POST
/
api
/
v1
/
pki
/
certificates
/
sign-certificate

Body

application/json
csr
string
required

The pem-encoded CSR to sign with the CA to be used for certificate issuance.

Minimum length: 1
ttl
string
required

The time to live for the certificate such as 1m, 1h, 1d, 1y, ...

altNames
string
default:

A comma-delimited list of Subject Alternative Names (SANs) for the certificate; these can be host names or email addresses.

caId
string

The ID of the CA to issue the certificate from.

certificateTemplateId
string

The ID of the certificate template to issue the certificate from.

commonName
string

The common name (CN) for the certificate.

Minimum length: 1
extendedKeyUsages
enum<string>[]

The extended key usage extension of the certificate.

Available options:
clientAuth,
serverAuth,
codeSigning,
emailProtection,
timeStamping,
ocspSigning
friendlyName
string

A friendly name for the certificate.

keyUsages
enum<string>[]

The key usage extension of the certificate.

Available options:
digitalSignature,
keyEncipherment,
nonRepudiation,
dataEncipherment,
keyAgreement,
keyCertSign,
cRLSign,
encipherOnly,
decipherOnly
notAfter
string

The date and time when the certificate expires in YYYY-MM-DDTHH:mm:ss.sssZ format.

notBefore
string

The date and time when the certificate becomes valid in YYYY-MM-DDTHH:mm:ss.sssZ format.

pkiCollectionId
string

The ID of the PKI collection to add the certificate to.

Response

200 - application/json
certificate
string
required

The issued certificate.

certificateChain
string
required

The certificate chain of the issued certificate.

issuingCaCertificate
string
required

The certificate of the issuing CA.

serialNumber
string
required

The serial number of the issued certificate.

Was this page helpful?

Suggest editsRaise issue
Issue CertificateCreate