Certificate Manager (CM) REST API
This article includes updates for Certificate Manager 8.11.
This article describes the Certificate Manager REST API (RESTful application programming interface) in Certificate Manager.
Certificate Manager REST API (RESTful application programming interface) is an HTTP-based service for x.509 and attribute certificates creation, certificate searching, certificate download, certificate revocation, certificate reinstatement, creation of PKCS#12 files and token procedure listing in Certificate Manager.
The API requires client authentication over TLS using a CM officer certificate. Write operations like revoke, reinstate and certificate issuance requires the request data to be signed by a CM officer. The REST API server can also be configured to use a CM officer for signing the requests on the caller’s behalf, enabling automated services for trusted clients.
The accompanied files APISigningWithOpenSSL.sh and APISigningWithBouncyCastle.java referenced below can be found in a CM client installation together with the Protocol Gateway web archive file, see Install Protocol Gateway.
For more information, see:
Example: Certificate Manager (CM) REST API configuration in Protocol Gateway
Description of the Secure Key Injection Protocol (SKIP): Use the Secure Key Injection Protocol in Certificate Manager
Date-time format
The expected date-time format for time search fields is ISO 8601. Example: 2021-12-20T08:01:30Z.
This article only contains plain documentation of the Certificate Manager REST API. It is not possible to try out the commands.
Important! View all request bodies in Confluence.
Open Nexus product documentation in Confluence to view all request bodies in the REST API.