PKI CA Submit Certificate Request REST API - dogtagpki/pki GitHub Wiki
The issuer-id
and issuer-dn
are optional and mutually-exclusive parameters to specify the (lightweight) CA which will issue the certificate. By default the request will be issued by the primary/host CA.
-
Path:
/ca/rest/certrequests
-
Method:
POST
-
Query Parameters:
-
issuer-id
: string -
issuer-dn
: string
-
JSON
$ curl \ -k \ -s \ -X POST \ -d @- \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ https://localhost.localdomain:8443/ca/rest/certrequests << EOF | python -m json.tool { "Attributes": { "Attribute": [] }, "ProfileID": "caUserCert", "Renewal": false, "Input": [ { "id": "i1", "ClassID": "keyGenInputImpl", "Name": "Key Generation", "Text": null, "Attribute": [ { "name": "cert_request_type", "Value": "pkcs10", "Descriptor": { "Syntax": "keygen_request_type", "Constraint": null, "Description": "Key Generation Request Type", "DefaultValue": null } }, { "name": "cert_request", "Value": "-----BEGIN CERTIFICATE REQUEST-----\nMIICXzCCAUcCAQAwGjEYMBYGCgmSJomT8ixkAQETCHRlc3R1c2VyMIIBIjANBgkqhkiG9w0BAQEF\r\nAAOCAQ8AMIIBCgKCAQEA4I4U5blOTh/fKjWvTEIvyJlnG40KPnmXIskbtkmhIqB79/1a0SnZkfFm\r\nft1j4+yTMFPFHWRV25P9saOangwxLt1inQ2ohgmLOcIDark8rhNXzBZo28kp6wH6a8lct0WnF4Kj\r\nOD8sZNIgG/+Yk4Sg/t/z7++x3nAJ5+6HOmXWnQS+UwZ/zP+VXqysRphVbaOx7Sd7X0M8YDf5zTp4\r\nIjU9g/dbqJhavnNDXwaolG666gYGO2qbQx+lkOCq0XbrF/cMy8+hebZeOy2HtfqxPeSII0BcOQ9m\r\nY3f2x/JUP+o2d89Fa+3S8B15L2IijMBhumPYNBybYG/F8Of+jVhUU7LAwQIDAQABoAAwDQYJKoZI\r\nhvcNAQELBQADggEBANdx6ioIP2+uMFl4A5nCDRBXK+6T5qvuj1ifN+9/n4hvG7+pajd5DNXplm3h\r\nOOADOlPb3I+GpGZEIYKm87xcUYhqnSyv0My2wVZHx4+xNUQkNVocumwwdSvspQ3FTor8SR+Jb2Gn\r\nYizRgPqBemBtbA1cUEAPITwuuHotAPQgXFVJPVWd5M8vAB7b/uSeB2ZOXi5L/j26KRgG1FkxbhwZ\r\nM3TKPJRmR/c7qFHIhpJ5Kgizss4xRC7mRVWVLsdSFoGibDrO5lS5Vix0R9Vu7ztHyB3a5ZvlT5kj\r\nywTDbVu0Sdc9oqCY8o4O2pwB6DRnbiMGhB9bSxeeG6iRnwdz1waID3k=\r\n-----END CERTIFICATE REQUEST-----\n", "Descriptor": { "Syntax": "keygen_request", "Constraint": null, "Description": "Key Generation Request", "DefaultValue": null } } ], "ConfigAttribute": [] }, { "id": "i2", "ClassID": "subjectNameInputImpl", "Name": "Subject Name", "Text": null, "Attribute": [ { "name": "sn_uid", "Value": "testuser", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "UID", "DefaultValue": null } }, { "name": "sn_e", "Value": "", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Email", "DefaultValue": null } }, { "name": "sn_cn", "Value": "", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Common Name", "DefaultValue": null } }, { "name": "sn_ou3", "Value": "", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Organizational Unit 3", "DefaultValue": null } }, { "name": "sn_ou2", "Value": "", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Organizational Unit 2", "DefaultValue": null } }, { "name": "sn_ou1", "Value": "", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Organizational Unit 1", "DefaultValue": null } }, { "name": "sn_ou", "Value": "", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Organizational Unit", "DefaultValue": null } }, { "name": "sn_o", "Value": "", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Organization", "DefaultValue": null } }, { "name": "sn_c", "Value": "", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Country", "DefaultValue": null } } ], "ConfigAttribute": [] }, { "id": "i3", "ClassID": "submitterInfoInputImpl", "Name": "Requestor Information", "Text": null, "Attribute": [ { "name": "requestor_name", "Value": "", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Requestor Name", "DefaultValue": null } }, { "name": "requestor_email", "Value": "", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Requestor Email", "DefaultValue": null } }, { "name": "requestor_phone", "Value": "", "Descriptor": { "Syntax": "string", "Constraint": null, "Description": "Requestor Phone", "DefaultValue": null } } ], "ConfigAttribute": [] } ] } EOF { "total": 1, "entries": [ { "requestType": "enrollment", "requestStatus": "pending", "requestURL": "https://localhost.localdomain:8443/ca/rest/certrequests/23", "certRequestType": "pkcs10", "operationResult": "success" } ], "Link": [] }
XML
$ curl \ -k \ -s \ -X POST \ -d @- \ -H "Content-Type: application/xml" \ -H "Accept: application/xml" \ https://localhost.localdomain:8443/ca/rest/certrequests << EOF | xmllint --format - <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <CertEnrollmentRequest> <Attributes/> <ProfileID>caUserCert</ProfileID> <Renewal>false</Renewal> <RemoteHost/> <RemoteAddress/> <Input id="i1"> <ClassID>keyGenInputImpl</ClassID> <Name>Key Generation</Name> <Attribute name="cert_request_type"> <Value>pkcs10</Value> <Descriptor> <Syntax>keygen_request_type</Syntax> <Description>Key Generation Request Type</Description> </Descriptor> </Attribute> <Attribute name="cert_request"> <Value>-----BEGIN CERTIFICATE REQUEST----- MIICXzCCAUcCAQAwGjEYMBYGCgmSJomT8ixkAQETCHRlc3R1c2VyMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA8VfCbrwYhBqds9Q1GvE/KQioT+WgeIt6vyKkBIJKFfAWgoiAy8oKMVIc j8ajwqtmV5/e/kv1ahzf1gIq5ARYVDvjm0gOyqz//0YPL4X6K9euMcV3rDU+y73/v0Z8CSPaF0RC sYox1B/VVukgxpWfRL0m1Vjtp9qRR9wBcSV4Io5rCTCXgTkVTNuuQwXuilkvcfKOi19NhqiEeTtj f3UyXl1cECUM/Zk4kNj/CCOf4UVNh4BhDygu7nGrN0BUaBOurbMgq65BWn11olDuwaoHzklmJ8gO SwL7pwQhe3Yn4zXO5nqi2T85sGlItzDj78dUgEaJlhX9n7jCTlABdtfvzQIDAQABoAAwDQYJKoZI hvcNAQELBQADggEBAE1GBhjNVBYF3oOLsq9NMnklxkTIWTVjby+Kkrapnp39csWlt6V+NVSI6cvW pRDES7WlV2f0gBQiH/qtRz9GPR/hisLkpX1bvGgTW/oi5nah5L3o0W2KRHk7Di4nLnDXteSSAPnI Ja80li+bgNGqhkCOn4dnej9CeuKCRpNfx6dW4TWktE3Z8FuuNKzB2Qji8XOT2KZyNHlOLgY13tX/ 1EpsBDbUP7GvkXqj3ZR62jOOUhHcmlgyABiN3I7NyOMJrrSe3uTLmMtAbGdFxC27azXMOeNl57DV osikU4aC15xi78BUrYnnpHGxTjueZgrmjyYA2ihcy6tLsWVpp1OHMmQ= -----END CERTIFICATE REQUEST----- </Value> <Descriptor> <Syntax>keygen_request</Syntax> <Description>Key Generation Request</Description> </Descriptor> </Attribute> </Input> <Input id="i2"> <ClassID>subjectNameInputImpl</ClassID> <Name>Subject Name</Name> <Attribute name="sn_uid"> <Value>testuser</Value> <Descriptor> <Syntax>string</Syntax> <Description>UID</Description> </Descriptor> </Attribute> <Attribute name="sn_e"> <Value/> <Descriptor> <Syntax>string</Syntax> <Description>Email</Description> </Descriptor> </Attribute> <Attribute name="sn_cn"> <Value/> <Descriptor> <Syntax>string</Syntax> <Description>Common Name</Description> </Descriptor> </Attribute> <Attribute name="sn_ou3"> <Value/> <Descriptor> <Syntax>string</Syntax> <Description>Organizational Unit 3</Description> </Descriptor> </Attribute> <Attribute name="sn_ou2"> <Value/> <Descriptor> <Syntax>string</Syntax> <Description>Organizational Unit 2</Description> </Descriptor> </Attribute> <Attribute name="sn_ou1"> <Value/> <Descriptor> <Syntax>string</Syntax> <Description>Organizational Unit 1</Description> </Descriptor> </Attribute> <Attribute name="sn_ou"> <Value/> <Descriptor> <Syntax>string</Syntax> <Description>Organizational Unit</Description> </Descriptor> </Attribute> <Attribute name="sn_o"> <Value/> <Descriptor> <Syntax>string</Syntax> <Description>Organization</Description> </Descriptor> </Attribute> <Attribute name="sn_c"> <Value/> <Descriptor> <Syntax>string</Syntax> <Description>Country</Description> </Descriptor> </Attribute> </Input> <Input id="i3"> <ClassID>submitterInfoInputImpl</ClassID> <Name>Requestor Information</Name> <Attribute name="requestor_name"> <Value/> <Descriptor> <Syntax>string</Syntax> <Description>Requestor Name</Description> </Descriptor> </Attribute> <Attribute name="requestor_email"> <Value/> <Descriptor> <Syntax>string</Syntax> <Description>Requestor Email</Description> </Descriptor> </Attribute> <Attribute name="requestor_phone"> <Value/> <Descriptor> <Syntax>string</Syntax> <Description>Requestor Phone</Description> </Descriptor> </Attribute> </Input> </CertEnrollmentRequest> EOF <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <CertRequestInfos> <entries xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="certRequestInfo"> <requestType>enrollment</requestType> <requestStatus>pending</requestStatus> <requestURL>https://localhost.localdomain:8443/ca/rest/certrequests/21</requestURL> <certRequestType>pkcs10</certRequestType> <operationResult>success</operationResult> </entries> <total>1</total> <CertRequestInfo> <requestType>enrollment</requestType> <requestStatus>pending</requestStatus> <requestURL>https://localhost.localdomain:8443/ca/rest/certrequests/21</requestURL> <certRequestType>pkcs10</certRequestType> <operationResult>success</operationResult> </CertRequestInfo> </CertRequestInfos>