Skip to main content
REST API reference
A newer release of this product is available.

Retrieve security certificates

PDFs

GET /security/certificates/{uuid}

Introduced In: 9.6

Retrieves security certificates.

  • security certificate show

Parameters

Name Type In Required Description

uuid

string

path

True

Certificate UUID

fields

array[string]

query

False

Specify the fields to return.

Response

Status: 200, Ok
Name Type Description

_links

_links

authority_key_identifier

string

Provides the key identifier of the issuing CA certificate that signed the SSL certificate.

azure

azure

ca

string

Certificate authority

common_name

string

FQDN or custom common name. Provide on POST when creating a self-signed certificate.

expiry_time

string

Certificate expiration time, in ISO 8601 duration format or date and time format. Can be provided on POST if creating self-signed certificate. The expiration time range is between 1 day to 10 years.

hash_function

string

Hashing function. Can be provided on POST when creating a self-signed certificate. Hash functions md5 and sha1 are not allowed on POST.

key_size

integer

Key size of requested Certificate in bits. One of 512, 1024, 1536, 2048, 3072. Can be provided on POST if creating self-signed certificate with a minimum permissible value of 2048.

name

string

Certificate name or name of the certificate to be downloaded from the Azure Key Vault (AKV). If not provided in POST, a unique name specific to the SVM is automatically generated.

public_certificate

string

Public key Certificate in PEM format. If this is not provided in POST, a self-signed certificate is created.

scope

string

Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".

serial_number

string

Serial number of certificate.

subject_alternatives

subject_alternatives

subject_key_identifier

string

Provides the key identifier used to identify the public key in the SSL certificate.

svm

svm

SVM, applies only to SVM-scoped objects.

type

string

Type of Certificate. The following types are supported:

  • client - a certificate and its private key used by an SSL client in ONTAP.

  • server - a certificate and its private key used by an SSL server in ONTAP.

  • client_ca - a Certificate Authority certificate used by an SSL server in ONTAP to verify an SSL client certificate.

  • server_ca - a Certificate Authority certificate used by an SSL client in ONTAP to verify an SSL server certificate.

  • root_ca - a self-signed certificate used by ONTAP to sign other certificates by acting as a Certificate Authority.

  • enum: ["client", "server", "client_ca", "server_ca", "root_ca"]

  • Introduced in: 9.6

  • x-nullable: true

uuid

string

Unique ID that identifies a certificate.
Example response 
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "authority_key_identifier": "26:1F:C5:53:5B:D7:9E:E2:37:74:F4:F4:06:09:03:3D:EB:41:75:D7",
  "azure": {
    "verify_host": true
  },
  "ca": "string",
  "common_name": "test.domain.com",
  "expiry_time": "2030-01-25 06:20:13 -0500",
  "hash_function": "string",
  "key_size": 512,
  "name": "string",
  "public_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuzCCAWWgAwIBAgIIFTZBrqZwUUMwDQYJKoZIhvcNAQELBQAwHDENMAsGA1UE\nAxMEVEVTVDELMAkGA1UEBhMCVVMwHhcNMTgwNjA4MTgwOTAxWhcNMTkwNjA4MTgw\nOTAxWjAcMQ0wCwYDVQQDEwRURVNUMQswCQYDVQQGEwJVUzBcMA0GCSqGSIb3DQEB\nAQUAA0sAMEgCQQDaPvbqUJJFJ6NNTyK3Yb+ytSjJ9aa3yUmYTD9uMiP+6ycjxHWB\ne8u9z6yCHsW03ync+dnhE5c5z8wuDAY0fv15AgMBAAGjgYowgYcwDAYDVR0TBAUw\nAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFMJ7Ev/o/3+YNzYh5XNlqqjnw4zm\nMEsGA1UdIwREMEKAFMJ7Ev/o/3+YNzYh5XNlqqjnw4zmoSCkHjAcMQ0wCwYDVQQD\nEwRURVNUMQswCQYDVQQGEwJVU4IIFTZBrqZwUUMwDQYJKoZIhvcNAQELBQADQQAv\nDovYeyGNnknjGI+TVNX6nDbyzf7zUPqnri0KuvObEeybrbPW45sgsnT5dyeE/32U\n9Yr6lklnkBtVBDTmLnrC\n-----END CERTIFICATE-----\n",
  "scope": "string",
  "serial_number": "string",
  "subject_alternatives": {
    "dns": [
      "*.example.com"
    ],
    "email": [
      "abc@example.com"
    ],
    "ip": [
      "10.225.34.10"
    ],
    "uri": [
      "http://example.com"
    ]
  },
  "subject_key_identifier": "26:1F:C5:53:5B:D7:9E:E2:37:74:F4:F4:06:09:03:3D:EB:41:75:D8",
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  },
  "type": "string",
  "uuid": "string"
}

Error

Status: Default, Error
Name Type Description

error

returned_error
Example error 
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

_links

Name Type Description

self

href

proxy

azure

Name Type Description

proxy

proxy

subject_alternatives

Name Type Description

dns

array[string]

A list of DNS names for Subject Alternate name extension.

email

array[string]

A list of email addresses for Subject Alternate name extension

ip

array[string]

A list of IP addresses for Subject Alternate name extension.

uri

array[string]

A list of URIs for Subject Alternate name extension.

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

_links

_links

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.