POST
/
api
/
v1
/
pki
/
certificates
/
issue-certificate

Body

application/json
commonName
string
required

The common name (CN) for the certificate.

Minimum length: 1
ttl
string
required

The time to live for the certificate such as 1m, 1h, 1d, 1y, ...

caId
string

The ID of the CA to issue the certificate from.

certificateTemplateId
string

The ID of the certificate template to issue the certificate from.

pkiCollectionId
string

The ID of the PKI collection to add the certificate to.

friendlyName
string

A friendly name for the certificate.

altNames
string
default:

A comma-delimited list of Subject Alternative Names (SANs) for the certificate; these can be host names or email addresses.

notBefore
string

The date and time when the certificate becomes valid in YYYY-MM-DDTHH:mm:ss.sssZ format.

notAfter
string

The date and time when the certificate expires in YYYY-MM-DDTHH:mm:ss.sssZ format.

keyUsages
enum<string>[]

The key usage extension of the certificate.

Available options:
digitalSignature,
keyEncipherment,
nonRepudiation,
dataEncipherment,
keyAgreement,
keyCertSign,
cRLSign,
encipherOnly,
decipherOnly
extendedKeyUsages
enum<string>[]

The extended key usage extension of the certificate.

Available options:
clientAuth,
serverAuth,
codeSigning,
emailProtection,
timeStamping,
ocspSigning

Response

200 - application/json
certificate
string
required

The issued certificate.

issuingCaCertificate
string
required

The certificate of the issuing CA.

certificateChain
string
required

The certificate chain of the issued certificate.

privateKey
string
required

The private key of the issued certificate.

serialNumber
string
required

The serial number of the issued certificate.

Was this page helpful?

Get Certificate Body / ChainSign Certificate