Creating Azure Certificates
Use the post /v1/cckm/azure/certificates
API to create Azure certificates.
Specify the following details.
Name for the certificate.
Name or ID of the key vault where the certificate will be created.
Syntax
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
azure_param | JSON | Azure certificate parameters. Refer to Azure Parameters for details. |
cert_name | string | Name for the Azure certificate. Certificate names can only contain alphanumeric characters and hyphens (- ). |
key_vault | string | Name or ID of the Azure vault where the certificate will be created. Vaults stored in Azure Managed HSM pools are not supported. |
Azure Parameters
Parameter | Type | Description |
---|---|---|
policy | JSON | Policy for the certificate. A certificate policy includes information such as: • Issuer of the X.509 component of the certificate • Properties of the key backing the certificate • Properties of the X.509 component of a certificate • Attributes of the certificate • Actions that will be performed by the key vault over the lifetime of the certificate • Secret properties. |
tags | JSON | An optional parameter to add additional information to the certificate. The value must be specified as the key-value pair. Refer to the following rules on tag values. |
CCKM allows the following characters in tag values:
Alphanumeric characters
Special characters ** ! @ # $ ) ( { } > < ? + - / [ ] ^ & + = | ~ ` ; . ' _ **
CCKM does not allow colon (:) and percent (%) special characters in tag values.
Issuer Details
Parameter | Type | Description |
---|---|---|
name | string | Name of the referenced issuer object or reserved names. Set to Self for a self-signed certificate. |
cert_transparency | boolean | Whether the certificates generated under this policy should be published to certificate transparency logs. Not valid for self-signed certificates. |
cty | string | Type of the certificate supported by the provider. For example, OV-SSL or EV-SSL. Not valid for self-signed certificates. |
Key Properties
Parameter | Type | Description |
---|---|---|
kty | string | The type of key to create. The options are: • EC: "Soft" Elliptic Curve key. • EC-HSM: "Hard" Elliptic Curve key (only for premium key vaults). • RSA: "Soft" RSA key. • RSA-HSM: "Hard" RSA key (only for premium key vaults). |
crv | string | Elliptical curve name for the key. The options are: • P-256 • P-384 • P-521 • SECP256K1 |
exportable | boolean | Whether the private key can be exported. Not valid for RSA-HSM and EC-HSM keys. |
key_size | integer | Size for the RSA and RSA-HSM keys. The options are: •2048 •3072 •4096 |
reuse_key | boolean | Whether the same key pair will be used on certificate renewal. |
X.509 Properties
Parameter | Type | Description |
---|---|---|
subject | string | The subject name. Should be a valid X.509 distinguished name. |
ekus | array of strings | Enhanced key usage. For example, "1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2". |
key_usage | array of strings | Allowed key usages. The options are: •CRLSign •DataEncipherment •DecipherOnly •DigitalSignature •EncipherOnly •KeyAgreement •KeyCertSign •KeyEncipherment •NonRepudiation |
sans | JSON | Subject Alternative Names (SANs). Specify dns_names , emails , and User Principal Names (upns ). |
validity_months | integer | Duration (in months) for which the certificate is valid. |
Certificate Attributes
Parameter | Type | Description |
---|---|---|
enabled | boolean | Whether the certificate is enabled (true /false ). |
exp | string | Expiration date for the certificate in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740. |
nbf | string | Activation date for the certificate in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740. The certificate cannot be activated before this date. |
Lifetime Actions
Parameter | Type | Description |
---|---|---|
action | JSON | The action to perform on the certificate. Specify action_type , which can be AutoRenew or EmailContacts . |
trigger | JSON | The condition that will trigger the action. Specify either of the following: • days_before_expiry: Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27).• lifetime_percentage: Percentage of lifetime at which to trigger the action. Value should be between 1 and 99. |
lifetime_percentage
and days_before_expiry
are mutually exclusive - specify either.
Secret Properties
Parameter | Type | Description |
---|---|---|
contentType | string | Content type of the secret backing the certificate. The options are: • application/x-pkcs12 • application/x-pem-file |
Example Request
Example Response
The sample output shows that a certificate is created in the Azure vault.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.