Venafi Request Certificate¶
Overview¶
You can use the Venafi Request Certificate API to request a signed certificate by proving the certificate signing request (CSR).
REST Endpoint: /mgmt/cm/adc-core/external-ca/venafi/csr-request¶
Requests¶
POST /mgmt/cm/adc-core/external-ca/venafi/csr-request¶
Send a POST to the endpoint to request a signed certificate.
Request Parameters¶
The JSON in the body of the POST request can contain the following parameters.
| Name | Type | Required | Description |
|---|---|---|---|
| certificateName | string | True | Name of the certificate |
| policyFolderName | string | True | Name of the policy folder |
| commonName | string | True | Certificate information |
| organization | string | True | Organization of origin |
| organizationUnit | string | True | Organization of origin |
| state | string | True | State of origin |
| country | string | True | Country of origin |
| format | string | True | Certificate information |
| externalCaConfigReference | object | True | Link to the CA configuration |
| link | string | True | URL for the CA configuration. This can be the value of the selfLink returned by the CA Configuration API. |
| keySize | string | True | Size of the cryptography key. For example: 2048. |
| keyAlgorithm | string | True | Cryptography algorithm. Possible value: “RSA” |
Query Parameters¶
None
Response¶
The JSON in the POST’s response can include the following parameters.
HTTP/1.1 200 OK
| Name | Type | Required |
|---|---|---|
| externalCaConfigReference | object | Link to the CA configuration |
| link | string | URL for the CA configuration. This can be the value of the selfLink returned by the CA Configuration API. |
| certificateName | string | Name of the certificate |
| policyFolderName | string | Name of the policy folder |
| commonName | string | Certificate information |
| organization | string | Organization of origin |
| organizationUnit | string | Organization of origin |
| state | string | State of origin |
| country | string | Country of origin |
| keyAlgorithm | string | Cryptography algorithm. Possible value: “RSA” |
| keySize | string | Size of the cryptography key. For example: 2048. |
| id | string | Certificate information |
| status | string | Certificate information |
| userReference | object | Certificate information |
| link | string | URL for user |
| identityReferences | object | Certificate information |
| link | string | URL for user |
| ownerMachineId | string | Certificate information |
| selfLink | string | Certificate information |
Permissions¶
| Role | Allow |
|---|---|
| admin | Yes |
| Certificate Editor/Viewer | Yes |
GET /mgmt/cm/adc-core/external-ca/venafi/csr-request¶
To retrieve information for a specific signed certificate, append the uuid for the configuration.
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| id | string | Certificate information |
| guid | string | Certificate information |
| state | string | State of origin |
| status | string | Certificate information |
| country | string | Country of origin |
| keySize | string | Size of the cryptography key. For example: 2048. |
| selfLink | string | Certificate information |
| username | string | Certificate information |
| commonName | string | Certificate information |
| currentStep | string | Certificate information |
| endDateTime | string | Certificate information |
| keyAlgorithm | string | Cryptography algorithm. Possible value: “RSA” |
| organization | string | Organization of origin |
| startDateTime | string | Certificate information |
| userReference | object | Certificate information |
| link | string | URL for user |
| ownerMachineId | string | Certificate information |
| certificateName | string | Certificate information |
| certificatePath | string | Certificate information |
| organizationUnit | string | Organization of origin |
| policyFolderName | string | Name of the policy folder |
| identityReferences | object | Certificate information |
| link | string | URL for user |
| certificateReference | object | Certificate information |
| link | string | URL for certificate |
| certificatePassphrase | string | Certificate information |
| externalCaConfigReference | object | Link to the CA configuration |
| link | string | URL for the CA configuration. This can be the value of the selfLink returned by the CA Configuration API. |
Permissions¶
| Role | Allow |
|---|---|
| admin | Yes |
| Certificate Editor/Viewer | Yes |
Examples¶
POST to request a signed certificate¶
The following example requests a signed certificate by proving the CSR.
POST https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/venafi/csr-request
The JSON in the body of the POST request can look similar to the following.
{
"certificateName": "TestVenafi1",
"policyFolderName": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR",
"commonName": "vc1",
"organization": "F5 org",
"organizationUnit": "F5 org unit",
"state": "Washington",
"country": "US",
"format": "PKCS #12",
"externalCaConfigReference": {
"link": "https://localhost/mgmt/cm/adc-core/external-ca/config/5194e771-18d1-377d-8706-1d3102ebb312"
},
"keySize": 2048,
"keyAlgorithm": "RSA"
}
Response¶
HTTP/1.1 200 OK
{
"externalCaConfigReference": {
"link": "https://localhost/mgmt/cm/adc-core/external-ca/config/7d9bf2c4-80b8-3aa0-b868-d34a8ad9b39d"
},
"certificateName": "TestVenafi1",
"policyFolderName": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR",
"commonName": "vc1",
"organization": "F5 org",
"organizationUnit": "F5 org unit",
"state": "Washington",
"country": "US",
"keyAlgorithm": "RSA",
"keySize": 2048,
"id": "179dcd54-2880-455a-9674-a1bfb4847572",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "f4d42871-2083-4515-9d2d-f7bef0ff2618",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1595506284811628,
"kind": "cm:adc-core:external-ca:venafi:csr-request:venaficertrequesttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/venafi/csr-request/179dcd54-2880-455a-9674-a1bfb4847572"
}
GET to get signed certificate details¶
Following is an example of a GET to get signed certificate details
GET https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/venafi/csr-request/179dcd54-2880-455a-9674-a1bfb4847572
Response¶
HTTP/1.1 200 OK
{
"id": "179dcd54-2880-455a-9674-a1bfb4847572",
"guid": "{c1663718-f64d-40fa-aea2-dc13b268be8a}",
"kind": "cm:adc-core:external-ca:venafi:csr-request:venaficertrequesttaskstate",
"state": "Washington",
"status": "FINISHED",
"country": "US",
"keySize": 2048,
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/venafi/csr-request/179dcd54-2880-455a-9674-a1bfb4847572",
"username": "admin",
"commonName": "vc1",
"generation": 9,
"currentStep": "FINISH",
"endDateTime": "2020-07-23T05:15:08.421-0700",
"keyAlgorithm": "RSA",
"organization": "F5 org",
"startDateTime": "2020-07-23T05:11:24.837-0700",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"ownerMachineId": "f4d42871-2083-4515-9d2d-f7bef0ff2618",
"certificateName": "TestVenafi1",
"certificatePath": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR\\TestVenafi1",
"lastUpdateMicros": 1595506508471802,
"organizationUnit": "F5 org unit",
"policyFolderName": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR",
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"certificateReference": {
"link": "https://localhost/mgmt/cm/adc-core/external-ca/venafi/csr-request/179dcd54-2880-455a-9674-a1bfb4847572"
},
"certificatePassphrase": "1zrDak7LwfH7DnQdBMZbyQU6X3jVtAdqwuILyX9CtFfxRiOc29LsMZEUbsaMkuuV",
"externalCaConfigReference": {
"link": "https://localhost/mgmt/cm/adc-core/external-ca/config/7d9bf2c4-80b8-3aa0-b868-d34a8ad9b39d"
}
}