| API Description | API Path |
|---|---|
Return All the User-Facing Components' CertificatesReturns all certificate information viewable by the user, including each certificate's id; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. |
GET /policy/api/v1/infra/certificates
GET /policy/api/v1/global-infra/certificates |
Delete Certificate for the Given Certificate IDRemoves the specified certificate. The private key associated with the certificate is also deleted. |
DELETE /policy/api/v1/infra/certificates/<certificate-id>
|
Show Certificate Data for the Given Certificate IDReturns information for the specified certificate ID, including the certificate's id; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. |
GET /policy/api/v1/infra/certificates/<certificate-id>
GET /policy/api/v1/global-infra/certificates/<certificate-id> |
Add a New CertificateAdds a new private-public certificate and, optionally, a private key that can be applied to one of the user-facing components (appliance management or edge). The certificate and the key should be stored in PEM format. If no private key is provided, the certificate is used as a client certificate in the trust store. A certificate chain will not be expanded into separate certificate instances for reference, but would be pushed to the enforcement point as a single certificate. This patch method does not modify an existing certificate. |
PATCH /policy/api/v1/infra/certificates/<certificate-id>
|
Add a New CertificateAdds a new private-public certificate and, optionally, a private key that can be applied to one of the user-facing components (appliance management or edge). The certificate and the key should be stored in PEM format. If no private key is provided, the certificate is used as a client certificate in the trust store. A certificate chain will not be expanded into separate certificate instances for reference, but would be pushed to the enforcement point as a single certificate. |
PUT /policy/api/v1/infra/certificates/<certificate-id>
|
Return All Added CRLsReturns information about all CRLs. For additional information, include the ?details=true modifier at the end of the request URI. |
GET /policy/api/v1/infra/crls
GET /policy/api/v1/global-infra/crls |
Delete a CRLDeletes an existing CRL. |
DELETE /policy/api/v1/infra/crls/<crl-id>
|
Show CRL Data for the Given CRL id.Returns information about the specified CRL. For additional information, include the ?details=true modifier at the end of the request URI. |
GET /policy/api/v1/infra/crls/<crl-id>
GET /policy/api/v1/global-infra/crls/<crl-id> |
Create or patch a Certificate Revocation ListCreate or patch a Certificate Revocation List for the given id. The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL must contain PEM data for a single CRL. |
PATCH /policy/api/v1/infra/crls/<crl-id>
|
Create a new Certificate Revocation ListAdds a new certificate revocation list (CRLs). The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL can contain a single CRL or multiple CRLs depending on the PEM data. - Single CRL: a single CRL is created with the given id. - Composite CRL: multiple CRLs are generated. Each of the CRL is created with an id generated based on the given id. First CRL is created with crl-id, second with crl-id-1, third with crl-id-2, etc. |
POST /policy/api/v1/infra/crls/<crl-id>?action=import
|
Create or fully replace a Certificate Revocation ListCreate or replace a Certificate Revocation List for the given id. The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL must contain PEM data for a single CRL. Revision is required. |
PUT /policy/api/v1/infra/crls/<crl-id>
|