Documentation

Mistake on this page? Email us

Third party CA management API

API for managing third party CA for creating certificates on Pelion Device Management
Version: v3
Host: https://api.us-east-1.mbedcloud.com

Endpoints

CertificateIssuers

post /v3/certificate-issuers
Create certificate issuer. Show more Show less

Create a certificate issuer. The maximum number of issuers is limited to 20 per account. Multiple certificate issuers of the same issuer type can be created, provided they have a different name. This allows verification of the certificate issuer configuration before activating it.
Example usage:

curl -X POST \
-H 'authorization: Bearer <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuers \
-d '{
  "issuer_type": "GLOBAL_SIGN",
  "name": "GS Issuer",
  "description": "Sample GlobalSign certificate issuer",
  "issuer_attributes": null,
  "issuer_credentials": {
      "api_key": "e510e289e6cd8947",
      "api_secret": "a477a8393d17a55ecb2ba6a61f58feb84770b621",
      "client_certificate": "-----BEGIN CERTIFICATE-----MIIC7zCCAdegAwIBAgIJANTlU4x5S74VMA0GCSqGSIb3DQEBCwUAMA4xDDAKBgNVBAoMA0FybTAeFw0xODAzMTExMzE5MTFaFw0xOTAzMTExMzE5MTFaMA4xDDAKBgNVBAoMA0FybTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJWLStsVMJULZtxdieK9qocM4ymDXMaAusmd9TZLzBgznKQe/CW2yxyA8C8K5e6MmvMYGeKDd4Lkw/ezOj2OsUj2xzNIltUxpGi/GhsNYiN/khNJa/Y1SllLoihJAPm/xbMywOBRu/dM88PiJsNZccOk0I8DYvvyAs9wCTkbKLnfHygl98DCRqXw7nBCplU6F03qpUd/4BUtMtugyqt7yboGH+4YewnUh4Yh4QNOJIvE93Ob++eKjO3pIOYEhQmUxzOLaLNuWXlv2l1WuN281hUP4XBcV8mCzRQfTBBDYTWt+5BEWoLOUkXjW0Um6EAaN3usph1IKDEH6Ia5VHP4Pj0CAwEAAaNQME4wHQYDVR0OBBYEFLsfYZxFcQTjPJKYMjHI2In316fmMB8GA1UdIwQYMBaAFLsfYZxFcQTjPJKYMjHI2In316fmMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFl08GFsIkkUs6M7QgCWmsnwP6PtD8V87wM1GAqQQlOOeztaeRR2TEOeYiKRZQugYszJ/FVfVp4ggqzepJMn6UZ42j5nmSJs+6t79i23QAzX1zNQ354lr/t7kt3fMdhuL3AP0oZGzdy+EnXXiWeAD22UwzvVmLt38ypJIl+pmTsx9jJy4PN7yoRgtP9k+50m3X6oDxVruehC/JPSeTvEhqyLW3fLcG6IoJMX3vIwfO9uXbFJumTowQeViNJJ9duWvD2KBXn/muOOBe97TPuvAms1gOtMmmPT9/jpo9b4+NsfFiAN6bMici81aIKZzLC+lLGOUmR2fFJyM5OsVLxKsko=-----END CERTIFICATE-----",
        "private_key":"-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,CCAC26A4133947CB\n\np3KJ4FI3wcz3I0MtiLkrznkjWFvprVmoNywySUGb5IqZViJZqCMEsyU9a9iDsSfP\nZ07cg9GviV21WYIPSxZOQrpy1g1VWILzFnH+J6z8dSH4mxXh0PwdOzYgAeqkrIVM\nJ7KRm6t222dZFjjXK3eEcLmBLGo29XwVJxKHx+l4++gU1LZmeHZR5M8fJ4jejUly\n7sqzPlmRF0N3I4lwKVj+PfQTVz43QoCnpxOjuSEL4liBrc2agY2xH1O0PFyHimz9\n3XM9HR/iuPHW0N2D+NPjXlWKacerupH9d4i9IYIagzB+HTgej8limdo03GmmxcZ6\nYNa58n5yQSaqu0TPRU9DsrKeGjadHTlZQGdzfq1SWsROCnHLrXFKE2ozIG3+hxA5\nujBF/QWpX5+inXUwDJhBxp8isHbPEnBEUUd6ZRzCTjvN0jaUti5B9yFhO2G6mbE8\nCvhyzQK8oJqsjZXnlcpPf95LP+9XbcCDjLSIaWJstzXO9tPiv6+x1MVWmivtRHcC\nSTzpx8jAGCiG6ejLqWB87ZXiZm7ujlCBheHSf5RHwNHhUvoP2JEYalDDRxjcDMSx\n4uV42Np4yJlIQEDlGHcBlXoL7vEukFpuWgkYdpcZy/Ou9qz8mXrpLcu8C8MhLmSC\nixGoR5iRhV7cxoHLyuCzj87eYEA73Xu238DQorSEEuiVFnLzQ2+PJMs4qoI14q/L\notlBDz+Ko6DrU/EZROYmiqMkLKXR2sx9zNAJwPYRs6nSH08tZ3dwqzZbgtP3Wazi\nhLWHt5/En7wQRA5a+/dDEHXSoLvvSQ9jvhclhWf+eCYuq2eH+g54oyJGRSY+8GV7\nujhLxkzl/3OZdhZPWoz4U13KpbSTcNWu5Y7oGDoabw19UbvqmLf1PJkpDH/tQgzB\nxYtsLBRUcofpYoeIiIxfAA4do5WilJc8xqrGhkE4WcHfY24HXAiOvsjbxV+BRprX\n1jtgJpV/9nJESMap+8PxipGUFRGjB83/uwJaa6mLftEKflX8i4MZ+HnqraXERsqA\nWRUcDHIWmFfpzIB3iNuxawVvPH8NdCSPmQ9qTb8Cozl0AuOK2E9S+ke8oiYQScWR\nLdu+zhej7GjuQ9R+Ub+wPWqvOA5qLXejqnCexVScDUuN+z9JWM3N2FG1MwxhAzhP\ndEfoQHoBn6uyOmrVGP6fosV3chqhPoec42KeOAm1xDvx692isaIy1jPgIyPxeqhm\n2Tw4E+02R7dlP8Ljf7JzfLm4oKpWHWlcHeqg24x6lY/wXU1RBcWaTa0AQUwoGm2m\nIQCPfIqOEv/QC2HpO7SVCYkl65KwR0oTd1AzYxdxEq3xHQbh69EL0FGZPVxVCPI+\nhEAyifKy1/tm3l91Rf/kGpHY7nIQKCXH49tmFwix8gke2nZJmRgX7/zAdMOAKeKH\nAaIl4nQtv14EbaasMgnn9qgaDYnWzaReEob2QlQ/WYlTor61+KFpGtcf9jAkgudT\n2op+4CF7wT2+aTXdtkVWfmv++iB8GnlqZdxLvyG1cTYjjYHVFbMSWQnxzQqiE2ms\nQgp+byjWCumpsWTMdTO+d9NkDOo80vDpaRxEgebmhJ0MbX+eFjBgVg==\n-----END RSA PRIVATE KEY-----",
      "passphrase": "helloworld"
  }
}'
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CertificateIssuerRequest CertificateIssuerRequest (required)
Body Parameter — Certificate issuer request.
Return type
Example data
Content-Type: application/json
{
  "issuer_type" : "GLOBAL_SIGN",
  "issuer_attributes" : { },
  "name" : "GS Issuer",
  "created_at" : "2017-01-01T00:00:00Z",
  "description" : "GlobalSign sample issuer",
  "etag" : "1",
  "id" : "01234567890ABCDEF01234567890ABCDEF",
  "object" : "certificate-issuer"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
201 Created. CertificateIssuerInfo
400 Validation error: The data used to create the certificate issuer failed validation. ErrorObjectResponse
401 You are not authorized to view the resource. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
409 Conflict. A certificate issuer with this name already exists. ErrorObjectResponse
424 The request failed due to customer configured external service. ErrorObjectResponse
delete /v3/certificate-issuers/{certificate-issuer-id}
Delete certificate issuer. Show more Show less

Delete a certificate issuer by ID.
Example usage:

curl -X DELETE \
-H 'authorization: <valid access token>' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuers/0162155dc77d507b9d48a91b00000000
Path parameters
certificate-issuer-id (required)
Path Parameter — Certificate issuer ID.
The ID of the certificate issuer. An active certificate issuer may not be deleted.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
204 Certificate issuer deleted.
400 Validation error: An active certificate issuer cannot be deleted. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
get /v3/certificate-issuers/{certificate-issuer-id}
Get certificate issuer by ID. Show more Show less
Path parameters
certificate-issuer-id (required)
Path Parameter — Certificate issuer ID. The ID of the certificate issuer.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Return type
Example data
Content-Type: application/json
{
  "issuer_type" : "GLOBAL_SIGN",
  "issuer_attributes" : { },
  "name" : "GS Issuer",
  "created_at" : "2017-01-01T00:00:00Z",
  "description" : "GlobalSign sample issuer",
  "etag" : "1",
  "id" : "01234567890ABCDEF01234567890ABCDEF",
  "object" : "certificate-issuer"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerInfo
400 Validation error: The data used to get the certificate issuer failed validation. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
get /v3/certificate-issuers
Get certificate issuers list. Show more Show less
Note: This endpoint does not implement pagination and therefore, list control parameters such as limit or after will be ignored by the system.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Query parameters
limit (optional)
Query Parameter — How many objects to retrieve in the page. The minimum limit is 2 and the maximum is 1000. Limit values outside of this range are set to the closest limit.
order (optional)
Query Parameter — The order of the records based on creation time, ASC or DESC; by default ASC.
after (optional)
Query Parameter — The ID of The item after which to retrieve the next page.
include (optional)
Query Parameter — Comma-separated list of data fields to return. Currently supported: total_count
Return type
Example data
Content-Type: application/json
{
  "data" : [ {
    "issuer_type" : "GLOBAL_SIGN",
    "issuer_attributes" : { },
    "name" : "GS Issuer",
    "created_at" : "2017-01-01T00:00:00Z",
    "description" : "GlobalSign sample issuer",
    "etag" : "1",
    "id" : "01234567890ABCDEF01234567890ABCDEF",
    "object" : "certificate-issuer"
  } ],
  "total_count" : 1,
  "limit" : 50,
  "after" : "01631667477600000000000100100374",
  "has_more" : false,
  "object" : "list",
  "order" : "DESC"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerInfoListResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
put /v3/certificate-issuers/{certificate-issuer-id}
Update certificate issuer. Show more Show less

Update a certificate issuer.
Example usage:

curl -X PUT \
-H 'authorization: <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuers/01621560be51507b9d48a91b00000000 \
-d '{
  "description": "Sample GlobalSign certificate issuer - updated.",
  "name": "GlobalSign Issuer"
}'
Path parameters
certificate-issuer-id (required)
Path Parameter — Certificate issuer ID.
The ID of the certificate issuer.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CertificateIssuerUpdateRequest CertificateIssuerUpdateRequest (required)
Body Parameter — Certificate issuer update request.
Return type
Example data
Content-Type: application/json
{
  "issuer_type" : "GLOBAL_SIGN",
  "issuer_attributes" : { },
  "name" : "GS Issuer",
  "created_at" : "2017-01-01T00:00:00Z",
  "description" : "GlobalSign sample issuer",
  "etag" : "1",
  "id" : "01234567890ABCDEF01234567890ABCDEF",
  "object" : "certificate-issuer"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerInfo
400 Validation error: The data used to update the certificate issuer failed validation. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
409 Conflict. A certificate issuer with this name already exists. ErrorObjectResponse
424 The request failed due to customer configured external service. ErrorObjectResponse
post /v3/certificate-issuers/{certificate-issuer-id}/verify
Verify certificate issuer. Show more Show less

A utility API that can be used to validate the user configuration before activating a certificate issuer. Verifies that the certificate issuer is accessible and can be used to generate certificates by Device Management.
Note: The API requests the 3rd party CA to sign a test certificate. For some 3rd party CAs, this operation may make use of the account quota.
Example usage:

curl -X POST \
-H 'authorization: <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuers/01621a36719d507b9d48a91b00000000/verify
Path parameters
certificate-issuer-id (required)
Path Parameter — Certificate issuer ID.
The ID of the certificate issuer.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Return type
Example data
Content-Type: application/json
{
  "message" : "message describing the verification failure",
  "successful" : false
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerVerifyResponse
400 Validation error ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
424 The request failed due to customer configured external service. ErrorObjectResponse

CertificateIssuersActivation

post /v3/certificate-issuer-configurations
Create certificate issuer configuration. Show more Show less

Configure the certificate issuer to be used when creating the device custom certificates.
Example usage:

curl -X POST \
-H 'authorization: <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuer-configurations \
-d '{
  "reference": "customer.dlms",
  "certificate_issuer_id": "01621a36719d507b9d48a91b00000000"
}'
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CreateCertificateIssuerConfig CreateCertificateIssuerConfig (required)
Body Parameter — Certificate issuer configuration request
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
201 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
409 A certificate issuer configuration with this reference already exists. ErrorObjectResponse
delete /v3/certificate-issuer-configurations/{certificate-issuer-configuration-id}
Delete certificate issuer configuration. Show more Show less
Delete the configured certificate issuer configuration. You can only delete the configurations of custom certificates.
Path parameters
certificate-issuer-configuration-id (required)
Path Parameter — The ID of the certificate issuer configuration.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
204 No content.
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
get /v3/certificate-issuer-configurations/lwm2m
Get certificate issuer configuration. Show more Show less
Provides the configured certificate issuer to be used when creating device certificates for LwM2M communication.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
get /v3/certificate-issuer-configurations/{certificate-issuer-configuration-id}
Get certificate issuer configuration. Show more Show less
Provides the configured certificate issuer.
Path parameters
certificate-issuer-configuration-id (required)
Path Parameter — The ID of the certificate issuer configuration.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
get /v3/certificate-issuer-configurations
Get certificate issuer configurations. Show more Show less

Get certificate issuer configurations, optionally filtered by reference.
Example usage:

curl \
-H 'authorization: <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuer-configurations \
curl \
-H 'authorization: <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuer-configurations?reference__eq=dlms \

Note: This endpoint does not implement pagination and therefore, list control parameters such as limit or after will be ignored by the system.

Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Query parameters
limit (optional)
Query Parameter — How many objects to retrieve in the page. The minimum limit is 2 and the maximum is 1000. Limit values outside of this range are set to the closest limit.
order (optional)
Query Parameter — The order of the records based on creation time, ASC or DESC; by default ASC.
after (optional)
Query Parameter — The ID of The item after which to retrieve the next page.
include (optional)
Query Parameter — Comma-separated list of data fields to return. Currently supported: total_count
reference__eq (optional)
Query Parameter — The certificate name to which the certificate issuer configuration applies.
Return type
Example data
Content-Type: application/json
{
  "data" : [ {
    "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
    "reference" : "customer.dlms",
    "updated_at" : "2017-02-01T00:00:00Z",
    "is_custom" : true,
    "created_at" : "2017-01-01T00:00:00Z",
    "etag" : "1",
    "id" : "01648415a2a30242ac18000500000000",
    "object" : "certificate-issuer-configuration"
  } ],
  "total_count" : 1,
  "limit" : 50,
  "has_more" : false,
  "after" : "01631667477600000000000100100374",
  "order" : "DESC",
  "object" : "list"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigListResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
put /v3/certificate-issuer-configurations/lwm2m
Update certificate issuer configuration. Show more Show less

Configure the certificate issuer to be used when creating device certificates for LwM2M communication.
Example usage:

curl -X PUT \
-H 'authorization: <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuer-configurations/lwm2m \
-d '{
  "certificate_issuer_id": "01621a36719d507b9d48a91b00000000"
}'
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CertificateIssuerConfigRequest CertificateIssuerConfigRequest (required)
Body Parameter — Certificate Issuer Configuration Request
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
put /v3/certificate-issuer-configurations/{certificate-issuer-configuration-id}
Update certificate issuer configuration. Show more Show less
Update the configured certificate issuer configuration.
Path parameters
certificate-issuer-configuration-id (required)
Path Parameter — The ID of the certificate issuer configuration.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CertificateIssuerConfigRequest CertificateIssuerConfigRequest (required)
Body Parameter — Certificate issuer configuration request
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse

Models

CertificateIssuerConfigListResponse

data (optional)
array[CertificateIssuerConfigResponse] List of certificate issuers.
total_count (optional)
Integer format: integer
order (optional)
String The creation time based order of the entries.
object (optional)
String The type of this API object is a list.
limit (optional)
Integer How many objects to retrieve in the page. The minimum limit is 2 and the maximum is 1000. Limit values outside of this range are set to the closest limit.
has_more (optional)
Boolean Are there more results available.
after (optional)
String An offset token for current page.

CertificateIssuerConfigRequest

certificate_issuer_id (optional)
String Certificate issuer ID. For LwM2M, may be null if Device Management internal certificate issuer is used.

CertificateIssuerConfigResponse

id (optional)
String The ID of the certificate issuer configuration.
certificate_issuer_id (optional)
String The ID of the certificate issuer. Null if Device Management internal HSM is used.
object (optional)
Enum:
certificate-issuer-configuration
reference (optional)
String The certificate name to which the certificate issuer configuration applies.
is_custom (optional)
created_at (optional)
Date Created UTC time RFC3339. format: date-time
updated_at (optional)
Date Updated UTC time RFC3339. format: date-time
etag (optional)
String Entity instance signature.

CertificateIssuerInfo

created_at (optional)
Date Creation UTC time RFC3339. format: date-time
etag (optional)
String Entity instance signature.
id (optional)
String The ID of the certificate issuer.
issuer_type
String

The type of the certificate issuer.

  • GLOBAL_SIGN: Certificates are issued by GlobalSign service. The users must provide their own GlobalSign account credentials.
  • CFSSL_AUTH: Certificates are issued by CFSSL authenticated signing service. The users must provide their own CFSSL host_url and credentials.
Enum:
GLOBAL_SIGN
CFSSL_AUTH
name (optional)
String Certificate issuer name, unique per account.
description (optional)
String General description for the certificate issuer.
issuer_attributes (optional)
map[String, String] General attributes for connecting the certificate issuer. When the issuer_type is GLOBAL_SIGN, the value shall be empty. When the issuer_type is CFSSL_AUTH, see definition of CfsslAttributes.
object (optional)
Enum:
certificate-issuer

CertificateIssuerInfoListResponse

data (optional)
array[CertificateIssuerInfo] List of certificate issuers.
after (optional)
String An offset token for current page.
has_more (optional)
Boolean Are there more results available.
limit (optional)
Integer How many objects to retrieve in the page. The minimum limit is 2 and the maximum is 1000. Limit values outside of this range are set to the closest limit.
object (optional)
String The type of this API object is a list.
order (optional)
String The creation time based order of the entries.
total_count (optional)
Integer format: integer

CertificateIssuerRequest

issuer_type
String

The type of the certificate issuer.

  • GLOBAL_SIGN: Certificates are issued by GlobalSign service. The users must provide their own GlobalSign account credentials.
  • CFSSL_AUTH: Certificates are issued by CFSSL authenticated signing service. The users must provide their own CFSSL host_url and credentials.
Enum:
GLOBAL_SIGN
CFSSL_AUTH
name
String Certificate issuer name, unique per account.
description (optional)
String General description of the certificate issuer.
issuer_attributes (optional)
map[String, String] General attributes for connecting the certificate issuer. When the issuer_type is GLOBAL_SIGN, the value shall be empty. When the issuer_type is CFSSL_AUTH, see definition of CfsslAttributes.
issuer_credentials
map[String, String] The credentials required for connecting to the certificate issuer. When the issuer_type is GLOBAL_SIGN, see definition of GlobalSignCredentials. When the issuer_type is CFSSL_AUTH, see definition of CfsslAuthCredentials.

CertificateIssuerUpdateRequest

name (optional)
String Certificate issuer name.
description (optional)
String General description of the certificate issuer.
issuer_attributes (optional)
map[String, String] General attributes for connecting the certificate issuer. When the issuer_type is GLOBAL_SIGN, the value shall be empty. When the issuer_type is CFSSL_AUTH, see definition of CfsslAttributes.
issuer_credentials (optional)
map[String, String] The credentials required for connecting to the certificate issuer. When the issuer_type is GLOBAL_SIGN, see definition of GlobalSignCredentials. When the issuer_type is CFSSL_AUTH, see definition of CfsslAuthCredentials.

CertificateIssuerVerifyResponse

successful (optional)
Boolean Indicates whether the certificate issuer was verified successfully.
message (optional)
String Provides details in case of failure.

CfsslAttributes

Describes the attributes required to connect to the CFSSL server.
host_url
String The URL to connect to the CFSSL server.
cfssl_profile (optional)
String The profile that is configured on the CFSSL server and is used by CFSSL when creating the certificate.
cfssl_label (optional)
String The label that is used by CFSSL when creating the certificate.

CfsslAuthCredentials

Describes the credentials required when using CFSSL authenticated signing.
hmac_hex_key
String The key that is used to compute the HMAC of the request using the HMAC-SHA-256 algorithm. Must contain an even number of hexadecimal characters.

CreateCertificateIssuerConfig

reference
String The certificate name, as created in the factory, to which the certificate issuer configuration applies. The following names are reserved and cannot be configured: LwM2M, BOOTSTRAP.
certificate_issuer_id
String The ID of the certificate issuer.

ErrorObjectResponse

code
Integer Error code. Correlates with response status code. format: int32
fields
array[FieldMessageEntry] A list of request fields that failed the validation.
message
String Error message.
object
String entity name: 'error'
request_id
String Request ID from JWT.
type
String Error type.

FieldMessageEntry

field (optional)
String Field name.
message (optional)
String Error message related to the field.

GlobalSignCredentials

Describes the credentials required to connect to the GlobalSign account. The values should be taken from GlobalSign support upon account creation.
api_key
String Unique ID for API client (provided by GlobalSign).
api_secret
String API Secret matching the API key (provided by GlobalSign). format: password
client_certificate
String The client certificate provided by GlobalSign to allow HTTPS connection over TLS/SSL. The certificate wraps a public key that matches a private key provided by the customer. The certificate must be in PEM format.
private_key
String The private key that matches the client certificate to allow HTTPS connection over TLS/SSL. The private key may be encrypted using a symmetric encryption key derived from a passphrase. The private key must be in PEM format.
passphrase (optional)
String The passphrase to decrypt the private key in case it is encrypted. Empty if the private key is not encrypted. format: password