Common REST API v2 - dogtagpki/pki GitHub Wiki
|
Warning
|
This feature is still under development. The API might still change. Do not use it in production. |
These endpoints are available in multiple subsystem application.
| Path | Method | Parameters | Return code | App | Mime | Input |
|---|---|---|---|---|---|---|
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt --cert ca_admin_cert.p12:Secret.123 \
--cert-type P12 -c session_cookie https://$HOSTNAME:8443/ca/v2/account/login
{
"id" : "caadmin",
"FullName" : "caadmin",
"Email" : "[email protected]",
"Roles" : [ "Administrators", "Certificate Manager Agents", "Enterprise CA Administrators", "Enterprise KRA Administrators", "Enterprise OCSP Administrators", "Enterprise RA Administrators", "Enterprise TKS Administrators", "Enterprise TPS Administrators", "Security Domain Administrators" ],
"Attributes" : {
"Attribute" : [ ]
}
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
No output expected |
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/account/logout |
||||||
|
|
start, size, filter |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
"https://$HOSTNAME:8443/ca/v2/admin/groups?size=3&filter=Admin"
{
"total" : 8,
"entries" : [ {
"id" : "Administrators",
"GroupID" : "Administrators",
"Description" : "People who manage the Certificate System"
}, {
"id" : "Security Domain Administrators",
"GroupID" : "Security Domain Administrators",
"Description" : "People who are the Security Domain administrators"
}, {
"id" : "Enterprise CA Administrators",
"GroupID" : "Enterprise CA Administrators",
"Description" : "People who are the administrators for the security domain for CA"
} ]
}
|
||||||
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
|
A json of a single group with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"GroupID": "NewGroup", "Description":"This is a new group"}' \
https://$HOSTNAME:8443/ca/v2/admin/groups
{
"id" : "NewGroup",
"GroupID" : "NewGroup",
"Description" : "This is a new group"
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup
{
"id" : "NewGroup",
"GroupID" : "NewGroup",
"Description" : "This is a new group"
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
A group json with only the information to update |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"Description":"This is the new group"}' \
-X PATCH https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup
{
"id" : "NewGroup",
"GroupID" : "NewGroup",
"Description" : "This is the new group"
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie
-X DELETE https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup
|
||||||
|
|
start, size, filter |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/admin/groups/Administrators/members
{
"total" : 1,
"entries" : [ {
"id" : "caadmin",
"groupID" : "Administrators"
} ]
}
|
||||||
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
|
A json with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"id": "caadmin"}' \
https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members
{
"id" : "caadmin",
"groupID" : "NewGroup"
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members/caadmin
{
"id" : "caadmin",
"groupID" : "NewGroup"
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie
-X DELETE https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members/caadmin
|
||||||
|
|
start, size, filter |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/admin/users?size=3&filter=Admin"
{
"total" : 1,
"entries" : [ {
"id" : "caadmin",
"UserID" : "caadmin",
"FullName" : "caadmin"
} ]
}
|
||||||
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
|
A json for the user with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"UserID": "newUser", "FullName":"New User"}' \
https://$HOSTNAME:8443/ca/v2/admin/users
{
"id" : "newUser",
"UserID" : "newUser",
"FullName" : "New User"
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/admin/users/newUser
{
"id" : "newUser",
"UserID" : "newUser",
"FullName" : "New User"
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
A json with user information to update |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"FullName":"The New User"}' \
-X PATCH https://$HOSTNAME:8443/ca/v2/admin/users/newUser
{
"id" : "newUser",
"UserID" : "newUser",
"FullName" : "The New User"
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser
|
||||||
|
|
size, start |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs
{
"total" : 1,
"entries" : [ {
"Version" : 2,
"SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"SubjectDN" : "UID=newUser",
"id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser"
} ]
}
|
||||||
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
|
Json with certificate in pem format inside |
Example$ curl --cacert ./ca_signing.crt -b session_cookie
--json '{"Encoded":"-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n"}' \
https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs
{
"Version" : 2,
"SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"SubjectDN" : "UID=newUser",
"Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n",
"id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser"
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs/2%3B219636095195869852359558645775241978227%3BCN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE%3BUID%3DnewUser
{
"Version" : 2,
"SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173",
"IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
"SubjectDN" : "UID=newUser",
"PrettyPrint" : " Certificate: \n Data: \n Version: v3\n Serial Number: 0xA53C5F8E01BAB930295A1C56134E2173\n Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Issuer: CN=CA Signing Certificate, OU=pki-tomcat, O=EXAMPLE\n Validity: \n Not Before: Wednesday, October 30, 2024, 9:40:40?AM Coordinated Universal Time Etc/UTC\n Not After: Monday, April 28, 2025, 9:40:40?AM Coordinated Universal Time Etc/UTC\n Subject: UID=newUser\n Subject Public Key Info: \n Algorithm: RSA - 1.2.840.113549.1.1.1\n Public Key: \n Exponent: 65537\n Public Key Modulus: (2048 bits) :\n BE:79:34:02:6D:DA:45:97:AF:74:FA:8B:B4:38:78:1A:\n 4B:A4:67:CF:52:AC:20:58:AB:3F:F2:5B:22:03:74:49:\n D3:1E:D2:54:77:22:70:6F:08:0B:90:AC:FD:1A:C1:37:\n 67:00:35:A8:B8:10:F0:2F:1E:3A:65:12:F0:33:46:9B:\n BF:98:4E:3C:0F:78:2F:87:9D:7C:5A:86:C8:AF:A8:37:\n AE:CA:B7:3A:9F:36:DA:C8:28:F8:05:69:3E:5C:CC:AA:\n 8B:CC:CF:8B:CE:04:5D:0E:5E:0B:7F:AA:0B:1E:59:12:\n 0C:96:F1:A9:E3:B6:34:97:FF:4F:72:2C:5C:56:44:2A:\n 21:1E:AE:CA:47:70:A9:E8:B2:65:3B:EE:F5:6C:7F:C5:\n 04:57:E8:E2:FF:A6:03:95:B0:8E:A7:59:F8:63:3D:6B:\n B3:65:AB:2B:EB:98:67:14:07:ED:AA:EC:B9:AE:0A:32:\n 82:A8:66:11:72:22:17:B3:2E:A9:60:B8:54:9F:17:DB:\n B7:0C:4B:67:19:86:CD:E8:DA:C2:B7:22:AA:D8:F8:D1:\n 4D:CD:99:D9:24:0C:9F:A7:8B:20:FB:0B:BE:70:E5:37:\n E1:99:9C:26:0D:2A:47:B3:BE:80:9A:03:C4:2C:1A:52:\n 92:2C:84:C1:DC:B2:6A:22:F9:DC:E8:CC:43:9B:83:FF\n Extensions: \n Identifier: Authority Key Identifier - 2.5.29.35\n Critical: no \n Key Identifier: \n A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\n C4:00:E1:25\n Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1\n Critical: no \n Access Description: \n Method #0: ocsp\n Location #0: URIName: http://pki.example.com:8080/ca/ocsp\n Identifier: Key Usage: - 2.5.29.15\n Critical: yes \n Key Usage: \n Digital Signature \n Non Repudiation \n Key Encipherment \n Identifier: Extended Key Usage: - 2.5.29.37\n Critical: no \n Extended Key Usage: \n clientAuth - 1.3.6.1.5.5.7.3.2\n emailProtection - 1.3.6.1.5.5.7.3.4\n Signature: \n Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Signature: \n 01:01:D9:79:88:6B:4D:81:68:7E:61:A5:3A:8A:F0:B3:\n 33:1D:9A:74:88:4F:00:E3:42:37:EE:F0:AD:52:87:98:\n 1E:24:E8:EB:62:8B:3B:3C:86:B7:B8:26:13:9D:E3:7F:\n 7B:F7:FF:B3:D7:D3:66:83:EB:13:27:10:2F:7A:C7:8E:\n 08:EE:42:B0:1A:91:0E:3C:C3:C2:B4:2C:A9:95:52:66:\n 95:73:04:BE:0C:2B:5C:80:7A:C1:33:DE:B9:61:5B:8F:\n 1B:0D:2F:C4:62:FE:02:12:43:7C:7E:3D:AD:B5:FF:D8:\n B0:2A:71:43:24:03:F5:5C:DA:80:D0:CD:BF:44:B3:A8:\n 76:D1:F1:29:68:15:6F:E5:E8:40:6D:65:94:E8:43:A4:\n 04:B3:75:FF:5D:95:29:8D:9E:40:54:93:6D:D9:8F:2E:\n 71:87:CD:C6:97:EC:D9:A0:97:EB:BC:8D:5C:EE:CA:C7:\n 53:62:98:07:09:0E:ED:A2:77:C4:EC:D3:50:4C:74:2D:\n F2:9E:B7:7C:10:DA:0C:C5:30:06:57:C8:0E:1D:CE:9A:\n 47:9F:02:87:D7:A6:F1:7B:63:55:FB:B3:2E:F0:7D:E4:\n AA:49:76:0F:0D:C6:38:03:77:7E:AF:B6:37:A9:FC:AE:\n A9:87:3D:FD:7C:FE:5F:38:53:BC:44:1F:8D:DF:E0:16:\n 26:63:07:6D:EE:D9:EB:75:02:11:83:E9:D9:90:22:15:\n 16:39:6F:8E:C8:3C:77:11:D0:7E:38:03:C5:A6:04:CA:\n F9:57:5A:52:BE:FA:CF:31:05:5D:A6:42:1A:79:14:86:\n C9:10:BA:38:3D:E3:DE:56:0A:CF:9E:40:B5:B3:9D:3C:\n B7:66:EC:FE:B2:CC:79:8E:06:CB:37:8E:91:8C:17:0A:\n 95:5C:86:48:4B:6E:0B:AB:91:C2:EC:06:6E:D4:1C:A7:\n B9:01:18:D7:87:B0:70:59:79:0E:5F:CD:47:65:B3:80:\n 7E:45:91:D9:58:FD:CE:4A:AA:5D:10:92:AA:F3:F8:21\n FingerPrint\n MD2:\n 08:B7:40:5F:0F:75:9B:7D:CE:6A:E6:02:04:0E:42:CE\n MD5:\n 70:FA:86:85:09:4C:A7:AC:C2:7E:16:12:FE:1C:23:6F\n SHA-1:\n CC:01:B7:F5:26:13:47:D9:A5:2C:05:6B:E0:94:16:7E:\n 62:CD:AB:4D\n SHA-256:\n 1A:00:A6:05:FB:14:33:B4:32:71:73:54:06:DA:52:BB:\n C9:3E:BA:24:CA:C2:4D:B2:9B:7F:A5:F7:F8:55:C0:45\n SHA-512:\n D6:C2:13:5B:5C:06:15:90:E9:78:73:C7:0C:EE:70:19:\n 31:79:1F:AB:43:57:B7:97:C8:D7:00:CA:F3:4A:DD:1B:\n 03:BE:50:10:A8:F6:4A:A0:F3:2E:28:AD:7B:7C:1F:E5:\n 70:ED:22:8E:21:DD:D9:E0:8A:7E:4C:47:D3:56:C5:49\n",
"Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n",
"id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser"
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs/2%3B219636095195869852359558645775241978227%3BCN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE%3BUID%3DnewUser
|
||||||
|
|
size, start, filter |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership
{
"total" : 1,
"entries" : [ {
"id" : "Auditors",
"userID" : "newUser"
} ]
}
|
||||||
|
|
None |
201 |
ca, kra, ocsp, tks, tps |
in |
The group name to add the user |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--data 'Auditors' \
https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership
{
"id" : "Auditors",
"userID" : "newUser"
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership/Auditors
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/audit
{
"bufferSize" : 512,
"Status" : "Enabled",
"Signed" : false,
"Interval" : 5,
"Events" : {
"ACCESS_SESSION_ESTABLISH" : "enabled",
"ACCESS_SESSION_TERMINATED" : "enabled",
"ASYMKEY_GENERATION_REQUEST" : "disabled",
"ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
"AUDIT_LOG_DELETE" : "disabled",
"AUDIT_LOG_SHUTDOWN" : "disabled",
"AUDIT_LOG_SIGNING" : "enabled",
"AUDIT_LOG_STARTUP" : "enabled",
"AUTH" : "enabled",
"AUTHORITY_CONFIG" : "enabled",
"AUTHZ" : "enabled",
"CERT_PROFILE_APPROVAL" : "enabled",
"CERT_REQUEST_PROCESSED" : "enabled",
"CERT_SIGNING_INFO" : "enabled",
"CERT_STATUS_CHANGE_REQUEST" : "enabled",
"CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "enabled",
"CIMC_CERT_VERIFICATION" : "disabled",
"CLIENT_ACCESS_SESSION_ESTABLISH" : "enabled",
"CLIENT_ACCESS_SESSION_TERMINATED" : "enabled",
"CMC_ID_POP_LINK_WITNESS" : "disabled",
"CMC_PROOF_OF_IDENTIFICATION" : "disabled",
"CMC_REQUEST_RECEIVED" : "enabled",
"CMC_RESPONSE_SENT" : "enabled",
"CMC_SIGNED_REQUEST_SIG_VERIFY" : "enabled",
"CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "enabled",
"COMPUTE_RANDOM_DATA_REQUEST" : "disabled",
"COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled",
"COMPUTE_SESSION_KEY_REQUEST" : "disabled",
"COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled",
"CONFIG_ACL" : "enabled",
"CONFIG_AUTH" : "enabled",
"CONFIG_CERT_POLICY" : "disabled",
"CONFIG_CERT_PROFILE" : "enabled",
"CONFIG_CRL_PROFILE" : "enabled",
"CONFIG_DRM" : "disabled",
"CONFIG_ENCRYPTION" : "enabled",
"CONFIG_OCSP_PROFILE" : "disabled",
"CONFIG_ROLE" : "enabled",
"CONFIG_SERIAL_NUMBER" : "enabled",
"CONFIG_SIGNED_AUDIT" : "enabled",
"CONFIG_TOKEN_AUTHENTICATOR" : "disabled",
"CONFIG_TOKEN_CONNECTOR" : "disabled",
"CONFIG_TOKEN_GENERAL" : "disabled",
"CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled",
"CONFIG_TOKEN_PROFILE" : "disabled",
"CONFIG_TOKEN_RECORD" : "disabled",
"CONFIG_TRUSTED_PUBLIC_KEY" : "enabled",
"CRL_RETRIEVAL" : "disabled",
"CRL_SIGNING_INFO" : "enabled",
"CRL_VALIDATION" : "disabled",
"DELTA_CRL_GENERATION" : "enabled",
"DELTA_CRL_PUBLISHING" : "disabled",
"DIVERSIFY_KEY_REQUEST" : "disabled",
"DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled",
"ENCRYPT_DATA_REQUEST" : "disabled",
"ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled",
"FULL_CRL_GENERATION" : "enabled",
"FULL_CRL_PUBLISHING" : "disabled",
"INTER_BOUNDARY" : "disabled",
"KEY_GEN_ASYMMETRIC" : "enabled",
"KEY_RECOVERY_AGENT_LOGIN" : "disabled",
"KEY_RECOVERY_REQUEST" : "disabled",
"KEY_STATUS_CHANGE" : "disabled",
"LOG_PATH_CHANGE" : "enabled",
"NON_PROFILE_CERT_REQUEST" : "disabled",
"OCSP_ADD_CA_REQUEST" : "disabled",
"OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled",
"OCSP_GENERATION" : "enabled",
"OCSP_REMOVE_CA_REQUEST" : "disabled",
"OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled",
"OCSP_SIGNING_INFO" : "enabled",
"PROFILE_CERT_REQUEST" : "enabled",
"PROOF_OF_POSSESSION" : "enabled",
"RANDOM_GENERATION" : "enabled",
"ROLE_ASSUME" : "enabled",
"SCHEDULE_CRL_GENERATION" : "enabled",
"SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled",
"SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled",
"SECURITY_DATA_EXPORT_KEY" : "disabled",
"SECURITY_DATA_INFO" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled",
"SECURITY_DOMAIN_UPDATE" : "enabled",
"SELFTESTS_EXECUTION" : "enabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled",
"SERVER_SIDE_KEYGEN_REQUEST" : "enabled",
"SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "enabled",
"SYMKEY_GENERATION_REQUEST" : "disabled",
"SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
"TOKEN_APPLET_UPGRADE" : "disabled",
"TOKEN_AUTH" : "disabled",
"TOKEN_CERT_ENROLLMENT" : "disabled",
"TOKEN_CERT_RENEWAL" : "disabled",
"TOKEN_CERT_RETRIEVAL" : "disabled",
"TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled",
"TOKEN_FORMAT" : "disabled",
"TOKEN_KEY_CHANGEOVER" : "disabled",
"TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled",
"TOKEN_KEY_RECOVERY" : "disabled",
"TOKEN_KEY_SANITY_CHECK" : "disabled",
"TOKEN_OP_REQUEST" : "disabled",
"TOKEN_PIN_RESET" : "disabled",
"TOKEN_STATE_CHANGE" : "disabled"
}
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
A json with same format returned by |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json @audit.json -X PATCH \
https://$HOSTNAME:8443/ca/v2/audit
{
"bufferSize" : 512,
"Status" : "Enabled",
"Signed" : false,
"Interval" : 100,
"Events" : {
"ACCESS_SESSION_ESTABLISH" : "enabled",
"ACCESS_SESSION_TERMINATED" : "disabled",
"ASYMKEY_GENERATION_REQUEST" : "disabled",
"ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
"AUDIT_LOG_DELETE" : "disabled",
"AUDIT_LOG_SHUTDOWN" : "disabled",
"AUDIT_LOG_STARTUP" : "disabled",
"AUTH" : "disabled",
"AUTHORITY_CONFIG" : "disabled",
"AUTHZ" : "disabled",
"CERT_PROFILE_APPROVAL" : "disabled",
"CERT_REQUEST_PROCESSED" : "disabled",
"CERT_SIGNING_INFO" : "disabled",
"CERT_STATUS_CHANGE_REQUEST" : "disabled",
"CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "disabled",
"CIMC_CERT_VERIFICATION" : "disabled",
"CLIENT_ACCESS_SESSION_ESTABLISH" : "disabled",
"CLIENT_ACCESS_SESSION_TERMINATED" : "disabled",
"CMC_ID_POP_LINK_WITNESS" : "disabled",
"CMC_PROOF_OF_IDENTIFICATION" : "disabled",
"CMC_REQUEST_RECEIVED" : "disabled",
"CMC_RESPONSE_SENT" : "disabled",
"CMC_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
"CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
"COMPUTE_RANDOM_DATA_REQUEST" : "disabled",
"COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled",
"COMPUTE_SESSION_KEY_REQUEST" : "disabled",
"COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled",
"CONFIG_ACL" : "disabled",
"CONFIG_AUTH" : "disabled",
"CONFIG_CERT_POLICY" : "disabled",
"CONFIG_CERT_PROFILE" : "disabled",
"CONFIG_CRL_PROFILE" : "disabled",
"CONFIG_DRM" : "disabled",
"CONFIG_ENCRYPTION" : "disabled",
"CONFIG_OCSP_PROFILE" : "disabled",
"CONFIG_ROLE" : "disabled",
"CONFIG_SERIAL_NUMBER" : "disabled",
"CONFIG_SIGNED_AUDIT" : "disabled",
"CONFIG_TOKEN_AUTHENTICATOR" : "disabled",
"CONFIG_TOKEN_CONNECTOR" : "disabled",
"CONFIG_TOKEN_GENERAL" : "disabled",
"CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled",
"CONFIG_TOKEN_PROFILE" : "disabled",
"CONFIG_TOKEN_RECORD" : "disabled",
"CONFIG_TRUSTED_PUBLIC_KEY" : "disabled",
"CRL_RETRIEVAL" : "disabled",
"CRL_SIGNING_INFO" : "disabled",
"CRL_VALIDATION" : "disabled",
"DELTA_CRL_GENERATION" : "disabled",
"DELTA_CRL_PUBLISHING" : "disabled",
"DIVERSIFY_KEY_REQUEST" : "disabled",
"DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled",
"ENCRYPT_DATA_REQUEST" : "disabled",
"ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled",
"FULL_CRL_GENERATION" : "disabled",
"FULL_CRL_PUBLISHING" : "disabled",
"INTER_BOUNDARY" : "disabled",
"KEY_GEN_ASYMMETRIC" : "disabled",
"KEY_RECOVERY_AGENT_LOGIN" : "disabled",
"KEY_RECOVERY_REQUEST" : "disabled",
"KEY_STATUS_CHANGE" : "disabled",
"LOG_PATH_CHANGE" : "disabled",
"NON_PROFILE_CERT_REQUEST" : "disabled",
"OCSP_ADD_CA_REQUEST" : "disabled",
"OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled",
"OCSP_GENERATION" : "disabled",
"OCSP_REMOVE_CA_REQUEST" : "disabled",
"OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled",
"OCSP_SIGNING_INFO" : "disabled",
"PROFILE_CERT_REQUEST" : "disabled",
"PROOF_OF_POSSESSION" : "disabled",
"RANDOM_GENERATION" : "disabled",
"ROLE_ASSUME" : "disabled",
"SCHEDULE_CRL_GENERATION" : "disabled",
"SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled",
"SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled",
"SECURITY_DATA_EXPORT_KEY" : "disabled",
"SECURITY_DATA_INFO" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled",
"SECURITY_DOMAIN_UPDATE" : "disabled",
"SELFTESTS_EXECUTION" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled",
"SERVER_SIDE_KEYGEN_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "disabled",
"SYMKEY_GENERATION_REQUEST" : "disabled",
"SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
"TOKEN_APPLET_UPGRADE" : "disabled",
"TOKEN_AUTH" : "disabled",
"TOKEN_CERT_ENROLLMENT" : "disabled",
"TOKEN_CERT_RENEWAL" : "disabled",
"TOKEN_CERT_RETRIEVAL" : "disabled",
"TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled",
"TOKEN_FORMAT" : "disabled",
"TOKEN_KEY_CHANGEOVER" : "disabled",
"TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled",
"TOKEN_KEY_RECOVERY" : "disabled",
"TOKEN_KEY_SANITY_CHECK" : "disabled",
"TOKEN_OP_REQUEST" : "disabled",
"TOKEN_PIN_RESET" : "disabled",
"TOKEN_STATE_CHANGE" : "disabled"
}
}
|
||||||
|
|
action (enable/disable) |
200 |
ca, kra, ocsp, tks, tps |
|
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST "https://$HOSTNAME:8443/ca/v2/audit?action=enable"
{
"bufferSize" : 512,
"Status" : "Enabled",
"Signed" : false,
"Interval" : 100,
"Events" : {
"ACCESS_SESSION_ESTABLISH" : "enabled",
"ACCESS_SESSION_TERMINATED" : "disabled",
"ASYMKEY_GENERATION_REQUEST" : "disabled",
"ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
"AUDIT_LOG_DELETE" : "disabled",
"AUDIT_LOG_SHUTDOWN" : "disabled",
"AUDIT_LOG_STARTUP" : "disabled",
"AUTH" : "disabled",
"AUTHORITY_CONFIG" : "disabled",
"AUTHZ" : "disabled",
"CERT_PROFILE_APPROVAL" : "disabled",
"CERT_REQUEST_PROCESSED" : "disabled",
"CERT_SIGNING_INFO" : "disabled",
"CERT_STATUS_CHANGE_REQUEST" : "disabled",
"CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "disabled",
"CIMC_CERT_VERIFICATION" : "disabled",
"CLIENT_ACCESS_SESSION_ESTABLISH" : "disabled",
"CLIENT_ACCESS_SESSION_TERMINATED" : "disabled",
"CMC_ID_POP_LINK_WITNESS" : "disabled",
"CMC_PROOF_OF_IDENTIFICATION" : "disabled",
"CMC_REQUEST_RECEIVED" : "disabled",
"CMC_RESPONSE_SENT" : "disabled",
"CMC_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
"CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
"COMPUTE_RANDOM_DATA_REQUEST" : "disabled",
"COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled",
"COMPUTE_SESSION_KEY_REQUEST" : "disabled",
"COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled",
"CONFIG_ACL" : "disabled",
"CONFIG_AUTH" : "disabled",
"CONFIG_CERT_POLICY" : "disabled",
"CONFIG_CERT_PROFILE" : "disabled",
"CONFIG_CRL_PROFILE" : "disabled",
"CONFIG_DRM" : "disabled",
"CONFIG_ENCRYPTION" : "disabled",
"CONFIG_OCSP_PROFILE" : "disabled",
"CONFIG_ROLE" : "disabled",
"CONFIG_SERIAL_NUMBER" : "disabled",
"CONFIG_SIGNED_AUDIT" : "disabled",
"CONFIG_TOKEN_AUTHENTICATOR" : "disabled",
"CONFIG_TOKEN_CONNECTOR" : "disabled",
"CONFIG_TOKEN_GENERAL" : "disabled",
"CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled",
"CONFIG_TOKEN_PROFILE" : "disabled",
"CONFIG_TOKEN_RECORD" : "disabled",
"CONFIG_TRUSTED_PUBLIC_KEY" : "disabled",
"CRL_RETRIEVAL" : "disabled",
"CRL_SIGNING_INFO" : "disabled",
"CRL_VALIDATION" : "disabled",
"DELTA_CRL_GENERATION" : "disabled",
"DELTA_CRL_PUBLISHING" : "disabled",
"DIVERSIFY_KEY_REQUEST" : "disabled",
"DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled",
"ENCRYPT_DATA_REQUEST" : "disabled",
"ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled",
"FULL_CRL_GENERATION" : "disabled",
"FULL_CRL_PUBLISHING" : "disabled",
"INTER_BOUNDARY" : "disabled",
"KEY_GEN_ASYMMETRIC" : "disabled",
"KEY_RECOVERY_AGENT_LOGIN" : "disabled",
"KEY_RECOVERY_REQUEST" : "disabled",
"KEY_STATUS_CHANGE" : "disabled",
"LOG_PATH_CHANGE" : "disabled",
"NON_PROFILE_CERT_REQUEST" : "disabled",
"OCSP_ADD_CA_REQUEST" : "disabled",
"OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled",
"OCSP_GENERATION" : "disabled",
"OCSP_REMOVE_CA_REQUEST" : "disabled",
"OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled",
"OCSP_SIGNING_INFO" : "disabled",
"PROFILE_CERT_REQUEST" : "disabled",
"PROOF_OF_POSSESSION" : "disabled",
"RANDOM_GENERATION" : "disabled",
"ROLE_ASSUME" : "disabled",
"SCHEDULE_CRL_GENERATION" : "disabled",
"SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled",
"SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled",
"SECURITY_DATA_EXPORT_KEY" : "disabled",
"SECURITY_DATA_INFO" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled",
"SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled",
"SECURITY_DOMAIN_UPDATE" : "disabled",
"SELFTESTS_EXECUTION" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled",
"SERVER_SIDE_KEYGEN_REQUEST" : "disabled",
"SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "disabled",
"SYMKEY_GENERATION_REQUEST" : "disabled",
"SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
"TOKEN_APPLET_UPGRADE" : "disabled",
"TOKEN_AUTH" : "disabled",
"TOKEN_CERT_ENROLLMENT" : "disabled",
"TOKEN_CERT_RENEWAL" : "disabled",
"TOKEN_CERT_RETRIEVAL" : "disabled",
"TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled",
"TOKEN_FORMAT" : "disabled",
"TOKEN_KEY_CHANGEOVER" : "disabled",
"TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled",
"TOKEN_KEY_RECOVERY" : "disabled",
"TOKEN_KEY_SANITY_CHECK" : "disabled",
"TOKEN_OP_REQUEST" : "disabled",
"TOKEN_PIN_RESET" : "disabled",
"TOKEN_STATE_CHANGE" : "disabled"
}
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/audit/files
{
"total" : 1,
"entries" : [ {
"name" : "ca_audit",
"size" : 77606
} ]
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/audit/files/ca_audit
0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=CERT_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:C4:00:E1:25] certificate signing info
0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=CRL_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:C4:00:E1:25] CRL signing info
0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=OCSP_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=AB:AF:55:C8:C0:97:C8:B6:AA:47:0D:D0:66:C6:15:E1:B1:EF:EF:77] OCSP signing info
0.main - [29/Oct/2024:11:09:29 UTC] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Success] self tests execution (see selftests.log for details)
0.https-jsse-jss-nio-8443-exec-1 - [29/Oct/2024:11:09:31 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-2 - [29/Oct/2024:11:09:31 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-3 - [29/Oct/2024:11:09:32 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-3 - [29/Oct/2024:11:09:32 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertReceived: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-5 - [29/Oct/2024:11:45:53 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Failure][Info=serverAlertSent: UNEXPECTED_MESSAGE] access session establish failure
0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertReceived: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
|
||||||
|
|
None |
200 |
ca |
||
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/ca/v2/config/features
[{"id":"authority","description":"Lightweight CAs","version":"1.0","enabled":true}]
|
||||||
|
|
None |
200 |
ca |
|
|
Example$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/config/features/authority
{
"id" : "authority",
"description" : "Lightweight CAs",
"version" : "1.0",
"enabled" : true
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/jobs
{
"entries" : [ {
"id" : "certRenewalNotifier",
"enabled" : false,
"cron" : "0 3 * * 1-5",
"pluginName" : "RenewalNotificationJob",
"parameters" : { }
}, {
"id" : "pruning",
"enabled" : false,
"pluginName" : "PruningJob",
"parameters" : { }
}, {
"id" : "publishCerts",
"enabled" : false,
"cron" : "0 0 * * 2",
"pluginName" : "PublishCertsJob",
"parameters" : { }
}, {
"id" : "requestInQueueNotifier",
"enabled" : false,
"cron" : "0 0 * * 0",
"pluginName" : "RequestInQueueJob",
"parameters" : { }
}, {
"id" : "serialNumberUpdate",
"enabled" : false,
"pluginName" : "SerialNumberUpdateJob",
"parameters" : { }
}, {
"id" : "unpublishExpiredCerts",
"enabled" : false,
"cron" : "0 0 * * 6",
"pluginName" : "UnpublishExpiredJob",
"parameters" : { }
} ]
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/jobs/serialNumberUpdate
{
"id" : "serialNumberUpdate",
"enabled" : false,
"pluginName" : "SerialNumberUpdateJob",
"parameters" : { }
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
No output |
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/jobs/serialNumberUpdate/start
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/ca/v2/securityDomain/domainInfo
{
"subsystemArray" : [ {
"hosts" : {
"CA pki.example.com 8443" : {
"id" : "CA pki.example.com 8443",
"Hostname" : "pki.example.com",
"Port" : "8080",
"SecurePort" : "8443",
"SecureEEClientAuthPort" : "8443",
"SecureAgentPort" : "8443",
"SecureAdminPort" : "8443",
"Clone" : "FALSE",
"SubsystemName" : "CA pki.example.com 8443",
"DomainManager" : "TRUE"
}
},
"hostArray" : [ {
"id" : "CA pki.example.com 8443",
"Hostname" : "pki.example.com",
"Port" : "8080",
"SecurePort" : "8443",
"SecureEEClientAuthPort" : "8443",
"SecureAgentPort" : "8443",
"SecureAdminPort" : "8443",
"Clone" : "FALSE",
"SubsystemName" : "CA pki.example.com 8443",
"DomainManager" : "TRUE"
} ],
"id" : "CA"
} ],
"id" : "EXAMPLE",
"subsystems" : {
"CA" : {
"hosts" : {
"CA pki.example.com 8443" : {
"id" : "CA pki.example.com 8443",
"Hostname" : "pki.example.com",
"Port" : "8080",
"SecurePort" : "8443",
"SecureEEClientAuthPort" : "8443",
"SecureAgentPort" : "8443",
"SecureAdminPort" : "8443",
"Clone" : "FALSE",
"SubsystemName" : "CA pki.example.com 8443",
"DomainManager" : "TRUE"
}
},
"hostArray" : [ {
"id" : "CA pki.example.com 8443",
"Hostname" : "pki.example.com",
"Port" : "8080",
"SecurePort" : "8443",
"SecureEEClientAuthPort" : "8443",
"SecureAgentPort" : "8443",
"SecureAdminPort" : "8443",
"Clone" : "FALSE",
"SubsystemName" : "CA pki.example.com 8443",
"DomainManager" : "TRUE"
} ],
"id" : "CA"
}
}
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/ca/v2/securityDomain/hosts
[{"id":"CA pki.example.com 8443","Hostname":"pki.example.com","Port":"8080","SecurePort":"8443","SecureEEClientAuthPort":"8443","SecureAgentPort":"8443","SecureAdminPort":"8443","Clone":"FALSE","SubsystemName":"CA pki.example.com 8443","DomainManager":"TRUE"}]
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
|
Security domain host json with |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
--json '{"id":"CA pki2.example.com 8443","Hostname":"pki2.example.com","Port":"8080","SecurePort":"8443","SecureEEClientAuthPort":"8443","SecureAgentPort":"8443","SecureAdminPort":"8443","Clone":"TRUE","SubsystemName":"CA pki2.example.com 8443","DomainManager":"FALSE"}' \
-X PUT https://$HOSTNAME:8443/ca/v2/securityDomain/hosts
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt \
https://$HOSTNAME:8443/ca/v2/securityDomain/hosts/CA%20pki.example.com%208443
{
"id" : "CA pki.example.com 8443",
"Hostname" : "pki.example.com",
"Port" : "8080",
"SecurePort" : "8443",
"SecureEEClientAuthPort" : "8443",
"SecureAgentPort" : "8443",
"SecureAdminPort" : "8443",
"Clone" : "FALSE",
"SubsystemName" : "CA pki.example.com 8443",
"DomainManager" : "TRUE"
}
|
||||||
|
|
None |
204 |
ca, kra, ocsp, tks, tps |
||
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X DELETE https://$HOSTNAME:8443/ca/v2/securityDomain/hosts/CA%20pki.example.com%208443
|
||||||
|
|
hostname, subsystem |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
"https://$HOSTNAME:8443/ca/v2/securityDomain/installToken?hostname=pki.example.com&subsystem=CA"
{
"token" : "4984326538499940852"
}
|
||||||
|
|
start, size, filter |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
"https://$HOSTNAME:8443/ca/v2/selftests?start=2"
{
"total" : 3,
"entries" : [ {
"id" : "SystemCertsVerification",
"enabledAtStartup" : true,
"criticalAtStartup" : true,
"enabledOnDemand" : true,
"criticalOnDemand" : true
} ]
}
|
||||||
|
|
action (run) |
204 |
ca, kra, ocsp, tks, tps |
No output |
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST "https://$HOSTNAME:8443/ca/v2/selftests?action=run"
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
|
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
https://$HOSTNAME:8443/ca/v2/selftests/CAValidity
{
"id" : "CAValidity",
"enabledAtStartup" : false,
"enabledOnDemand" : true,
"criticalOnDemand" : true
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST https://$HOSTNAME:8443/ca/v2/selftests/run
{
"entries" : [ {
"id" : "CAPresence",
"status" : "PASSED"
}, {
"id" : "SystemCertsVerification",
"status" : "PASSED"
}, {
"id" : "CAValidity",
"status" : "PASSED"
} ]
}
|
||||||
|
|
None |
200 |
ca, kra, ocsp, tks, tps |
|
No input expected |
Example$ curl --cacert ./ca_signing.crt -b session_cookie \
-X POST https://$HOSTNAME:8443/ca/v2/selftests/CAPresence/run
{
"id" : "CAPresence",
"status" : "PASSED"
}
|
||||||
|
Note
|
endpoints requiring authentication can be accessed providing the session cookie retrieved in the login api (/<app>/v2/account/login) or the user credentials (user/password or certificates).
|