POST
/
api
/
v1
/
pki
/
certificates
/
sign-certificate

Body

application/json
csr
string
required

The pem-encoded CSR to sign with the CA to be used for certificate issuance.

Minimum length: 1
ttl
string
required

The time to live for the certificate such as 1m, 1h, 1d, 1y, ...

caId
string

The ID of the CA to issue the certificate from.

certificateTemplateId
string

The ID of the certificate template to issue the certificate from.

pkiCollectionId
string

The ID of the PKI collection to add the certificate to.

friendlyName
string

A friendly name for the certificate.

commonName
string

The common name (CN) for the certificate.

Minimum length: 1
altNames
string
default:

A comma-delimited list of Subject Alternative Names (SANs) for the certificate; these can be host names or email addresses.

notBefore
string

The date and time when the certificate becomes valid in YYYY-MM-DDTHH:mm:ss.sssZ format.

notAfter
string

The date and time when the certificate expires in YYYY-MM-DDTHH:mm:ss.sssZ format.

keyUsages
enum<string>[]

The key usage extension of the certificate.

Available options:
digitalSignature,
keyEncipherment,
nonRepudiation,
dataEncipherment,
keyAgreement,
keyCertSign,
cRLSign,
encipherOnly,
decipherOnly
extendedKeyUsages
enum<string>[]

The extended key usage extension of the certificate.

Available options:
clientAuth,
serverAuth,
codeSigning,
emailProtection,
timeStamping,
ocspSigning

Response

200 - application/json
certificate
string
required

The issued certificate.

issuingCaCertificate
string
required

The certificate of the issuing CA.

certificateChain
string
required

The certificate chain of the issued certificate.

serialNumber
string
required

The serial number of the issued certificate.

Was this page helpful?

Issue CertificateCreate