A TLS CA is used for generating certificates, client, server and ca. These are the common parameters for the CA. The CA role place some restrictions on the certificates that can be generated from the CA.
Created
Bad Request
Unauthorized
Forbidden
Not Found
Conflict (instance exists)
Service Unavailable (strongbox sealed)
name: api-root ttl: 1y cert-key-type: ecdsa subject: Avassa digest: sha256 auto-renew: renew-threshold: 1y175d activate-threshold: 1y40d serial-prefix: fe:ed:ba:be distribute: to: inherit active-version: 2 oldest-version: 1
| fields | string Retrieve only requested fields from the resource See section fields |
| validate | string <enumeration> Validate the request but do not actually perform the requested operation |
| keys | string <enumeration> Retrieve only the keys for the list |
| count | string <enumeration> Retrieve only the number of elements in the list |
OK
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
- name: api-root ttl: 1y cert-key-type: ecdsa subject: Avassa digest: sha256 auto-renew: renew-threshold: 1y175d activate-threshold: 1y40d serial-prefix: fe:ed:ba:be distribute: to: inherit active-version: 2 oldest-version: 1
No Content
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
name: api-root ttl: 1y cert-key-type: ecdsa subject: Avassa digest: sha256 auto-renew: renew-threshold: 1y175d activate-threshold: 1y40d serial-prefix: fe:ed:ba:be distribute: to: inherit active-version: 2 oldest-version: 1
Created
No Content
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
name: api-root ttl: 1y cert-key-type: ecdsa subject: Avassa digest: sha256 auto-renew: renew-threshold: 1y175d activate-threshold: 1y40d serial-prefix: fe:ed:ba:be distribute: to: inherit active-version: 2 oldest-version: 1
| fields | string Retrieve only requested fields from the resource See section fields |
| validate | string <enumeration> Validate the request but do not actually perform the requested operation |
| version-list | string <enumeration> Retrieve list of old versions |
| version | string Retrieve requested old version of the resource |
OK
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
name: api-root ttl: 1y cert-key-type: ecdsa subject: Avassa digest: sha256 auto-renew: renew-threshold: 1y175d activate-threshold: 1y40d serial-prefix: fe:ed:ba:be distribute: to: inherit active-version: 2 oldest-version: 1
| fields | string Retrieve only requested fields from the resource See section fields |
| site | string Send the request to the specfifed site |
| content | string <enumeration> Filter descendant nodes in the response |
| keys | string <enumeration> Retrieve only the keys for the list |
| count | string <enumeration> Retrieve only the number of elements in the list |
OK
Bad Request
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
- name: api-root ttl: 1y cert-key-type: ecdsa subject: Avassa digest: sha256 auto-renew: renew-threshold: 1y175d activate-threshold: 1y40d ca-cert: | -----BEGIN CERTIFICATE----- MIICHjCCAcSgAwIBAgITAOABFWQnCwCKUEO/iYa7SJ1dvTAKBggqhkjOPQQDAjBl MRowGAYDVQQDExFBdmFzc2EgQVBJIHJvb3QgMjESMBAGA1UEBxMJU3RvY2tob2xt MQswCQYDVQQGEwJTRTEPMA0GA1UEChMGQXZhc3NhMRUwEwYDVQQLEwxkaXN0cmli dXRpb24wIhgPMjAyMTEyMjQwMTE1MTdaGA8yMDI3MDUxMTEyMDMxN1owZTEaMBgG A1UEAxMRQXZhc3NhIEFQSSByb290IDIxEjAQBgNVBAcTCVN0b2NraG9sbTELMAkG A1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9u MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhZQ9Daqh+LrlS3955P8CblkMQF8a DoxnXxrtAsWFfzrEaCV0gxiFi/GGuxyK+ZCtGTVIsos0a1kghxHbUUPwKaNPME0w DgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQEwJwYDVR0fBCAwHjAc oBqgGIYWaHR0cDovL2NybC5hdmFzc2EubmV0LzAKBggqhkjOPQQDAgNIADBFAiEA kS4OtbkkgKhdp2RCv7qUkNGHDNVRN3hyrAopHN/RSRsCIFRtTWKIJzburtDVxdle ruV7H8IH63kUgYC1ajb+rkrr -----END CERTIFICATE----- serial-prefix: fe:ed:ba:be expires: 2027-05-11T12:03:17.000000Z revocations: - serial: a6:28:9b:66:ab:dc:c1:70:b7:ff:c3:8a:94:79:37:2c:01:76 revoke-time: 2023-01-12T09:27:23.000000Z reason: keyCompromise distribute: to: inherit distribution-status: to: none version: 2 active-version: 2 oldest-version: 1 latest-version: 2 versions: - version: 1 ca-cert: | -----BEGIN CERTIFICATE----- MIICGjCCAcCgAwIBAgITAO/NC0Z5yctxyRpMjHZFHT6x0zAKBggqhkjOPQQDAjBj MRgwFgYDVQQDEw9BdmFzc2EgQVBJIHJvb3QxEjAQBgNVBAcTCVN0b2NraG9sbTEL MAkGA1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0 aW9uMCIYDzIwMjExMjMxMDgyNjIxWhgPMjAyNTA1MTExMjAyMjFaMGMxGDAWBgNV BAMTD0F2YXNzYSBBUEkgcm9vdDESMBAGA1UEBxMJU3RvY2tob2xtMQswCQYDVQQG EwJTRTEPMA0GA1UEChMGQXZhc3NhMRUwEwYDVQQLEwxkaXN0cmlidXRpb24wWTAT BgcqhkjOPQIBBggqhkjOPQMBBwNCAATuXTmB7v1gUFnFlJlmSQ0VsWEW5ysw/lkp MFNuQOGW1Hq4PqBk98OXbi4uQhnBVb3daJ+a4G30utBssXqnKTFro08wTTAOBgNV HQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBATAnBgNVHR8EIDAeMBygGqAY hhZodHRwOi8vY3JsLmF2YXNzYS5uZXQvMAoGCCqGSM49BAMCA0gAMEUCIEyUSton y2VYNwG+Q3uYU0wCcdpmfA6zmEh0yKM6HmfVAiEArespFvfEYKBA6gHdz7N3J2hO il2zDBrzyH3xWs95mt0= -----END CERTIFICATE----- expires: 2025-05-11T12:02:21.000000Z revocations: - serial: a6:28:9b:66:ab:dc:c1:70:b7:ff:c3:8a:94:79:37:2c:01:76 revoke-time: 2023-01-12T09:27:23.000000Z reason: keyCompromise - version: 2 ca-cert: | -----BEGIN CERTIFICATE----- MIICHjCCAcSgAwIBAgITAOABFWQnCwCKUEO/iYa7SJ1dvTAKBggqhkjOPQQDAjBl MRowGAYDVQQDExFBdmFzc2EgQVBJIHJvb3QgMjESMBAGA1UEBxMJU3RvY2tob2xt MQswCQYDVQQGEwJTRTEPMA0GA1UEChMGQXZhc3NhMRUwEwYDVQQLEwxkaXN0cmli dXRpb24wIhgPMjAyMTEyMjQwMTE1MTdaGA8yMDI3MDUxMTEyMDMxN1owZTEaMBgG A1UEAxMRQXZhc3NhIEFQSSByb290IDIxEjAQBgNVBAcTCVN0b2NraG9sbTELMAkG A1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9u MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhZQ9Daqh+LrlS3955P8CblkMQF8a DoxnXxrtAsWFfzrEaCV0gxiFi/GGuxyK+ZCtGTVIsos0a1kghxHbUUPwKaNPME0w DgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQEwJwYDVR0fBCAwHjAc oBqgGIYWaHR0cDovL2NybC5hdmFzc2EubmV0LzAKBggqhkjOPQQDAgNIADBFAiEA kS4OtbkkgKhdp2RCv7qUkNGHDNVRN3hyrAopHN/RSRsCIFRtTWKIJzburtDVxdle ruV7H8IH63kUgYC1ajb+rkrr -----END CERTIFICATE----- expires: 2027-05-11T12:03:17.000000Z revocations: - serial: a6:28:9b:66:ab:dc:c1:70:b7:ff:c3:8a:94:79:37:2c:01:76 revoke-time: 2023-01-12T09:27:23.000000Z reason: keyCompromise
| fields | string Retrieve only requested fields from the resource See section fields |
| site | string Send the request to the specfifed site |
| content | string <enumeration> Filter descendant nodes in the response |
OK
Bad Request
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
name: api-root ttl: 1y cert-key-type: ecdsa subject: Avassa digest: sha256 auto-renew: renew-threshold: 1y175d activate-threshold: 1y40d ca-cert: | -----BEGIN CERTIFICATE----- MIICHjCCAcSgAwIBAgITAOABFWQnCwCKUEO/iYa7SJ1dvTAKBggqhkjOPQQDAjBl MRowGAYDVQQDExFBdmFzc2EgQVBJIHJvb3QgMjESMBAGA1UEBxMJU3RvY2tob2xt MQswCQYDVQQGEwJTRTEPMA0GA1UEChMGQXZhc3NhMRUwEwYDVQQLEwxkaXN0cmli dXRpb24wIhgPMjAyMTEyMjQwMTE1MTdaGA8yMDI3MDUxMTEyMDMxN1owZTEaMBgG A1UEAxMRQXZhc3NhIEFQSSByb290IDIxEjAQBgNVBAcTCVN0b2NraG9sbTELMAkG A1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9u MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhZQ9Daqh+LrlS3955P8CblkMQF8a DoxnXxrtAsWFfzrEaCV0gxiFi/GGuxyK+ZCtGTVIsos0a1kghxHbUUPwKaNPME0w DgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQEwJwYDVR0fBCAwHjAc oBqgGIYWaHR0cDovL2NybC5hdmFzc2EubmV0LzAKBggqhkjOPQQDAgNIADBFAiEA kS4OtbkkgKhdp2RCv7qUkNGHDNVRN3hyrAopHN/RSRsCIFRtTWKIJzburtDVxdle ruV7H8IH63kUgYC1ajb+rkrr -----END CERTIFICATE----- serial-prefix: fe:ed:ba:be expires: 2027-05-11T12:03:17.000000Z revocations: - serial: a6:28:9b:66:ab:dc:c1:70:b7:ff:c3:8a:94:79:37:2c:01:76 revoke-time: 2023-01-12T09:27:23.000000Z reason: keyCompromise distribute: to: inherit distribution-status: to: none version: 2 active-version: 2 oldest-version: 1 latest-version: 2 versions: - version: 1 ca-cert: | -----BEGIN CERTIFICATE----- MIICGjCCAcCgAwIBAgITAO/NC0Z5yctxyRpMjHZFHT6x0zAKBggqhkjOPQQDAjBj MRgwFgYDVQQDEw9BdmFzc2EgQVBJIHJvb3QxEjAQBgNVBAcTCVN0b2NraG9sbTEL MAkGA1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0 aW9uMCIYDzIwMjExMjMxMDgyNjIxWhgPMjAyNTA1MTExMjAyMjFaMGMxGDAWBgNV BAMTD0F2YXNzYSBBUEkgcm9vdDESMBAGA1UEBxMJU3RvY2tob2xtMQswCQYDVQQG EwJTRTEPMA0GA1UEChMGQXZhc3NhMRUwEwYDVQQLEwxkaXN0cmlidXRpb24wWTAT BgcqhkjOPQIBBggqhkjOPQMBBwNCAATuXTmB7v1gUFnFlJlmSQ0VsWEW5ysw/lkp MFNuQOGW1Hq4PqBk98OXbi4uQhnBVb3daJ+a4G30utBssXqnKTFro08wTTAOBgNV HQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBATAnBgNVHR8EIDAeMBygGqAY hhZodHRwOi8vY3JsLmF2YXNzYS5uZXQvMAoGCCqGSM49BAMCA0gAMEUCIEyUSton y2VYNwG+Q3uYU0wCcdpmfA6zmEh0yKM6HmfVAiEArespFvfEYKBA6gHdz7N3J2hO il2zDBrzyH3xWs95mt0= -----END CERTIFICATE----- expires: 2025-05-11T12:02:21.000000Z revocations: - serial: a6:28:9b:66:ab:dc:c1:70:b7:ff:c3:8a:94:79:37:2c:01:76 revoke-time: 2023-01-12T09:27:23.000000Z reason: keyCompromise - version: 2 ca-cert: | -----BEGIN CERTIFICATE----- MIICHjCCAcSgAwIBAgITAOABFWQnCwCKUEO/iYa7SJ1dvTAKBggqhkjOPQQDAjBl MRowGAYDVQQDExFBdmFzc2EgQVBJIHJvb3QgMjESMBAGA1UEBxMJU3RvY2tob2xt MQswCQYDVQQGEwJTRTEPMA0GA1UEChMGQXZhc3NhMRUwEwYDVQQLEwxkaXN0cmli dXRpb24wIhgPMjAyMTEyMjQwMTE1MTdaGA8yMDI3MDUxMTEyMDMxN1owZTEaMBgG A1UEAxMRQXZhc3NhIEFQSSByb290IDIxEjAQBgNVBAcTCVN0b2NraG9sbTELMAkG A1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9u MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhZQ9Daqh+LrlS3955P8CblkMQF8a DoxnXxrtAsWFfzrEaCV0gxiFi/GGuxyK+ZCtGTVIsos0a1kghxHbUUPwKaNPME0w DgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQEwJwYDVR0fBCAwHjAc oBqgGIYWaHR0cDovL2NybC5hdmFzc2EubmV0LzAKBggqhkjOPQQDAgNIADBFAiEA kS4OtbkkgKhdp2RCv7qUkNGHDNVRN3hyrAopHN/RSRsCIFRtTWKIJzburtDVxdle ruV7H8IH63kUgYC1ajb+rkrr -----END CERTIFICATE----- expires: 2027-05-11T12:03:17.000000Z revocations: - serial: a6:28:9b:66:ab:dc:c1:70:b7:ff:c3:8a:94:79:37:2c:01:76 revoke-time: 2023-01-12T09:27:23.000000Z reason: keyCompromise
OK
Bad Request
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
offset: 0s
renewed: true activated: false latest-expires-in: 128d active-expires-in: 54d
OK
Bad Request
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
cert: | -----BEGIN CERTIFICATE----- MIICHjCCAcSgAwIBAgITAKs1oS0ybeAUntauysqFuBeQlDAKBggqhkjOPQQDAjBl MRowGAYDVQQDExFBdmFzc2EgQVBJIHJvb3QgMjESMBAGA1UEBxMJU3RvY2tob2xt MQswCQYDVQQGEwJTRTEPMA0GA1UEChMGQXZhc3NhMRUwEwYDVQQLEwxkaXN0cmli dXRpb24wIhgPMjAyMTEyMjMyMzIwMTNaGA8yMDI3MDUxMTEwMDgxM1owZTEaMBgG A1UEAxMRQXZhc3NhIEFQSSByb290IDIxEjAQBgNVBAcTCVN0b2NraG9sbTELMAkG A1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9u MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzSauslxXPReRGQFzPKPamVN8KPiP h+6PQaTXa5EN0cYukD+VU8Guu9r+k7BBF0t6+kzxJ4v84uGqcS11BrbOPaNPME0w DgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQEwJwYDVR0fBCAwHjAc oBqgGIYWaHR0cDovL2NybC5hdmFzc2EubmV0LzAKBggqhkjOPQQDAgNIADBFAiEA 1zOd7AGv/56MOFYAUa9WqJSBwBwncUkUdRcoMHNw5zoCIGeIgBFg5qxGU4SxwwWV ZQYSJpKqUCz7uo9HvItC3A7S -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICGDCCAb+gAwIBAgISMeZQ4HpjHhrLayS5JedHqb5vMAoGCCqGSM49BAMCMGMx GDAWBgNVBAMTD0F2YXNzYSBBUEkgcm9vdDESMBAGA1UEBxMJU3RvY2tob2xtMQsw CQYDVQQGEwJTRTEPMA0GA1UEChMGQXZhc3NhMRUwEwYDVQQLEwxkaXN0cmlidXRp b24wIhgPMjAyMTEyMzEwNjMxMTdaGA8yMDI1MDUxMTEwMDcxN1owYzEYMBYGA1UE AxMPQXZhc3NhIEFQSSByb290MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYT AlNFMQ8wDQYDVQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjBZMBMG ByqGSM49AgEGCCqGSM49AwEHA0IABCMdQb+jMkUsk2ZcuvpvsN5teiV5ia/Gsfgx GgQ4qDmBRFxNrfuj34uD8QCTImxijm5zJHaIwYIxQLJ9fi+SJiyjTzBNMA4GA1Ud DwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdHwQgMB4wHKAaoBiG Fmh0dHA6Ly9jcmwuYXZhc3NhLm5ldC8wCgYIKoZIzj0EAwIDRwAwRAIgXHevBN00 3omcAE1ryOvL8NbzpsRFjoAR2SVVj3HT454CIHR7hEVtX/FZ+Qdy7kzz3kArX2H/ 2l/pX1YONDXlyvHM -----END CERTIFICATE-----
OK
Bad Request
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
version: 1
version: 1 crl: | -----BEGIN X509 CRL----- MIIBPzCB5wIBATAKBggqhkjOPQQDAjBaMQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNV BAcTCVN0b2NraG9sbTELMAkGA1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMG A1UECxMMZGlzdHJpYnV0aW9uGA8yMDIyMDExMjExNTU1MVoYDzM5OTMxMjI4MTE1 NTQ5WjBIMCICAQIYDzIwMjIwMTEyMTE1NTUwWjAMMAoGA1UdFQQDCgEJMCICAQEY DzIwMjIwMTEyMTE1NTUwWjAMMAoGA1UdFQQDCgEBoA4wDDAKBgNVHRQEAwIBATAK BggqhkjOPQQDAgNHADBEAiAIaVZUh2UY10im3CYC1Aw55ngax0ZI5KFEXUIKBB/b nwIgWltvAouZ5+EHvDAX3MCeh0rtyX8B9e7gl9EcMo8UBb0= -----END X509 CRL-----
OK
Bad Request
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
crls: - version: 1 crl: | -----BEGIN X509 CRL----- MIIBrDCCAVMCAQEwCgYIKoZIzj0EAwIwWjEPMA0GA1UEAxMGQXZhc3NhMRIwEAYD VQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZBdmFzc2ExFTAT BgNVBAsTDGRpc3RyaWJ1dGlvbhgPMjAyMjAxMTIxMTU1NTJaGA8zOTkzMTIyODEx NTU0OVowgbMwNAITAOf//VRXdqtOes92mJuEHenzyhgPKioqKjExMTEwNDA3MzFa MAwwCgYDVR0VBAMKAQkwMwISNp/2B3mBxiLjZF3EMV/4/AdkGA8yMDIyMDExMjEx NTU1MVowDDAKBgNVHRUEAwoBCTAiAgECGA8yMDIyMDExMjExNTU1MFowDDAKBgNV HRUEAwoBCTAiAgEBGA8yMDIyMDExMjExNTU1MFowDDAKBgNVHRUEAwoBAaAOMAww CgYDVR0UBAMCAQEwCgYIKoZIzj0EAwIDRwAwRAIgbrjFqcuiwZFqzhLOtebUfqDf xCCpQfTAEDN2XpU1GesCIGPN1Xt8tSMzwjZDcpPG+08pRdSjIuD2dEWNZhJYyoni -----END X509 CRL-----
OK
Bad Request
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
version: 1 ttl: 15d truncate-ttl: false host: tio.avassa.net public-key: | -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprsthcrQ/Ug6leQQAjna QmLN1QDvjPs2wB6BXfwsW+KnMKCAQmv2eKpE2ZmpHoHxyz4JYhFm5vRCbl5AjM+1 m3MvPAEP6LkDKK1blOpOinv21WW1rjC6kC2TEEI54gDMW0XBZqIYJUD7gP02zpNe jsZTELRrD8w55HIAe38doEg+TqEgYo4CIKM/ivh8SXi1alI3N7Gi8K8oKXh8azhY u9FHVig13HSym9E5zreF32CKSiQMS4cyyH1DXAQg/v9X6uBtga1HD33SYeXTNaga 1L6Gn9AcCeBwmcmImTeA49NedAqoLMFZSZlR3C3bsspN0rtWyroO00QpyFqpHMYx GQIDAQAB -----END PUBLIC KEY----- cert-type: server alt-name: - type: DNSName value: foo - type: DNSName value: bar server-ext-usage: true client-ext-usage: true code-signing-ext-usage: true full-authority-key-identifier: false serial-prefix: fe:ed:ba:be
cert: | -----BEGIN CERTIFICATE----- MIIDUDCCAvagAwIBAgITAKYom2ar3MFwt//DipR5NywBdjAKBggqhkjOPQQDAjBa MQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMC U0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9uMCIYDzIw MjIwMTEyMDYyMTQ4WhgPMjAyMjAxMjcwOTU3NDhaMGIxFzAVBgNVBAMTDnRpby5h dmFzc2EubmV0MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYD VQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAKa7LYXK0P1IOpXkEAI52kJizdUA74z7NsAegV38 LFvipzCggEJr9niqRNmZqR6B8cs+CWIRZub0Qm5eQIzPtZtzLzwBD+i5AyitW5Tq Top79tVlta4wupAtkxBCOeIAzFtFwWaiGCVA+4D9Ns6TXo7GUxC0aw/MOeRyAHt/ HaBIPk6hIGKOAiCjP4r4fEl4tWpSNzexovCvKCl4fGs4WLvRR1YoNdx0spvROc63 hd9gikokDEuHMsh9Q1wEIP7/V+rgbYGtRw990mHl0zWoGtS+hp/QHAngcJnJiJk3 gOPTXnQKqCzBWUmZUdwt27LKTdK7Vsq6DtNEKchaqRzGMRkCAwEAAaOBwzCBwDB+ BgNVHSMEdzB1oV6kXDBaMQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2Nr aG9sbTELMAkGA1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlz dHJpYnV0aW9ughMAp0MSfyaImp0XtPO3uqCnMRITMCMGA1UdEQQcMBqCDnRpby5h dmFzc2EubmV0ggNmb2+CA2JhcjALBgNVHQ8EBAMCA4gwDAYDVR0TAQH/BAIwADAK BggqhkjOPQQDAgNIADBFAiAssZp0WV7ejre85Zh4LJZQiTVWEObLXRwifAHQoiqi iwIhAOga9thMhWISM1FFgSTeNUtUe9jziVdPfSYQpInAcg3V -----END CERTIFICATE----- private-key: | -----BEGIN EC PRIVATE KEY----- MHcCAQEEIOXuM9bGiQDY9UwAY/8RgJqV+5vq8XIURRKkrAWNQuhvoAoGCCqGSM49 AwEHoUQDQgAENBCgxypqoxzHtxQjqVueMP/MrfboR7C0ix/58VYrEmiOjcWjfyrh 5mHkSHhOuWG9Y9kBQEit0HGZqFdwtvofOg== -----END EC PRIVATE KEY----- serial: a6:28:9b:66:ab:dc:c1:70:b7:ff:c3:8a:94:79:37:2c:01:76 created: 2022-01-25T09:57:48.000000Z expires: 2022-01-27T09:57:48.000000Z version: 1 ca-cert: | -----BEGIN CERTIFICATE----- MIIDUDCCAvagAwIBAgITAKYom2ar3MFwt//DipR5NywBdjAKBggqhkjOPQQDAjBa MQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMC U0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9uMCIYDzIw MjIwMTEyMDYyMTQ4WhgPMjAyMjAxMjcwOTU3NDhaMGIxFzAVBgNVBAMTDnRpby5h dmFzc2EubmV0MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYD VQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAKa7LYXK0P1IOpXkEAI52kJizdUA74z7NsAegV38 LFvipzCggEJr9niqRNmZqR6B8cs+CWIRZub0Qm5eQIzPtZtzLzwBD+i5AyitW5Tq Top79tVlta4wupAtkxBCOeIAzFtFwWaiGCVA+4D9Ns6TXo7GUxC0aw/MOeRyAHt/ HaBIPk6hIGKOAiCjP4r4fEl4tWpSNzexovCvKCl4fGs4WLvRR1YoNdx0spvROc63 hd9gikokDEuHMsh9Q1wEIP7/V+rgbYGtRw990mHl0zWoGtS+hp/QHAngcJnJiJk3 gOPTXnQKqCzBWUmZUdwt27LKTdK7Vsq6DtNEKchaqRzGMRkCAwEAAaOBwzCBwDB+ BgNVHSMEdzB1oV6kXDBaMQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2Nr aG9sbTELMAkGA1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlz dHJpYnV0aW9ughMAp0MSfyaImp0XtPO3uqCnMRITMCMGA1UdEQQcMBqCDnRpby5h dmFzc2EubmV0ggNmb2+CA2JhcjALBgNVHQ8EBAMCA4gwDAYDVR0TAQH/BAIwADAK BggqhkjOPQQDAgNIADBFAiAssZp0WV7ejre85Zh4LJZQiTVWEObLXRwifAHQoiqi iwIhAOga9thMhWISM1FFgSTeNUtUe9jziVdPfSYQpInAcg3V -----END CERTIFICATE-----
Renews a certificate if needed. The action first verifies that the certificate given as argument is signed by the CA, then examines the expiration time. If the refresh threshold has been reached then a new certificate is generated, together with a new public key.
OK
Bad Request
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
version: 1 cert: | -----BEGIN CERTIFICATE----- MIICizCCAjGgAwIBAgITANNt94hZ1dY/yf1V21FDUK6xVzAKBggqhkjOPQQDAjBg MRUwEwYDVQQDEwxpbnRlcm1lZGlhdGUxEjAQBgNVBAcTCVN0b2NraG9sbTELMAkG A1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9u MCIYDzIwMjIwMTEyMDU1MzIxWhgPMjAyMjAxMjcwOTI5MjFaMGIxFzAVBgNVBAMT DnRpby5hdmFzc2EubmV0MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNF MQ8wDQYDVQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjBZMBMGByqG SM49AgEGCCqGSM49AwEHA0IABP12drrHCZgUNGKY4+AirpP8Srjtuf2wUYLyOELu 5w+Q4bPBUOBnT0VQ7MJEGH1CS4TdBDZMmc/sC8iS6zqGjaujgcMwgcAwfgYDVR0j BHcwdaFepFwwWjEPMA0GA1UEAxMGQXZhc3NhMRIwEAYDVQQHEwlTdG9ja2hvbG0x CzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1 dGlvboITAN7Ag9ldW5mmpYKFnCWuYLZqaDAjBgNVHREEHDAagg50aW8uYXZhc3Nh Lm5ldIIDZm9vggNiYXIwCwYDVR0PBAQDAgOIMAwGA1UdEwEB/wQCMAAwCgYIKoZI zj0EAwIDSAAwRQIhAPAEa0/l9oOmLfRVKjDVFFcw81q91diNmERB3bOWc6X8AiB5 jYenpXwkbchHtu3etE0/3FzLSVTN453CDVU6gIAtJw== -----END CERTIFICATE----- threshold: 15d ttl: 15d force: true
cert: | -----BEGIN CERTIFICATE----- MIICizCCAjGgAwIBAgITAOlTFCbPxuMxTI7XY0XnZxm6xDAKBggqhkjOPQQDAjBg MRUwEwYDVQQDEwxpbnRlcm1lZGlhdGUxEjAQBgNVBAcTCVN0b2NraG9sbTELMAkG A1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9u MCIYDzIwMjIwMTEyMDU1MzIxWhgPMjAyMjAxMjcwOTI5MjFaMGIxFzAVBgNVBAMT DnRpby5hdmFzc2EubmV0MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNF MQ8wDQYDVQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjBZMBMGByqG SM49AgEGCCqGSM49AwEHA0IABJxqeVJyPzB1TIpL6//bWCrrrrk9D3JkGBv4DHEk eBoXgDfV8n8Ni5m5PtazeJE+91WX0yhRCGZVRyohpzbx8+qjgcMwgcAwfgYDVR0j BHcwdaFepFwwWjEPMA0GA1UEAxMGQXZhc3NhMRIwEAYDVQQHEwlTdG9ja2hvbG0x CzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1 dGlvboITAN7Ag9ldW5mmpYKFnCWuYLZqaDAjBgNVHREEHDAagg50aW8uYXZhc3Nh Lm5ldIIDZm9vggNiYXIwCwYDVR0PBAQDAgOIMAwGA1UdEwEB/wQCMAAwCgYIKoZI zj0EAwIDSAAwRQIgWgpHPxZ5Y/U1a2jlMqyojqy0ux5T9a15gc1BXmj3MegCIQD8 Lxclz6XhhIsMoOpBTX45gFMJmhDOisflmcsCumup9A== -----END CERTIFICATE----- private-key: | -----BEGIN EC PRIVATE KEY----- MHcCAQEEIA69qgOw6+y/6aDASXFWtK17P98TvTlKcWZ3H5IZKDF4oAoGCCqGSM49 AwEHoUQDQgAEnGp5UnI/MHVMikvr/9tYKuuuuT0PcmQYG/gMcSR4GheAN9Xyfw2L mbk+1rN4kT73VZfTKFEIZlVHKiGnNvHz6g== -----END EC PRIVATE KEY----- serial: e9:53:14:26:cf:c6:e3:31:4c:8e:d7:63:45:e7:67:19:ba:c4 expires: 2022-01-27T09:29:21.000000Z
No Content
Bad Request
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
version: 1 serial: 02:59:cd:ba:9a:c3:7b:81:ad:d4:8b:be:35:f1:e3:10:a1:fa revoke-time: 2023-01-12T09:27:23.000000Z reason: keyCompromise
OK
Bad Request
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
ttl: 1y
ca-cert: | -----BEGIN CERTIFICATE----- MIICHTCCAcOgAwIBAgISWNECRJYLYnewT+3Ujk574sRJMAoGCCqGSM49BAMCMGUx GjAYBgNVBAMTEUF2YXNzYSBBUEkgcm9vdCAyMRIwEAYDVQQHEwlTdG9ja2hvbG0x CzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1 dGlvbjAiGA8yMDIyMDEwODE4NDk1NFoYDzIwMjMwMTEyMTAyNTU0WjBlMRowGAYD VQQDExFBdmFzc2EgQVBJIHJvb3QgMjESMBAGA1UEBxMJU3RvY2tob2xtMQswCQYD VQQGEwJTRTEPMA0GA1UEChMGQXZhc3NhMRUwEwYDVQQLEwxkaXN0cmlidXRpb24w WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASvGeQvFMppCCzWIuoC9aLlPa+LMFec pPcRKkPxNKnFgfxxQkj8BxHFK983DkQPRN8DqLTnVu9PlbHF9vafoCZEo08wTTAO BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBATAnBgNVHR8EIDAeMByg GqAYhhZodHRwOi8vY3JsLmF2YXNzYS5uZXQvMAoGCCqGSM49BAMCA0gAMEUCIQCn rmajChgRM8BwDUr205011d/ra3spqDQqz+z32DjZEwIgNJp+7hOxQxUwejpDamRW BcbypHLoQkU/SCFeASg47vs= -----END CERTIFICATE----- expires: 2023-01-12T10:25:54.000000Z version: 2