTRqm1hIAwYp7wt2UxOCoZwiusxJzHzrybS2eW+FU8NyCrEd57\nUNH4tQBEpWEi7CFlZ27nT26S1oiERCNnBSPeXNXckQy5hQoZK37sThLUptrF/GO1\nznz9LX017nS/Klq8pdTj3XpC/jKrkZy6WI7ipcJ3QrWW7987H4NpAoGBANzUjbHu\n9JohAMHVlYnnOAI8Uddi0AztzKkrhMMU9/2W++Czhuv06kccQj8zJdIYr/5Xg9Db\nPyQ0UCBRyE5nYonqxgBSZRHLfpEaLj61WlxSIDjTHKiEa/N2zfEpqhjIM+SlEtFn\nsfdVOjjRrE0c931+O1og8l4s27myFMD4ti6hAoGAFXgD757PmSiftuW95Fvx3Sqq\nfx1+VyzuQsTwtz8M/UJok4qEdxMu1GQ7Rha8q5dcfVOvbkhNzP1ilIfz863gsOOn\nkiH/zmQ2c2A5cWxcmTapVKJ1qOkozincSc9BLpcsosbGFt9F+UWR9SkRkq0iUDSC\nR7iNlBrVOXaJgYsz0ikCgYBS5c/TTdqwyVbZbO5X+F6EKFSowEVNtS8xCk8qVILL\nxZQERCCQDz6rNyZ/RxoZhn76wauQCd3oH2M83raNCC5ri6CMmmGqjnOS0PsvOzES\nmxnRex60/BDyMlUZBQT/jJg+auFnjr+2E15p2fwObqNRjsOFD/0r8TcCvKEh17u8\nQQKBgQCwY1ubV3tOwboUwbek2UxjbcqIomoyUJW48cW4OOrHhi5HhGVhSgFnpLfc\n9MGz88G5UbSvTC1ENZDkc73iO7dqmJ/iYEgPkRAu8Dk2L7Vh0r+tQoVwRJrkB2Lu\npoyVSRq3KVklxsTL5Rpalg2Xi+TJ+2rGG+cumR8KKpHr8k/rOA==\n-----END RSA PRIVATE KEY-----\n",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICmDCCAYACAQAwNTEzMDEGA1UEAxMqdG9rZW4xYTM2NzZmMDQtMjFhNi00ZGMx\nLWIyNDUtOGMzMDFiMzhjNzZhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAtMyZxEVwy0M/FtVKjWhkXeSxaGP8vlsfQuZJldgCFqmp72eF4IO6v8L+Xy/3\nqL26RcY9o2V51yafm6pRHZP+Flr+KeSW3i0v5l5RlWWL+q05y55iY9DmF6pFvB8k\nFnWCvhoytSxj+tlxaMGXZnrAGz+v/oxnhjCad6MQOH81SV6Qb/lI7nf2zXDgi194\nCWfM2s+Gg47KUJiprkzWiA+4Ku+KtmuehphjQhRGY2GPtfCXn6bxlDhjh+Q51Y/9\nJZEpyAN66hXU1nADQKBCyZp74te7anMss7Ye+k23Dsr9tuOAPvwY8EdvFXlo6Q8W\nY5ceuGc5rDIOAAIq6kp4/RSDCQIDAQABoB4wHAYJKoZIhvcNAQkOMQ8wDTALBgNV\nHREEBDACgQAwDQYJKoZIhvcNAQELBQADggEBAJDa0vLtJ3fEYV0J6UukzVo6gGoc\nuz6wT6GgLonCye4coAcYDW1VlLv6/y0DgWItQLJivl3NLTxQDvk6jXJ4Ep3+vNMf\nFW70LUWfbj0naFnSI/X7JSEyNc76V693pqFgVslD2/mzPmZrlJidI5sT7xibUGMK\ndbh6veo94I3ZDvcvV9WdqZfSBFA71+hpmse+ug0z6KaCE3SGJcD5/rO4uTFT2byS\ngblUPjqCkoXQtTwRPgOYjXUG3s9sqQfm5mMrOkj7Ni03tr/TQKHjawghM0Z5xLec\nTfxcLZZ3vsJ/kvgOr6gbrsXM1HArEnT9zpW2nFRaCxZYqlLbLwDUQtTdW/I=\n-----END CERTIFICATE REQUEST-----\n",
"cert": "-----BEGIN CERTIFICATE-----\nMIIFCzCCAvOgAwIBAgIQanl5qavOd6PS4Yduu3hJLTANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTIx\nMTExNzEwNTcyMloXDTIzMTExNzEwNTcyMlowazEzMDEGA1UEAxMqdG9rZW4xYTM2\nNzZmMDQtMjFhNi00ZGMxLWIyNDUtOGMzMDFiMzhjNzZhMTQwMgYKCZImiZPyLGQB\nARMkYjZhMTgyYTgtNGY0Zi00ZDBmLWEwNGYtZmYxOTFkMTQ3MWI1MIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMyZxEVwy0M/FtVKjWhkXeSxaGP8vlsf\nQuZJldgCFqmp72eF4IO6v8L+Xy/3qL26RcY9o2V51yafm6pRHZP+Flr+KeSW3i0v\n5l5RlWWL+q05y55iY9DmF6pFvB8kFnWCvhoytSxj+tlxaMGXZnrAGz+v/oxnhjCa\nd6MQOH81SV6Qb/lI7nf2zXDgi194CWfM2s+Gg47KUJiprkzWiA+4Ku+Ktmuehphj\nQhRGY2GPtfCXn6bxlDhjh+Q51Y/9JZEpyAN66hXU1nADQKBCyZp74te7anMss7Ye\n+k23Dsr9tuOAPvwY8EdvFXlo6Q8WY5ceuGc5rDIOAAIq6kp4/RSDCQIDAQABo4G7\nMIG4MA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMB\nAf8EAjAAMB8GA1UdIwQYMBaAFMOhcn5f+/kFX7SV8mxDgRKRkREIMAsGA1UdEQQE\nMAKBADBVBgNVHR8ETjBMMEqgSKBGhkRodHRwOi8va2V5c2VjdXJlLmxvY2FsL2Ny\nbHMvMDU0OTdmNjctY2QzOC00YmFkLWI1MTEtNTdkZTNhODM0MGRhLmNybDANBgkq\nhkiG9w0BAQsFAAOCAgEADaq38HXf+Yn/NfsreuUbNVbv1bt0GtmvINOPrRgIW462\n9Yn/ZtsxXwNZJTM/WU6CwR/89GQOa9KXDp1sfmLwMqY8ufOuVTuGD1RqP1Z/CeMc\nwz3lePSgcVnaUDaafwWeHq1D6pKNKZky/PFZ2jBd95561KEqvNFP1dD5aV6SC8nv\nJ0NcGCZmZZgJkabn1vSmRStipijeTT2ThW6wkgnikzUijglWjTe/Lr2Z8VeVEwld\nsg8p5hDXhfg5eVDPBoPZKYtb3Efoydj6Je1KtNdo44NiXh060ka2KHb+NAF3GkP1\ndhOEVTnWgXnUE/PRgQ1xSkhYCkSRYIyDHEz3AZJw9A0R0X717V4pzHiOniE/0+L7\n3r4sco03DG93t+3gJgP3eD1+/WazkIPNIPr0Rq94sB6hqw6Uhxd8VNXWIQzBAPE9\n6HqG6d/Av0+LmdyRha9LFgBP4dZfPVsbxCnqyGf4X8jKWK3W9mG6qqVRrERbrjYN\nmjAPN3y716Spj3LEhC+Ekinmsvs3MGV6MP9WS8eVS+3u9tvSFRUW/+XIu9iJNe5L\nCSYYKuhed9NRgt8facdUw+wisQVLhoyiwJ44qbYm+KB0NC9pc6x0V6O/0ye9k74X\nyNO7rERmAFIMophzwI4IVnqWkgFejlXOYXYa9yC2LlKgs2Nzt0nAFjh3lTn4Beg=\n-----END CERTIFICATE-----\n",
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIGDzCCA/egAwIBAgIQEGnmm3c80WCH7akwX62ITjANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTIx\nMTExNzA5Mzc1N1oXDTI0MDIyMDA5Mzc1N1owXDELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAwDgYDVQQKEwdHZW1hbHRvMRwwGgYD\nVQQDExN3ZWIua2V5c2VjdXJlLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A\nMIICCgKCAgEAyNZ9j0JYbDqX5hQazNrXyuNifuUFiKCa4Od5/sXNALeFtSVYlcII\nct38icu3MSoA8CwnXxI2eMKzH2iXC0NxoweTwJzWd1glLbIdjUGHWW2tc71shEPP\nHxbduQQo61spiRwRnwpyeGhAGjIzzFKB9T0cLSLusuYW1g6LexjOe0+GqsUtLFdJ\niaWBIi3AERAlxqQKMhhn0drjTfUlXxa+h2Oxji8L+32MHgXZT8wKPR3hCrg1Mll+\nrrHg+bA8QlkYE5GhKpijRGIK8PmB085CWStJSTwDflb9ELbjQFAYpX7jgt3ueDj9\nMMDSL5QHET79C8e6g9PCbi2Je8PMro1DADX9CcKpJhxZ21/bp8a7i9bpmdpE07CG\nfoszxKP0c9KjVzJy3S8qBcsSoOg9L1eZG0/gQpTRMqa3WUJlCMxbXWqeAAOvVr3o\nrz2Wtp4S5d0sFwnMloq7Fq417WlpuFRqdzDyeXQkiUKli77cIVKUKn+wHNuR81aP\npipph7lrnGKV5rY/+c5ZfqOVDsGqc6UKLy/5If+Yo9u41bQdyfczdgZ7EVdeRIhe\nHWYeM4VBSb7HIPJu1SsQ73rGkXHlDx1CFEjcMvOwmUCUsLbBi7d65n0J+VeGwZgi\nho/ZTne1v6XjACipJ+eLXe6XsHWtE8BWAuY/j0gFFSm0ktmCXYZsRC0CAwEAAaOB\nzjCByzAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0T\nAQH/BAIwADAfBgNVHSMEGDAWgBTDoXJ+X/v5BV+0lfJsQ4ESkZERCDAeBgNVHREE\nFzAVgRNzdXBwb3J0QGdlbWFsdG8uY29tMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6\nLy9rZXlzZWN1cmUubG9jYWwvY3Jscy8wNTQ5N2Y2Ny1jZDM4LTRiYWQtYjUxMS01\nN2RlM2E4MzQwZGEuY3JsMA0GCSqGSIb3DQEBCwUAA4ICAQCGi568+o6bcESMM73n\nl8N5Fuj4pKsnuNG1FeUvIBE/5Y+IwuVMBasM5PMznp8u+ZmWwNlCx6kZsRk39UxG\nh0j9RPMOMkCND0UoU+Kr573vQhXRicCyUprsb+Gbkk9uwBmLbEHNhDUlPYef8B8M\nZiMrVa7ZGbr4Sn95KDonN1LaQzwc4pNNgKV9RY7b7yGuWqTSzWnfZ+7PE702ybi/\nM/CiPmKiDpI/zBFqB+8YXnoVuzK65DkKcuCf3VaDLdJDklOgt5OeAqXMnJlP6Aof\nblskPBzIY8SdPrWDUOwE41mqkIoG/Z24if/Gz2vzq/fFOpebp44arjVN+N6psmKU\nGndaJRItMaYjka3Vj90dZWbUEIiewQFqtHNmOvm0aU+5yFglH5cZ7XEIjDOVanxn\n6hn8H8qp9kXVzNe3NdU2Mqtrejcal69PEzu206RPxhuk13YhefWFe1n8HqHZQQPI\ne7veDVKYwgGSXYWDhBeKbkfMd8xcQAH3SmZk1RlOwKr0NiJ6ZVP03E99dUtvwiWm\n5ZMT1e8sY9sQfpk9sKtTaYhNFaD4Au8JZSWipW47Ns2qw4AdgKa+qvYj7cvLZSmQ\n4ocyYutg/vwtBAP9+tSEelP6xqhFJUxjTidwMfGpc5KycYASBpo1upZxoEr1y5rC\nxG0bXUDXI+FQBWY7Kp12AyoeOA==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFoDCCA4igAwIBAgIQaTaqi2oHz0l2L3YTFudOhjANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTIx\nMTExNzA5Mzc1NFoXDTMxMTExNTA5Mzc1NFowWjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAwDgYDVQQKEwdHZW1hbHRvMRowGAYD\nVQQDExFLZXlTZWN1cmUgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC\nAgoCggIBAJu/0CD4wQekPWqbidlB1DT3SOp8qWVzThnOqf9c8YcMMptlD8ca2AJG\nwv8yq6UP5xKPzIXSvP38MVtdQdkk/NS9/k23CQt5XxYFExgTy7bQhPNfUf3wp6iH\nD9/remnttB4yeunc+xwgFEJ48zXdlWwU8BVkpWK4DV7FB/3O/GX0QpQvrCpAffgj\nNEMVasgAtDBlDe9wG1/YATncSP4SrXjmUKXmCy4g9PDIKdY+YdE3uclmDok1o3UN\nE3c7tSUDuc8TJtZUXXn67X1d87oc1eCoRoPrUmpH2HrFIRzvZKy/SS9G5qM0JA1Y\nvzqAy/3ntXpJO3X2FvRh3sHbDmIrAQv1GWSMUedbQRMFPA8V3gKN86FQfovnQzhc\nQylfmV7cG2e+2m8Q8FudEeoPfI93CXRd9hqWNEYr+Va1fsQb4CR7w1rjsQl3Wo6j\nVAKxug4ficyEWYVrQUuz3xF2+86iXJsqiuCzK1P0vRTiW33Agu3XhqZjSzTH8y1P\nASnZgBp2+Avbn/RFHU66c6y+sqA1tK8wMkHf2dA7LH4Q6kAgPkm2WyBUCOi2kxYN\nxmjLFY7sMREDVf2UYek1Mw5XdxsTSOP6ije4+8M8I3CbqhVzWpDS3SwBZVSCU+VD\n4+p3hupy5TcQ78Tv0fUOgod0pwn0KHnQaDGdLaPhOi0WtrA7ttMlAgMBAAGjYjBg\nMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTDoXJ+\nX/v5BV+0lfJsQ4ESkZERCDAeBgNVHREEFzAVgRNzdXBwb3J0QGdlbWFsdG8uY29t\nMA0GCSqGSIb3DQEBCwUAA4ICAQBdeVQhdJJehxaChK3VF4MxxRgdRAjgjG8OtjQe\ngdziluPZNNiHDOt3QV/WYta5+ChDpbtSMf+HWyIKCo0IekljRHNjHz2LqnxO/Rnq\nqGVBZ6ctPiN/kF44naDezMxE6VEoa4XepbAIpIqA9WXohtLN2GHlGNXFLsPFrXxt\nVE0Do5hBRH41QagdC1cIRwwFykRENZmwQhkGTdDPN5NsZWEtzEoXJTRiOxNyGv8t\nzwV4dWm+fNjJfeGqdCuetv2RhF5RYb0TkecER0TpXc2/6wgFWOpAKvB1jDNXJFjg\nzJK0K+4Kkuwx0odI0brD/NdmivfW6gneMfKMuQxEpHc7AnVNst+OL4U6oky9vCOz\nvMyb3ysF7fXnE7ltRWgg8YrlqHucP+kAkU0XvNv664N8qlMb6gjFqb+xG2njrzHA\nHSNnDwRwNdjB0410kMgkBzo8v6doIjJcZGZQy0RGuzz8mse0KeqaCQwgAlEB+UW9\nN6dReEK03W7IS50JK6Bu2F82zA6teCKVWWhncDVfmDS+UYYYXYs5DRmOp7a+Ly1s\nEb9aDFDkEW1foheJakWXQAjdhWAgJYO4lMp7DKunFB5QunPWp38rX1hC1A4CKAkg\nxXVj92YLoLmTQWOHeG3IQ8mJZ1z2a86RqvWBsQzeMqA1VJRFEa/QE6p7c/oKOks+\n+fpqqQ==\n-----END CERTIFICATE-----\n"
}
Self-Renew Client Certificates using ksctl
Note
The cert-duration
parameter is deprecated. Any value provided in this parameter will be ignored. If cert-duration
is provided in the profile, the value specified in the profile is used. Otherwise, the server default value will be used.
To self-renew client certificate, run:
Syntax
ksctl clientmgmt clients self renew --clientcsr <CSR-signed-by-Local-CA> --subject-dn-field-to-modify <Subject-Distinguished-Name> --do-not-modify-subject-dn --alg <Algorithm> --cn <Common Name> --dns <Subject Alternative Names> --email <E-mail-Addresses> --enc-alg <Private key encryption algorithm> --ips <IP-Addresses> --names <{O:organization, OU:organization unit, C:country, ST:state/province, L:location> --pass <Password to PEM-encrypt the private key> --private-key-bytes <Private Key bytes of the key> --size <Key size>
Example Request 1
ksctl clientmgmt clients self renew --alg ecdsa --dns *.thalesgroup.com --email contact@thalesgroup.com --enc-alg AES256 --ips 1.1.1.1 --names {O:Thales Group,OU:RnD,C:US,ST:MD,L:Belcamp} --pass KeySecure_1 --private-key-bytes -----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIEj1iesPsLdk0tM7Jv87sruegOPdmji9SY3s3ncdckxqoAoGCCqGSM49\nAwEHoUQDQgAEL8cvuduRZs6e/vsttMlhi9HxV+0FzhCg/zHUmXNmyH5KlmQgoaql\nVfwnHqQk79lf+55WSLD7uUwaxhYwGHIapw==\n-----END EC PRIVATE KEY----- --size 256
Example Response 1
{
"client_id": "1a6b1e6c-bd80-4936-9db3-f85d1d547b01",
"key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAnyfmh0/39UJAPAJooSLBbwFilA+OGBoG1zVJ3nmtx5kvnUJQ\nb4i7U+RKmvdqXnDcl+cVy+446jqwQQ4ixRKidmG0dexD3ErZ9JSMy2tbQsmd/Z4G\n5SQgSzwWDHNknzJ7+MDo22t7JNhRq9E4gNs7Wh26kvUh0lwPn5W9lGPAR1YpClvW\nOyPYBVTlwSQZpgShzXMSTrVlE9OqzdKg/Otjb8QvXFtxwstjB4GI+sjvo35+XqcG\nCRnea+gcsIigAXkKZP+CvCrpC3rF9X9Bt8iYsCEyo/X0SZc1eAEE+3Mjc/zSMQ4h\nyJwIQQ2su0+BPDINYVLIr6dtSN3eL3+KelDd7wIDAQABAoIBAF1Jt/gsSXz6vkfu\naYG5q4PzXeLHU1SRPN08IPZEgDX0dlJJInidvp+nuosm5rRAlyx6iO4lzjqM9+7J\n6Ft3Vr7o+iv8trITNboEsJozbSSypOaZkBUTndI7f/kAUkR2BPCDsnmagG3SVdzO\nH753wkxKDKhDAvYYfBfgX2TxKy0kSMfaG+H/WrAv6wQEHilGRZDy8XYw/z4IlwJE\nexAEDfk/mn/AUeITA8UYAJwJMGnY2Vp9+BlqNjzWpCnnamzWDf6I2bX7+AVxZIXs\nupLX5uXTcx2Q/RqaAoNjK9/UllVnMwDXDOTavXkmAowYN68tn2vInuEtf3BGHhfT\n4OVtRGECgYEA0nO544AOcWEhvDte1yGYTX8jOhaPuNkCr8bKetu1KTlIcR4X1Uqa\nJgbRt3H8Lpnd2jQ5iD/xfnuwHzr1IAOB64GuJgIuMhSzxtjqZa4c5IMs6EFvWIrk\nmnQWaTqWCRc6M9YAmFGjcedSmMgRKJvFpWQqc4ZDrV8M7+JWxROJ1mcCgYEAwZoQ\nv+HH/3f/o76+AgnFi2XOfTENqJxhwsaNVN6P3/GXX+9rtKh2S02sb16yTq+Llm2w\nDMBHZHaJhumF+5JtkLWON+hfVQDsmKxtZ2c07303TMOOcOjxB1b+swgTG95Xv4et\nHt0+LE9Wh6rTKPs8JzQBAl3VrWbQQxIkFoXwNzkCgYB0jA5YBST6eTY7jg2ZyksU\nL+KMWs5BKj0op0ie/Wm4aLbLnkTIpEX15TTjCMcF78RDAUUTRYYx68G/qeDyV77t\nc6XD+tUmevyMlLhKk0AA9Pw7q3FEcbbkKoH2yLEqW6ip6EvwDtYbUGYXokSOXqX4\nUB6KV8LHEqqRdqFjBs0A5QKBgDRpTwuDRi+E/vIHW00V9CLOxt3hf78bxuOB+RT2\nw6BuuPpByLi5unycZIgp7L+cin+I5lYtX6Z06LpbUehPNdYtMHk2MUjD3UlftKZ/\nrDcBgQ0JC/DJPycrh/xTvUiYIs05H8bxQjmgqN5FgrDfguNiErvfR0+QO+VMbfSj\nAesRAoGBAIxO3Vls5HiIZSpIjE2Ab9ojrgnbWPEbIowOcjhBzKZM7zcLfF6vibO2\n5mfKp9JLZ+YoVggJispBBvnBXhzSSgcePyrvfp1DASQaGs8LtAb42or/7KZvnIzd\nNehsZhUOPD4Lnv6Wh5pzorjVbIbm315uO1PKxD2OEB7k3G5xMRn+\n-----END RSA PRIVATE KEY-----\n",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICczCCAVsCAQAwEDEOMAwGA1UEAxMFdGFuZWowggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQCfJ+aHT/f1QkA8AmihIsFvAWKUD44YGgbXNUneea3HmS+d\nQlBviLtT5Eqa92pecNyX5xXL7jjqOrBBDiLFEqJ2YbR17EPcStn0lIzLa1tCyZ39\nngblJCBLPBYMc2SfMnv4wOjba3sk2FGr0TiA2ztaHbqS9SHSXA+flb2UY8BHVikK\nW9Y7I9gFVOXBJBmmBKHNcxJOtWUT06rN0qD862NvxC9cW3HCy2MHgYj6yO+jfn5e\npwYJGd5r6BywiKABeQpk/4K8KukLesX1f0G3yJiwITKj9fRJlzV4AQT7cyNz/NIx\nDiHInAhBDay7T4E8Mg1hUsivp21I3d4vf4p6UN3vAgMBAAGgHjAcBgkqhkiG9w0B\nCQ4xDzANMAsGA1UdEQQEMAKBADANBgkqhkiG9w0BAQsFAAOCAQEAELL6Si44XlK3\neelk7wXthn+I+Pa0BIjHx90koBTVW5RKLAALsaisYjjAjAPJlfisK8aQMVS3imD/\nucSGpCRgqhY1oOPOALTp/mwWTsDuranFd/hfNQc5DpqpGGOXj5NHTC4si7nYPuRL\nHqqn/qHN/gCgh984v4G07suJsxQ1zA5beeyxRORE9/UmSpkyjss/olw+c/ekbc+G\nr6+Fp41JwOhsH39kT/eLgF2LnDXdFWbuF2Q13Y7jRVfT1lMRI0xuyO0AnCIMayMj\noIyQNbnFTYxSzsRhgTZ/85tXtoaLva2h/dy+21f8ufiAxZTUQWPN914DgozGw4yN\nl9qKd9SKTw==\n-----END CERTIFICATE REQUEST-----\n",
"cert": "-----BEGIN CERTIFICATE-----\nMIIE5zCCAs+gAwIBAgIRAPPwaSrfpbwXqCG3dSBAA6MwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTEyMDExMDQ1NTZaFw0yNDA4MjcxMDQ1NTZaMEYxDjAMBgNVBAMTBXRhbmVqMTQw\nMgYKCZImiZPyLGQBARMkMWE2YjFlNmMtYmQ4MC00OTM2LTlkYjMtZjg1ZDFkNTQ3\nYjAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyfmh0/39UJAPAJo\noSLBbwFilA+OGBoG1zVJ3nmtx5kvnUJQb4i7U+RKmvdqXnDcl+cVy+446jqwQQ4i\nxRKidmG0dexD3ErZ9JSMy2tbQsmd/Z4G5SQgSzwWDHNknzJ7+MDo22t7JNhRq9E4\ngNs7Wh26kvUh0lwPn5W9lGPAR1YpClvWOyPYBVTlwSQZpgShzXMSTrVlE9OqzdKg\n/Otjb8QvXFtxwstjB4GI+sjvo35+XqcGCRnea+gcsIigAXkKZP+CvCrpC3rF9X9B\nt8iYsCEyo/X0SZc1eAEE+3Mjc/zSMQ4hyJwIQQ2su0+BPDINYVLIr6dtSN3eL3+K\nelDd7wIDAQABo4G7MIG4MA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFFjNnvvBFxGnHa+KiXmdOsib\nf+z6MAsGA1UdEQQEMAKBADBVBgNVHR8ETjBMMEqgSKBGhkRodHRwOi8va2V5c2Vj\ndXJlLmxvY2FsL2NybHMvOWZmZWJlMTgtYjQxMi00MDYzLTg0NTMtMzYzNzBiZjQ4\nZTg2LmNybDANBgkqhkiG9w0BAQsFAAOCAgEAzSV/HlVR7KJ80DG3obKmGbIbs+0y\nXKt6Js7BFjo58GlyguXtQYX+UTXr6OA5MiPWYYQSY4RbXWX79lqmo1XQLuIpPN7R\ntpDFk3rn9WYWF7fKWFLSMXPDz397cZJ5WHP93EootZyeDiSIqHmtTpSW+cJ1l/j7\numhY7e58nJ/UmL5bHc5npLeXNcEbzbwDcMVtOZ7P8nATexO4nXgQZemZ+VHRbVhn\napKG5rXRAtl0kg6ntqf8jfm4np9RN30gAhQaPIn+r5Cbvv/LbXkcwY1aY5KGV1KW\n0rbBl7CbeMQlkhhKW5l8nXbxdNj1ZgvPCi+KGcYdg5VOg4zCCS7dWPHYfNmEkJHu\nVhz7xeVwFLlxRdW7H6R4QhmBgPrzIwqtnfPzbs+gurtzfDGMrlCFF+49KASCxMev\ncVSZZROHcpkQ0PLAUhTYCOib/ZJfi9u57HYy0d0pfnP440qr2whsVlwJvEN9GS/D\nwEnumdN3VNTXE4NZlXG/tFK4kiUXuM8vGMqCvJr+10yxMmZdX6Qgi6z6VebGIJ4w\ncRt83FDou5qQmH7kRjXV8cXyGtIebBPwXcCKO3iMZNxpbs3P9LQx4yqwShQB3DcI\nM7MgMSgczHFTqrQJ3G3+vPpX2dzBXEWAC35VKjmvDQaSPk/woyjL4mVnlIDyrIpn\nnTNcbt1L9MVxlXw=\n-----END CERTIFICATE-----\n",
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIGJDCCBAygAwIBAgIQDOK/DLL6BXSYFbnlyJAjDDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTIx\nMTEzMDA1NDY0MloXDTI0MDMwNDA1NDY0MlowXDELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAwDgYDVQQKEwdHZW1hbHRvMRwwGgYD\nVQQDExN3ZWIua2V5c2VjdXJlLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A\nMIICCgKCAgEA3zVqkxg1hUkeYSGgzYM7v0vpjiERp6EPv3vDj+hCVgIEqjlV5vow\nd1X/mmEXBpzGDTZLnM50l06Mfj8jpz1TGooNe5/hPHLJEPUnLGs2FFiSYZ4KCZb7\nzV84iRKl63/OU47QntmtwuqPJg4SAQkBe6ekr7WrJr53ZlfsoN+c6ciKBA9MqCL9\noS1av2Q3f+WcFZrpbWEehrAyvlSEoletbjMtPQ92XGUjJuRcnp2rFuh1AR9NHGv8\nQX11oLo2vOR7GuUVScI8ZNHNXYkfoL5H6OeTh9es7clrM8lg3M0Ssgy9pH6F4/ej\nHvIqHBZK7SdBjUUQz3rSD6mtWxOsnoq37tvUscFsiYOMVrCmHS5xykIShHQhzs5W\nv3352Z/IcUN9BjvH/vVoQbMBSv4BZjy48GsSwe5lmCgTc/Z0jzuBYLzuhAd02Y+2\nxi/bhQvAFALmoXepbtnGmNoLDFI1CpfDTfGPlWrHShg9yJQjW7DzoWJZrasSFb9m\nhfqriDoueT6PNEfFAE77CIdILPELWSsFmsT56FlUQj1jveATjvou0nJiAHDdbkY/\nTNlTtINR6w7uxBfiHdPIRtVqyNGT9qyHJXXa9axBY2Sbo/pDGvc0X0R2IMtjwU08\nZ5FMqATI9H7P5bXGPTs5IXYAQTqTSSmn91rB2LQZIJR6cvUf6R7eD3sCAwEAAaOB\n4zCB4DAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0T\nAQH/BAIwADAfBgNVHSMEGDAWgBRYzZ77wRcRpx2viol5nTrIm3/s+jAzBgNVHREE\nLDAqghN3ZWIua2V5c2VjdXJlLmxvY2FsgRNzdXBwb3J0QGdlbWFsdG8uY29tMFUG\nA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly9rZXlzZWN1cmUubG9jYWwvY3Jscy85ZmZl\nYmUxOC1iNDEyLTQwNjMtODQ1My0zNjM3MGJmNDhlODYuY3JsMA0GCSqGSIb3DQEB\nCwUAA4ICAQCYi0/YtLHBnNIBj+IRGrGo3h1mFk+LaKR98D5dSBZd1Czj3/SMF0RQ\nqDWi4KLu0Ro+8R+ok+slp19ZAV5wo6wlUMZM/IMwFND8VE4SrO1X4wjPEdLmRWnO\njzHXUHNzEOozzwrsJOQP1wReY6Dtz0V/i7zS1KerctN6ZwQAIBM3ZQ3T+TvN4D8e\ncYfkPTcgo/HEBDjO9DhRxTE3wmU1eKDpY4Xv9iPMfELnm36Hm47Ob0Txdk+KD+G1\nNm+z9yWgJZ3POaNhROF4itefEwjiqmTkf8BGNTe5e6+pRzHwr1An3AtkydufPnuX\nQzveCajhQi5edQpUad72LDs9vgMcCUseeiUF0dcjq9Kj5mJUFUnfIPuRPY36oDph\nUJlT8P5TTd7wngMoxeGpz+qrJxkrZ7AIFdquA9GM8VLMFDi9ALIImnyNg4OPwjaK\nJfCDurIZ0d8Ba4cYqqiHLbuD0/a+/xYGwRvoQwCOM7OJ6oeeolO1JVOzJ1dV9PEI\nlJmQMt2XBH06wNV58xFQ3VPhtZM6JuvAQGd/o908qmOuDvhMcmMMu0FsJrCijxTc\njj9Q3XpwvZKAYb+NduyIbQ2DqcFBMisV4tgyhdBGHTtD7DILOy+Rx0fU9jwz0hny\nNyBpD4LvK1Y4ObWnViiwUAEQPzAEz3LWz/U2J9YMZpI1yvyfB+Xy8g==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAPx8MV+j0NqVPb2EhQpI3IQwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTExMzAwNTQ2MzBaFw0zMTExMjgwNTQ2MzBaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDb9AihTQfx/QoOuhyOEVmAfXF0W0EQhNApGIazTdpHZ1fkpe9qqZAR\neHPC5ME9no6N7KqaqgovHzNyYU/TA6tFhduS91bjI0W2aS4wAldGRLA7LIfcYnV8\nXuBp0x2otyjf+tJ1UAfmZyWkAmlJkfbcxHwXtBSoSV676qd/DnyqxS4Spj4GyHTl\nTJM1Q1utHjV6BiY2AcUAlKYWC4R7sKkf2dN8Ce3eyiI9RU6UFijcnCicuWI9W3MS\nX2E33RFgJy/etN3dBWxs9+xHFYgAbc11ORZU1Im4xbhwP94hhXBbfIoajHsDetL7\nCoP2GXPvODXUntJR4iQnN4ITlwEK62hGfjGGdq2a+1Xqz25bB0Qzj2FHSeCeeAuQ\nLWZKC/3CcvkTxBVSzzv66rzMKqmY9gSs8tenFbSuK58tGUxNR6HoklCBi/vsIokN\nfHLBvbA9BYAHA4mLMoBBPoj2uoGJphkm1J5J0YH4vvyLxG425Z8NP0WVlMdvL+OG\n5NPJg/+kiANpcy/RDMMySBY6dCbxdm7ojAtu9JM95/Z3V6VjQFalNMcKP6gCzRVx\nAoUQ9cKNuJHCIN+N0eSbBGm8/uSC1F/y5CiVLDEV3zKDxq/NZKPkUS3YGime7c14\nw3S39bi7uUr7NIdalPMzMrDtu4xNJY20vByJG2UeQTf2KH7ve4WFRQIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWM2e\n+8EXEacdr4qJeZ06yJt/7PowHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEAF4ZSNiC4SRjiia1yo8avfDVoXcqmfZJVE2Ym\n9rPh8oAG44MHu3k5tnt1U82cnv2bLRSsdci+SRFb9CAunWPGl68D2D8LmUubjVBT\nC7XxwTmaxXKxOEwdbK1VXjszw8kS3F17BguJ+9ZbobwphuszbwGWGqnT05QOTDdM\n/f/6VsJ5wG5mz+xBjiFqOT9DIzBpXb+TBOVnMa14Ie54BLOmhSo6y2HTfO8EYtG9\n+FQEq3udXcuKfhHGa563Fy1uiLPvD0xuYeJxmwCoTqWyRla06aYUG1LAksRLlJHD\nwtHOKExJBVTm46ITVZqiQHweoPVYnHLZQ6B+tF2EOb1rURGZ3DcZJ9Kr6/xE1yz2\nvmjeF0iBMmVr83LdDCFo75TVquYlY2+iMq4fpd5eh20vhvj5DMc9STDxNNAYiu31\n2kDnGXJMsrZaCqb7SFw/X5Lh0zImHZUoaqMxQzlzHl9xGfIGWXosX7X4MKZhWHBK\nM2ZNGifh9Kub8bdEKDP7SID/Mph7P3eDkAX8auHTRPQEM+iyTkWRx6ohvjpjgI+S\nawbGlrFwX5BAk+epiWVLimr644aLyAZh8tf5rT4EcbqtWeQQwpJZDhmd+ykk42Kn\nnDRcs5LpMNPX5IqsdZ0D8dPhhpShqheG+C7pCE6SgEZM8LtwHprKp1XjkIK9g5Yg\nRFAuSN8=\n-----END CERTIFICATE-----\n"
}
Example Request 2
ksctl clientmgmt clients self renew --subject-dn-field-to-modify CN
Example Response 2
{
"client_id":"1e04f15f-0de7-4e13-9c5d-2a84e26ee947",
"key":"-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAt/6mVPE+16G0WcwXDnM5XVX8yyg3XqkHDXWjigdK0K3OLtUX\ndweXQ9wTm/DUr7njEXJ+qM7tw NP/D5fA9V08+/qMjOGBafI0uS4TGp3SXMzJ5KDc\n6zbNoV7+lbAG/x4RpVpPDK0Mzd/4w0YnkREmFx/I7oqGVLrjm/Qdz1FC/qLqOUMp\n9DNcbNVo3IKhV0e96rH0nl97qhSTUDtykF2VYwLRrYxKTygKo2pn1Hgi2+4VMjH6\nhWtM32raJFXTQdiTUrauM9lOySnTrXvtlKJmY1Fc7akSTLaJTtKSR2z6XiEmruOJ\n8B1Xpkhqq3X6iBFlfgye77+uWuGUW7xFpKu3TQIDAQABAoIBAHaQMrCz0FH1Upk2\nyXi3STTa7w4euSdXdkL3Fk4gitZT2XQWPoumKZRB4aTwGK2v9CFPDU1MIqrKMSbk\nHCRAU8bv2dgCjHkv6UeW6BqTrnW8RTD9c75iTzl4VEcy6h9FSguqWRwK+yBC/jMf\nJun1Cf2Grt0ACLXaxEa/lOH+NFSOoPh+FPISxYq7/XhrmLevlgNby1UQLMbFi2b7\nRVE4cd2POwIIzN15LN1SvRtxBYj+r4Y75fO46sgCUD9r2gP3PT/2ENcx3r57JR4b\n7Ghmuzgj25HR7ki0zJHjgH7hNX+1Yh3VGuWNjqPU4IeAeB2jTGpcOTAVp/o4vtGY\nFb5UZMECgYEA2cm9j0QVQ61y4TE55451OOMQ10gMZQd18H8w3bwxmyMkSXbFOaha\nM5arMB1K0AhRpyvffsL66lnQPhLXmvVlrpboZaZzJpK0t89Opb2D9mkP7fA15E0X\nX+SwSmO2z0XkfmENL9/dlEpE/1uDyXtv8BgHdbplhwv+0k3bfzdue90CgYEA2EcI\nvqPfzpPELHvIW68U6U/mhOZHiRDlURGVl0sCu1t2Yp9e6P40SkV1Wc56azzeVnA3\nBZwAVWwuBXS+b+AN8YLJIcp+G6Z88Xm5lIJcUEGlZu3+v4jmIf8ovxzSkOedfDVg\nT2P6tG7EBxnLji14t1wvE18gKkFFvhTkaQKm6jECgYBGTrdwWbVXrNXqVv7vfvDe\n1YbpSOwfbWIoqpb27jtBbv3W7Y3MCEpeXySSmtI9CIJ7qlEzVfS01RvB/kk2UERs\nMXGC51JDQJcww68LGHxSfyZSVPrA4hZKscQrr7cjgNe76M7eBrI8niFaIowP7lZ7\ntvYpjmwaRcgU0meq0RVMzQKBgDQ6+2amxr7pup+PiTRzFNa/gAkqX64/UVIBsCGo\ncNF0ZiOtH0ufUFt7aLq2faP2QC+Zy//jy8TVakvRBMiZ0GQ51H7/mvLsgxIB9oph\n7Q9IuzwfT71Lv2AIcfutZ0CtXsAHV+n0WDBI67hXR2xfmN6XOZsxBuCNgN1FyF9/\nz3WRAoGAaFoqxxNUbCWqkLxQeNKeeQmPXWMsC5Ad8+Uf6aSN+rAH1WsuYQPs5fkP\niUvUgZwHgk2TSEwwYpYtAOeDFiEya9IDeJyKYpxTKm2dM9ZBvn5NFTAJTFrwhrtM\nK24ojzMxf+VpLSpCCGp7rrrKb80KQLPFA4FVgc/SfI2LFclq0jk=\n-----END RSA PRIVATE KEY-----\n",
"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICmDCCAYACAQAwNTEzMDEGA1UEAxMqdG9rZW4yMDk5YWI5MjktMTk0Zi00ZThi\nLTkwZWMtNTk1Mjc5NTgzYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAt/6mVPE+16G0WcwXDnM5XVX8yyg3XqkHDXWjigdK0K3OLtUXdweXQ9wTm/DU\nr7njEXJ+qM7twNP/D5fA9V08+/qMjOGBafI0uS4TGp3SXMzJ5KDc6zbNoV7+lbAG\n/x4RpVpPDK0Mzd/4w0YnkREmFx/I7oqGVLrjm/Qdz1FC/qLqOUMp9DNcbNVo3IKh\nV0e96rH0nl97qhSTUDtykF2VYwLRrYxKTygKo2pn1Hgi2+4VMjH6hWtM32raJFXT\nQdiTUrauM9lOySnTrXvtlKJmY1Fc7akSTLaJTtKSR2z6XiEmruOJ8B1Xpkhqq3X6\niBFlfgye77+uWuGUW7xFpKu3TQIDAQABoB4wHAYJKoZIhvcNAQkOMQ8wDTALBgNV\nHREEBDACgQAwDQYJKoZIhvcNAQELBQADggEBAAoI0CSQQ9Kn7mpwuoA5vElF4zOp\ncAFb7OF7xP8gChJiRhotWfUTo41WmQfEMXGuBgdUcfGgHaNSMrH55C9RoKM44d5k\nDz+jgps20IotKQFDpqh5ZHN/TZu6Fxxd50UchJ+mTDu6zikf44lLCwOZFp6211E4\naBpaHuiYLs9DPCXBibex3N3cS8EFBUrm0/Tyd+yhAhv6NFsD9oBOPVHbz1HBYkSf\nk7ZJzZn3OJK1P6td+2SqEcKOtu20hnDkylcbFs5R3qt2zBMAc+BRYPROvJ11LN+h\n2u3E8PFPkRlAOXby2GF0nWFXzYZI6Osy58RKS6Bbx3gJR/kzxU/Z/OJnkv8=\n-----END CERTIFICATE REQUEST-----\n",
"cert":"-----BEGIN CERTIFICATE-----\nMIIFCzCCAvOgAwIBAgIQILRWHfqfJGJG6dTgAMyHkzANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTIx\nMTAzMTExMTIwN1oXDTIzMTAzMTExMTIwN1owazEzMDEGA1UEAxMqdG9rZW4yMDk5\nYWI5MjktMTk0Zi00ZThiLTkwZWMtNTk1Mjc5NTgzYWNlMTQwMgYKCZImiZPyLGQB\nARMkMWUwNGYxNWYtMGRlNy00ZTEzLTljNWQtMmE4NGUyNmVlOTQ3MIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/6mVPE+16G0WcwXDnM5XVX8yyg3XqkH\nDXWjigdK0K3OLtUXdweXQ9wTm/DUr7njEXJ+qM7twNP/D5fA9V08+/qMjOGBafI0\nuS4TGp3SXMzJ5KDc6zbNoV7+lbAG/x4RpVpPDK0Mzd/4w0YnkREmFx/I7oqGVLrj\nm/Qdz1FC/qLqOUMp9DNcbNVo3IKhV0e96rH0nl97qhSTUDtykF2VYwLRrYxKTygK\no2pn1Hgi2+4VMjH6hWtM32raJFXTQdiTUrauM9lOySnTrXvtlKJmY1Fc7akSTLaJ\nTtKSR2z6XiEmruOJ8B1Xpkhqq3X6iBFlfgye77+uWuGUW7xFpKu3TQIDAQABo4G7\nMIG4MA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMB\nAf8EAjAAMB8GA1UdIwQYMBaAFK5TxeYX0HEIee7MBusV6YZRlpiJMAsGA1UdEQQE\nMAKBADBVBgNVHR8ETjBMMEqgSKBGhkRodHRwOi8va2V5c2VjdXJlLmxvY2FsL2Ny\nbHMvYzUwNjI2OGYtMWM1My00YjllLTg5NWUtYmVmY2Y4NDE4MmI1LmNybDANBgkq\nhkiG9w0BAQsFAAOCAgEAIYJoz9y6kR3jGEao44aBcO9EZvs0UbdRRxFTcQ0r1/CR\nJI9bfDHbMtXDyn3QqKdLoQ8UQ9XRlLaYx/CtomD7PLNnRK2m37fyLbH+5sOXEK0+\nPSKGGtt336tGJIfp+Bn8NjOChwPyWgBPG6EmVblJ2e1O9iRp3IgenWTncDBpFjVT\n8rb6X6GubWsoWySN6dz3T+o8ixFmpZyFj9cil/CqkOz5ZZkpXtv87uMtTfc35xAs\n6lpgMdweOUwWEThic1Xz9GXnLSUIsogTKXJDU349EC0slSF9xfXXxPEos8Rp+5m8\nQOlTPaPAd94sngFOkgHY7ewMItdlN1i9ovAEJglvUfK9l/GKcLkK1V90caDfOe9Z\nEsghfwbXSQjfOgBB5vqBGvQVQOCEaBa+l1e3H+wAst44YOntsr7usiLy3XNXa7yq\nG2stdkd1XkthlIApW/PtP8IanmLva36pVxZBL6LB5AkHA5vHLv8WJ7meLLQAw3oQ\nybH4yVI0dwAhEVUxXdTYTgkNd7xKhXweh1TQzs5k46OKiZD45Xv/fG86xlB1lzEA\nyawqpcDq9u2nyI09p6LOFPJZHCuiLAqivNxlfJaYh8L4s4klWpL RqS2WJWE0FvuE\ngkx0W7MVD9du0mjat9fyM6fhIf1Y8EPPNnTsBwwQmrGcfTunC8nuqD227WSTuMU=\n-----END CERTIFICATE-----\n",
"ca_cert":"-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAP7Ey0klaWO58b3EHqrNyS4wDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTEwMzExMDQxMDZaFw0zMTEwMjkxMDQxMDZaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDGA3nahTIT/WlDzURGLgFDN0kDwwDn+fuJ4VAk5Jy5MW73elibQoRP\nXdcM5v7AYRl97IjhRGTOprTxqzXmLhjY+XDZ1bPCEzzE6ZKNtHpDL6Ul47DFYc7H\nq4TfkLpV7fWnXjleZCEhU8Z8XNjqGNdnh4tq6MJ2C+C2tlNbbhmlYdSRwULzt+md\nbeuO74Ko6DGEJ26rNGfTyAm79k1+YamcWbk1T+ct3bhnce6pf2MM3jI4cWLBmXwS\naKReZmf9uBFGbVhjMnWGIxBgGDnY6mgEHLXSqEvhw93EEhOHNYOf8Hy1HQTNDPSY\nMDtkI5kQ0/XjEH3dSSFjwOvlXJGryx2W5BqD0UQHXSIIZOm+ao/+URKj/LcZ+V6y\n4rGJU7jrPwiYsDqxzEMeZ6o17QHfuQBfoGFqRIzvgPNN75WYhT0TgG3BmTW3KAmD\n0zEM+nvwMDPElU7SgzX1Ufj83XqoCLsGLzWH4InY3S0HlT7HVATay2zgjpkH/Sp8\nOTht71LFARyGo9PvxI3tdjZNYMd+/rXA5qA5fmq94DlGikJHMZ5n2NP+lQ+I+rsv\npmtKDZ6QQ1WzpOORGM8KOHkJgYkHwv5NdmmhxgCqzzVS1HGnWrcqiKuwWw1Dh7VI\nYYgo+INGKdBNqnLwI77vdjGWkCgjYi9uIXtNz4n0zH60CreKDgOpfQIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUrlPF\n5hfQcQh57swG6xXphlGWmIkwHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEACEE+oAGb2HTtEvshvAu4iSJe3Z3mx31Ei3/o\nMSEkyoP/aotxfrVsgFNQNtPvvGfCJJxBCO6YZUnCLHZ67Aa2wGClguL/NESUdaK4\nX7HXZhAK4Bhc+eFGKjdUzVSg65OToYnq1IVdZ+AO6JIi9xHAQthZoHu2c3ylrT/k\n/phd8Ro23sfFYs47zkk169vL/A4pKofgSjfPLhrVuEOFFZRFcl8nPt9tSUNXmQcN\nzYvDnfep4Ka81KIrMmxtocuHdDQoZvUy6U+Akrf9GNiGYUBfNCnxFQflmXKArknL\n3RqBjZWwS0zKnSN4QV/1CKHOlC5xnkviRTNNoYbSL5mRvuGiJ7+iGRu0c5NFoBM3\nuVA9Sar5VZ8xS780ONB2ud4Ci1cwdGhOqGPJugSo/qSXJuKYH7Y8W+T/Aaqg96lz\nwdSlrl7tQVkM50/eyNRsWo9lxu3Gbnf/ccdsFADAvwzyJTU8Wum8yFEHPkAHx2r7\n4fEBVi94LLz4msqGvsIBU/GUWieDVwPysZzMVABFGpS1jFYltZ3MvkJJn5h8CasA\nvOPeqLUdGSG/P7aHzyJR58s3f3Y15/tQgM5McyOvBtK0lSOKWRrmvMpF8wwiNwik\n0gz2OzryK/BkXO7iNO4GRFNj/ynmMXFZuSwlL8HRLjU0yEjwXKLZmGPUFzgpW9LX\nJW+cMJE=\n-----END CERTIFICATE-----\n"
}
Example Request 3
ksctl clientmgmt clients self renew --clientcsr ./csr.pem
The certificate file must be in the PEM
format as:
-----BEGIN CERTIFICATE REQUEST-----
MIICejCCAWICAQAwNTEzMDEGA1UEAxMqdG9rZW4yMDk5YWI5MjktMTk0Zi00ZThi
LTkwZWMtNTk1Mjc5NTgzYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsKKO2wJspkm8eeVJZ6r9aexy4Nk+7vlaMsVgTBjI2yZrtgbkbNFQah1cwKny
C3ZNF5X4USFGhFs+msgoCEFUb3leMQb7WS6yPsRgM4Z4E3WIu9bDNBp9MUXuSE1k
z6uv9qbDLD9TVghkMIIU6wJuCS3OidIww8ZtZEkhQvU91QpmGSOAhWYonCdRvNaC
oqKGbDrfRU+7siK8+L0rea+lcn1frdWjkYB//GzuhhqJ2zitxRo+Zukx1PAS59Gi
2sAnWJTmAdw/eCyMJo2HG9R2dKmAtmMx+dgO9nNnB0+FK0sEC1SHTNWaGALmX5rT
lIdDxeHUrjE5K/7dLC32qcqC1QIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAAbJ
UpqzjZwgq+RV0ph33GMK2s2fyv4tbOQ+jwdsWFQrYVdBJevxu9xD1/Ou9QN+4L2T
hXFs1WLyDWYxZyCu+4vPVYLBXzEnOqZblixiljmJ8wykYk2dyttNPOQo22ZPLTHx
viMZ81qZu/oGGk4ia9YBsvjMLPsbFzW34xWLTiEYgiNDlPhsZxQbxOwQ6H2VsCAQ
6c/cF0LkbZZvKunrNb//KnfF7VmPFhZQkdtuagwAX/lLdymVGockFLviYcxTP6nO
7xUzUVcBRadZib+8dQYeRnUW2+qAQeWFfLFqQrFG9xr8UWQt8ShDWuTwZPvWnA9V
8JmUnCIUOuoaJWZxP+Y=
-----END CERTIFICATE REQUEST-----
Example Response 3
{
"client_id": "1e04f15f-0de7-4e13-9c5d-2a84e26ee947",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICejCCAWICAQAwNTEzMDEGA1UEAxMqdG9rZW4yMDk5YWI5MjktMTk0Zi00ZThi\nLTkwZWMtNTk1Mjc5NTgzYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAsKKO2wJspkm8eeVJZ6r9aexy4Nk+7vlaMsVgTBjI2yZrtgbkbNFQah1cwKny\nC3ZNF5X4USFGhFs+msgoCEFUb3leMQb7WS6yPsRgM4Z4E3WIu9bDNBp9MUXuSE1k\nz6uv9qbDLD9TVghkMIIU6wJuCS3OidIww8ZtZEkhQvU91QpmGSOAhWYonCdRvNaC\noqKGbDrfRU+7siK8+L0rea+lcn1frdWjkYB//GzuhhqJ2zitxRo+Zukx1PAS59Gi\n2sAnWJTmAdw/eCyMJo2HG9R2dKmAtmMx+dgO9nNnB0+FK0sEC1SHTNWaGALmX5rT\nlIdDxeHUrjE5K/7dLC32qcqC1QIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAAbJ\nUpqzjZwgq+RV0ph33GMK2s2fyv4tbOQ+jwdsWFQrYVdBJevxu9xD1/Ou9QN+4L2T\nhXFs1WLyDWYxZyCu+4vPVYLBXzEnOqZblixiljmJ8wykYk2dyttNPOQo22ZPLTHx\nviMZ81qZu/oGGk4ia9YBsvjMLPsbFzW34xWLTiEYgiNDlPhsZxQbxOwQ6H2VsCAQ\n6c/cF0LkbZZvKunrNb//KnfF7VmPFhZQkdt uagwAX/lLdymVGockFLviYcxTP6nO\n7xUzUVcBRadZib+8dQYeRnUW2+qAQeWFfLFqQrFG9xr8UWQt8ShDWuTwZPvWnA9V\n8JmUnCIUOuoaJWZxP+Y=\n-----END CERTIFICATE REQUEST-----",
"cert": "-----BEGIN CERTIFICATE-----\nMIIE/jCCAuagAwIBAgIQIzY+3boBkdC35RH2NMxgfDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTIx\nMTAzMTEwNTQzM1oXDTIzMTAzMTEwNTQzM1owazEzMDEGA1UEAxMqdG9rZW4yMDk5\nYWI5MjktMTk0Zi00ZThiLTkwZWMtNTk1Mjc5NTgzYWNlMTQwMgYKCZImiZPyLGQB\nARMkMWUwNGYxNWYtMGRlNy00ZTEzLTljNWQtMmE4NGUyNmVlOTQ3MIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKKO2wJspkm8eeVJZ6r9aexy4Nk+7vla\nMsVgTBjI2yZrtgbkbNFQah1cwKnyC3ZNF5X4USFGhFs+msgoCEFUb3leMQb7WS6y\nPsRgM4Z4E3WIu9bDNBp9MUXuSE1kz6uv9qbDLD9TVghkMIIU6wJuCS3OidIww8Zt\nZEkhQvU91QpmGSOAhWYonCdRvNaCoqKGbDrfRU+7siK8+L0rea+lcn1frdWjkYB/\n/GzuhhqJ2zitxRo+Zukx1PAS59Gi2sAnWJTmAdw/eCyMJo2HG9R2dKmAtmMx+dgO\n9nNnB0+FK0sEC1SHTNWaGALmX5rTlIdDxeHUrjE5K/7dLC32qcqC1QIDAQABo4Gu\nMIGrMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMB\nAf8EAjAAMB8GA1UdIwQYMBaAFK5TxeYX0HEIee7MBusV6YZRlpiJMFUGA1UdHwRO\nMEwwSqBIoEaGRGh0dHA6Ly9rZXlzZWN1cmUubG9jYWwvY3Jscy9jNTA2MjY4Zi0x\nYzUzLTRiOWUtODk1ZS1iZWZjZjg0MTgyYjUuY3JsMA0GCSqGSIb3DQEBCwUAA4IC\nAQAYMDPTgxvfRtgvlSeBKvJUKTAfaonnUe5KT6nb/AixPCPY3qNRRZ6nhqlGMHro\nVBzoFAupdR8INAp/N8lx8WUGMrBJ6nuHulzf5KnXTNAa5M26BDloCIugNyBrxIuf\ndlczzF5qPBb7JGIzOcpemvOVi4ObHkWzw4S12MIn+4fIXhv6G8vHl0QgGNyK5Iy7\nbc6+BwVEQmXITfEaWrkmeVxjZKnqiI78qjoxqGKb67G9ob+oCJPVVJg2Ex67n/9k\nq32GlOqlc7Oh4Zgj7tWm6Qvnq8snl4VfCyfSdO17QZrB456197OZ8qQhBhdWw5MY\n77IbHp5w60O/zqQFahBxSiQfpreKZbUFY26NE6ghmEKlu93i3CKYbmEeibn2sjyV\n9zzvTD5pFd0mPoeTZKBXddsK8mcqZhiAGvkKRUyONJkRSRMUMqzBjzCaO4t7xcDU\nRAstoefu4FbvtrHo79/qZFAsNQm2JskpmTvyXj4uS7j+W6SH/w0mkjTk3XIxIXMK\nT4guoP8Zk+DpfFTtcs73WRY4AjBqIa7y2dL2VyevWTe6S5bJHNMLlHqxOM3bDPbx\n14GJpi+q44/fu85eZSDWo23zAFfh6DTg/UhTbIV6OKmbPH6mvFetG5tU2YnmX55d\nJYAu7jmgBLs7iIGV4kEyyUKhjzGjZKlyMVL6CnHj7PdXGg==\n-----END CERTIFICATE-----\n",
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAP7Ey0klaWO58b3EHqrNyS4wDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTEwMzExMDQxMDZaFw0zMTEwMjkxMDQxMDZaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDGA3nahTIT/WlDzURGLgFDN0kDwwDn+fuJ4VAk5Jy5MW73elibQoRP\nXdcM5v7AYRl97IjhRGTOprTxqzXmLhjY+XDZ1bPCEzzE6ZKNtHpDL6Ul47DFYc7H\nq4TfkLpV7fWnXjleZCEhU8Z8XNjqGNdnh4tq6MJ2C+C2tlNbbhmlYdSRwULzt+md\nbeuO74Ko6DGEJ26rNGfTyAm79k1+YamcWbk1T+ct3bhnce6pf2MM3jI4cWLBmXwS\naKReZmf9uBFGbVhjMnWGIxBgGDnY6mgEHLXSqEvhw93EEhOHNYOf8Hy1HQTNDPSY\nMDtkI5kQ0/XjEH3dSSFjwOvlXJGryx2W5BqD0UQHXSIIZOm+ao/+URKj/LcZ+V6y\n4rGJU7jrPwiYsDqxzEMeZ6o17QHfuQBfoGFqRIzvgPNN75WYhT0TgG3BmTW3KAmD\n0zEM+nvwMDPElU7SgzX1Ufj83XqoCLsGLzWH4InY3S0HlT7HVATay2zgjpkH/Sp8\nOTht71LFARyGo9PvxI3tdjZNYMd+/rXA5qA5fmq94DlGikJHMZ5n2NP+lQ+I+rsv\npmtKDZ6QQ1WzpOORGM8KOHkJgYkHwv5NdmmhxgCqzzVS1HGnWrcqiKuwWw1Dh7VI\nYYgo+INGKdBNqnLwI77vdjGWkCgjYi9uIXtNz4n0zH60CreKDgOpfQIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUrlPF\n5hfQcQh57swG6xXphlGWmIkwHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEACEE+oAGb2HTtEvshvAu4iSJe3Z3mx31Ei3/o\nMSEkyoP/aotxfrVsgFNQNtPvvGfCJJxBCO6YZUnCLHZ67Aa2wGClguL/NESUdaK4\nX7HXZhAK4Bhc+eFGKjdUzVSg65OToYnq1IVdZ+AO6JIi9xHAQthZoHu2c3ylrT/k\n/phd8Ro23sfFYs47zkk169vL/A4pKofgSjfPLhrVuEOFFZRFcl8nPt9tSUNXmQcN\nzYvDnfep4Ka81KIrMmxtocuHdDQoZvUy6U+Akrf9GNiGYUBfNCnxFQflmXKArknL\n3RqBjZWwS0zKnSN4QV/1CKHOlC5xnkviRTNNoYbSL5mRvuGiJ7+iGRu0c5NFoBM3\nuVA9Sar5VZ8xS780ONB2ud4Ci1cwdGhOqGPJugSo/qSXJuKYH7Y8W+T/Aaqg96lz\nwdSlrl7tQVkM50/eyNRsWo9lxu3Gbnf/ccdsFADAvwzyJTU8Wum8yFEHPkAHx2r7\n4fEBVi94LLz4msqGvsIBU/GUWieDVwPysZzMVABFGpS1jFYltZ3MvkJJn5h8CasA\nvOPeqLUdGSG/P7aHzyJR58s3f3Y15/tQgM5McyOvBtK0lSOKWRrmvMpF8wwiNwik\n0gz2OzryK/BkXO7iNO4GRFNj/ynmMXFZuSwlL8HRLjU0yEjwXKLZmGPUFzgpW9LX\nJW+cMJE=\n-----END CERTIFICATE-----\n"
}
Example Request 4
ksctl clientmgmt clients self renew --clientcsr ./csr.pem --do-not-modify-subject-dn
Example Response 4
{
"client_id": "1e04f15f-0de7-4e13-9c5d-2a84e26ee947",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICejCCAWICAQAwNTEzMDEGA1UEAxMqdG9rZW4yMDk5YWI5MjktMTk0Zi00ZThi\nLTkwZWMtNTk1Mjc5NTgzYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAsKKO2wJspkm8eeVJZ6r9aexy4Nk+7vlaMsVgTBjI2yZrtgbkbNFQah1cwKny\nC3ZNF5X4USFGhFs+msgoCEFUb3leMQb7WS6yPsRgM4Z4E3WIu9bDNBp9MUXuSE1k\nz6uv9qbDLD9TVghkMIIU6wJuCS3OidIww8ZtZEkhQvU91QpmGSOAhWYonCdRvNaC\noqKGbDrfRU+7siK8+L0rea+lcn1frdWjkYB//GzuhhqJ2zitxRo+Zukx1PAS59Gi\n2sAnWJTmAdw/eCyMJo2HG9R2dKmAtmMx+dgO9nNnB0+FK0sEC1SHTNWaGALmX5rT\nlIdDxeHUrjE5K/7dLC32qcqC1QIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAAbJ\nUpqzjZwgq+RV0ph33GMK2s2fyv4tbOQ+jwdsWFQrYVdBJevxu9xD1/Ou9QN+4L2T\nhXFs1WLyDWYxZyCu+4vPVYLBXzEnOqZblixiljmJ8wykYk2dyttNPOQo22ZPLTHx\nviMZ81qZu/oGGk4ia9YBsvjMLPsbFzW34xWLTiEYgiNDlPhsZxQbxOwQ6H2VsCAQ\n6c/cF0LkbZZvKunrNb//KnfF7VmPFhZQkdtuagwAX/lLdymVGockFLviYcxTP6nO\n7xUzUVcBRadZib+8dQYeRnUW2+qAQeWFfLFqQrFG9xr8UWQt8ShDWuTwZPvWnA9V\n8JmUnCIUOuoaJWZxP+Y=\n-----END CERTIFICATE REQUEST-----",
"cert": "-----BEGIN CERTIFICATE-----\nMIIE/jCCAuagAwIBAgIQc7nFh3ZoAiv0UpnsQjiJiTANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTIx\nMTAzMTEwNTUxNVoXDTIzMTAzMTEwNTUxNVowazEzMDEGA1UEAxMqdG9rZW4yMDk5\nYWI5MjktMTk0Zi00ZThiLTkwZWMtNTk1Mjc5NTgzYWNlMTQwMgYKCZImiZPyLGQB\nARMkMWUwNGYxNWYtMGRlNy00ZTEzLTljNWQtMmE4NGUyNmVlOTQ3MIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKKO2wJspkm8eeVJZ6r9aexy4Nk+7vla\nMsVgTBjI2yZrtgbkbNFQah1cwKnyC3ZNF5X4USFGhFs+msgoCEFUb3leMQb7WS6y\nPsRgM4Z4E3WIu9bDNBp9MUXuSE1kz6uv9qbDLD9TVghkMIIU6wJuCS3OidIww8Zt\nZEkhQvU91QpmGSOAhWYonCdRvNaCoqKGbDrfRU+7siK8+L0rea+lcn1frdWjkYB/\n/GzuhhqJ2zitxRo+Zukx1PAS59Gi2sAnWJTmAdw/eCyMJo2HG9R2dKmAtmMx+dgO\n9nNnB0+FK0sEC1SHTNWaGALmX5rTlIdDxeHUrjE5K/7dLC32qcqC1QIDAQABo4Gu\nMIGrMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMB\nAf8EAjAAMB8GA1UdIwQYMBaAFK5TxeYX0HEIee7MBusV6YZRlpiJMFUGA1UdHwRO\nMEwwSqBIoEaGRGh0dHA6Ly9rZXlzZWN1cmUubG9jYWwvY3Jscy9jNTA2MjY4Zi0x\nYzUzLTRiOWUtODk1ZS1iZWZjZjg0MTgyYjUuY3JsMA0GCSqGSIb3DQEBCwUAA4IC\nAQCZvKyj6GK9hmFdz3p6EdAp0WyItAPwTRZ3zF/byj9aj/nDnLfpu7IUjwleuoF9\nA38k1RPTouuydEIXZZ+Fj1/ymZvQo5Bx/4Kbhjoss5PDrbqoCI1NXk3BRUXAKFxV\nd+U8MXvYdXV/YjlxUNypMbOY6apWZnxbrNXw8MF+LUqHBaG7YknrmQq36DUJSUgi\nyH+oFbsqfd7Ol2tsBHq6UwNuo99ehsI62gyBPAxd5Tbp4HmoYSKpAxneZRmInZCN\nbBVlgW1vBpoCgMf7ylCLElRQB88boYLnkunUDUDdSRwtcaz9ybLy23jkeYKN32as\nH9bp/TCdQxXdXiWAo4X3XL5IaFmpOGwfn9PeA3MHcrIMxDnXO/2MC7s+WIJIVQDA\nsU7drlPVoVOqWjbUX3Iut/yRzTMbJTE5YigxUMone3iDJevAl5Rb+3nDQPyzqHSw\nYbqS90TtEOdv+OQsdBq9tnw4MK/ceFT5X+smDv8D9Bm7D2wFvU4Ua9QdOOLUMsAp\nuVD/J7tjyZbPPZMkq1p6SHEUFrt/w6gM6kltRQS6S4MAUXrpq/7USEufN6spFmnG\ngcUl/tssr0Ba/3tBL2JaWvQQVR5EW/rzho6pIkdKczy+kN5iwTIexd0nCvpOLcDl\nf+pYXAZOcn629GVvbMccKHSBPHElGLYCaKntSUVQEGHrCQ==\n-----END CERTIFICATE-----\n",
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAP7Ey0klaWO58b3EHqrNyS4wDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTEwMzExMDQxMDZaFw0zMTEwMjkxMDQxMDZaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDGA3nahTIT/WlDzURGLgFDN0kDwwDn+fuJ4VAk5Jy5MW73elibQoRP\nXdcM5v7AYRl97IjhRGTOprTxqzXmLhjY+XDZ1bPCEzzE6ZKNtHpDL6Ul47DFYc7H\nq4TfkLpV7fWnXjleZCEhU8Z8XNjqGNdnh4tq6MJ2C+C2tlNbbhmlYdSRwULzt+md\nbeuO74Ko6DGEJ26rNGfTyAm79k1+YamcWbk1T+ct3bhn ce6pf2MM3jI4cWLBmXwS\naKReZmf9uBFGbVhjMnWGIxBgGDnY6mgEHLXSqEvhw93EEhOHNYOf8Hy1HQTNDPSY\nMDtkI5kQ0/XjEH3dSSFjwOvlXJGryx2W5BqD0UQHXSIIZOm+ao/+URKj/LcZ+V6y\n4rGJU7jrPwiYsDqxzEMeZ6o17QHfuQBfoGFqRIzvgPNN75WYhT0TgG3BmTW3KAmD\n0zEM+nvwMDPElU7SgzX1Ufj83XqoCLsGLzWH4InY3S0HlT7HVATay2zgjpkH/Sp8\nOTht71LFARyGo9PvxI3tdjZNYMd+/rXA5qA5fmq94DlGikJHMZ5n2NP+lQ+I+rsv\npmtKDZ6QQ1WzpOORGM8KOHkJgYkHwv5NdmmhxgCqzzVS1HGnWrcqiKuwWw1Dh7VI\nYYgo+INGKdBNqnLwI77vdjGWkCgjYi9uIXtNz4n0zH60CreKDgOpfQIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUrlPF\n5hfQcQh57swG6xXphlGWmIkwHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEACEE+oAGb2HTtEvshvAu4iSJe3Z3mx31Ei3/o\nMSEkyoP/aotxfrVsgFNQNtPvvGfCJJxBCO6YZUnCLHZ67Aa2wGClguL/NESUdaK4\nX7HXZhAK4Bhc+eFGKjdUzVSg65OToYnq1IVdZ+AO6JIi9xHAQthZoHu2c3ylrT/k\n/phd8Ro23sfFYs47zkk169vL/A4pKofgSjfPLhrVuEOFFZRFcl8nPt9tSUNXmQcN\nzYvDnfep4Ka81KIrMmxtocuHdDQoZvUy6U+Akrf9GNiGYUBfNCnxFQflmXKArknL\n3RqBjZWwS0zKnSN4QV/1CKHOlC5xnkviRTNNoYbSL5mRvuGiJ7+iGRu0c5NFoBM3\nuVA9Sar5VZ8xS780ONB2ud4Ci1cwdGhOqGPJugSo/qSXJuKYH7Y8W+T/Aaqg96lz\nwdSlrl7tQVkM50/eyNRsWo9lxu3Gbnf/ccdsFADAvwzyJTU8Wum8yFEHPkAHx2r7\n4fEBVi94LLz4msqGvsIBU/GUWieDVwPysZzMVABFGpS1jFYltZ3MvkJJn5h8CasA\nvOPeqLUdGSG/P7aHzyJR58s3f3Y15/tQgM5McyOvBtK0lSOKWRrmvMpF8wwiNwik\n0gz2OzryK/BkXO7iNO4GRFNj/ynmMXFZuSwlL8HRLjU0yEjwXKLZmGPUFzgpW9LX\nJW+cMJE=\n-----END CERTIFICATE-----\n"
}
Auto-renew Client Certificates
CipherTrust Manager offers the capability to automatically renew client certificates without requiring direct interaction with the platform itself.
To auto-renew client certificates after expiry:
Obtain a new certificate from a preferred certificate authority (CA) such as CipherTrust Manager's Local CA or any External CA.
Note
The Subject DN in the new certificate should match with that of the old certificate.
Replace the old certificate with the new one on the client side.
Reconnect the client.
Upon reconnection, CipherTrust Manager automatically updates the client with the new certificate details.
Client Certificate Expiration Check
The CipherTrust Manager inspects the expiration date of all the registered client's certificates everyday, at a preset system time to log the record.
The CipherTrust Manager then creates list of certificates based on their expiration date:
Certificates whose expiration dates are within 91 days.
This list is logged in the Records section once every week.
Certificates whose expiration dates are within 7 days.
This list is logged in the Records section once every day.
Certificates that are already expired.
This list is logged in the Records section once every day.
You can also create alarm triggers for these records. For more details, go to Creating Alarm Trigger for Client Certificate Expiration.