REST API reference
Sign security certificates
Suggest changes
PDFs
POST /security/certificates/{ca.uuid}/sign
Signs a certificate.
Required properties
-
signing_request- Certificate signing request to be signed by the given certificate authority.
Recommended optional properties
-
expiry_time- Certificate expiration time. Specifying an expiration time for a signed certificate is recommended. -
hash_function- Hashing function. Specifying a strong hashing function is recommended when signing a certificate.
Default property values
If not specified in POST, the following default property values are assigned:
-
expiry_time- P365DT -
hash_function- sha256
Related ONTAP commands
-
security certificate signThis API is used to sign a certificate request using a pre-existing self-signed root certificate. The self-signed root certificate acts as a certificate authority within its scope and maintains the records of its signed certificates.
The root certificate can be created for a given SVM or for the cluster using [POST security/certificates].
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned. |
ca.uuid |
string |
path |
True |
UUID of the existing certificate authority certificate |
Request Body
| Name | Type | Description |
|---|---|---|
expiry_time |
string |
Certificate expiration time. The allowed expiration time range is between 1 day to 10 years. |
hash_function |
string |
Hashing function |
signing_request |
string |
Certificate signing request to be signed by the given certificate authority. Request should be in X509 PEM format. |
Example request
{
"expiry_time": "string",
"hash_function": "string",
"signing_request": "'-----BEGIN CERTIFICATE REQUEST----- MIICYDCCAUgCAQAwGzEMMAoGA1UEAxMDQUJDMQswCQYDVQQGEwJVUzCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAPF+82SlqT3Vyu3Jx4IAwHcO5EGwLOxy zQ6KNjz71Fca0n1/A1CbCPyOsSupGVObvdWxX7xLVMJ2SXb7h43GCqYyX6FXJO4F HOpmLvB+jxdeiW7SDbiZyLUlsvA+oRO/uNlcug773QZdKLjJD64erZZMRUNbUJB8 bARxAUi0FPvgTraSQ0UW5sRLiGKeAyKA4wekYe1VgjHRTBizFbD4dI3njfva/2Bl jf+kkulgcLJTuJNtkgeimqMKyraYuleYcYk2K+C//0NuNOuPbDfTXCM7O61vik09 Szi8nLN7OXE9KoAA93U/BCpSfpl8XIb4cGnEr8hgVHOOtZSo+KZBFxMCAwEAAaAA MA0GCSqGSIb3DQEBCwUAA4IBAQC2vFYpvgsFrm5GnPx8tOBD1xsTyYjbWJMD8hAF lFrvF9Sw9QGCtDyacxkwgJhQx8l8JiIS5GOY6WWLBl9FMkLQNAhDL9xF3WF7vfYq RKgrz3bd/Vg96fsRZNYIPLGmoEaqLOh3FOCGc2VbdsR9PwOn3fwthxkIRd6ds6/q jc5cpSmVsCOgu+OKcpRXikYDbkWXfTZ1AhSfn6njBYFdZ9+PNAu/0JRQh5bX60nO 5heniTcAJLwUZP/CQ8nxHY0Wqy+1rAtM33d5cVmhUlBXQSIru/0ZkA/b9fK5Zv8E ZMADYUoEvIG59Vxhyci8lzYf+Mxl8qBSF+ZdC4yWhzDqZtM9 -----END CERTIFICATE REQUEST-----'"
}Response
Status: 200, Ok| Name | Type | Description |
|---|---|---|
public_certificate |
string |
CA signed public key Certificate |
Example response
{
"public_certificate": "string"
}Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
3735628 |
Failed to use CA certificate for signing. |
3735665 |
The specified hash function is not supported in FIPS mode. |
52559974 |
The certificate is not supported in FIPS mode. |
3735626 |
Failed to generate signed Certificate. |
3735558 |
Failed to extract information about Common Name from the certificate. |
3735588 |
The common name (CN) extracted from the certificate is not valid. |
3735632 |
Failed to extract Certificate Authority Information from the certificate. |
3735629 |
Failed to sign the certificate because Common Name of signing certificate and Common Name of CA certificate are same. |
3735630 |
Failed to sign the certificate because expiry date of signing certificate exceeds the expiry date of CA certificate. |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
security_certificate_sign
| Name | Type | Description |
|---|---|---|
expiry_time |
string |
Certificate expiration time. The allowed expiration time range is between 1 day to 10 years. |
hash_function |
string |
Hashing function |
signing_request |
string |
Certificate signing request to be signed by the given certificate authority. Request should be in X509 PEM format. |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |