| Open API Documentation |
|---|
openapi: 3.0.0
info:
title: CM REST API
version: "1.0"
description: |
The CM REST API is a HTTP-based service used for interacting with CM.
It supports ways of performing certificate creation, searching, revocation,
reinstatement, registrations and procedure listing through HTTP REST calls.
paths:
/certificates:
get:
operationId: listCertificates
summary: List certificates
description: |
Returns a list of certificates that match the provided search parameters.
tags:
- Certificates
parameters:
- $ref: '#/components/parameters/searchLimit'
- $ref: '#/components/parameters/searchOffset'
- name: cardSerialNumber
in: query
description: Serial number of the card the certificate is on.
schema:
type: string
- $ref: '#/components/parameters/certificateSerialNumber'
- $ref: '#/components/parameters/revocationTimeFrom'
- $ref: '#/components/parameters/revocationTimeTo'
- $ref: '#/components/parameters/revocationReason'
- $ref: '#/components/parameters/isNotRevoked'
- name: subjectCommonName
in: query
description: The common name ( CN ) of the subject of the certificate.
schema:
type: string
- name: subjectGivenName
in: query
description: The given name ( GN ) of the subject of the certificate.
schema:
type: string
- name: subjectSurName
in: query
description: The surname ( SN ) of the subject of the certificate.
schema:
type: string
- name: subjectOrganisationName
in: query
description: The name of the organisation ( O ) of the subject of the certificate.
schema:
type: string
- name: subjectOrganisationUnit
in: query
description: The name of the organisational unit ( OU ) of the subject of the certificate.
schema:
type: string
- name: subjectSerialNumber
in: query
description: The serial number of the subject of the certificate.
schema:
type: string
- name: subjectCountry
in: query
description: The country ( C ) of the subject of the certificate.
schema:
type: string
- $ref: '#/components/parameters/publicationAllowed'
- $ref: '#/components/parameters/publicationTimeFrom'
- $ref: '#/components/parameters/publicationTimeTo'
- $ref: '#/components/parameters/ocspActivationTimeFrom'
- $ref: '#/components/parameters/ocspActivationTimeTo'
- $ref: '#/components/parameters/validFromTimeFrom'
- $ref: '#/components/parameters/validFromTimeTo'
- $ref: '#/components/parameters/isNotYetValid'
- $ref: '#/components/parameters/validToTimeFrom'
- $ref: '#/components/parameters/validToTimeTo'
- $ref: '#/components/parameters/isExpired'
- name: issuer
in: query
description: |
Only return certificates whose issuer matches the provided DN.
The value must be a URL encoded RFC1779 string.
Example: issuer=cn%3DExample%20CM%20issuing%20CA%2Co%3DExample%20CM%2Cc%3DSE
schema:
type: string
format: RFC1779 distinguished name string.
responses:
200:
description: OK - Returns an array of certificates.
content:
application/json:
schema:
type: object
properties:
error:
$ref: "#/components/schemas/ApiResponse_Error"
msg:
$ref: "#/components/schemas/ApiResponse_Msg"
searchHits:
description: |
The total number of search hits that the given search
parameters would yield without pagination.
type: integer
certificates:
description: Array of certificates
type: array
items:
$ref: "#/components/schemas/JsonCertificate"
example:
error: 0
msg: "Fetched certificates"
searchHits: 476
certificates: [
{
subject: "Super Officer 1, System, SE",
validfrom: 1475849262000,
certid: "10003",
certificateserialnumber: "31e96265e40b809cffa3862b073ae98b",
validto: 1633615659000,
status: "active"
}
]
500:
description: Internal server error - An unexpected error occurred.
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
example:
error: -14
msg: Too many hits
/certificates/issuers:
get:
operationId: listIssuers
summary: List available issuers
description: |
Returns a list distinguished names of issuer CAs that match the provided search parameters.
tags:
- Certificates
parameters:
- $ref: '#/components/parameters/searchLimit'
- $ref: '#/components/parameters/searchOffset'
- $ref: '#/components/parameters/certificateSerialNumber'
- $ref: '#/components/parameters/revocationTimeFrom'
- $ref: '#/components/parameters/revocationTimeTo'
- $ref: '#/components/parameters/revocationReason'
- $ref: '#/components/parameters/publicationAllowed'
- $ref: '#/components/parameters/publicationTimeFrom'
- $ref: '#/components/parameters/publicationTimeTo'
- $ref: '#/components/parameters/ocspActivationTimeFrom'
- $ref: '#/components/parameters/ocspActivationTimeTo'
- $ref: '#/components/parameters/validFromTimeFrom'
- $ref: '#/components/parameters/validFromTimeTo'
- $ref: '#/components/parameters/isNotYetValid'
- $ref: '#/components/parameters/validToTimeFrom'
- $ref: '#/components/parameters/validToTimeTo'
- $ref: '#/components/parameters/isExpired'
responses:
200:
description: OK - Returns an array of issuer subjects.
content:
application/json:
schema:
type: object
properties:
error:
$ref: "#/components/schemas/ApiResponse_Error"
msg:
$ref: "#/components/schemas/ApiResponse_Msg"
searchHits:
description: |
The total number of search hits that the given search
parameters would yield without pagination.
type: integer
subjects:
description: Array of certificate issuer DNs.
type: array
items:
$ref: "#/components/schemas/JsonIssuer"
example:
error: 0
msg: "Fetched issuers"
searchHits: 476
issuers: [
{
subjectDn: "cn=Example CM CA,o=Example CM,c=SE",
subject: {
cn: "Example CM CA",
o: "Example CM",
c: "SE"
}
}
]
500:
description: Internal server error - An unexpected error occurred.
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
example:
error: -14
msg: Too many hits
/certificates/{certid}/details:
get:
operationId: getCertificateDetails
summary: Certificate details
description: |
Returns information about the certificate with the provided id.
tags:
- Certificates
parameters:
- name: certid
in: path
description: Certificate id
required: true
schema:
type: string
responses:
200:
description: OK - Returns details about the requested certificate.
content:
application/json:
schema:
type: object
properties:
error:
$ref: "#/components/schemas/ApiResponse_Error"
msg:
$ref: "#/components/schemas/ApiResponse_Msg"
certificate:
$ref: "#/components/schemas/JsonCertificate"
example:
error: 0
msg: "Fetched certificate"
certificate:
subject: "Super Officer 2, System, SE"
validfrom: 1475849262000
certid: "10003"
certificateserialnumber: "31e96265e40b809cffa3862b073ae98b"
validto: 1633615659000
status: "active"
500:
description: Internal server error - An unexpected error occurred.
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
example:
error: -14
msg: "No certificate found"
/certificates/{certid}/download:
get:
operationId: downloadCertificate
summary: Download certificate
description: |
Returns a certificate in binary form. For X.509 certificates, the
certificate is DER-encoded.
tags:
- Certificates
parameters:
- name: certid
in: path
description: Certificate ID.
required: true
schema:
type: string
responses:
200:
description: OK - Returns the requested certificate.
content:
application/pkix-cert:
schema:
type: string
format: binary
500:
description: Internal server error - An unexpected error occurred.
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
example:
error: -14
msg: "No certificate found"
/certificates/revoke:
post:
operationId: revokeCertificate
summary: Revoke certificate
description: Revokes the certificate(s) with the matching certificate id(s).
tags:
- Certificates
requestBody:
required: true
content:
application/x-www-form-urlencoded:
schema:
type: object
properties:
certid:
description: Certificate id(s) to revoke.
type: array
items:
type: string
reason:
$ref: "#/components/schemas/ApiRequest_RevocationReason"
signature:
$ref: "#/components/schemas/ApiRequest_Signature"
required:
- certid
- reason
responses:
200:
description: OK - Requested certificates were revoked.
content:
application/json:
schema:
type: object
properties:
error:
$ref: "#/components/schemas/ApiResponse_Error"
msg:
$ref: "#/components/schemas/ApiResponse_Msg"
example:
error: 0
msg: "1 certificate(s) has been revoked"
500:
description: Internal server error - An unexpected error occurred.
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponseWithCertIds"
example:
error: -1
msg: "Error(s) occurred during the revocation"
errors: [
{
certid: "1",
errorcode: 907,
errormessage: "The certificate was not found",
servererrormessage: "Certificate with certSerNr: 1 is not found."
}
]
/certificates/reinstate:
post:
operationId: reinstateCertificate
summary: Reinstate certificate
description: Reinstates the certificate(s) with the matching certificate id(s).
tags:
- Certificates
requestBody:
required: true
content:
application/x-www-form-urlencoded:
schema:
type: object
properties:
certid:
description: Certificate id(s) to reinstate
type: array
items:
type: string
signature:
$ref: "#/components/schemas/ApiRequest_Signature"
required:
- certid
responses:
200:
description: OK - Requested certificates were reinstated.
content:
application/json:
schema:
type: object
properties:
error:
$ref: "#/components/schemas/ApiResponse_Error"
msg:
$ref: "#/components/schemas/ApiResponse_Msg"
example:
error: 0
msg: "1 certificate(s) has been reinstated"
500:
description: Internal server error - An unexpected error occurred.
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponseWithCertIds"
example:
error: -1
msg: "Error(s) occurred during the reinstatement"
errors: [
{
certid: "1",
errorcode: 907,
errormessage: "The certificate was not found",
servererrormessage: "Certificate with certSerNr: 1 is not found."
}
]
/certificates/pkcs10:
post:
operationId: issueCertificatePkcs10
summary: Create certificate from PKCS10 request
description: |
Creates a certificate from a PKCS10 request and returns the result as PKCS7.
tags:
- Certificates
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
properties:
pkcs10:
description: PKCS10 request (Base64 encoded)
type: string
format: byte
validfrom:
description: X.509 "not before" point in time
type: string
format: date-time
validto:
description: X.509 "not after" point in time
type: string
format: date-time
procname:
description: |
Name of token procedure that should be used to issue the
certificate. If this parameter is not given, a default value
set in the server side configuration will be used
(`handler.(n).tokenprocedure` in `api.properties`).
type: string
signature:
$ref: "#/components/schemas/ApiRequest_Signature"
required:
- pkcs10
encoding:
pkcs10:
contentType: application/pkcs10
responses:
200:
description: OK - Returns a PKCS7 message with the issued certificate.
content:
application/pkcs7-mime:
schema:
type: string
format: binary
500:
description: Internal server error - An unexpected error occurred.
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
/certificates/pkcs10-to-pkcs12:
post:
operationId: issueCertificatePkcs10ToPkcs12
summary: Issue certificate to PKCS#12 from PKCS#10 request
description: |
Issues a certificate from a PKCS#10 request and returns the result as
PKCS#12.
This endpoint is used to issue certificates for keys that are generated
server-side by CM. For these cases, this endpoint is by default
configured to accept unsigned PKCS#10 requests that only contain the TBS
parts, and by default configured to discard the public key part
specified in the PKCS#10 request. To generate the key on the
server-side, the token procedure should specify an applicable key
procedure.
tags:
- Certificates
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
properties:
pkcs10:
description: PKCS10 request (Base64 encoded).
type: string
format: byte
validfrom:
description: X.509 "not before" point in time.
type: string
format: date-time
validto:
description: X.509 "not after" point in time.
type: string
format: date-time
password:
description: |
Password to be used to protect the resulting PKCS12 archive.
If this parameter is not given, the password will be
generated by the server.
type: string
format: password
procname:
description: |
Name of token procedure that should be used to issue the
certificate. If this parameter is not given, a default value
set in the server side configuration will be used
(`handler.(n).tokenprocedure` in `api.properties`).
type: string
signature:
$ref: "#/components/schemas/ApiRequest_Signature"
required:
- pkcs10
encoding:
pkcs10:
contentType: application/pkcs10
responses:
200:
description: OK - Returns a PKCS12 archive with the issued certificate and key.
content:
application/x-pkcs12:
schema:
type: string
format: binary
500:
description: Internal server error - An unexpected error occurred.
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
/certificates/skip/{certid}/pkcs10-to-attr-cert:
post:
operationId: secureKeyInjectionPackageissueCertificatePkcs10ToAttrCert
summary: CreateIssue certificate ato securePKCS#7 keycontaining injectionattribute packagecertificate from a PKCS10PKCS#10 request
description: |
CreatesIssues aan secureattribute key package for IoT devices certificate from a PKCS10PKCS#10 request
and returns the result as
and return the result as PKCS7PKCS#7.
TheThis PKCS10endpoint requestis onlyused needto toissue includeattribute thecertificates publicthat keyare andgenerated subjectfor
informationa base andcertificate noon otherserver-side requestby data.
CM. For these cases, this endpoint is by default
The PKCS7 response content isconfigured anto ASN.1accept encodedunsigned listPKCS#10 ofrequests thethat generated
only contain the TBS
device keypairs, KeyPairContainers, whereparts. theA public key is anrequired encoded
by PKCS#10, while it is not required for SubjectPublicKeyInfoissuing (RFC 5280), and the private key is an encoded
EncryptedPrivateKeyInfo (RFC 5958).
KeyPairContainers ::= SEQUENCE OF KeyPairContainerthe
attribute certificate. Therefore, by default the endpoint is configured to discard
the public key part KeyPairContainerspecified ::=in SEQUENCEthe {
PKCS#10 request as it is public SubjectPublicKeyInfo,not required.
encryptedPrivate EncryptedPrivateKeyInfotags:
- }Certificates
tagsparameters:
- Certificates $ref: '#/components/parameters/certid'
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
properties:
pkcs10:
description: |
PKCS10 request (Base64 encoded).
PKCS10 request (Base64 encoded) containing the initaltype: string
format: byte
public key and subject information.
validfrom:
type: string
description: X.509 "not before" point in time.
format: byte
type: procname:string
descriptionformat: |date-time
validto:
Name description: X.509 "not after" point in time.
type: string
format: date-time
procname:
description: |
Name of token procedure that should be used to issue the
attribute certificate. If this parameter is not given, a default
value
value set in the server side configuration will be used
(`handler.(n).tokenprocedure` in `api.properties`).
type: string
signature:
$ref: "#/components/schemas/ApiRequest_Signature"
required:
- pkcs10
encoding:
pkcs10:
contentType: application/pkcs10
responses:
200:
description: OK - Returns a PKCS7 messagearchive with the issued attribute certificate.
content:
application/pkcs7-mime:
schema:
type: string
format: binary
500:
description: Internal server error - An unexpected error occurred.
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
/certificates/import-pki-x509skip:
post:
operationId: importPKIX509secureKeyInjectionPackage
summary: Import externally issued X.509 certificates Create a secure key injection package from a PKCS10 request
description: |
ImportsCreates X.509a certificatessecure fromkey anpackage external PKI.
for IoT devices from a PKCS10 request
This endpoint is used to import certificate(s) to CM issued by anand return the result as PKCS7.
externalThe PKI.PKCS10 Eachrequest importedonly certificateneed mayto beinclude complementedthe with
public key and subject
revocation information, such asinformation reasonand codeno andother timerequest of revocationdata.
The PKCS7 requestresponse maycontent specifyis aan token procedure, which must be connected to a
ASN.1 encoded list of the generated
device keypairs, CAKeyPairContainers, withwhere athe SubjectDNpublic matchingkey importedis certificatesan IssuerDN.encoded
IfSubjectPublicKeyInfo no Token Procedure is specified, a default(RFC 5280), and the private key is usedan byencoded
the server.
tags:
EncryptedPrivateKeyInfo (RFC 5958).
- Certificates
KeyPairContainers requestBody::
= SEQUENCE OF KeyPairContainer
required: true
KeyPairContainer content:
:= SEQUENCE {
application/json:
public SubjectPublicKeyInfo,
schema:
encryptedPrivate type: objectEncryptedPrivateKeyInfo
properties:}
tags:
- procname:Certificates
requestBody:
descriptionrequired: |true
content:
multipart/form-data:
Name of token procedure that should be used to issue theschema:
type: object
certificate. If this parameter is not given, a default valueproperties:
pkcs10:
set in the server side configuration will be used.
description: |
type: string
PKCS10 request (Base64 encoded) containing the importdata:inital
description: |
public key and subject information.
Array of certificate(s) to import. type: string
typeformat: arraybyte
itemsprocname:
typedescription: object|
Name properties:
of token procedure that should be used to issue the
certificate:
certificate. If this parameter is not given, a default value
description: |
set in the server side configuration will be used
Base64 encoded certificate.
(`handler.(n).tokenprocedure` in `api.properties`).
type: string
signature:
format: byte
$ref: "#/components/schemas/ApiRequest_Signature"
reasonrequired:
- pkcs10
$ref: "#/components/schemas/ApiRequest_RevocationReason"
encoding:
pkcs10:
revocationtime: contentType: application/pkcs10
responses:
200:
description: |
OK - Returns a PKCS7 message with the issued certificate.
content:
Point in time when the certificate was revoked.
application/pkcs7-mime:
schema:
type: string
format: binary
format500: date-time
description: Internal server error - An unexpected required:error occurred.
content:
- certificateapplication/json:
signatureschema:
$ref$ref: "#/components/schemas/ApiRequest_SignatureApiErrorResponse"
/certificates/import-pki-x509:
post:
operationId: importPKIX509
required:
summary: Import externally issued X.509 certificates
-description: importdata|
responses:
Imports X.509 certificates from an external 200:PKI.
This endpoint description:is OKused -to sucessfully imported all certificates
import certificate(s) to CM issued by an
content:
external PKI. Each imported certificate may be complemented with
application/json:
revocation information, such as reason code and time of schema:revocation.
The request may specify a token procedure, which type:must object
be connected to a
CA with a SubjectDN matching properties:
imported certificates IssuerDN.
If no Token Procedure is specified, a default error:
is used by the server.
tags:
$ref: "#/components/schemas/ApiResponse_Error"- Certificates
requestBody:
required: true
msg content:
application/json:
$ref: "#/components/schemas/ApiResponse_Msg"schema:
exampletype: object
properties:
error: 0
procname:
msg: "1 certificate(s) has been imported"
500description: |
description: Internal server error - An unexpected error occurred.
Name of token procedure that should be used to issue content:the
application/json:
certificate. If this parameter is not schema:
given, a default value
$ref: "#/components/schemas/ApiErrorResponseWithJsonArrayIndex"
set in the server side configuration will be example:used.
error type: -1string
msgimportdata:
"Error(s) occurred during the PKI import"
description: |
errors: [
Array {
of certificate(s) to import.
arrayindextype: 0,array
errorcode: -14,items:
errormessagetype: "Duplicatedobject
certificate import entry",
},
properties:
{certificate:
arrayindex description: 1,|
errorcode: -14,
Base64 encoded certificate.
errormessage: "Unable to import certificate",
type: string
servererrormessage: "Invalid certificate issuer"
format: byte
},
reason:
{
arrayindex$ref: 2,
"#/components/schemas/ApiRequest_RevocationReason"
errorcode revocationtime:
-40,
errormessage: "Maximum import limit exceeded",description: |
limit: 1
Point in time when the certificate was revoked.
}
]
/procedurestype: string
get:
operationId: listProcedures
summary: List procedures
descriptionformat: |date-time
Lists all token procedures that are available for the authenticated officer.required:
tags:
- Procedures
responses:
- certificate
200:
descriptionsignature:
OK - Returns the list of available token procedures. $ref: "#/components/schemas/ApiRequest_Signature"
required:
- importdata
responses:
200:
description: OK - sucessfully imported all certificates
content:
application/json:
schema:
type: object
properties:
error:
$ref: "#/components/schemas/ApiResponse_Error"
msg:
$ref: "#/components/schemas/ApiResponse_Msg"
example:
procedures:
error: 0
description: Array of token procedures.
msg: "1 certificate(s) has been imported"
type500: array
description: Internal server error - An unexpected items:error occurred.
content:
typeapplication/json: object
schema:
properties:
$ref: "#/components/schemas/ApiErrorResponseWithJsonArrayIndex"
procidexample:
error: -1
type: string
msg: "Error(s) occurred during the PKI import"
descriptionerrors: Unique[
ID of the procedure.
{
name:
arrayindex: 0,
type: string
errorcode: -14,
descriptionerrormessage: Human-readable name of the procedure."Duplicated certificate import entry",
example:
},
error: 0
{
msg: "Fetched procedures"
arrayindex: 1,
procedures: [
errorcode: -14,
{
errormessage: "Unable to procid: "t-scep-registr-visible-p10import certificate",
nameservererrormessage: "SCEPInvalid Registrationcertificate Visible Procedureissuer"
},
]
{
500:
description: Internal server error - An unexpected error occurred.arrayindex: 2,
content:
application/json:errorcode: -40,
schema:
errormessage: "Maximum import limit exceeded",
$ref: "#/components/schemas/ApiErrorResponse"
limit: example:1
error: -1}
msg: "No procedures found"]
/registrations/{procid}procedures:
get:
operationId: listRegistrationslistProcedures
summary: List registrationsprocedures
description: |
TheLists registrationsall endpointtoken returnsprocedures athat listare ofavailable registrationsfor donethe onauthenticated theofficer.
tags:
procedure with the matching token- procedureProcedures
id and, if given, the otherresponses:
optional parameters.
200:
tagsdescription:
OK - Returns the list of available -token Registrations
procedures.
parameterscontent:
- $ref: '#/components/parameters/procid'
application/json:
- $ref: '#/components/parameters/regid'
schema:
- $ref: '#/components/parameters/fqdn'
- $reftype: '#/components/parameters/status'
object
- $ref: '#/components/parameters/validity' properties:
- $ref: '#/components/parameters/officer'
error:
- $ref: '#/components/parameters/regtype'
responses:
200:$ref: "#/components/schemas/ApiResponse_Error"
description: OK - Returns all registrations matching the given query parameters. msg:
content:
application/json:$ref: "#/components/schemas/ApiResponse_Msg"
schema:
procedures:
$ref: '#/components/schemas/RegistrationResponseGet'
description: Array of token procedures.
example:
registrationstype: array
- regiditems:
akZShn8u3qcOetstcL7eyfD05Tk=
fqdntype: 'test-1-170645'
object
creationdate properties:
1565096805000
status: closed
procid:
regtypetype: cmpstring
validity: 7
description: Unique ID of the procedure.
error: 0
msg name: Fetched registrations
500:
$reftype: '#/components/responses/ServerError'
string
post:
operationId: createRegistration
summary: Creates registration
description: |
Human-readable name of the procedure.
Either body OR file must be set.
tagsexample:
- Registrations
parameterserror: 0
- $ref: '#/components/parameters/procid'
requestBodymsg:
"Fetched procedures"
content:
application/jsonprocedures: [
schema:{
$ref: '#/components/schemas/CreateRegistration'
procid: "t-scep-registr-visible-p10",
example:
fqdnname: "Device TestSCEP Registration Visible Procedure"
regtype: "cmp"
}
status: "open"
]
500:
validity: "7"
responsesdescription:
Internal server error - An unexpected error 200:occurred.
$refcontent: '#/components/responses/RegistrationPost200'
500application/json:
$ref: '#/components/responses/RegistrationPost500'
putschema:
operationId: updateRegistration
summary$ref: Update registration"#/components/schemas/ApiErrorResponse"
description: |
example:
Updates a registration with the given data.
tags:
error: -1
- Registrations
parameters:
msg: "No procedures - $ref: '#/components/parameters/procid'found"
/registrations/{procid}:
requestBodyget:
operationId: content:listRegistrations
summary: application/json:List registrations
description: |
schema:
The registrations endpoint returns a list of registrations done on the
$ref: '#/components/schemas/UpdateRegistration'
procedure with the matching token procedure example:
id and, if given, the other
regid: "regid-1234"optional parameters.
tags:
status: "open"- Registrations
validity: "always"parameters:
responses:
- 200:$ref: '#/components/parameters/procid'
- $ref: '#/components/responsesparameters/RegistrationUpdate200regid'
- 500:$ref: '#/components/parameters/fqdn'
- $ref: '#/components/responsesparameters/RegistrationUpdate500'
/registrations/certificate/{certid}:
status'
get:
- operationId$ref: getRegistrationsCertId'#/components/parameters/validity'
summary: Retrieves the- registration that issued the certificate.$ref: '#/components/parameters/officer'
description: Retrieves the registration that issued the certificate.
tags:
- Registrations- $ref: '#/components/parameters/regtype'
responses:
200:
description: OK - Returns all registrations matching the given query registrationparameters.
content:
application/json:
schema:
$ref: '#/components/schemas/RegistrationCertIdRegistrationResponseGet'
500example:
$ref: '#/components/responses/ServerError'
parametersregistrations:
- $ref: '#/components/parameters/certid'
/registrations/{procid}/scep:
get:
- operationIdregid: listRegistrationsScepakZShn8u3qcOetstcL7eyfD05Tk=
summary: List registrations under SCEP
description: |
fqdn: 'test-1-170645'
The SCEP registrations endpoint returns a list of registrations done on the
creationdate: 1565096805000
procedure with the matching token procedure id and, if given, the other
optional parameters.
status: closed
tags:
- Registrations/{procid}/SCEP
responsesregtype: cmp
200:
description: OK - Returns all registrations matching the given query parameters.
validity: 7
contenterror: 0
application/json:
msg: Fetched registrations
schema500:
$ref: '#/components/schemasresponses/RegistrationResponseGetServerError'
post:
example:operationId: createRegistration
summary: Creates registration
description: registrations:|
Either body OR file must be set.
- regidtags: CGEMNL39wUEB/srVptVCKYyD2nA=
- Registrations
parameters:
- fqdn$ref: 'test-*.example.com#/components/parameters/procid'
requestBody:
content:
creationdate: 1572490820000
application/json:
schema:
officer: Super Officer 2
$ref: '#/components/schemas/CreateRegistration'
statusexample: open
fqdn: "Device Test"
regtype: scep
regtype: "cmp"
validity: always
status: "open"
encryptedpasswordvalidity: MIIB...3yv6"7"
errorsignature: 0"MIIFuwYJK..."
msg: Fetched registrationsresponses:
500200:
$ref: '#/components/responses/ServerErrorRegistrationPost200'
parameters 500:
- $ref: '#/components/parametersresponses/procidRegistrationPost500'
put:
- $refoperationId: '#/components/parameters/regid'updateRegistration
summary: - $ref: '#/components/parameters/fqdn'Update registration
- $ref: '#/components/parameters/status'
- $ref: '#/components/parameters/validity'
- $ref: '#/components/parameters/officer'
post:
operationId: createRegistrationScep
summary: Creates registration for SCEP
description: |
EitherUpdates bodya ORregistration filewith mustthe begiven setdata.
tags:
- Registrations/{procid}/SCEP
parameters:
- $ref: '#/components/parameters/procid'
requestBody:
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/RegistrationScepUpdateRegistration'
requiredexample:
regid: - fqdn"regid-1234"
status: "open"
- password
examplevalidity: "always"
fqdnsignature: "SCEP-1234MIIFuwYJK..."
password: "1234"
status: "open"
validity: "always"
responses:
200:
$ref: '#/components/responses/RegistrationPost200RegistrationUpdate200'
500:
$ref: '#/components/responses/RegistrationPost500RegistrationUpdate500'
/registrations/certificate/{certid}:
putget:
operationId: updateRegistrationScepgetRegistrationsCertId
summary: Retrieves Updatesthe registration that issued forthe SCEPcertificate.
description: |
Retrieves the registration Updates a registration withthat issued the given data for SCEP protocolcertificate.
tags:
- Registrations/{procid}/SCEP
parametersresponses:
- $ref200: '#/components/parameters/procid'
requestBody:
description: OK - Returns the content:registration.
application/jsoncontent:
schemaapplication/json:
allOfschema:
- $ref: '#/components/schemas/RegistrationScepRegistrationCertId'
required500:
- regid
example:
regid: "regid-1234"
status: "open"
validity: "7"
responses:
200:
$ref: '#$ref: '#/components/responses/RegistrationUpdate200ServerError'
500parameters:
- $ref: '#/components/responsesparameters/RegistrationUpdate500certid'
/registrations/{procid}/estscep:
get:
operationId: listRegistrationsEstlistRegistrationsScep
summary: List registrations forunder ESTSCEP
description: |
The ESTSCEP registrations endpoint returns a list of registrations done on the
procedure with the matching token procedure id, and, if given, the other
optional parameters.
tags:
- Registrations/{procid}/ESTSCEP
responses:
200:
description: OK - Returns all registrations matching the given query parameters.
content:
application/json:
schema:
$ref: '#/components/schemas/RegistrationResponseGet'
example:
registrations:
- regid: 2YLD25xzE9BW84WdhRSsNFyNTvkCGEMNL39wUEB/srVptVCKYyD2nA=
fqdn: 'APIClientTest_-1835737403test-*.example.com'
creationdate: 15724904060001572490820000
officer: Super Officer 12
status: open
regtype: estscep
validity: always
encryptedpassword: MIIB...IX9m3yv6
error: 0
msg: Fetched registrations
500:
$ref: '#/components/responses/ServerError'
parameters:
- $ref: '#/components/parameters/procid'
- $ref: '#/components/parameters/regid'
- $ref: '#/components/parameters/fqdn'
- $ref: '#/components/parameters/status'
- $ref: '#/components/parameters/validity'
- $ref: '#/components/parameters/officer'
post:
operationId: createRegistrationEstcreateRegistrationScep
summary: Creates registration for ESTSCEP
description: |
Either body OR file must be set.
tags:
- Registrations/{procid}/ESTSCEP
parameters:
- $ref: '#/components/parameters/procid'
requestBody:
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/RegistrationEstRegistrationScep'
required:
- fqdn
- password
example:
fqdn: "*.ad.example.comSCEP-1234"
password: "1234"
status: "open"
validity: "7always"
responses:
signature: "MIIFuwYJK..."
responses:
200:
$ref: '#/components/responses/RegistrationPost200'
500:
$ref: '#/components/responses/RegistrationPost500'
put:
operationId: updateRegistrationEstupdateRegistrationScep
summary: Updates registration for ESTSCEP
description: |
Updates a registration with the given data for ESTSCEP protocol.
tags:
- Registrations/{procid}/ESTSCEP
parameters:
- $ref: '#/components/parameters/procid'
requestBody:
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/RegistrationEstRegistrationScep'
required:
- regid
example:
regid: "regid-1234"
fqdnstatus: "*.ad.example.comopen"
statusvalidity: "open7"
validitysignature: "7MIIFuwYJK..."
responses:
200:
$ref: '#/components/responses/RegistrationUpdate200'
500:
$ref: '#/components/responses/RegistrationUpdate500'
/registrations/{procid}/cmpest:
get:
operationId: listRegistrationsCmplistRegistrationsEst
summary: List registrations for CMPEST
description: |
The CMPEST registrations endpoint returns a list of registrations done on the
procedure with the matching token procedure id, and if given, the other
optional parameters.
tags:
- Registrations/{procid}/CMPEST
responses:
200:
description: OK - Returns all registrations matching the given query parameters.
content:
application/json:
schema:
$ref: '#/components/schemas/RegistrationResponseGet'
example:
registrations:
- regid: JS2rc9cTa1jlAXxHdANTg7YEvu42YLD25xzE9BW84WdhRSsNFyNTvk=
fqdn: '*.vendor.comAPIClientTest_-1835737403'
creationdate: 15724906010001572490406000
officer: Super Officer 21
status: open
regtype: cmpest
validity: always
encryptedpassword: MIIB...fJ8DIX9m
error: 0
msg: Fetched registrations
500:
$ref: '#/components/responses/ServerError'
parameters:
- $ref: '#/components/parameters/procid'
- $ref: '#/components/parameters/regid'
- $ref: '#/components/parameters/fqdn'
- $ref: '#/components/parameters/status'
- $ref: '#/components/parameters/validity'
- $ref: '#/components/parameters/officer'
post:
operationId: createRegistrationCmpcreateRegistrationEst
summary: Creates registration for CMPEST
description: |
Either body OR file must be set.
tags:
- Registrations/{procid}/CMPEST
parameters:
- $ref: '#/components/parameters/procid'
requestBody:
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/RegistrationCmpRegistrationEst'
required:
- fqdn
- password
example:
fqdn: "*.ad.example.com"
password: "1234"
status: "open"
validity: "7"
signature: "MIIFuwYJK..."
responses:
200:
$ref: '#/components/responses/RegistrationPost200'
500:
$ref: '#/components/responses/RegistrationPost500'
put:
operationId: updateRegistrationCmpupdateRegistrationEst
summary: Updates registration for CMPEST
description: |
Updates a registration with the given data for CMPEST protocol.
tags:
- Registrations/{procid}/CMPEST
parameters:
- $ref: '#/components/parameters/procid'
requestBody:
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/RegistrationCmpRegistrationEst'
required:
- regid
example:
regid: "regid-1234"
fqdn: "*.ad.example.com"
status: "open"
validity: "7"
responses:
200:
signature: "MIIFuwYJK..."
responses:
$ref200:
$ref: '#/components/responses/RegistrationUpdate200'
500:
$ref: '#/components/responses/RegistrationUpdate500'
/registrations/{procid}/acmecmp:
get:
operationId: listRegistrationsAcmelistRegistrationsCmp
summary: List registrations for ACMECMP
description: |
The ACMECMP registrations endpoint returns a list of registrations done on the
procedure with the matching token procedure id, and if given, the other
optional parameters.
tags:
- Registrations/{procid}/ACMECMP
responses:
200:
description: OK - Returns all registrations matching the given query parameters.
content:
application/json:
schema:
$ref: '#/components/schemas/RegistrationResponseAcmeGetRegistrationResponseGet'
example:
registrations:
- regid: 4Lvs8mYrqi73CcZjt5UFfiIa4kcJS2rc9cTa1jlAXxHdANTg7YEvu4=
fqdn: 'keyId-63453491*.vendor.com'
creationdate: 15724904040001572490601000
officer: Super Officer 12
status: open
regtype: acmecmp
validity: always
encryptedpassword: MIIB...fJ8D
error: 0
msg: Fetched registrations
500:
$ref: '#/components/responses/ServerError'
parameters:
- $ref: '#/components/parameters/procid'
- $ref: '#/components/parameters/regid'
- $ref: '#/components/parameters/fqdn'
- $ref: '#/components/parameters/status'
- $ref: '#/components/parameters/validity'
- $ref: '#/components/parameters/officer'
post:
operationId: createRegistrationAcmecreateRegistrationCmp
summary: Creates registration for ACMECMP
description: |
Either body OR file must be set.
tags:
- Registrations/{procid}/ACMECMP
parameters:
- $ref: '#/components/parameters/procid'
requestBody:
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/RegistrationAcmeRegistrationCmp'
required:
- fqdn
- hmacKey
example:
fqdn: "*.ad.example.com"
hmacKeystatus: "PSuC...Zoi8open"
statusvalidity: "open7"
validitysignature: "7MIIFuwYJK..."
responses:
200:
$ref: '#/components/responses/RegistrationPost200'
500:
$ref: '#/components/responses/RegistrationPost500'
put:
operationId: updateRegistrationAcmeupdateRegistrationCmp
summary: Updates registration for ACMECMP
description: |
Updates a registration with the given data for ACMECMP protocol.
tags:
- Registrations/{procid}/ACMECMP
parameters:
- $ref: '#/components/parameters/procid'
requestBody:
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/RegistrationAcmeRegistrationCmp'
required:
- regid
example:
regid: "regid-1234"
fqdn: "*.ad.example.com"
status: "open"
validity: "7"
signature: "MIIFuwYJK..."
responses:
200:
$ref: '#/components/responses/RegistrationUpdate200'
500:
$ref: '#/components/responses/RegistrationUpdate500'
/registrations/{procid}/acme/accounts:
get:
operationId: listAcmeAccountslistRegistrationsAcme
summary: List registrations Listsfor ACME accounts.
description: |
ListsThe allACME ACMEregistrations accountsendpoint fromreturns a list registration.of Searchregistrations candone beon limitedthe
byprocedure usingwith the querymatching parameter 'accountid'.
tags:token procedure id, and if given, the other
- Registrations/{procid}/ACMEoptional parameters.
parameterstags:
- $ref: '#/components/parameters/procid'
- $ref: '#/components/parameters/accountid'Registrations/{procid}/ACME
responses:
200:
description: OK - Account(s) successfully retrieved Returns all registrations matching the given query parameters.
content:
application/json:
schema:
$ref: '#/components/schemas/AccountRegistrationResponseAcmeGet'
example:
registrations:
- regid: 4Lvs8mYrqi73CcZjt5UFfiIa4kc=
fqdn: 'CnY9c9OuvSEHGT3cfRkBlQkeyId-63453491'
creationdate: 15752782960001572490404000
officer: Super Officer 1
status: Activeopen
keyidregtype: 'keyId-644251404'acme
emailvalidity: acme@example.comalways
regTypeerror: 'acme/account'0
msg: certIds: [10050, 10051, 11302]
Fetched registrations
500:
error$ref: 0'#/components/responses/ServerError'
parameters:
- msg$ref: Fetched registrations
'#/components/parameters/procid'
- 500:$ref: '#/components/parameters/regid'
- description$ref: Error - Failed to retrieve accounts'#/components/parameters/fqdn'
- $ref: '#/components/parameters/status'
- content:$ref: '#/components/parameters/validity'
- $ref: '#/components/parameters/officer'
application/jsonpost:
operationId: createRegistrationAcme
schemasummary:
Creates registration for ACME
description: |
$ref: "#/components/schemas/ApiErrorResponse"
Either body OR file must be set.
exampletags:
- Registrations/{procid}/ACME
errorparameters: -14
- $ref: '#/components/parameters/procid'
msgrequestBody:
"Code -14, invalid procedure id"
components:
schemascontent:
ApiResponse_Error:
typeapplication/json: integer
description: |
schema:
Non-zero error code if the request could not be processed, or zeroallOf:
if there was no error. - $ref: '#/components/schemas/RegistrationAcme'
required:
- fqdn
- hmacKey
example:
fqdn: "*.ad.example.com"
hmacKey: "PSuC...Zoi8"
status: "open"
validity: "7"
signature: "MIIFuwYJK..."
responses:
200:
$ref: '#/components/responses/RegistrationPost200'
500:
$ref: '#/components/responses/RegistrationPost500'
put:
operationId: updateRegistrationAcme
summary: Updates registration for ACME
description: |
Updates a registration with the given data for ACME protocol.
tags:
- Registrations/{procid}/ACME
parameters:
- $ref: '#/components/parameters/procid'
requestBody:
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/RegistrationAcme'
required:
- regid
example:
regid: "regid-1234"
fqdn: "*.ad.example.com"
status: "open"
validity: "7"
signature: "MIIFuwYJK..."
responses:
200:
$ref: '#/components/responses/RegistrationUpdate200'
500:
$ref: '#/components/responses/RegistrationUpdate500'
/registrations/{procid}/acme/accounts:
get:
operationId: listAcmeAccounts
summary: Lists ACME accounts.
description: |
Lists all ACME accounts from a registration. Search can be limited
by using the query parameter 'accountid'.
tags:
- Registrations/{procid}/ACME
parameters:
- $ref: '#/components/parameters/procid'
- $ref: '#/components/parameters/accountid'
responses:
200:
description: OK - Account(s) successfully retrieved
content:
application/json:
schema:
$ref: '#/components/schemas/Account'
example:
registrations:
- regid: 4Lvs8mYrqi73CcZjt5UFfiIa4kc=
fqdn: 'CnY9c9OuvSEHGT3cfRkBlQ'
creationdate: 1575278296000
officer: Super Officer 1
status: Active
keyid: 'keyId-644251404'
email: acme@example.com
regType: 'acme/account'
certIds: [10050, 10051, 11302]
error: 0
msg: Fetched registrations
500:
description: Error - Failed to retrieve accounts
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
example:
error: -14
msg: "Code -14, invalid procedure id"
components:
schemas:
ApiResponse_Error:
type: integer
description: |
Non-zero error code if the request could not be processed, or zero
if there was no error.
Possible values:
* 0 = Ok
* -1 = General error
* -7 = Missing field
* -8 = Encoding error
* -12 = Not initialized
* -14 = Bad field value
* -15 = Privilige error
* -17 = Bad signature
* -18 = Connection error
* -19 = Signature required
* -40 = Too many requests
ApiResponse_Msg:
type: string
description: Developer message describing the outcome of the request.
ApiRequest_Signature:
type: string
description: |
Signed request (Base64 encoded).
Only used when CM REST API is configured to not use VRO signing.
format: byte
writeOnly: true
ApiRequest_RevocationReason:
type: integer
minimum: 0
maximum: 10
description: |
Revocation reason code mapping
* 0: Unspecified
* 1: Key Compromise
* 3: Affiliation Changed
* 4: Superseded
* 5: Cessation Of Operation
* 6: Certificate Hold
* 9: Privilege Withdrawn
ApiResponse_MsgApiErrorResponse:
type: stringobject
descriptionproperties:
Developer message describing the outcome of the request.
ApiRequest_Signatureerror:
$ref: "#/components/schemas/ApiResponse_Error"
msg:
$ref: "#/components/schemas/ApiResponse_Msg"
ApiErrorResponseWithCertIds:
type: stringobject
descriptionproperties:
|
error:
Signed request (Base64 encoded).
$ref: "#/components/schemas/ApiResponse_Error"
Only used when CM REST APImsg:
is configured to not use VRO signing.
$ref: "#/components/schemas/ApiResponse_Msg"
format: byte
writeOnlyerrors: true
ApiRequest_RevocationReason:
type: integerarray
minimum items: 0
maximum: 10
descriptiontype: |object
Revocation reason code mappingproperties:
* 0: Unspecified
certid:
* 1: Key Compromise
* 2description: CaCertificate CompromiseID.
* 3: Affiliation Changed
type: string
* 4: Superseded
* 5errorcode:
Cessation Of Operation
* 6: Certificate Hold
description: |
* 8: Remove From CRL
* 9:Integer Privilegecode Withdrawn
of the problem that prevented this
* 10: AACompromise
ApiErrorResponse:
type: object
certificate ID from being properties:processed.
error:
Possible $ref: "#/components/schemas/ApiResponse_Error"values:
msg:
$ref: "#/components/schemas/ApiResponse_Msg"
ApiErrorResponseWithCertIds:
* 901 = Already Revoked
type: object
properties:
* 902 error:
= Access Denied
$ref: "#/components/schemas/ApiResponse_Error"
msg:
* 903 = Incorrect Password
$ref: "#/components/schemas/ApiResponse_Msg"
errors:
* 904 = Free text (non type:specific arrayerrorcode)
items:
* 906 = Already type:on objecthold
properties:
* 907 = Certificate missing
certid:
* 908 = description:Request Certificatenot ID.signed
type: string
* 909 = Not visible from domain
errorcode:
* 910 = Not on description: |hold
Integer* code911 of= theRevocation problemnot thatavailable preventedextension
this
* certificate ID-1 from= beingGeneral processed.error
type: integer
errormessage:
description: |
Developer message describing the problem that
prevented this certificate ID from being
processed.
type: string
servererrormessage:
description: |
Developer message given by the server.
type: string
ApiErrorResponseWithJsonArrayIndex:
type: object
properties:
error:
$ref: "#/components/schemas/ApiResponse_Error"
msg:
$ref: "#/components/schemas/ApiResponse_Msg"
errors:
type: array
items:
type: object
properties:
arrayindex:
description: |
Indicates the index position of the failed certificate import.
type: integer
errorcode:
description: |
Integer code of the problem that prevented this
certificate ID from being processed.
type: integer
errormessage:
description: |
Developer message describing the problem that
prevented this certificate from being processed.
type: string
servererrormessage:
description: |
Developer message given by the server.
type: string
limit:
description: |
Integer indicating the maximum allowed size of
the JsonAray in the request. The limit is added to
clarify if the error is due to the limit being exceeded.
type: integer
JsonIssuer:
type: object
description: CA details.
properties:
subject:
type: array
description: Subject
items:
type: object
description: |
Relative DN of directory attributes as per RFC1779
(for example {"cn":"somecommonname"}.)
subjectDn:
type: string
description: Full subject DN string
JsonCertificate:
type: object
description: Certificate details.
properties:
certid:
type: string
description: Unique ID of the certificate.
status:
type: string
description: Human-readable status of the certificate, revoked/active.
reason:
type: string
description: Revocation reason.
revocationtime:
type: string
format: date-time
description: Point in time when the certificate was revoked.
validto:
type: string
format: date-time
description: X.509 "not after" point in time.
validfrom:
type: string
format: date-time
description: X.509 "not before" point in time.
certificateserialnumber:
type: string
description: Certificate serial number in hex format.
subject:
type: string
description: Subject distinguished name.
issuer:
type: string
description: Issuer distinguished name.
keyusage:
type: array
items:
type: string
description: |
List of key usage names, including those from ExtendedKeyUsage
extension.
required:
- certid
- status
Regid:
type: string
description: The registration id. Created on the server side.
readOnly: true
Fqdn:
type: string
description: Fully qualified domain name.
Validity:
type: string
description: |
Determines for how long the registration will be open. Set in either
days or 'always' to be open forever.
Officer:
type: string
description: Officer who signed the request. Created on the server side.
readOnly: true
Creationdate:
type: string
description: Creation date of the registration. Created on the server side.
readOnly: true
Regtype:
type: string
enum:
- est
- cmp
- scep
- device
- acme
- acme/account
description: |
Determines which type the registration can be used with.
Status:
type: string
enum:
- open
- closed
description: |
Either 'open' or 'closed'. Determines if that registration can be
used for certificate creation.
AccountStatus:
type: string
enum:
- active
- deactivated
- revoked
description: |
Either 'active', 'deactivate' or 'revoked'. Determines if the
account registration can be used for certificate creation.
Email:
type: string
description: Email address used with the registration.
Keyid:
type: string
description: Keyid of the connected pre-registration.
Certids:
type: array
description: Array of certificate ids.
items:
type: string
readOnly: true
Accountids:
type: array
description: Array of ACME account ids.
items:
type: string
# Contains base parameters common for all types of registrations
RegistrationBase:
properties:
regid:
$ref: '#/components/schemas/Regid'
fqdn:
$ref: '#/components/schemas/Fqdn'
validity:
$ref: '#/components/schemas/Validity'
status:
$ref: '#/components/schemas/Status'
signature:
$ref: "#/components/schemas/ApiRequest_Signature"
Registration:
type: object
allOf:
- $ref: '#/components/schemas/RegistrationBase'
- properties:
regtype:
$ref: '#/components/schemas/Regtype'
officer:
$ref: '#/components/schemas/Officer'
creationdate:
$ref: '#/components/schemas/Creationdate'
certids:
$ref: '#/components/schemas/Certids'
PreRegistrationAcme:
type: object
allOf:
- $ref: '#/components/schemas/RegistrationBase'
- properties:
regtype:
$ref: '#/components/schemas/Regtype'
officer:
$ref: '#/components/schemas/Officer'
creationdate:
$ref: '#/components/schemas/Creationdate'
accountids:
$ref: '#/components/schemas/Accountids'
RegistrationScep:
type: object
allOf:
- $ref: '#/components/schemas/RegistrationBase'
- properties:
ipaddress:
type: string
description: |
IP address of the device using the registration.
email:
$ref: '#/components/schemas/Email'
serialnumber:
type: string
description: |
Serial number of the device using the registration.
password:
type: string
description: |
The password used to register.
RegistrationEst:
type: object
allOf:
- $ref: '#/components/schemas/RegistrationBase'
- properties:
username:
type: string
description: |
Username used with HTTP based authentication.
realm:
type: string
description: |
Realm used with HTTP based authentication.
password:
type: string
description: |
The password used to register.
RegistrationCmp:
type: object
allOf:
- $ref: '#/components/schemas/RegistrationBase'
- properties:
password:
type: string
description: |
The password used to register.
RegistrationAcme:
type: object
allOf:
- $ref: '#/components/schemas/RegistrationBase'
- properties:
hmacKey:
type: string
format: byte
description: |
HMAC key for ACME pre-registration (32 bytes in base64 url-safe encoding).
allowedDomains:
type: string
description: |
Comma separated string of allowed domains for ACME pre-registration.
RegistrationCertId:
type: object
properties:
registration:
$ref: '#/components/schemas/Registration'
error:
$ref: '#/components/schemas/ApiResponse_Error'
msg:
$ref: '#/components/schemas/ApiResponse_Msg'
Account:
type: object
allOf:
- properties:
regid:
$ref: '#/components/schemas/Regid'
fqdn:
$ref: '#/components/schemas/Fqdn'
creationdate:
$ref: '#/components/schemas/Creationdate'
officer:
$ref: '#/components/schemas/Officer'
status:
$ref: '#/components/schemas/AccountStatus'
keyid:
$ref: '#/components/schemas/Keyid'
email:
$ref: '#/components/schemas/Email'
certids:
$ref: '#/components/schemas/Certids'
CreateRegistration:
allOf:
- $ref: '#/components/schemas/RegistrationBase'
- properties:
regtype:
$ref: '#/components/schemas/Regtype'
required:
- fqdn
- regtype
UpdateRegistration:
allOf:
- $ref: '#/components/schemas/Registration'
- properties:
regid:
readOnly: false
regtype:
readOnly: true
required:
- regid
RegistrationResponseGet:
type: object
properties:
registrations:
type: array
description: Array of registrations connected to the given procid.
items:
$ref: '#/components/schemas/Registration'
error:
$ref: '#/components/schemas/ApiResponse_Error'
msg:
$ref: '#/components/schemas/ApiResponse_Msg'
RegistrationResponseAcmeGet:
type: object
properties:
registrations:
type: array
description: Array of registrations connected to the given procid.
items:
$ref: '#/components/schemas/PreRegistrationAcme'
error:
$ref: '#/components/schemas/ApiResponse_Error'
msg:
$ref: '#/components/schemas/ApiResponse_Msg'
RegistrationResponsePostOrPut:
type: object
properties:
registration:
type: object
properties:
regid:
$ref: '#/components/schemas/Regid'
error:
$ref: "#/components/schemas/ApiResponse_Error"
msg:
$ref: "#/components/schemas/ApiResponse_Msg"
# Defines common parameters used by multiple GET operations
parameters:
procid:
name: procid
in: path
description: Token procedure id
required: true
schema:
type: string
regid:
name: regid
in: query
description: Registration id
schema:
type: string
certid:
name: certid
in: path
description: Certificate id
required: true
schema:
type: string
accountid:
name: accountid
in: query
description: Account id, allows wildcard(*)
schema:
type: string
fqdn:
name: fqdn
in: query
description: Fully qualified domain name.
schema:
type: string
status:
name: status
in: query
description: Registration status
schema:
enum:
- open
- closed
type: string
validity:
name: validity
in: query
description: Number of days the registration will be open or 'always'.
schema:
type: string
regtype:
name: regtype
in: query
description: Registration type of the registration.
schema:
$ref: '#/components/schemas/Regtype'
email:
name: email
in: query
description: Email address
schema:
type: string
ipaddress:
name: ipaddress
in: query
description: IP address
schema:
type: string
serialnumber:
name: serialnumber
in: query
description: Certificate serialnumber as hex.
schema:
type: string
password:
name: password
in: query
description: The password used to register.
schema:
type: string
username:
name: username
in: query
description: The username used to register.
schema:
type: string
realm:
name: realm
in: query
description: The realm the user should be connected with.
schema:
type: string
hmacKey:
name: hmacKey
in: query
description: |
HMAC key for ACME pre-registration (32 bytes in base64 url-safe encoding).
The HMAC Key Id must also be specified in the fqdn field.
schema:
type: string
allowedDomains:
name: allowedDomains
in: query
description: Comma separated string of allowed domains.
schema:
type: string
creationdate:
name: creationdate
in: query
description: Creation date of the registration.
schema:
type: string
officer:
name: officer
in: query
description: Officer who signed the request.
schema:
type: string
searchLimit:
name: searchLimit
in: query
description: |
The maximum number of certificates that should be returned.
Please note that the highest possible value is still limited by
server-side configuration (`certsearch.maxhits` in
`cm.conf`).
schema:
type: integer
searchOffset:
name: searchOffset
in: query
description: |
The starting offset of the first certificate that should be
returned. This may be used for pagination of the results, together
with the searchLimit parameter.
schema:
type: integer
certificateSerialNumber:
name: certificateSerialNumber
in: query
description: Serial number of the certificate.
schema:
type: string
revocationTimeFrom:
name: revocationTimeFrom
in: query
description: |
Only return certificates whose revocation time is after
the provided time.
schema:
type: string
format: date-time
revocationTimeTo:
name: revocationTimeTo
in: query
description: |
Only return certificates whose revocation time is before
the provided time.
schema:
type: string
format: date-time
revocationReason:
name: revocationReason
in: query
description: |
Only return certificates with specified revocation reasons.
Takes an array of integers in the format e.g. `1,2,3,4`.
Reason code mapping:
* 0: Unspecified
* 1: Key Compromise
* 2: Ca Compromise
* 3: Affiliation Changed
* 4: Superseded
* 5: Cessation Of Operation
* 6: Certificate Hold
* 8: Remove From CRL
* 9: Privilege Withdrawn
* 10: AACompromise
schema:
type: array
items:
type: integer
minimum: 0
maximum: 10
isNotRevoked:
name: isNotRevoked
in: query
description: |
If `true`, only certificates that are not revoked will be
returned.
schema:
type: boolean
publicationAllowed:
name: publicationAllowed
in: query
description: |
If `true`, only certificates where publication is allowed
will be returned.
schema:
type: boolean
publicationTimeFrom:
name: publicationTimeFrom
in: query
description: |
Only return certificates whose publication time is after
the provided time.
schema:
type: string
format: date-time
publicationTimeTo:
name: publicationTimeTo
in: query
description: |
Only return certificates whose publication time is before
the provided time.
schema:
type: string
format: date-time
ocspActivationTimeFrom:
name: ocspActivationTimeFrom
in: query
description: |
Only return certificates whose OCSP-activation time is after
the provided time.
schema:
type: string
format: date-time
ocspActivationTimeTo:
name: ocspActivationTimeTo
in: query
description: |
Only return certificates whose OCSP-activation time is before
the provided time.
schema:
type: string
format: date-time
validFromTimeFrom:
name: validFromTimeFrom
in: query
description: |
Only return certificates whose "valid from" (also named
"not before") is after the provided time.
schema:
type: string
format: date-time
validFromTimeTo:
name: validFromTimeTo
in: query
description: |
Only return certificates whose "valid from" (also named
"not before") is before the provided time.
schema:
type: string
format: date-time
isNotYetValid:
name: isNotYetValid
in: query
description: |
If `true`, only certificates whose "valid from" (also named
"not before") is in the future will be returned.
schema:
type: boolean
validToTimeFrom:
name: validToTimeFrom
in: query
description: |
Only return certificates whose "valid to (also named
"not after") is after the provided time.
schema:
type: string
format: date-time
validToTimeTo:
name: validToTimeTo
in: query
description: |
Only return certificates whose "valid to" (also named
"not after") is before the provided time.
schema:
type: string
format: date-time
isExpired:
name: isExpired
in: query
description: |
If `true`, only certificates that have already expired will
be returned. This implies that the certificate's "valid to"
(also named "not after") has passed.
schema:
type: boolean
# Defines common responses used by multiple PATHS
responses:
RegistrationPost200:
description: OK - Registration was successful
content:
application/json:
schema:
$ref: "#/components/schemas/RegistrationResponsePostOrPut"
example:
registration: {'regid':'kplclzbq4KeoaS86KimttAUlXKw='}
error: 0
msg: "Registration has been successful"
RegistrationPost500:
description: Error - Registration failed, invalid input parameters
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
example:
error: -14
msg: "Code -14, Registration type not supported"
RegistrationUpdate200:
description: OK - The updated registration
content:
application/json:
schema:
$ref: "#/components/schemas/RegistrationResponsePostOrPut"
example:
registration: {'regid':'kplclzbq4KeoaS86KimttAUlXKw='}
error: 0
msg: "Registration has been successful"
RegistrationUpdate500:
description: Error - Registration update failed, no such registration
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
example:
error: -14
msg: "Code -14, Registration type not supported"
ServerError:
description: Internal server error - An unexpected error occurred.
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
example:
error: -14
msg: "Code -14, Internal bad request"
|
Page History
Overview
Content Tools