PKI CA Submit Certificate Request REST API - dogtagpki/pki GitHub Wiki
The issuer-id and issuer-dn are optional and mutually-exclusive parameters to specify the (lightweight) CA which will issue the certificate. By default the request will be issued by the primary/host CA.
-
Path:
/ca/rest/certrequests -
Method:
POST -
Query Parameters:
-
issuer-id: string -
issuer-dn: string
-
JSON
$ curl \
-k \
-s \
-X POST \
-d @- \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
https://localhost.localdomain:8443/ca/rest/certrequests << EOF | python -m json.tool
{
"Attributes": {
"Attribute": []
},
"ProfileID": "caUserCert",
"Renewal": false,
"Input": [
{
"id": "i1",
"ClassID": "keyGenInputImpl",
"Name": "Key Generation",
"Text": null,
"Attribute": [
{
"name": "cert_request_type",
"Value": "pkcs10",
"Descriptor": {
"Syntax": "keygen_request_type",
"Constraint": null,
"Description": "Key Generation Request Type",
"DefaultValue": null
}
},
{
"name": "cert_request",
"Value": "-----BEGIN CERTIFICATE REQUEST-----\nMIICXzCCAUcCAQAwGjEYMBYGCgmSJomT8ixkAQETCHRlc3R1c2VyMIIBIjANBgkqhkiG9w0BAQEF\r\nAAOCAQ8AMIIBCgKCAQEA4I4U5blOTh/fKjWvTEIvyJlnG40KPnmXIskbtkmhIqB79/1a0SnZkfFm\r\nft1j4+yTMFPFHWRV25P9saOangwxLt1inQ2ohgmLOcIDark8rhNXzBZo28kp6wH6a8lct0WnF4Kj\r\nOD8sZNIgG/+Yk4Sg/t/z7++x3nAJ5+6HOmXWnQS+UwZ/zP+VXqysRphVbaOx7Sd7X0M8YDf5zTp4\r\nIjU9g/dbqJhavnNDXwaolG666gYGO2qbQx+lkOCq0XbrF/cMy8+hebZeOy2HtfqxPeSII0BcOQ9m\r\nY3f2x/JUP+o2d89Fa+3S8B15L2IijMBhumPYNBybYG/F8Of+jVhUU7LAwQIDAQABoAAwDQYJKoZI\r\nhvcNAQELBQADggEBANdx6ioIP2+uMFl4A5nCDRBXK+6T5qvuj1ifN+9/n4hvG7+pajd5DNXplm3h\r\nOOADOlPb3I+GpGZEIYKm87xcUYhqnSyv0My2wVZHx4+xNUQkNVocumwwdSvspQ3FTor8SR+Jb2Gn\r\nYizRgPqBemBtbA1cUEAPITwuuHotAPQgXFVJPVWd5M8vAB7b/uSeB2ZOXi5L/j26KRgG1FkxbhwZ\r\nM3TKPJRmR/c7qFHIhpJ5Kgizss4xRC7mRVWVLsdSFoGibDrO5lS5Vix0R9Vu7ztHyB3a5ZvlT5kj\r\nywTDbVu0Sdc9oqCY8o4O2pwB6DRnbiMGhB9bSxeeG6iRnwdz1waID3k=\r\n-----END CERTIFICATE REQUEST-----\n",
"Descriptor": {
"Syntax": "keygen_request",
"Constraint": null,
"Description": "Key Generation Request",
"DefaultValue": null
}
}
],
"ConfigAttribute": []
},
{
"id": "i2",
"ClassID": "subjectNameInputImpl",
"Name": "Subject Name",
"Text": null,
"Attribute": [
{
"name": "sn_uid",
"Value": "testuser",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "UID",
"DefaultValue": null
}
},
{
"name": "sn_e",
"Value": "",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Email",
"DefaultValue": null
}
},
{
"name": "sn_cn",
"Value": "",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Common Name",
"DefaultValue": null
}
},
{
"name": "sn_ou3",
"Value": "",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Organizational Unit 3",
"DefaultValue": null
}
},
{
"name": "sn_ou2",
"Value": "",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Organizational Unit 2",
"DefaultValue": null
}
},
{
"name": "sn_ou1",
"Value": "",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Organizational Unit 1",
"DefaultValue": null
}
},
{
"name": "sn_ou",
"Value": "",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Organizational Unit",
"DefaultValue": null
}
},
{
"name": "sn_o",
"Value": "",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Organization",
"DefaultValue": null
}
},
{
"name": "sn_c",
"Value": "",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Country",
"DefaultValue": null
}
}
],
"ConfigAttribute": []
},
{
"id": "i3",
"ClassID": "submitterInfoInputImpl",
"Name": "Requestor Information",
"Text": null,
"Attribute": [
{
"name": "requestor_name",
"Value": "",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Requestor Name",
"DefaultValue": null
}
},
{
"name": "requestor_email",
"Value": "",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Requestor Email",
"DefaultValue": null
}
},
{
"name": "requestor_phone",
"Value": "",
"Descriptor": {
"Syntax": "string",
"Constraint": null,
"Description": "Requestor Phone",
"DefaultValue": null
}
}
],
"ConfigAttribute": []
}
]
}
EOF
{
"total": 1,
"entries": [
{
"requestType": "enrollment",
"requestStatus": "pending",
"requestURL": "https://localhost.localdomain:8443/ca/rest/certrequests/23",
"certRequestType": "pkcs10",
"operationResult": "success"
}
],
"Link": []
}
XML
$ curl \
-k \
-s \
-X POST \
-d @- \
-H "Content-Type: application/xml" \
-H "Accept: application/xml" \
https://localhost.localdomain:8443/ca/rest/certrequests << EOF | xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CertEnrollmentRequest>
<Attributes/>
<ProfileID>caUserCert</ProfileID>
<Renewal>false</Renewal>
<RemoteHost/>
<RemoteAddress/>
<Input id="i1">
<ClassID>keyGenInputImpl</ClassID>
<Name>Key Generation</Name>
<Attribute name="cert_request_type">
<Value>pkcs10</Value>
<Descriptor>
<Syntax>keygen_request_type</Syntax>
<Description>Key Generation Request Type</Description>
</Descriptor>
</Attribute>
<Attribute name="cert_request">
<Value>-----BEGIN CERTIFICATE REQUEST-----
MIICXzCCAUcCAQAwGjEYMBYGCgmSJomT8ixkAQETCHRlc3R1c2VyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA8VfCbrwYhBqds9Q1GvE/KQioT+WgeIt6vyKkBIJKFfAWgoiAy8oKMVIc
j8ajwqtmV5/e/kv1ahzf1gIq5ARYVDvjm0gOyqz//0YPL4X6K9euMcV3rDU+y73/v0Z8CSPaF0RC
sYox1B/VVukgxpWfRL0m1Vjtp9qRR9wBcSV4Io5rCTCXgTkVTNuuQwXuilkvcfKOi19NhqiEeTtj
f3UyXl1cECUM/Zk4kNj/CCOf4UVNh4BhDygu7nGrN0BUaBOurbMgq65BWn11olDuwaoHzklmJ8gO
SwL7pwQhe3Yn4zXO5nqi2T85sGlItzDj78dUgEaJlhX9n7jCTlABdtfvzQIDAQABoAAwDQYJKoZI
hvcNAQELBQADggEBAE1GBhjNVBYF3oOLsq9NMnklxkTIWTVjby+Kkrapnp39csWlt6V+NVSI6cvW
pRDES7WlV2f0gBQiH/qtRz9GPR/hisLkpX1bvGgTW/oi5nah5L3o0W2KRHk7Di4nLnDXteSSAPnI
Ja80li+bgNGqhkCOn4dnej9CeuKCRpNfx6dW4TWktE3Z8FuuNKzB2Qji8XOT2KZyNHlOLgY13tX/
1EpsBDbUP7GvkXqj3ZR62jOOUhHcmlgyABiN3I7NyOMJrrSe3uTLmMtAbGdFxC27azXMOeNl57DV
osikU4aC15xi78BUrYnnpHGxTjueZgrmjyYA2ihcy6tLsWVpp1OHMmQ=
-----END CERTIFICATE REQUEST-----
</Value>
<Descriptor>
<Syntax>keygen_request</Syntax>
<Description>Key Generation Request</Description>
</Descriptor>
</Attribute>
</Input>
<Input id="i2">
<ClassID>subjectNameInputImpl</ClassID>
<Name>Subject Name</Name>
<Attribute name="sn_uid">
<Value>testuser</Value>
<Descriptor>
<Syntax>string</Syntax>
<Description>UID</Description>
</Descriptor>
</Attribute>
<Attribute name="sn_e">
<Value/>
<Descriptor>
<Syntax>string</Syntax>
<Description>Email</Description>
</Descriptor>
</Attribute>
<Attribute name="sn_cn">
<Value/>
<Descriptor>
<Syntax>string</Syntax>
<Description>Common Name</Description>
</Descriptor>
</Attribute>
<Attribute name="sn_ou3">
<Value/>
<Descriptor>
<Syntax>string</Syntax>
<Description>Organizational Unit 3</Description>
</Descriptor>
</Attribute>
<Attribute name="sn_ou2">
<Value/>
<Descriptor>
<Syntax>string</Syntax>
<Description>Organizational Unit 2</Description>
</Descriptor>
</Attribute>
<Attribute name="sn_ou1">
<Value/>
<Descriptor>
<Syntax>string</Syntax>
<Description>Organizational Unit 1</Description>
</Descriptor>
</Attribute>
<Attribute name="sn_ou">
<Value/>
<Descriptor>
<Syntax>string</Syntax>
<Description>Organizational Unit</Description>
</Descriptor>
</Attribute>
<Attribute name="sn_o">
<Value/>
<Descriptor>
<Syntax>string</Syntax>
<Description>Organization</Description>
</Descriptor>
</Attribute>
<Attribute name="sn_c">
<Value/>
<Descriptor>
<Syntax>string</Syntax>
<Description>Country</Description>
</Descriptor>
</Attribute>
</Input>
<Input id="i3">
<ClassID>submitterInfoInputImpl</ClassID>
<Name>Requestor Information</Name>
<Attribute name="requestor_name">
<Value/>
<Descriptor>
<Syntax>string</Syntax>
<Description>Requestor Name</Description>
</Descriptor>
</Attribute>
<Attribute name="requestor_email">
<Value/>
<Descriptor>
<Syntax>string</Syntax>
<Description>Requestor Email</Description>
</Descriptor>
</Attribute>
<Attribute name="requestor_phone">
<Value/>
<Descriptor>
<Syntax>string</Syntax>
<Description>Requestor Phone</Description>
</Descriptor>
</Attribute>
</Input>
</CertEnrollmentRequest>
EOF
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CertRequestInfos>
<entries xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="certRequestInfo">
<requestType>enrollment</requestType>
<requestStatus>pending</requestStatus>
<requestURL>https://localhost.localdomain:8443/ca/rest/certrequests/21</requestURL>
<certRequestType>pkcs10</certRequestType>
<operationResult>success</operationResult>
</entries>
<total>1</total>
<CertRequestInfo>
<requestType>enrollment</requestType>
<requestStatus>pending</requestStatus>
<requestURL>https://localhost.localdomain:8443/ca/rest/certrequests/21</requestURL>
<certRequestType>pkcs10</certRequestType>
<operationResult>success</operationResult>
</CertRequestInfo>
</CertRequestInfos>