KRA REST API v2 - dogtagpki/pki GitHub Wiki

API endpoints

Warning
 This feature is still under development. The API might still change. Do not use it in production.
Path Method Parameters Return code Mime Input

/kra/v2/agent/keys

GET

start, pageSize, maxTime, maxResults, status, clientKeyID, realm, owner

200

application/json
Example 
$ curl --cacert ./ca_signing.crt -b session_cookie \
    "https://$HOSTNAME:8443/kra/v2/agent/keys?start=4"
{
  "total" : 6,
  "entries" : [ {
    "keyId" : "0x0118d9072617d551c0a7b6975441b2a5",
    "keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/0x0118d9072617d551c0a7b6975441b2a5",
    "clientKeyID" : "tmyNewkey",
    "status" : "active",
    "algorithm" : "AES",
    "size" : 256,
    "ownerName" : "kraadmin"
  }, {
    "keyId" : "0x00b452e2c8ac1308afa8c3001d80dfead4",
    "keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/0x00b452e2c8ac1308afa8c3001d80dfead4",
    "clientKeyID" : "myNewkey",
    "status" : "active",
    "algorithm" : "AES",
    "size" : 256,
    "ownerName" : "kraadmin"
  } ]
}

/kra/v2/agent/keys/{id}

GET

None

200

application/json
Example 
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/kra/v2/agent/keys/0x00b452e2c8ac1308afa8c3001d80dfead4
{
  "keyId" : "0x00b452e2c8ac1308afa8c3001d80dfead4",
  "keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/0x00b452e2c8ac1308afa8c3001d80dfead4",
  "clientKeyID" : "myNewkey",
  "status" : "active",
  "algorithm" : "AES",
  "size" : 256,
  "ownerName" : "kraadmin"
}

/kra/v2/agent/keys/{id}

POST

status (active/inactive)

204
Example 
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X POST "https://$HOSTNAME:8443/kra/v2/agent/keys/0x00b452e2c8ac1308afa8c3001d80dfead4?status=inactive"

/kra/v2/agent/keys/active/{clientKeyId}

GET

None

200

application/json
Example 
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/kra/v2/agent/keys/active/myNewKey
{
  "keyId" : "0x00b452e2c8ac1308afa8c3001d80dfead4",
  "keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/0x00b452e2c8ac1308afa8c3001d80dfead4",
  "clientKeyID" : "myNewkey",
  "status" : "active",
  "algorithm" : "AES",
  "size" : 256,
  "ownerName" : "kraadmin"
}

/kra/v2/agent/keys/retrieve

POST

status (active/inactive)

200

application/json

Json with ClassName representing the request (com.netscape.certsrv.key.KeyRecoveryRequest) and Attrubutes containing the Attribute, a list of name and value
Example 
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json '{"ClassName":"com.netscape.certsrv.key.KeyRecoveryRequest","Attributes":{"Attribute":[{"name":"keyId","value":"239691407307142073417724771513900460756"},{"name":"transWrappedSessionKey","value":"PwTuAVVhNd2Ob2vKwJD6Ou+C/1SdmR2VnbsD3ExsSctfZ15rmkJMcyEdcJkj9ONcSgI8uAYJYKvRxlNXdLqhPwyVJ32x3plt53bVSU+j8+KtD4k4xlafJScrMsEQUzFbjAIU0QX0jaynRV+l5YCjOiL59LLEGIxLwOklZXFHq/Llr8RjXR9rV5zRySZhv1ev1oQMlDCNsnAy/H/hDNBIQ80KZErgMCLjN1NrJFyP9MHHhOCd0rsjmOFn9Va3KPGTLqI24EmG2vWqMy9BHbvc7z2DK8iNiwrr8eiHN6pvCGx5jnE1zyrzg3gABTy2CTz1dbwPIRn/QUhbZydQ3i7Cfg=="},{"name":"payloadEncryptionOID","value":"{2 16 840 1 101 3 4 1 2}"},{"name":"payloadWrappingName","value":"AES KeyWrap/Padding"}]}}' \
    https://$HOSTNAME:8443/kra/v2/agent/keys/retrieve
{
  "wrappedPrivateData" : "+1F2dUIf8ycaggtzcOQ/sCfgFmOTO4g3y3dj8A5wSsGMhbtrzhqpPjynmWqOUpKV",
  "algorithm" : "AES",
  "size" : 256,
  "wrapAlgorithm" : "AES KeyWrap/Padding",
  "type" : "symmetricKey"
}

/kra/v2/agent/keyrequests

GET

start, pageSize, maxTime, requestState, requestType, clientKeyID, realm

200

application/json
Example 
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/kra/v2/agent/keyrequests
{
  "total" : 1,
  "entries" : [ {
    "requestID" : "0x8ebdd92d23f6d91c343ca85b06c5eec1",
    "requestType" : "enrollment",
    "requestStatus" : "complete",
    "requestURL" : "https://pki.example.com:8443/kra/v2/agent/keyrequests/189736124367002838297682016085746249409",
    "creationTime" : 1733938273000,
    "modificationTime" : 1733938273000,
    "keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/248971174072089259484547109134225303881",
    "keyId" : "0x00bb4e1a9c0a05467927255f184ccee949",
    "requestId" : "0x8ebdd92d23f6d91c343ca85b06c5eec1"
  } ]
}

/kra/v2/agent/keyrequests

POST

None

201

application/json

Json with ClassName representing the request typology and Attrubutes containing the Attribute, a list of name and value
Example 
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json '{"ClassName":"com.netscape.certsrv.key.SymKeyGenerationRequest","Attributes":{"Attribute":[{"name":"clientKeyID","value":"myNewkey"},{"name":"keyAlgorithm","value":"AES"},{"name":"keySize","value":"256"},{"name":"keyUsage","value":"sign"},{"name":"transWrappedSessionKey","value":null}]}}' \
    https://$HOSTNAME:8443/kra/v2/agent/keyrequests
{
  "requestInfo" : {
    "requestID" : "0xe44da0d2163087a51b7481f2c5c91458",
    "requestType" : "symkeyGenRequest",
    "requestStatus" : "complete",
    "requestURL" : "https://pki.example.com:8443/kra/v2/agent/keyrequests/303467051727386052232820986458237637720",
    "creationTime" : 1733998928353,
    "modificationTime" : 1733998928378,
    "keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/239691407307142073417724771513900460756",
    "keyId" : "0x00b452e2c8ac1308afa8c3001d80dfead4",
    "requestId" : "0xe44da0d2163087a51b7481f2c5c91458"
  },
  "requestId" : "0xe44da0d2163087a51b7481f2c5c91458",
  "keyId" : "0x00b452e2c8ac1308afa8c3001d80dfead4"
}

/kra/v2/agent/keyrequests/{id}

GET

None

200

application/json
Example 
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/kra/v2/agent/keyrequests/0x8ebdd92d23f6d91c343ca85b06c5eec1
{
  "requestID" : "0x8ebdd92d23f6d91c343ca85b06c5eec1",
  "requestType" : "enrollment",
  "requestStatus" : "complete",
  "requestURL" : "https://pki.example.com:8443/kra/v2/agent/keyrequests/189736124367002838297682016085746249409",
  "creationTime" : 1733938273000,
  "modificationTime" : 1733938273000,
  "keyURL" : "https://pki.example.com:8443/kra/v2/agent/keys/248971174072089259484547109134225303881",
  "keyId" : "0x00bb4e1a9c0a05467927255f184ccee949",
  "requestId" : "0x8ebdd92d23f6d91c343ca85b06c5eec1"
}

/kra/v2/agent/keyrequests/{id}/approve
/kra/v2/agent/keyrequests/{id}/reject
/kra/v2/agent/keyrequests/{id}/cancel

POST

None

204
Example 
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X POST https://$HOSTNAME:8443//kra/v2/agent/keyrequests/0xe44da0d2163087a51b7481f2c5c91458/cancel

/kra/v2/config/cert/transport

GET

None

200

application/json
Example 
$ curl --cacert ./ca_signing.crt \
    https://$HOSTNAME:8443/kra/v2/config/cert/transport
{
  "id" : "0xc47ee26f8d009e3fae9d6a04e408a292",
  "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "SubjectDN" : "CN=DRM Transport Certificate,OU=pki-tomcat,O=EXAMPLE",
  "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEKTCCApGgAwIBAgIRAMR+4m+NAJ4/rp1qBOQIopIwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEyMTExNjI1MDRaFw0yNjEyMDExNjI1MDRaMEsxEDAOBgNVBAoMB0VYQU1Q\r\nTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNh\r\ndGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBcEPRNztwl3cICBX8kHyGBKMWtdi8\r\nD5EifXjcigG0eVUR5Q8xWcFR/MPZtdFV29IMaJeXKKwVDsVGSNIoiLCWVHX25kd9KR9IMBi84d9g\r\nXG82QJzVXVSXYO3MIdLt9xZvqnd6JUyPhAf+4Nd+WtkdaWKcP/liFvcQSer/YOYYFkPEtpHoWwbI\r\neSi/QpUn7GE3ps9rQsuLbJ4AGEs6IEq3vcgVUSkD9b5X81OZSaoCrsKYWLA9uMKzDekQM0bAekg0\r\n7d+TQU3AXbkbeud7PEq3DTCOMbO1AIv76bpSs/bIzk6oXDmY62PTv96SRcuejU2G8wbv4dn9HsBO\r\nAesa1MmHAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUKIiB6HcrOiycB72H/cbbl+sg5sswPwYIKwYB\r\nBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2Nz\r\ncDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGB\r\nAE7IRYeL5LYbuBJvNV0kdnY5+uNSLUgavqX9g+bK+S3MtmFbKl4kjGrDHKT5b+zUw41OQMtgT/rB\r\nN1NH9mFkNAhoj12tCuJ97D2bbVnPXjwTxFw/KzNRxY/BeN78MD71eOOirayS3Am8gWuWlv6TzSMo\r\nfbMxp/qN+UOO4Wjsv83vaPWiQBa9v5rori68998WyYUsQ/uYFN8Pk123jmmj0DY7pq46dM5jqkwo\r\nLgcCBWd9ql9MzDgLBJD+rGZe3uY9y7U0CXAu+nHWdBoNN/qVnvdrvVvQe3P3OUUu/TTXnI5R4CJC\r\nh/k/nnPMGnA1zUUv3YhE+2ENTSAFnKpbWFr9uEpxh+q3/QGBFJtdwzPaHlgu+bm14ecVrIm5EFw1\r\ndpFGqyc4riwPH1ZQCoYDIxBH6MZWedZY9ktUgIOWvaesZcs2PLUFKd8ax0WK+A9+IpNVtooYYpr/\r\neUSktEd6CS53Yhu+D8ibSbpuaqhgLgKAGr+AOrUg1DNCPleakzteLNEkjw==\r\n-----END CERTIFICATE-----\n",
  "PKCS7CertChain" : "MIII2QYJKoZIhvcNAQcCoIIIyjCCCMYCAQExADALBgkqhkiG9w0BBwGgggiuMIIEKTCCApGgAwIBAgIRAMR+4m+NAJ4/rp1qBOQIopIwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEyMTExNjI1MDRaFw0yNjEyMDExNjI1MDRaMEsxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxIjAgBgNVBAMMGURSTSBUcmFuc3BvcnQgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBcEPRNztwl3cICBX8kHyGBKMWtdi8D5EifXjcigG0eVUR5Q8xWcFR/MPZtdFV29IMaJeXKKwVDsVGSNIoiLCWVHX25kd9KR9IMBi84d9gXG82QJzVXVSXYO3MIdLt9xZvqnd6JUyPhAf+4Nd+WtkdaWKcP/liFvcQSer/YOYYFkPEtpHoWwbIeSi/QpUn7GE3ps9rQsuLbJ4AGEs6IEq3vcgVUSkD9b5X81OZSaoCrsKYWLA9uMKzDekQM0bAekg07d+TQU3AXbkbeud7PEq3DTCOMbO1AIv76bpSs/bIzk6oXDmY62PTv96SRcuejU2G8wbv4dn9HsBOAesa1MmHAgMBAAGjgYowgYcwHwYDVR0jBBgwFoAUKIiB6HcrOiycB72H/cbbl+sg5sswPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vcGtpLmV4YW1wbGUuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAE7IRYeL5LYbuBJvNV0kdnY5+uNSLUgavqX9g+bK+S3MtmFbKl4kjGrDHKT5b+zUw41OQMtgT/rBN1NH9mFkNAhoj12tCuJ97D2bbVnPXjwTxFw/KzNRxY/BeN78MD71eOOirayS3Am8gWuWlv6TzSMofbMxp/qN+UOO4Wjsv83vaPWiQBa9v5rori68998WyYUsQ/uYFN8Pk123jmmj0DY7pq46dM5jqkwoLgcCBWd9ql9MzDgLBJD+rGZe3uY9y7U0CXAu+nHWdBoNN/qVnvdrvVvQe3P3OUUu/TTXnI5R4CJCh/k/nnPMGnA1zUUv3YhE+2ENTSAFnKpbWFr9uEpxh+q3/QGBFJtdwzPaHlgu+bm14ecVrIm5EFw1dpFGqyc4riwPH1ZQCoYDIxBH6MZWedZY9ktUgIOWvaesZcs2PLUFKd8ax0WK+A9+IpNVtooYYpr/eUSktEd6CS53Yhu+D8ibSbpuaqhgLgKAGr+AOrUg1DNCPleakzteLNEkjzCCBH0wggLloAMCAQICEAN+L2Vyy5oai5nrLsjBa/4wDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNDEyMTExNTQwNTRaFw00NDEyMTExNTQwNTRaMEgxEDAOBgNVBAoMB0VYQU1QTEUxEzARBgNVBAsMCnBraS10b21jYXQxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDGG58wmBgl/tI0RnLdh19Od2PiTThvUQ0xZMJj5/qi5eRVKQjVVrGjKxKXFYPnIWLoouGE+iUTyES/ctH4Z9dYXZ3Zkq4EOpFEJ0H3fieomKI3TBaagjS2qwqWc7V73aoAm7OFMqR9hsyI4OGAvBqaDmGUdzyt8w8+JQZtilwPAlus8GRGej1gNOs3piOlz8EEfg00dnS5Ab7J4tkc2ujEpMZJM1n/tjKTQiP29SCj2e6EOEo2jwL5ZAI140ogb+KKZq7kcm0G0s4KFiuuVe+ymagVNaHMzoSqq4KncHpjmm/x8gGUcCRD9cptDy2svMSuRiJMlN0ciLLHuv8jYTmL2y7eYyBsES2I1w5gnuyb6f8AnQlqBShM/DNkhRYmBHCuz4kgZlvhBaENrQAW2BuegoB41XAxclYkVnJiO6CFZ/1qDoKmKlK9OcTU6fq3ukFrixmocC18EJXxECgujibC+9zSXZ1n6TwkU5hnnb1LOSFmBKackSF8rNvWpPSsT50CAwEAAaNjMGEwHQYDVR0OBBYEFCiIgeh3KzosnAe9h/3G25frIObLMB8GA1UdIwQYMBaAFCiIgeh3KzosnAe9h/3G25frIObLMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IBgQAW0O9NOUZhiM3aXkfcScFfNOiZvrOmb0tfsKLn4jOeSix9kBmg7dc30MATAa9oTB3I8YMhBoqiL8lOM7rOugPicVWFHjgu6XqtTZNc7A+51PEec/gVPIpvODvFMv5IUnZ4UGME+HbxdFNi5P+jleH+i2Aqi6mr8SlWQxWgMGmfTHH1EpArk+4GuO1RiHBd+7DQJ7zfGNiYkl8uihBUlZHVIrcnno6Wekhc1NMxCapz3gSdKDj91rUYcb0Urj1SDXEblRsmeEdp4eJFs+TdOMNkK52Tt1ZirSuKemM4nh6rE7gDfLlHSrpDbynfBEevjERejkWk7aS8Y0tiANet+xJSAJ6x34bC5+J6zzpRgesjZT4NfaDZrcuUc3SOPDlqf2jxcbBHyCjIdTFYS7VnOw3cnvQtcRLqGeiqxTnxc9HWmKhQ108PtlD9uCOS5S2AuHdr5e0B8/zJy6Yk45DLOzqJNHquPjN7ad18yi/ivhnIxCuqWPsS1PpRuJ/OBBgEDxwxAA==",
  "NotBefore" : "Wed Dec 11 16:25:04 UTC 2024",
  "NotAfter" : "Tue Dec 01 16:25:04 UTC 2026"
}
Note
 endpoints requiring authentication can be accessed providing the session cookie retrieved in the login api (/<app>/v2/account/login) or the user credentials (user/password or certificates).
Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️