Venafi Request Certificate¶
Overview¶
You can use the Venafi Request Certificate API to request a signed certificate by proving the certificate signing request (CSR).
REST Endpoint: /mgmt/cm/adc-core/external-ca/venafi/csr-request¶
Requests¶
POST /mgmt/cm/adc-core/external-ca/venafi/csr-request¶
Send a POST to the endpoint to request a signed certificate.
Request Parameters¶
The JSON in the body of the POST request can contain the following parameters.
Name | Type | Required | Description |
---|---|---|---|
certificateName | string | True | Name of the certificate |
policyFolderName | string | True | Name of the policy folder |
commonName | string | True | Certificate information |
organization | string | True | Organization of origin |
organizationUnit | string | True | Organization of origin |
state | string | True | State of origin |
country | string | True | Country of origin |
format | string | True | Certificate information |
externalCaConfigReference | object | True | Link to the CA configuration |
link | string | True | URL for the CA configuration. This can be the value of the selfLink returned by the CA Configuration API. |
keySize | string | True | Size of the cryptography key. For example: 2048. |
keyAlgorithm | string | True | Cryptography algorithm. Possible value: “RSA” |
Query Parameters¶
None
Response¶
The JSON in the POST’s response can include the following parameters.
HTTP/1.1 200 OK
Name | Type | Required |
---|---|---|
externalCaConfigReference | object | Link to the CA configuration |
link | string | URL for the CA configuration. This can be the value of the selfLink returned by the CA Configuration API. |
certificateName | string | Name of the certificate |
policyFolderName | string | Name of the policy folder |
commonName | string | Certificate information |
organization | string | Organization of origin |
organizationUnit | string | Organization of origin |
state | string | State of origin |
country | string | Country of origin |
keyAlgorithm | string | Cryptography algorithm. Possible value: “RSA” |
keySize | string | Size of the cryptography key. For example: 2048. |
id | string | Certificate information |
status | string | Certificate information |
userReference | object | Certificate information |
link | string | URL for user |
identityReferences | object | Certificate information |
link | string | URL for user |
ownerMachineId | string | Certificate information |
selfLink | string | Certificate information |
Permissions¶
Role | Allow |
---|---|
admin | Yes |
Certificate Editor/Viewer | Yes |
GET /mgmt/cm/adc-core/external-ca/venafi/csr-request¶
To retrieve information for a specific signed certificate, append the uuid for the configuration.
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
id | string | Certificate information |
guid | string | Certificate information |
state | string | State of origin |
status | string | Certificate information |
country | string | Country of origin |
keySize | string | Size of the cryptography key. For example: 2048. |
selfLink | string | Certificate information |
username | string | Certificate information |
commonName | string | Certificate information |
currentStep | string | Certificate information |
endDateTime | string | Certificate information |
keyAlgorithm | string | Cryptography algorithm. Possible value: “RSA” |
organization | string | Organization of origin |
startDateTime | string | Certificate information |
userReference | object | Certificate information |
link | string | URL for user |
ownerMachineId | string | Certificate information |
certificateName | string | Certificate information |
certificatePath | string | Certificate information |
organizationUnit | string | Organization of origin |
policyFolderName | string | Name of the policy folder |
identityReferences | object | Certificate information |
link | string | URL for user |
certificateReference | object | Certificate information |
link | string | URL for certificate |
certificatePassphrase | string | Certificate information |
externalCaConfigReference | object | Link to the CA configuration |
link | string | URL for the CA configuration. This can be the value of the selfLink returned by the CA Configuration API. |
Permissions¶
Role | Allow |
---|---|
admin | Yes |
Certificate Editor/Viewer | Yes |
Examples¶
POST to request a signed certificate¶
The following example requests a signed certificate by proving the CSR.
POST https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/venafi/csr-request
The JSON in the body of the POST request can look similar to the following.
{
"certificateName": "TestVenafi1",
"policyFolderName": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR",
"commonName": "vc1",
"organization": "F5 org",
"organizationUnit": "F5 org unit",
"state": "Washington",
"country": "US",
"format": "PKCS #12",
"externalCaConfigReference": {
"link": "https://localhost/mgmt/cm/adc-core/external-ca/config/5194e771-18d1-377d-8706-1d3102ebb312"
},
"keySize": 2048,
"keyAlgorithm": "RSA"
}
Response¶
HTTP/1.1 200 OK
{
"externalCaConfigReference": {
"link": "https://localhost/mgmt/cm/adc-core/external-ca/config/7d9bf2c4-80b8-3aa0-b868-d34a8ad9b39d"
},
"certificateName": "TestVenafi1",
"policyFolderName": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR",
"commonName": "vc1",
"organization": "F5 org",
"organizationUnit": "F5 org unit",
"state": "Washington",
"country": "US",
"keyAlgorithm": "RSA",
"keySize": 2048,
"id": "179dcd54-2880-455a-9674-a1bfb4847572",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "f4d42871-2083-4515-9d2d-f7bef0ff2618",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1595506284811628,
"kind": "cm:adc-core:external-ca:venafi:csr-request:venaficertrequesttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/venafi/csr-request/179dcd54-2880-455a-9674-a1bfb4847572"
}
GET to get signed certificate details¶
Following is an example of a GET to get signed certificate details
GET https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/venafi/csr-request/179dcd54-2880-455a-9674-a1bfb4847572
Response¶
HTTP/1.1 200 OK
{
"id": "179dcd54-2880-455a-9674-a1bfb4847572",
"guid": "{c1663718-f64d-40fa-aea2-dc13b268be8a}",
"kind": "cm:adc-core:external-ca:venafi:csr-request:venaficertrequesttaskstate",
"state": "Washington",
"status": "FINISHED",
"country": "US",
"keySize": 2048,
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/venafi/csr-request/179dcd54-2880-455a-9674-a1bfb4847572",
"username": "admin",
"commonName": "vc1",
"generation": 9,
"currentStep": "FINISH",
"endDateTime": "2020-07-23T05:15:08.421-0700",
"keyAlgorithm": "RSA",
"organization": "F5 org",
"startDateTime": "2020-07-23T05:11:24.837-0700",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"ownerMachineId": "f4d42871-2083-4515-9d2d-f7bef0ff2618",
"certificateName": "TestVenafi1",
"certificatePath": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR\\TestVenafi1",
"lastUpdateMicros": 1595506508471802,
"organizationUnit": "F5 org unit",
"policyFolderName": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR",
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"certificateReference": {
"link": "https://localhost/mgmt/cm/adc-core/external-ca/venafi/csr-request/179dcd54-2880-455a-9674-a1bfb4847572"
},
"certificatePassphrase": "1zrDak7LwfH7DnQdBMZbyQU6X3jVtAdqwuILyX9CtFfxRiOc29LsMZEUbsaMkuuV",
"externalCaConfigReference": {
"link": "https://localhost/mgmt/cm/adc-core/external-ca/config/7d9bf2c4-80b8-3aa0-b868-d34a8ad9b39d"
}
}