Venafi Generate CSR¶
Overview¶
Use the Venafi Generate CSR API to generate a certificate signing request (CSR) to send to Venafi. You are required to use this API if using “User Provided CSR” policy.
REST Endpoint: /mgmt/cm/adc-core/tasks/certificate-management¶
Requests¶
POST /mgmt/cm/adc-core/tasks/certificate-management¶
Send a POST to the endpoint to generate a CSR for Venafi.
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
format | string | True | Certificate information |
issuer | string | True | Certificate information |
caProvider | string | True | The certificate authority provider. Possible values: “Let’s Encrypt” and “Venafi”. |
itemName | string | True | Certificate information |
itemPartition | string | True | Certificate information |
durationInDays | number | True | Certificate information |
country | string | True | Country of origin |
commonName | string | True | Certificate information |
policyFolderName | string | True | Certificate information |
division | string | True | Division of origin |
organization | string | True | Organization of origin |
locality | string | True | Locality of origin |
state | string | True | State of origin |
policyFolder | string | True | For example, “\VED\Policy\Certificates\Big IQ\Venafi Generated CSR” |
securityType | string | True | Certificate information |
keyType | string | True | Cryptography algorithm. Possible value: “RSA” |
keySize | string | True | Size of the cryptography key. For example: 2048. |
disableDSA | boolean | True | Certificate information |
checkComplexity | boolean | True | Certificate information |
minPasswordLength | number | True | Minimum length of password |
keyPassphrase | string | True | Passphrase for Key Encryption |
confirmedKeyPassphrase | string | True | Passphrase for Key Encryption |
administratorEmail | string | False | Administrator’s email address |
challengePassword | string | True | Challenge password |
confirmedChallengePassword | string | True | Challenge password |
thirdPartyCa | object | True | Certificate information |
policyFolder | string | True | Folder containing policyFolder |
issuer | string | True | Policy information |
caProvider | string | True | The certificate authority provider. Possible values: “Let’s Encrypt” and “Venafi”. |
command | string | True | To generate a csr the value can be “GENERATE_CSR”. |
Query Parameters¶
None
Response¶
The JSON in the POST’s response can include the following parameters.
HTTP/1.1 200 OK
Name | Type | Required |
---|---|---|
command | string | To generate a csr the value can be “GENERATE_CSR”. |
itemName | string | Certificate information |
itemPartition | string | Certificate information |
keyType | string | Cryptography algorithm. Possible value: “RSA” |
keySize | string | Size of the cryptography key. For example: 2048. |
keyPassphrase | string | Passphrase for Key Encryption |
commonName | string | Certificate information |
division | string | Division of origin |
organization | string | Organization of origin |
locality | string | Locality of origin |
state | string | State of origin |
country | string | Country of origin |
durationInDays | number | Certificate information |
administratorEmail | string | Administrator’s email address |
challengePassword | string | Challenge password |
thirdPartyCa | object | Certificate information |
policyFolder | string | Certificate information |
issuer | string | Certificate information |
caProvider | string | The certificate authority provider. Possible values: “Let’s Encrypt” and “Venafi”. |
id | string | Certificate information |
status | string | Certificate information |
userReference | object | Certificate information |
link | string | URL for user |
identityReferences | object | Certificate information |
link | string | URL for user |
ownerMachineId | string | UUID |
selfLink | string | URL of task |
Permissions¶
Role | Allow |
---|---|
admin | Yes |
Certificate Editor/Viewer | Yes |
Examples¶
POST to generates a csr for Venafi¶
The following example of a POST to generate a certificate signing request for Venafi.
POST https://<BIG-IQ>/mgmt/cm/adc-core/tasks/certificate-management
The JSON in the body of the POST can look similar to the following example.
{
"format": "PKCS #12",
"issuer": "Venafi_18.3_Server",
"caProvider": "Venafi",
"itemName": "TestVenafi1.csr",
"itemPartition": "Common",
"durationInDays": 365,
"country": "US",
"commonName": "TestCommonName",
"policyFolderName": "",
"division": "F5 org unit",
"organization": "F5 org",
"locality": "Seattle",
"state": "Washington",
"policyFolder": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR",
"securityType": "password",
"keyType": "RSA",
"keySize": 2048,
"disableDSA": true,
"checkComplexity": true,
"minPasswordLength": 12,
"keyPassphrase": "<Passphrase for Key Encryption>",
"confirmedKeyPassphrase": "<Passphrase for Key Encryption>",
"administratorEmail": "",
"challengePassword": "",
"confirmedChallengePassword": "",
"thirdPartyCa": {
"policyFolder": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR",
"issuer": "Venafi_18.3_Server",
"caProvider": "Venafi"
},
"command": "GENERATE_CSR"
}
Response¶
HTTP/1.1 200 OK
{
"command": "GENERATE_CSR",
"itemName": "TestVenafi1.csr",
"itemPartition": "Common",
"keyType": "RSA",
"keySize": 2048,
"keyPassphrase": "<Passphrase for Key Encryption>",
"commonName": "TestCommonName",
"division": "F5 org unit",
"organization": "F5 org",
"locality": "Seattle",
"state": "Washington",
"country": "US",
"durationInDays": 365,
"administratorEmail": "",
"challengePassword": "",
"thirdPartyCa": {
"policyFolder": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR",
"issuer": "Venafi_18.3_Server",
"caProvider": "Venafi"
},
"id": "547bc73d-a37f-4200-8ede-fcca6c2f62be",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "f4d42871-2083-4515-9d2d-f7bef0ff2618",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1595505633866457,
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/547bc73d-a37f-4200-8ede-fcca6c2f62be"
}