Certificate Manager (CM) REST API

This article includes updates for Certificate Manager 8.10. 

This article describes the Certificate Manager REST API (RESTful application programming interface) in Certificate Manager.

Certificate Manager REST API (RESTful application programming interface) is an HTTP-based service for x.509 and attribute certificates creation, certificate searching, certificate download, certificate revocation, certificate reinstatement, creation of PKCS#12 files and token procedure listing in Certificate Manager. 

The API requires client authentication over TLS using a CM officer certificate. Write operations like revoke, reinstate and certificate issuance requires the request data to be signed by a CM officer. The REST API server can also be configured to use a CM officer for signing the requests on the caller’s behalf, enabling automated services for trusted clients.

The accompanied files APISigningWithOpenSSL.sh and APISigningWithBouncyCastle.java referenced below can be found in a CM client installation together with the Protocol Gateway web archive file, see Install Protocol Gateway.

See also Example: Certificate Manager (CM) REST API configuration in Protocol Gateway. 

Date-time format

The expected date-time format for time search fields is ISO 8601. Example: 2021-12-20T08:01:30Z.

This article only contains plain documentation of the Certificate Manager REST API. It is not possible to try out the commands. 

View all request bodies

For full support and to view all request bodies, see https://nexusdoc.atlassian.net/wiki/x/QjjlAw. This link will open the Nexus product documentation in Confluence.