Certificate and CA Requests
The XML Interface enables you to:
Export the public portion of a certificate (see CertificateExportRequest)
Export the public portion of a certificate used as a key (see KeyCertificateExportRequest)
Export a certificate authority (see CAExportRequest)
Create an SSL certificate signing request (see CSRCreateRequest)
Sign an SSL certificate with a local certificate authority (CA) (see CertificateSignRequest)
SSL certificates signed through the XML interface can also be viewed in the console. See Certificate Authority for information on viewing certificates signed by a local CA.
CertificateExportRequest
Exports a certificate. This element has the following structure:
Element | Description |
---|---|
ID | Contains the user-specified request ID. |
CertificateName | Contains the Certificate ID/Name of the certificate to be exported. |
This API is only applied to Device SSL certificates.
CertificateExportResponse
Server response to <CertificateExportRequest>
.
Element | Description |
---|---|
ID | Contains the user-specified request ID. |
Success | Indicates if the operation was successful. true indicates success. false indicates failure. When the operation is successful, the response element will contain the CertificateName, and CertificateData elements described below. When the operation fails, the response element contains the FatalError and ErrorString elements to illustrate why the failure occurred and help you troubleshoot. For a list of possible error IDs and strings, see Error Messages. |
CertificateName | Contains the Certificate ID/Name of the certificate. |
CertificateData | Contains the ASCII-encoded certificate. |
Export a Certificate
Request
Response
KeyCertificateExportRequest
Exports a key certificate.
Element | Description |
---|---|
ID | Contains the user-specified request ID. |
KeyName | Name of the key certificate. |
KeyCertificateExportResponse
Server response to KeyCertificateExportRequest.
Element | Description |
---|---|
ID | Contains the user-specified request ID. |
Success | Indicates if the operation was successful. true indicates success. false indicates failure. When the operation is successful, the response element will contain the elements described below. When the operation fails, the response element contains the FatalError and ErrorString elements to illustrate why the failure occurred and help you troubleshoot. For a list of possible error IDs and strings, see Error Messages. |
KeyName | Name of the key certificate. |
CertificateData | The certificate. |
Export a Key Certificate
Request
Response
CAExportRequest
Exports a certificate authority.
Note
To run the CAExportRequest
request, the user must be part of either admin
or CA Admins
group.
Element | Description |
---|---|
ID | Contains the user-specified request ID. |
CAName | ID/Name of the certificate authority. |
CAExportResponse
Server response to CAExportRequest.
Element | Description |
---|---|
ID | Contains the user-specified request ID. |
Success | Indicates if the operation was successful. true indicates success. false indicates failure. When the operation is successful, the response element will contain the elements described below. When the operation fails, the response element contains the FatalError and ErrorString elements to illustrate why the failure occurred and help you troubleshoot. For a list of possible error IDs and strings, see Error Messages. |
CAName | ID/Name of the certificate authority. |
CertificateData | The certificate. |
Export a Certificate Authority
Request
Response
CSRCreateRequest
Creates an SSL Certificate Signing Request (CSR). This element has the following structure.
Element | Description |
---|---|
ID | Contains the user-specified request ID. |
KeyName | Contains the key name for an existing asymmetric key. |
CommonName | Contains the common name for the certificate. This value is exported when the certificate is exported. This value must be between 1 and 128 characters inclusive. |
OrganizationName | Contains the name of your organization. |
OrganizationalUnitName | Contains the name of your organizational unit. |
Locality | Contains your city or town. |
StateProvinceName | Contains your state or province. |
CountryName | Contains your country. This value must be two characters long. |
EmailAddr | Contains your email address. This value must be 128 or fewer characters. This element is optional. |
SignatureAlgorithm | Contains the Signature algorithm to create a CSR. Permitted values for RSA Keys: • sha512WithRSA • sha384WithRSA • sha256WithRSA (default) • sha1WithRSA. Permitted values for EC keys: • ecdsaWithSHA512 • ecdsaWithSHA384 • ecdsaWithSHA256 (default) • and ecdsaWithSHA1 |
ExtensionList | Contains extensions. This tag is optional. |
SubjectAlternativeName | Contains alternative common names for the certificate.This tag is mandatory if you input an |
KeyUsages | Contains Usage tags with key usages. |
ExtendedKeyUsages | Contains Usage tags with key usages. |
Usage | Contains the KeyUsages or ExtendedKeyUsages elements. Permitted key usages: • digitalSignature • contentCommitment • keyEncipherment • dataEncipherment • keyAgreement • keyCertSign • crlSign • encipherOnly • decipherOnly Permitted extended key usages: • serverAuth • clientAuth • codeSigning • emailProtection • ipsecEndSystem • ipsecTunnel • ipsecUser • timeStamping • ocspSigning • microsoftServerGatedCrypto • netscapeServerGatedCrypto • microsoftCommercialCodeSigning • microsoftKernelCodeSigning |
SubjectKeyIdentifierHash | Sets the Subject Key Identifier extension as the hash of the public key. |
BasicConstraintsCA | Contains the boolean value for basic constraints CA extension. |
BasicConstraintsMaxPathLength | Contains the integer value for basic constraints CA path length extension. |
DNS | Contains DNS address. |
IpAddr | Contains IP address. |
CSRCreateResponse
Server response to CSRCreateRequest.
Element | Description |
---|---|
ID | Contains the user-specified request ID. |
Success | Indicates if the operation was successful. true indicates success. false indicates failure. When the operation is successful, the response element will contain the CSRData element described below. When the operation fails, the response element contains the FatalError and ErrorString elements to illustrate why the failure occurred and help you troubleshoot. For a list of possible error IDs and strings, see Error Messages. |
CSRData | Contains the certificate signing request data. |
Creating a CSR Example
Request
Response
CertificateSignRequest
Signs an SSL certificate with an existing local certificate authority (CA). This element has the following structure.
Element | Description |
---|---|
ID | Contains the user-specified request ID. |
CAName | Contains the ID/Name of the Certificate Authority (CA) that signs the certificate. This must be an existing Local CA on the CipherTrust Manager. |
CertificateUsage | Indicates whether the certificate is used for a Client, the Server, or an Intermediate CA. |
CertificateExpiry | Contains the certificate expiry time in days. For example, a value of 365 indicates that the certificate expires 365 days from the creation date. |
CSRData | Contains the certificate signing request data. |
CertificateSignResponse
Server response to <CertificateSignRequest>
.
Element | Description |
---|---|
ID | Contains the user-specified request ID. |
Success | Indicates if the operation was successful. true indicates success. false indicates failure. When the operation is successful, the response element will contain the CertificateData element described below. When the operation fails, the response element contains the FatalError and ErrorString elements to illustrate why the failure occurred and help you troubleshoot. For a list of possible error IDs and strings, see Error Messages. Once a certificate is successfully signed, it can be viewed on the signing local CA's page in the console, as described in Certificate Authority. |
CertificateData | Contains the certificate data. |
Signing an SSL certificate with a Local CA example
Request
Response