PKI CA Retrieve User Certificate REST API - dogtagpki/pki GitHub Wiki

Request

  • Path: /ca/rest/admin/users/{userID}/certs/{certID}

  • Method: POST

  • Authentication: Client certificate

  • Parameters:

    • userID: string

    • certID: string

  • Content: None

Example

curl -k -H "Accept: application/json" --user caadmin:Secret.123 -s https://localhost.localdomain:8443/ca/rest/admin/users/caadmin/certs/2%3B6%3BCN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE%3BCN%3DPKI%20Administrator%2CE%[email protected]%2COU%3Dpki-tomcat%2CO%3DEXAMPLE | python -m json.tool
{
    "Version": 2,
    "SerialNumber": "0x6",
    "IssuerDN": "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
    "SubjectDN": "CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE",
    "PrettyPrint": "    Certificate: \n        Data: \n            Version:  v3\n            Serial Number: 0x6\n            Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n            Issuer: CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE\n            Validity: \n                Not Before: Monday, 7 June 2021 at 20:39:13 British Summer Time Europe/London\n                Not  After: Sunday, 28 May 2023 at 20:39:13 British Summer Time Europe/London\n            Subject: CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE\n            Subject Public Key Info: \n                Algorithm: RSA - 1.2.840.113549.1.1.1\n                Public Key: \n                    Exponent: 65537\n                    Public Key Modulus: (2048 bits) :\n                        AB:2C:C8:34:2D:1E:11:5B:F9:DA:CD:67:EB:77:5F:9A:\n                        31:7E:3C:F3:CC:BA:E3:87:05:5F:89:DA:20:41:8C:1A:\n                        30:3F:A6:32:14:3B:BC:7A:5C:94:C6:DD:68:35:42:FB:\n                        35:A6:EE:19:AE:51:DF:D3:C6:01:23:82:2B:30:49:D3:\n                        7D:86:6E:7C:6C:34:2D:76:E4:F6:92:0B:97:D8:32:16:\n                        E9:D3:85:D6:35:C8:15:77:C4:DC:5E:89:D5:FD:8C:95:\n                        92:8D:E6:D3:23:E5:DB:36:AE:F0:80:23:58:0C:83:7D:\n                        09:93:DE:F2:ED:88:3F:33:1B:D8:6A:0A:52:18:9B:CB:\n                        A1:5F:58:90:E0:9A:FD:D9:04:02:E8:D8:95:46:C2:87:\n                        4A:74:10:35:A5:79:0D:A9:98:D9:A3:40:DD:E6:9E:20:\n                        E8:19:73:9E:CE:48:05:58:62:2C:36:E3:40:14:9E:9D:\n                        4E:8F:B1:D1:61:08:FB:AD:AD:08:5A:F8:BE:F6:BB:52:\n                        27:C8:B7:6C:0B:6E:B3:B3:AF:23:84:8A:64:F1:4B:1B:\n                        B0:16:41:E8:51:80:91:73:A2:C0:E8:DA:5C:51:EB:F5:\n                        A2:89:BD:AE:81:8B:00:16:F7:D0:B8:D1:06:55:15:9A:\n                        E8:89:7A:4B:C8:3E:69:63:96:4F:C4:5F:84:81:73:8B\n            Extensions: \n                Identifier: Authority Key Identifier - 2.5.29.35\n                    Critical: no \n                    Key Identifier: \n                        88:DC:03:59:0C:51:4B:33:1A:E0:FE:CC:2E:99:79:F8:\n                        4A:FB:DA:7C\n                Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1\n                    Critical: no \n                    Access Description: \n                        Method #0: ocsp\n                        Location #0: URIName: http://localhost.localdomain:8080/ca/ocsp\n                Identifier: Key Usage: - 2.5.29.15\n                    Critical: yes \n                    Key Usage: \n                        Digital Signature \n                        Non Repudiation \n                        Key Encipherment \n                Identifier: Extended Key Usage: - 2.5.29.37\n                    Critical: no \n                    Extended Key Usage: \n                        1.3.6.1.5.5.7.3.2\n                        1.3.6.1.5.5.7.3.4\n        Signature: \n            Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n            Signature: \n                32:DF:25:00:79:7E:7B:C4:D0:EA:83:21:5D:05:2C:B7:\n                1D:32:DC:0E:27:4A:90:13:2A:BA:9D:43:31:66:36:03:\n                E3:07:4F:0B:D0:1F:2B:37:D3:B5:98:65:B2:63:25:FD:\n                FE:26:5A:01:46:96:A9:CE:C4:FC:60:09:C8:3C:7F:00:\n                F1:8F:51:A0:8A:6F:69:BF:B8:DF:4E:52:65:A4:24:2C:\n                68:82:46:D6:A5:EE:1F:7B:D4:E2:00:33:0F:D1:97:F0:\n                60:1F:2C:83:AE:E3:8C:3C:4C:B1:1D:3D:4B:81:44:89:\n                7F:A0:86:35:51:DC:C5:B0:CC:2A:4A:4F:CC:4B:81:AC:\n                19:36:98:9D:A5:0A:DB:0E:68:72:BF:E6:4D:53:EE:09:\n                71:04:8C:1C:B2:60:A5:D3:7C:9A:86:6C:55:25:FD:11:\n                EE:3F:45:87:4E:7B:EF:85:B9:B9:69:8C:01:E5:59:55:\n                4A:42:3B:72:29:64:2E:2E:D3:E4:37:0A:CB:C0:8C:3C:\n                B9:C8:F4:14:51:6B:72:EF:1F:AB:D8:69:04:89:E9:5F:\n                FD:BC:41:F0:38:26:BA:E1:60:61:C6:EF:6B:FD:43:73:\n                20:A2:D8:8C:D9:16:50:88:7C:C1:74:A1:A9:10:F7:B8:\n                69:45:7E:BA:F7:E8:A8:71:7C:55:CE:61:B4:2A:E3:61\n        FingerPrint\n            MD2:\n                6C:30:C0:16:6B:21:CB:92:18:33:01:CF:FA:04:39:6F\n            MD5:\n                F7:85:88:F4:82:FC:D4:7D:F3:03:E6:14:3C:25:81:1D\n            SHA-1:\n                1C:1A:A6:64:08:54:65:F2:A6:00:C6:CB:6C:37:99:02:\n                B7:E1:AE:CD\n            SHA-256:\n                BF:1F:5D:30:20:1E:00:73:28:61:BC:52:87:A8:36:BB:\n                9D:3F:BF:A3:07:36:55:CD:7C:23:AB:AE:2C:6F:34:BD\n            SHA-512:\n                C7:F1:CB:D8:6A:3A:AD:6F:9F:67:F2:01:EB:21:B6:3E:\n                52:82:FE:D0:C7:3A:9B:FF:D4:5A:A9:14:57:8A:CF:8C:\n                1D:6F:8F:11:26:B7:55:12:57:6B:56:08:BD:67:19:F9:\n                5D:E0:44:81:18:71:46:8D:52:41:54:91:23:42:8B:11\n",
    "Encoded": "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIBBjANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFNUExFMRMwEQYD\r\nVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTIxMDYw\r\nNzE5MzkxM1oXDTIzMDUyODE5MzkxM1owZzEQMA4GA1UECgwHRVhBTVBMRTETMBEGA1UECwwKcGtp\r\nLXRvbWNhdDEiMCAGCSqGSIb3DQEJARYTY2FhZG1pbkBleGFtcGxlLmNvbTEaMBgGA1UEAwwRUEtJ\r\nIEFkbWluaXN0cmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrLMg0LR4RW/na\r\nzWfrd1+aMX4888y644cFX4naIEGMGjA/pjIUO7x6XJTG3Wg1Qvs1pu4ZrlHf08YBI4IrMEnTfYZu\r\nfGw0LXbk9pILl9gyFunThdY1yBV3xNxeidX9jJWSjebTI+XbNq7wgCNYDIN9CZPe8u2IPzMb2GoK\r\nUhiby6FfWJDgmv3ZBALo2JVGwodKdBA1pXkNqZjZo0Dd5p4g6Blzns5IBVhiLDbjQBSenU6PsdFh\r\nCPutrQha+L72u1InyLdsC26zs68jhIpk8UsbsBZB6FGAkXOiwOjaXFHr9aKJva6BiwAW99C40QZV\r\nFZroiXpLyD5pY5ZPxF+EgXOLAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAUiNwDWQxRSzMa4P7MLpl5\r\n+Er72nwwRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vbG9jYWxob3N0LmxvY2Fs\r\nZG9tYWluOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIG\r\nCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQAy3yUAeX57xNDqgyFdBSy3HTLcDidKkBMqup1D\r\nMWY2A+MHTwvQHys307WYZbJjJf3+JloBRpapzsT8YAnIPH8A8Y9RoIpvab+4305SZaQkLGiCRtal\r\n7h971OIAMw/Rl/BgHyyDruOMPEyxHT1LgUSJf6CGNVHcxbDMKkpPzEuBrBk2mJ2lCtsOaHK/5k1T\r\n7glxBIwcsmCl03yahmxVJf0R7j9Fh05774W5uWmMAeVZVUpCO3IpZC4u0+Q3CsvAjDy5yPQUUWty\r\n7x+r2GkEielf/bxB8DgmuuFgYcbva/1DcyCi2IzZFlCIfMF0oakQ97hpRX669+iocXxVzmG0KuNh\r\n-----END CERTIFICATE-----\n",
    "Link": {
        "rel": "self",
        "href": "https://localhost.localdomain:8443/ca/rest/admin/users/caadmin/certs/2%253B6%253BCN%253DCA+Signing+Certificate%252COU%253Dpki-tomcat%252CO%253DEXAMPLE%253BCN%253DPKI+Administrator%252CE%253Dcaadmin%2540example.com%252COU%253Dpki-tomcat%252CO%253DEXAMPLE",
        "type": "application/xml"
    },
    "id": "2;6;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE"
}
⚠️ **GitHub.com Fallback** ⚠️