Venafi Generate CSR¶
Overview¶
Use the Venafi Generate CSR API to generate a certificate signing request (CSR) to send to Venafi. You are required to use this API if using “User Provided CSR” policy.
REST Endpoint: /mgmt/cm/adc-core/tasks/certificate-management¶
Requests¶
POST /mgmt/cm/adc-core/tasks/certificate-management¶
Send a POST to the endpoint to generate a CSR for Venafi.
Request Parameters¶
| Name | Type | Required | Description |
|---|---|---|---|
| format | string | True | Certificate information |
| issuer | string | True | Certificate information |
| caProvider | string | True | The certificate authority provider. Possible values: “Let’s Encrypt” and “Venafi”. |
| itemName | string | True | Certificate information |
| itemPartition | string | True | Certificate information |
| durationInDays | number | True | Certificate information |
| country | string | True | Country of origin |
| commonName | string | True | Certificate information |
| policyFolderName | string | True | Certificate information |
| division | string | True | Division of origin |
| organization | string | True | Organization of origin |
| locality | string | True | Locality of origin |
| state | string | True | State of origin |
| policyFolder | string | True | For example, “\VED\Policy\Certificates\Big IQ\Venafi Generated CSR” |
| securityType | string | True | Certificate information |
| keyType | string | True | Cryptography algorithm. Possible value: “RSA” |
| keySize | string | True | Size of the cryptography key. For example: 2048. |
| disableDSA | boolean | True | Certificate information |
| checkComplexity | boolean | True | Certificate information |
| minPasswordLength | number | True | Minimum length of password |
| keyPassphrase | string | True | Passphrase for Key Encryption |
| confirmedKeyPassphrase | string | True | Passphrase for Key Encryption |
| administratorEmail | string | False | Administrator’s email address |
| challengePassword | string | True | Challenge password |
| confirmedChallengePassword | string | True | Challenge password |
| thirdPartyCa | object | True | Certificate information |
| policyFolder | string | True | Folder containing policyFolder |
| issuer | string | True | Policy information |
| caProvider | string | True | The certificate authority provider. Possible values: “Let’s Encrypt” and “Venafi”. |
| command | string | True | To generate a csr the value can be “GENERATE_CSR”. |
Query Parameters¶
None
Response¶
The JSON in the POST’s response can include the following parameters.
HTTP/1.1 200 OK
| Name | Type | Required |
|---|---|---|
| command | string | To generate a csr the value can be “GENERATE_CSR”. |
| itemName | string | Certificate information |
| itemPartition | string | Certificate information |
| keyType | string | Cryptography algorithm. Possible value: “RSA” |
| keySize | string | Size of the cryptography key. For example: 2048. |
| keyPassphrase | string | Passphrase for Key Encryption |
| commonName | string | Certificate information |
| division | string | Division of origin |
| organization | string | Organization of origin |
| locality | string | Locality of origin |
| state | string | State of origin |
| country | string | Country of origin |
| durationInDays | number | Certificate information |
| administratorEmail | string | Administrator’s email address |
| challengePassword | string | Challenge password |
| thirdPartyCa | object | Certificate information |
| policyFolder | string | Certificate information |
| issuer | string | Certificate information |
| caProvider | string | The certificate authority provider. Possible values: “Let’s Encrypt” and “Venafi”. |
| id | string | Certificate information |
| status | string | Certificate information |
| userReference | object | Certificate information |
| link | string | URL for user |
| identityReferences | object | Certificate information |
| link | string | URL for user |
| ownerMachineId | string | UUID |
| selfLink | string | URL of task |
Permissions¶
| Role | Allow |
|---|---|
| admin | Yes |
| Certificate Editor/Viewer | Yes |
Examples¶
POST to generates a csr for Venafi¶
The following example of a POST to generate a certificate signing request for Venafi.
POST https://<BIG-IQ>/mgmt/cm/adc-core/tasks/certificate-management
The JSON in the body of the POST can look similar to the following example.
{
"format": "PKCS #12",
"issuer": "Venafi_18.3_Server",
"caProvider": "Venafi",
"itemName": "TestVenafi1.csr",
"itemPartition": "Common",
"durationInDays": 365,
"country": "US",
"commonName": "TestCommonName",
"policyFolderName": "",
"division": "F5 org unit",
"organization": "F5 org",
"locality": "Seattle",
"state": "Washington",
"policyFolder": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR",
"securityType": "password",
"keyType": "RSA",
"keySize": 2048,
"disableDSA": true,
"checkComplexity": true,
"minPasswordLength": 12,
"keyPassphrase": "<Passphrase for Key Encryption>",
"confirmedKeyPassphrase": "<Passphrase for Key Encryption>",
"administratorEmail": "",
"challengePassword": "",
"confirmedChallengePassword": "",
"thirdPartyCa": {
"policyFolder": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR",
"issuer": "Venafi_18.3_Server",
"caProvider": "Venafi"
},
"command": "GENERATE_CSR"
}
Response¶
HTTP/1.1 200 OK
{
"command": "GENERATE_CSR",
"itemName": "TestVenafi1.csr",
"itemPartition": "Common",
"keyType": "RSA",
"keySize": 2048,
"keyPassphrase": "<Passphrase for Key Encryption>",
"commonName": "TestCommonName",
"division": "F5 org unit",
"organization": "F5 org",
"locality": "Seattle",
"state": "Washington",
"country": "US",
"durationInDays": 365,
"administratorEmail": "",
"challengePassword": "",
"thirdPartyCa": {
"policyFolder": "\\VED\\Policy\\Certificates\\Big IQ\\Venafi Generated CSR",
"issuer": "Venafi_18.3_Server",
"caProvider": "Venafi"
},
"id": "547bc73d-a37f-4200-8ede-fcca6c2f62be",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "f4d42871-2083-4515-9d2d-f7bef0ff2618",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1595505633866457,
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/547bc73d-a37f-4200-8ede-fcca6c2f62be"
}