Page tree

Do you want an overview on Nexus' solutions, customer cases, contact information and more?

__

Skip to end of metadata
Go to start of metadata


This article only contains plain documentation of the Certificate Manager REST API. It is not possible to try out the commands. 

openapi: 3.0.0 info: title: CM REST API version: "1.0" description: | The CM REST API is a HTTP-based service used for interacting with CM. It supports ways of performing certificate creation, searching, revocation, reinstatement, registrations and procedure listing through HTTP REST calls. paths: /certificates: get: operationId: listCertificates summary: List certificates description: | Returns a list of certificates that match the provided search parameters. tags: - Certificates parameters: - name: searchLimit in: query description: | The maximum number of certificates that should be returned. Please note that the highest possible value is still limited by server-side configuration (`certsearch.maxhits` in `cm.conf`). schema: type: integer - name: searchOffset in: query description: | The starting offset of the first certificate that should be returned. This may be used for pagination of the results, together with the searchLimit parameter. schema: type: integer - name: cardSerialNumber in: query description: Serial number of the card the certificate is on. schema: type: string - name: certificateSerialNumber in: query description: Serial number of the certificate. schema: type: string - name: revocationTimeFrom in: query description: | Only return certificates whose revocation time is after the provided time. schema: type: string format: date-time - name: revocationTimeTo in: query description: | Only return certificates whose revocation time is before the provided time. schema: type: string format: date-time - name: revocationReason in: query description: | Only return certificates with specified revocation reasons. Takes an array of integers in the format e.g. `1,2,3,4`. Reason code mapping: * 0: Unspecified * 1: Key Compromise * 2: Ca Compromise * 3: Affiliation Changed * 4: Superseded * 5: Cessation Of Operation * 6: Certificate Hold * 8: Remove From CRL * 9: Privilege Withdrawn * 10: AACompromise schema: type: array items: type: integer - name: isNotRevoked in: query description: | If `true`, only certificates that are not revoked will be returned. schema: type: boolean - name: subjectCommonName in: query description: The common name ( CN ) of the subject of the certificate. schema: type: string - name: subjectGivenName in: query description: The given name ( GN ) of the subject of the certificate. schema: type: string - name: subjectSurName in: query description: The surname ( SN ) of the subject of the certificate. schema: type: string - name: subjectOrganisationName in: query description: The name of the organisation ( O ) of the subject of the certificate. schema: type: string - name: subjectOrganisationUnit in: query description: The name of the organisational unit ( OU ) of the subject of the certificate. schema: type: string - name: subjectSerialNumber in: query description: The serial number of the subject of the certificate. schema: type: string - name: subjectCountry in: query description: The country ( C ) of the subject of the certificate. schema: type: string - name: publicationAllowed in: query description: | If `true`, only certificates where publication is allowed will be returned. schema: type: boolean - name: publicationTimeFrom in: query description: | Only return certificates whose publication time is after the provided time. schema: type: string format: date-time - name: publicationTimeTo in: query description: | Only return certificates whose publication time is before the provided time. schema: type: string format: date-time - name: ocspActivationTimeFrom in: query description: | Only return certificates whose OCSP-activation time is after the provided time. schema: type: string format: date-time - name: ocspActivationTimeTo in: query description: | Only return certificates whose OCSP-activation time is before the provided time. schema: type: string format: date-time - name: validFromTimeFrom in: query description: | Only return certificates whose "valid from" (also named "not before") is after the provided time. schema: type: string format: date-time - name: validFromTimeTo in: query description: | Only return certificates whose "valid from" (also named "not before") is before the provided time. schema: type: string format: date-time - name: isNotYetValid in: query description: | If `true`, only certificates whose "valid from" (also named "not before") is in the future will be returned. schema: type: boolean - name: validToTimeFrom in: query description: | Only return certificates whose "valid to (also named "not after") is after the provided time. schema: type: string format: date-time - name: validToTimeTo in: query description: | Only return certificates whose "valid to" (also named "not after") is before the provided time. schema: type: string format: date-time - name: isExpired in: query description: | If `true`, only certificates that have already expired will be returned. This implies that the certificate's "valid to" (also named "not after") has passed. schema: type: boolean responses: 200: description: OK - Returns an array of certificates. content: application/json: schema: type: object properties: error: $ref: "#/components/schemas/ApiResponse_Error" msg: $ref: "#/components/schemas/ApiResponse_Msg" searchHits: description: | The total number of search hits that the given search parameters would yield without pagination. type: integer certificates: description: Array of certificates type: array items: $ref: "#/components/schemas/JsonCertificate" example: error: 0 msg: "Fetched certificates" searchHits: 476 certificates: [ { subject: "Super Officer 1, System, SE", validfrom: 1475849262000, certid: "10003", certificateserialnumber: "31e96265e40b809cffa3862b073ae98b", validto: 1633615659000, status: "active" } ] 500: description: Internal server error - An unexpected error occurred. content: application/json: schema: $ref: "#/components/schemas/ApiErrorResponse" example: error: -14 msg: Too many hits /certificates/{certid}/details: get: operationId: getCertificateDetails summary: Certificate details description: | Returns information about the certificate with the provided id. tags: - Certificates parameters: - name: certid in: path description: Certificate id required: true schema: type: string responses: 200: description: OK - Returns details about the requested certificate. content: application/json: schema: type: object properties: error: $ref: "#/components/schemas/ApiResponse_Error" msg: $ref: "#/components/schemas/ApiResponse_Msg" certificate: $ref: "#/components/schemas/JsonCertificate" example: error: 0 msg: "Fetched certificate" certificate: subject: "Super Officer 2, System, SE" validfrom: 1475849262000 certid: "10003" certificateserialnumber: "31e96265e40b809cffa3862b073ae98b" validto: 1633615659000 status: "active" 500: description: Internal server error - An unexpected error occurred. content: application/json: schema: $ref: "#/components/schemas/ApiErrorResponse" example: error: -14 msg: "No certificate found" /certificates/{certid}/download: get: operationId: downloadCertificate summary: Download certificate description: | Returns a certificate in binary form. For X.509 certificates, the certificate is DER-encoded. tags: - Certificates parameters: - name: certid in: path description: Certificate ID. required: true schema: type: string responses: 200: description: OK - Returns the requested certificate. content: application/pkix-cert: schema: type: string format: binary 500: description: Internal server error - An unexpected error occurred. content: application/json: schema: $ref: "#/components/schemas/ApiErrorResponse" example: error: -14 msg: "No certificate found" /certificates/revoke: post: operationId: revokeCertificate summary: Revoke certificate description: Revokes the certificate(s) with the matching certificate id(s). tags: - Certificates requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: certid: description: Certificate id(s) to revoke. type: array items: type: string reason: description: | Revocation reason code mapping * 0: Unspecified * 1: Key Compromise * 2: Ca Compromise * 3: Affiliation Changed * 4: Superseded * 5: Cessation Of Operation * 6: Certificate Hold * 8: Remove From CRL * 9: Privilege Withdrawn * 10: AACompromise type: integer signature: $ref: "#/components/schemas/ApiRequest_Signature" required: - certid - reason responses: 200: description: OK - Requested certificates were revoked. content: application/json: schema: type: object properties: error: $ref: "#/components/schemas/ApiResponse_Error" msg: $ref: "#/components/schemas/ApiResponse_Msg" example: error: 0 msg: "1 certificate(s) has been revoked" 500: description: Internal server error - An unexpected error occurred. content: application/json: schema: $ref: "#/components/schemas/ApiErrorResponseWithCertIds" example: error: -1 msg: "Error(s) occurred during the revocation" errors: [ { certid: "1", errorcode: 907, errormessage: "The certificate was not found", servererrormessage: "Certificate with certSerNr: 1 is not found." } ] /certificates/reinstate: post: operationId: reinstateCertificate summary: Reinstate certificate description: Reinstates the certificate(s) with the matching certificate id(s). tags: - Certificates requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object properties: certid: description: Certificate id(s) to reinstate type: array items: type: string signature: $ref: "#/components/schemas/ApiRequest_Signature" required: - certid responses: 200: description: OK - Requested certificates were reinstated. content: application/json: schema: type: object properties: error: $ref: "#/components/schemas/ApiResponse_Error" msg: $ref: "#/components/schemas/ApiResponse_Msg" example: error: 0 msg: "1 certificate(s) has been reinstated" 500: description: Internal server error - An unexpected error occurred. content: application/json: schema: $ref: "#/components/schemas/ApiErrorResponseWithCertIds" example: error: -1 msg: "Error(s) occurred during the reinstatement" errors: [ { certid: "1", errorcode: 907, errormessage: "The certificate was not found", servererrormessage: "Certificate with certSerNr: 1 is not found." } ] /certificates/pkcs10: post: operationId: issueCertificatePkcs10 summary: Create certificate from PKCS10 request description: | Creates a certificate from a PKCS10 request and returns the result as PKCS7. tags: - Certificates requestBody: required: true content: multipart/form-data: schema: type: object properties: pkcs10: description: PKCS10 request (Base64 encoded) type: string format: byte validfrom: description: X.509 "not before" point in time type: string format: date-time validto: description: X.509 "not after" point in time type: string format: date-time procname: description: | Name of token procedure that should be used to issue the certificate. If this parameter is not given, a default value set in the server side configuration will be used (`handler.(n).tokenprocedure` in `api.properties`). type: string signature: $ref: "#/components/schemas/ApiRequest_Signature" required: - pkcs10 responses: 200: description: OK - Returns a PKCS7 message with the issued certificate. content: application/pkcs7-mime: schema: type: string format: binary 500: description: Internal server error - An unexpected error occurred. content: application/json: schema: $ref: "#/components/schemas/ApiErrorResponse" /certificates/pkcs10-to-pkcs12: post: operationId: issueCertificatePkcs10ToPkcs12 summary: Issue certificate to PKCS#12 from PKCS#10 request description: | Issues a certificate from a PKCS#10 request and returns the result as PKCS#12. This endpoint is used to issue certificates for keys that are generated server-side by CM. For these cases, this endpoint is by default configured to accept unsigned PKCS#10 requests that only contain the TBS parts, and by default configured to discard the public key part specified in the PKCS#10 request. To generate the key on the server-side, the token procedure should specify an applicable key procedure. tags: - Certificates requestBody: required: true content: multipart/form-data: schema: type: object properties: pkcs10: description: PKCS10 request (Base64 encoded). type: string format: byte validfrom: description: X.509 "not before" point in time. type: string format: date-time validto: description: X.509 "not after" point in time. type: string format: date-time password: description: | Password to be used to protect the resulting PKCS12 archive. If this parameter is not given, the password will be generated by the server. type: string format: password procname: description: | Name of token procedure that should be used to issue the certificate. If this parameter is not given, a default value set in the server side configuration will be used (`handler.(n).tokenprocedure` in `api.properties`). type: string signature: $ref: "#/components/schemas/ApiRequest_Signature" required: - pkcs10 responses: 200: description: OK - Returns a PKCS12 archive with the issued certificate and key. content: application/x-pkcs12: schema: type: string format: binary 500: description: Internal server error - An unexpected error occurred. content: application/json: schema: $ref: "#/components/schemas/ApiErrorResponse" /procedures: get: operationId: listProcedures summary: List procedures description: | Lists all token procedures that are available for the authenticated officer. tags: - Procedures responses: 200: description: OK - Returns the list of available token procedures. content: application/json: schema: type: object properties: error: $ref: "#/components/schemas/ApiResponse_Error" msg: $ref: "#/components/schemas/ApiResponse_Msg" procedures: description: Array of token procedures. type: array items: type: object properties: procid: type: string description: Unique ID of the procedure. name: type: string description: Human-readable name of the procedure. example: error: 0 msg: "Fetched procedures" procedures: [ { procid: "t-scep-registr-visible-p10", name: "SCEP Registration Visible Procedure" } ] 500: description: Internal server error - An unexpected error occurred. content: application/json: schema: $ref: "#/components/schemas/ApiErrorResponse" example: error: -1 msg: "No procedures found" /registrations/{procid}: get: operationId: listRegistrations summary: List registrations description: | The registrations endpoint returns a list of registrations done on the procedure with the matching token procedure id and, if given, the other optional parameters. tags: - Registrations parameters: - $ref: '#/components/parameters/procid' - $ref: '#/components/parameters/regid' - $ref: '#/components/parameters/fqdn' - $ref: '#/components/parameters/status' - $ref: '#/components/parameters/validity' - $ref: '#/components/parameters/officer' - $ref: '#/components/parameters/regtype' responses: 200: description: OK - Returns all registrations matching the given query parameters. content: application/json: schema: $ref: '#/components/schemas/RegistrationResponseGet' example: registrations: - regid: akZShn8u3qcOetstcL7eyfD05Tk= fqdn: 'test-1-170645' creationdate: 1565096805000 status: closed regtype: cmp validity: 7 error: 0 msg: Fetched registrations 500: $ref: '#/components/responses/ServerError' post: operationId: createRegistration summary: Creates registration description: | Either body OR file must be set. tags: - Registrations parameters: - $ref: '#/components/parameters/procid' requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateRegistration' example: fqdn: "Device Test" regtype: "cmp" status: "open" validity: "7" responses: 200: $ref: '#/components/responses/RegistrationPost200' 500: $ref: '#/components/responses/RegistrationPost500' put: operationId: updateRegistration summary: Update registration description: | Updates a registration with the given data. tags: - Registrations parameters: - $ref: '#/components/parameters/procid' requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateRegistration' example: regid: "regid-1234" status: "open" validity: "always" responses: 200: $ref: '#/components/responses/RegistrationUpdate200' 500: $ref: '#/components/responses/RegistrationUpdate500' /registrations/certificate/{certid}: get: operationId: getRegistrationsCertId summary: Retrieves the registration that issued the certificate. description: Retrieves the registration that issued the certificate. tags: - Registrations responses: 200: description: OK - Returns the registration. content: application/json: schema: $ref: '#/components/schemas/RegistrationCertId' 500: $ref: '#/components/responses/ServerError' parameters: - $ref: '#/components/parameters/certid' /registrations/{procid}/scep: get: operationId: listRegistrationsScep summary: List registrations under SCEP description: | The SCEP registrations endpoint returns a list of registrations done on the procedure with the matching token procedure id and, if given, the other optional parameters. tags: - Registrations/{procid}/SCEP responses: 200: description: OK - Returns all registrations matching the given query parameters. content: application/json: schema: $ref: '#/components/schemas/RegistrationResponseGet' example: registrations: - regid: CGEMNL39wUEB/srVptVCKYyD2nA= fqdn: 'test-*.example.com' creationdate: 1572490820000 officer: Super Officer 2 status: open regtype: scep validity: always encryptedpassword: MIIB...3yv6 error: 0 msg: Fetched registrations 500: $ref: '#/components/responses/ServerError' parameters: - $ref: '#/components/parameters/procid' - $ref: '#/components/parameters/regid' - $ref: '#/components/parameters/fqdn' - $ref: '#/components/parameters/status' - $ref: '#/components/parameters/validity' - $ref: '#/components/parameters/officer' post: operationId: createRegistrationScep summary: Creates registration for SCEP description: | Either body OR file must be set. tags: - Registrations/{procid}/SCEP parameters: - $ref: '#/components/parameters/procid' requestBody: content: application/json: schema: allOf: - $ref: '#/components/schemas/RegistrationScep' required: - fqdn - password example: fqdn: "SCEP-1234" password: "1234" status: "open" validity: "always" responses: 200: $ref: '#/components/responses/RegistrationPost200' 500: $ref: '#/components/responses/RegistrationPost500' put: operationId: updateRegistrationScep summary: Updates registration for SCEP description: | Updates a registration with the given data for SCEP protocol. tags: - Registrations/{procid}/SCEP parameters: - $ref: '#/components/parameters/procid' requestBody: content: application/json: schema: allOf: - $ref: '#/components/schemas/RegistrationScep' required: - regid example: regid: "regid-1234" status: "open" validity: "7" responses: 200: $ref: '#/components/responses/RegistrationUpdate200' 500: $ref: '#/components/responses/RegistrationUpdate500' /registrations/{procid}/est: get: operationId: listRegistrationsEst summary: List registrations for EST description: | The EST registrations endpoint returns a list of registrations done on the procedure with the matching token procedure id, and if given, the other optional parameters. tags: - Registrations/{procid}/EST responses: 200: description: OK - Returns all registrations matching the given query parameters. content: application/json: schema: $ref: '#/components/schemas/RegistrationResponseGet' example: registrations: - regid: 2YLD25xzE9BW84WdhRSsNFyNTvk= fqdn: 'APIClientTest_-1835737403' creationdate: 1572490406000 officer: Super Officer 1 status: open regtype: est validity: always encryptedpassword: MIIB...IX9m error: 0 msg: Fetched registrations 500: $ref: '#/components/responses/ServerError' parameters: - $ref: '#/components/parameters/procid' - $ref: '#/components/parameters/regid' - $ref: '#/components/parameters/fqdn' - $ref: '#/components/parameters/status' - $ref: '#/components/parameters/validity' - $ref: '#/components/parameters/officer' post: operationId: createRegistrationEst summary: Creates registration for EST description: | Either body OR file must be set. tags: - Registrations/{procid}/EST parameters: - $ref: '#/components/parameters/procid' requestBody: content: application/json: schema: allOf: - $ref: '#/components/schemas/RegistrationEst' required: - fqdn - password example: fqdn: "*.ad.example.com" password: "1234" status: "open" validity: "7" responses: 200: $ref: '#/components/responses/RegistrationPost200' 500: $ref: '#/components/responses/RegistrationPost500' put: operationId: updateRegistrationEst summary: Updates registration for EST description: | Updates a registration with the given data for EST protocol. tags: - Registrations/{procid}/EST parameters: - $ref: '#/components/parameters/procid' requestBody: content: application/json: schema: allOf: - $ref: '#/components/schemas/RegistrationEst' required: - regid example: regid: "regid-1234" fqdn: "*.ad.example.com" status: "open" validity: "7" responses: 200: $ref: '#/components/responses/RegistrationUpdate200' 500: $ref: '#/components/responses/RegistrationUpdate500' /registrations/{procid}/cmp: get: operationId: listRegistrationsCmp summary: List registrations for CMP description: | The CMP registrations endpoint returns a list of registrations done on the procedure with the matching token procedure id, and if given, the other optional parameters. tags: - Registrations/{procid}/CMP responses: 200: description: OK - Returns all registrations matching the given query parameters. content: application/json: schema: $ref: '#/components/schemas/RegistrationResponseGet' example: registrations: - regid: JS2rc9cTa1jlAXxHdANTg7YEvu4= fqdn: '*.vendor.com' creationdate: 1572490601000 officer: Super Officer 2 status: open regtype: cmp validity: always encryptedpassword: MIIB...fJ8D error: 0 msg: Fetched registrations 500: $ref: '#/components/responses/ServerError' parameters: - $ref: '#/components/parameters/procid' - $ref: '#/components/parameters/regid' - $ref: '#/components/parameters/fqdn' - $ref: '#/components/parameters/status' - $ref: '#/components/parameters/validity' - $ref: '#/components/parameters/officer' post: operationId: createRegistrationCmp summary: Creates registration for CMP description: | Either body OR file must be set. tags: - Registrations/{procid}/CMP parameters: - $ref: '#/components/parameters/procid' requestBody: content: application/json: schema: allOf: - $ref: '#/components/schemas/RegistrationCmp' required: - fqdn example: fqdn: "*.ad.example.com" status: "open" validity: "7" responses: 200: $ref: '#/components/responses/RegistrationPost200' 500: $ref: '#/components/responses/RegistrationPost500' put: operationId: updateRegistrationCmp summary: Updates registration for CMP description: | Updates a registration with the given data for CMP protocol. tags: - Registrations/{procid}/CMP parameters: - $ref: '#/components/parameters/procid' requestBody: content: application/json: schema: allOf: - $ref: '#/components/schemas/RegistrationCmp' required: - regid example: regid: "regid-1234" fqdn: "*.ad.example.com" status: "open" validity: "7" responses: 200: $ref: '#/components/responses/RegistrationUpdate200' 500: $ref: '#/components/responses/RegistrationUpdate500' /registrations/{procid}/acme: get: operationId: listRegistrationsAcme summary: List registrations for ACME description: | The ACME registrations endpoint returns a list of registrations done on the procedure with the matching token procedure id, and if given, the other optional parameters. tags: - Registrations/{procid}/ACME responses: 200: description: OK - Returns all registrations matching the given query parameters. content: application/json: schema: $ref: '#/components/schemas/RegistrationResponseAcmeGet' example: registrations: - regid: 4Lvs8mYrqi73CcZjt5UFfiIa4kc= fqdn: 'keyId-63453491' creationdate: 1572490404000 officer: Super Officer 1 status: open regtype: acme validity: always error: 0 msg: Fetched registrations 500: $ref: '#/components/responses/ServerError' parameters: - $ref: '#/components/parameters/procid' - $ref: '#/components/parameters/regid' - $ref: '#/components/parameters/fqdn' - $ref: '#/components/parameters/status' - $ref: '#/components/parameters/validity' - $ref: '#/components/parameters/officer' post: operationId: createRegistrationAcme summary: Creates registration for ACME description: | Either body OR file must be set. tags: - Registrations/{procid}/ACME parameters: - $ref: '#/components/parameters/procid' requestBody: content: application/json: schema: allOf: - $ref: '#/components/schemas/RegistrationAcme' required: - fqdn - hmacKey example: fqdn: "*.ad.example.com" hmacKey: "PSuC...Zoi8" status: "open" validity: "7" responses: 200: $ref: '#/components/responses/RegistrationPost200' 500: $ref: '#/components/responses/RegistrationPost500' put: operationId: updateRegistrationAcme summary: Updates registration for ACME description: | Updates a registration with the given data for ACME protocol. tags: - Registrations/{procid}/ACME parameters: - $ref: '#/components/parameters/procid' requestBody: content: application/json: schema: allOf: - $ref: '#/components/schemas/RegistrationAcme' required: - regid example: regid: "regid-1234" fqdn: "*.ad.example.com" status: "open" validity: "7" responses: 200: $ref: '#/components/responses/RegistrationUpdate200' 500: $ref: '#/components/responses/RegistrationUpdate500' /registrations/{procid}/acme/accounts: get: operationId: listAcmeAccounts summary: Lists ACME accounts. description: | Lists all ACME accounts from a registration. Search can be limited by using the query parameter 'accountid'. tags: - Registrations/{procid}/ACME parameters: - $ref: '#/components/parameters/procid' - $ref: '#/components/parameters/accountid' responses: 200: description: OK - Account(s) successfully retrieved content: application/json: schema: $ref: '#/components/schemas/Account' example: registrations: - regid: 4Lvs8mYrqi73CcZjt5UFfiIa4kc= fqdn: 'CnY9c9OuvSEHGT3cfRkBlQ' creationdate: 1575278296000 officer: Super Officer 1 status: Active keyid: 'keyId-644251404' email: acme@example.com regType: 'acme/account' certIds: [10050, 10051, 11302] error: 0 msg: Fetched registrations 500: description: Error - Failed to retrieve accounts content: application/json: schema: $ref: "#/components/schemas/ApiErrorResponse" example: error: -14 msg: "Code -14, invalid procedure id" components: schemas: ApiResponse_Error: type: integer description: | Non-zero error code if the request could not be processed, or zero if there was no error. ApiResponse_Msg: type: string description: Developer message describing the outcome of the request. ApiRequest_Signature: type: string description: | Signed request (Base64 encoded). Only used when CM REST API is configured to not use VRO signing. format: byte writeOnly: true ApiErrorResponse: type: object properties: error: $ref: "#/components/schemas/ApiResponse_Error" msg: $ref: "#/components/schemas/ApiResponse_Msg" ApiErrorResponseWithCertIds: type: object properties: error: $ref: "#/components/schemas/ApiResponse_Error" msg: $ref: "#/components/schemas/ApiResponse_Msg" errors: type: array items: type: object properties: certid: description: Certificate ID. type: string errorcode: description: | Integer code of the problem that prevented this certificate ID from being processed. type: integer errormessage: description: | Developer message describing the problem that prevented this certificate ID from being processed. type: string servererrormessage: description: | Developer message given by the server. type: string JsonCertificate: type: object description: Certificate details. properties: certid: type: string description: Unique ID of the certificate. status: type: string description: Human-readable status of the certificate, revoked/active. reason: type: string description: Revocation reason. revocationtime: type: string format: date-time description: Point in time when the certificate was revoked. validto: type: string format: date-time description: X.509 "not after" point in time. validfrom: type: string format: date-time description: X.509 "not before" point in time. certificateserialnumber: type: string description: Certificate serial number in hex format. subject: type: string description: Subject distinguished name. keyusage: type: array items: type: string description: | List of key usage names, including those from ExtendedKeyUsage extension. required: - certid - status Regid: type: string description: The registration id. Created on the server side. readOnly: true Fqdn: type: string description: Fully qualified domain name. Validity: type: string description: | Determines for how long the registration will be open. Set in either days or 'always' to be open forever. Officer: type: string description: Officer who signed the request. Created on the server side. readOnly: true Creationdate: type: string description: Creation date of the registration. Created on the server side. readOnly: true Regtype: type: string enum: - est - cmp - scep - device - acme - acme/account description: | Determines which type the registration can be used with. Status: type: string enum: - open - closed description: | Either 'open' or 'closed'. Determines if that registration can be used for certificate creation. AccountStatus: type: string enum: - active - deactivated - revoked description: | Either 'active', 'deactivate' or 'revoked'. Determines if the account registration can be used for certificate creation. Email: type: string description: Email address used with the registration. Keyid: type: string description: Keyid of the connected pre-registration. Certids: type: array description: Array of certificate ids. items: type: string readOnly: true Accountids: type: array description: Array of ACME account ids. items: type: string # Contains base parameters common for all types of registrations RegistrationBase: properties: regid: $ref: '#/components/schemas/Regid' fqdn: $ref: '#/components/schemas/Fqdn' validity: $ref: '#/components/schemas/Validity' status: $ref: '#/components/schemas/Status' Registration: type: object allOf: - $ref: '#/components/schemas/RegistrationBase' - properties: regtype: $ref: '#/components/schemas/Regtype' officer: $ref: '#/components/schemas/Officer' creationdate: $ref: '#/components/schemas/Creationdate' certids: $ref: '#/components/schemas/Certids' PreRegistrationAcme: type: object allOf: - $ref: '#/components/schemas/RegistrationBase' - properties: regtype: $ref: '#/components/schemas/Regtype' officer: $ref: '#/components/schemas/Officer' creationdate: $ref: '#/components/schemas/Creationdate' accountids: $ref: '#/components/schemas/Accountids' RegistrationScep: type: object allOf: - $ref: '#/components/schemas/RegistrationBase' - properties: ipaddress: type: string description: | IP address of the device using the registration. email: $ref: '#/components/schemas/Email' serialnumber: type: string description: | Serial number of the device using the registration. password: type: string description: | The password used to register. RegistrationEst: type: object allOf: - $ref: '#/components/schemas/RegistrationBase' - properties: username: type: string description: | Username used with HTTP based authentication. realm: type: string description: | Realm used with HTTP based authentication. password: type: string description: | The password used to register. RegistrationCmp: type: object allOf: - $ref: '#/components/schemas/RegistrationBase' - properties: password: type: string description: | The password used to register. RegistrationAcme: type: object allOf: - $ref: '#/components/schemas/RegistrationBase' - properties: hmacKey: type: string format: byte description: | HMAC key for ACME pre-registration (32 bytes in base64 url-safe encoding). allowedDomains: type: string description: | Comma separated string of allowed domains for ACME pre-registration. RegistrationCertId: type: object properties: registration: $ref: '#/components/schemas/Registration' error: $ref: '#/components/schemas/ApiResponse_Error' msg: $ref: '#/components/schemas/ApiResponse_Msg' Account: type: object allOf: - properties: regid: $ref: '#/components/schemas/Regid' fqdn: $ref: '#/components/schemas/Fqdn' creationdate: $ref: '#/components/schemas/Creationdate' officer: $ref: '#/components/schemas/Officer' status: $ref: '#/components/schemas/AccountStatus' keyid: $ref: '#/components/schemas/Keyid' email: $ref: '#/components/schemas/Email' certids: $ref: '#/components/schemas/Certids' CreateRegistration: allOf: - $ref: '#/components/schemas/RegistrationBase' - properties: regtype: $ref: '#/components/schemas/Regtype' required: - fqdn - regtype UpdateRegistration: allOf: - $ref: '#/components/schemas/Registration' - properties: regid: readOnly: false regtype: readOnly: true required: - regid RegistrationResponseGet: type: object properties: registrations: type: array description: Array of registrations connected to the given procid. items: $ref: '#/components/schemas/Registration' error: $ref: '#/components/schemas/ApiResponse_Error' msg: $ref: '#/components/schemas/ApiResponse_Msg' RegistrationResponseAcmeGet: type: object properties: registrations: type: array description: Array of registrations connected to the given procid. items: $ref: '#/components/schemas/PreRegistrationAcme' error: $ref: '#/components/schemas/ApiResponse_Error' msg: $ref: '#/components/schemas/ApiResponse_Msg' RegistrationResponsePostOrPut: type: object properties: registration: type: object properties: regid: $ref: '#/components/schemas/Regid' error: $ref: "#/components/schemas/ApiResponse_Error" msg: $ref: "#/components/schemas/ApiResponse_Msg" # Defines common parameters used by multiple GET operations parameters: procid: name: procid in: path description: Token procedure id required: true schema: type: string regid: name: regid in: query description: Registration id schema: type: string certid: name: certid in: path description: Certificate id required: true schema: type: string accountid: name: accountid in: query description: Account id, allows wildcard(*) schema: type: string fqdn: name: fqdn in: query description: Fully qualified domain name. schema: type: string status: name: status in: query description: Registration status schema: enum: - open - closed type: string validity: name: validity in: query description: Number of days the registration will be open or 'always'. schema: type: string regtype: name: regtype in: query description: Registration type of the registration. schema: $ref: '#/components/schemas/Regtype' email: name: email in: query description: Email address schema: type: string ipaddress: name: ipaddress in: query description: IP address schema: type: string serialnumber: name: serialnumber in: query description: Certificate serialnumber as hex. schema: type: string password: name: password in: query description: The password used to register. schema: type: string username: name: username in: query description: The username used to register. schema: type: string realm: name: realm in: query description: The realm the user should be connected with. schema: type: string hmacKey: name: hmacKey in: query description: | HMAC key for ACME pre-registration (32 bytes in base64 url-safe encoding). The HMAC Key Id must also be specified in the fqdn field. schema: type: string allowedDomains: name: allowedDomains in: query description: Comma separated string of allowed domains. schema: type: string creationdate: name: creationdate in: query description: Creation date of the registration. schema: type: string officer: name: officer in: query description: Officer who signed the request. schema: type: string # Defines common responses used by multiple PATHS responses: RegistrationPost200: description: OK - Registration was successful content: application/json: schema: $ref: "#/components/schemas/RegistrationResponsePostOrPut" example: registration: {'regid':'kplclzbq4KeoaS86KimttAUlXKw='} error: 0 msg: "Registration has been successful" RegistrationPost500: description: Error - Registration failed, invalid input parameters content: application/json: schema: $ref: "#/components/schemas/ApiErrorResponse" example: error: -14 msg: "Code -14, Registration type not supported" RegistrationUpdate200: description: OK - The updated registration content: application/json: schema: $ref: "#/components/schemas/RegistrationResponsePostOrPut" example: registration: {'regid':'kplclzbq4KeoaS86KimttAUlXKw='} error: 0 msg: "Registration has been successful" RegistrationUpdate500: description: Error - Registration update failed, no such registration content: application/json: schema: $ref: "#/components/schemas/ApiErrorResponse" example: error: -14 msg: "Code -14, Registration type not supported" ServerError: description: Internal server error - An unexpected error occurred. content: application/json: schema: $ref: "#/components/schemas/ApiErrorResponse" example: error: -14 msg: "Code -14, Internal bad request"