Retrieve security certificates
GET /security/certificates
Introduced In: 9.6
Retrieves security certificates.
Related ONTAP commands
-
security certificate show
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
authority_key_identifier |
string |
query |
False |
Filter by authority_key_identifier
|
ca |
string |
query |
False |
Filter by ca
|
svm.uuid |
string |
query |
False |
Filter by svm.uuid |
svm.name |
string |
query |
False |
Filter by svm.name |
public_certificate |
string |
query |
False |
Filter by public_certificate
|
common_name |
string |
query |
False |
Filter by common_name |
uuid |
string |
query |
False |
Filter by uuid
|
key_size |
integer |
query |
False |
Filter by key_size |
serial_number |
string |
query |
False |
Filter by serial_number
|
expiry_time |
string |
query |
False |
Filter by expiry_time |
type |
string |
query |
False |
Filter by type |
name |
string |
query |
False |
Filter by name
|
scope |
string |
query |
False |
Filter by scope |
subject_key_identifier |
string |
query |
False |
Filter by subject_key_identifier
|
hash_function |
string |
query |
False |
Filter by hash_function |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok
Name | Type | Description |
---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[security_certificate] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"num_records": 1,
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"authority_key_identifier": "26:1F:C5:53:5B:D7:9E:E2:37:74:F4:F4:06:09:03:3D:EB:41:75:D7",
"azure": {
"client_certificate": "PEM Cert",
"client_id": "aaaaaaaa-bbbb-aaaa-bbbb-aaaaaaaaaaaa",
"client_secret": "abcdef",
"key_vault": "https://kmip-akv-keyvault.vault.azure.net/",
"oauth_host": "login.microsoftonline.com",
"proxy": {
"host": "proxy.eng.com",
"password": "proxypassword",
"port": 1234,
"type": "string",
"username": "proxyuser"
},
"tenant_id": "zzzzzzzz-yyyy-zzzz-yyyy-zzzzzzzzzzzz",
"timeout": 25
},
"ca": "string",
"common_name": "test.domain.com",
"expiry_time": "string",
"hash_function": "string",
"intermediate_certificates": [
"-----BEGIN CERTIFICATE----- MIIBuzCCAWWgAwIBAgIIFTZBrqZwUUMwDQYJKoZIhvcNAQELBQAwHDENMAsGA1UE AxMEVEVTVDELMAkGA1UEBhMCVVMwHhcNMTgwNjA4MTgwOTAxWhcNMTkwNjA4MTgw OTAxWjAcMQ0wCwYDVQQDEwRURVNUMQswCQYDVQQGEwJVUzBcMA0GCSqGSIb3DQEB AQUAA0sAMEgCQQDaPvbqUJJFJ6NNTyK3Yb+ytSjJ9aa3yUmYTD9uMiP+6ycjxHWB e8u9z6yCHsW03ync+dnhE5c5z8wuDAY0fv15AgMBAAGjgYowgYcwDAYDVR0TBAUw AwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFMJ7Ev/o/3+YNzYh5XNlqqjnw4zm MEsGA1UdIwREMEKAFMJ7Ev/o/3+YNzYh5XNlqqjnw4zmoSCkHjAcMQ0wCwYDVQQD EwRURVNUMQswCQYDVQQGEwJVU4IIFTZBrqZwUUMwDQYJKoZIhvcNAQELBQADQQAv DovYeyGNnknjGI+TVNX6nDbyzf7zUPqnri0KuvObEeybrbPW45sgsnT5dyeE/32U 9Yr6lklnkBtVBDTmLnrC -----END CERTIFICATE-----"
],
"name": "string",
"private_key": "-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n",
"public_certificate": "-----BEGIN CERTIFICATE----- MIIBuzCCAWWgAwIBAgIIFTZBrqZwUUMwDQYJKoZIhvcNAQELBQAwHDENMAsGA1UE AxMEVEVTVDELMAkGA1UEBhMCVVMwHhcNMTgwNjA4MTgwOTAxWhcNMTkwNjA4MTgw OTAxWjAcMQ0wCwYDVQQDEwRURVNUMQswCQYDVQQGEwJVUzBcMA0GCSqGSIb3DQEB AQUAA0sAMEgCQQDaPvbqUJJFJ6NNTyK3Yb+ytSjJ9aa3yUmYTD9uMiP+6ycjxHWB e8u9z6yCHsW03ync+dnhE5c5z8wuDAY0fv15AgMBAAGjgYowgYcwDAYDVR0TBAUw AwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFMJ7Ev/o/3+YNzYh5XNlqqjnw4zm MEsGA1UdIwREMEKAFMJ7Ev/o/3+YNzYh5XNlqqjnw4zmoSCkHjAcMQ0wCwYDVQQD EwRURVNUMQswCQYDVQQGEwJVU4IIFTZBrqZwUUMwDQYJKoZIhvcNAQELBQADQQAv DovYeyGNnknjGI+TVNX6nDbyzf7zUPqnri0KuvObEeybrbPW45sgsnT5dyeE/32U 9Yr6lklnkBtVBDTmLnrC -----END CERTIFICATE-----",
"scope": "string",
"serial_number": "string",
"subject_key_identifier": "26:1F:C5:53:5B:D7:9E:E2:37:74:F4:F4:06:09:03:3D:EB:41:75:D8",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"type": "string",
"uuid": "string"
}
]
}
Error
Status: Default, Error
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
next |
||
self |
_links
Name | Type | Description |
---|---|---|
self |
proxy
Name | Type | Description |
---|---|---|
host |
string |
Proxy host. |
password |
string |
Proxy password. Password is not audited. |
port |
integer |
Proxy port. |
type |
string |
Proxy type. |
username |
string |
Proxy username. |
azure
Name | Type | Description |
---|---|---|
client_certificate |
string |
PKCS12 certificate used by the application to prove its identity to AKV. |
client_id |
string |
Application client ID of the deployed Azure application with appropriate access to an AKV. |
client_secret |
string |
Secret used by the application to prove its identity to AKV. |
key_vault |
string |
URI of the deployed AKV that is used by ONTAP for storing keys.
|
oauth_host |
string |
Open authorization server host name. |
proxy |
||
tenant_id |
string |
Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV. |
timeout |
integer |
AKV connection timeout, in seconds. The allowed range is between 0 to 30 seconds. |
verify_host |
boolean |
Verify the identity of the AKV host name. By default, verify_host is set to true. |
svm
SVM, applies only to SVM-scoped objects.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. This field cannot be specified in a PATCH method. |
uuid |
string |
The unique identifier of the SVM. This field cannot be specified in a PATCH method. |
security_certificate
Name | Type | Description |
---|---|---|
_links |
||
authority_key_identifier |
string |
Provides the key identifier of the issuing CA certificate that signed the SSL certificate. |
azure |
||
ca |
string |
Certificate authority |
common_name |
string |
FQDN or custom common name. Provide on POST when creating a self-signed certificate. |
expiry_time |
string |
Certificate expiration time. Can be provided on POST if creating self-signed certificate. The expiration time range is between 1 day to 10 years. |
hash_function |
string |
Hashing function. Can be provided on POST when creating a self-signed certificate. Hash functions md5 and sha1 are not allowed on POST. |
intermediate_certificates |
array[string] |
Chain of intermediate Certificates in PEM format. Only valid in POST when installing a certificate. |
key_size |
integer |
Key size of requested Certificate in bits. One of 512, 1024, 1536, 2048, 3072. Can be provided on POST if creating self-signed certificate with a minimum permissible value of 2048. |
name |
string |
Certificate name or name of the certificate to be downloaded from the Azure Key Vault (AKV). If not provided in POST, a unique name specific to the SVM is automatically generated. |
private_key |
string |
Private key Certificate in PEM format. Only valid for create when installing a CA-signed certificate. This is not audited. |
public_certificate |
string |
Public key Certificate in PEM format. If this is not provided in POST, a self-signed certificate is created. |
scope |
string |
Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster". |
serial_number |
string |
Serial number of certificate. |
subject_key_identifier |
string |
Provides the key identifier used to identify the public key in the SSL certificate. |
svm |
SVM, applies only to SVM-scoped objects. |
|
type |
string |
Type of Certificate. The following types are supported:
|
uuid |
string |
Unique ID that identifies a certificate. |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |