Skip to main content
A newer release of this product is available.

Create a certificate signing request

Contributors
PDFs

POST /security/certificate-signing-request

Introduced In: 9.8

This API generates a Certificate Signing Request(CSR) and a private key pair. A CSR is a message sent securely to a certificate authority (CA) via any electronic media to apply for a digital identity certificate. This is a general utility API for users to generate a CSR.

  • subject_name - Subject details of the certificate.

  • security_strength - Key size of the certificate in bits. Specifying a stronger security strength in bits is recommended when creating a certificate.

  • hash_function - Hashing function.

  • algorithm - Asymmetric algorithm. Algorithm used to generate a public/private key pair when creating a certificate.

  • subject_alternatives - Subject Alternate name extensions.

Default property values

If not specified in POST, the following default property values are assigned:

  • security_strength - 112

  • hash_function - sha256

  • algorithm - rsa

  • security certificate generate-csr

Parameters

Name Type In Required Description

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

  • Default value:

Request Body

Name Type Description

_links

_links

algorithm

string

Asymmetric Encryption Algorithm.

csr

string

A Certificate Signing Request (CSR) provided to a CA for obtaining a CA-signed certificate.

extended_key_usages

array[string]

A list of extended key usage extensions.

generated_private_key

string

Private key generated for the CSR.

hash_function

string

Hashing function.

key_usages

array[string]

A list of key usage extensions.

security_strength

integer

Security strength of the certificate in bits.

subject_alternatives

subject_alternatives

subject_name

string

Subject name details of the certificate. The format is a list of comma separated key=value pairs.
Example request 
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "algorithm": "rsa",
  "csr": "string",
  "extended_key_usages": {
  },
  "generated_private_key": "string",
  "hash_function": "sha256",
  "key_usages": {
  },
  "security_strength": "112",
  "subject_alternatives": {
    "dns": {
    },
    "email": {
    },
    "ip": {
    },
    "uri": {
    }
  },
  "subject_name": "C=US,O=NTAP,CN=test.domain.com"
}

Response

Status: 200, Ok
Name Type Description

_links

_links

algorithm

string

Asymmetric Encryption Algorithm.

csr

string

A Certificate Signing Request (CSR) provided to a CA for obtaining a CA-signed certificate.

extended_key_usages

array[string]

A list of extended key usage extensions.

generated_private_key

string

Private key generated for the CSR.

hash_function

string

Hashing function.

key_usages

array[string]

A list of key usage extensions.

security_strength

integer

Security strength of the certificate in bits.

subject_alternatives

subject_alternatives

subject_name

string

Subject name details of the certificate. The format is a list of comma separated key=value pairs.
Example response 
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "algorithm": "rsa",
  "csr": "string",
  "extended_key_usages": {
  },
  "generated_private_key": "string",
  "hash_function": "sha256",
  "key_usages": {
  },
  "security_strength": "112",
  "subject_alternatives": {
    "dns": {
    },
    "email": {
    },
    "ip": {
    },
    "uri": {
    }
  },
  "subject_name": "C=US,O=NTAP,CN=test.domain.com"
}

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

3735554

Certificate signing request failed.

3735664

Key size is not supported in FIPS mode.

3735665

Hash function is not supported in FIPS mode.

3735700

Key size is not supported.

3735713

Security strength bits length is not supported.

3735714

Security strength bits length is not supported in FIPS mode.

3735715

Certificate creation requires a common name or SAN extensions.

3735741

Key size is not applicable with the EC encryption algorithm.

52560173

Hash function is not supported for digital signatures.

52560423

Failed to read the relative distinguished names.
Name Type Description

error

error
Example error 
{
  "error": {
    "arguments": {
      "code": "string",
      "message": "string"
    },
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

_links

Name Type Description

self

href

subject_alternatives

Name Type Description

dns

array[string]

A list of DNS names for Subject Alternate name extension.

email

array[string]

A list of email addresses for Subject Alternate name extension

ip

array[string]

A list of IP addresses for Subject Alternate name extension.

uri

array[string]

A list of URIs for Subject Alternate name extension.

certificate_signing_request

Name Type Description

_links

_links

algorithm

string

Asymmetric Encryption Algorithm.

csr

string

A Certificate Signing Request (CSR) provided to a CA for obtaining a CA-signed certificate.

extended_key_usages

array[string]

A list of extended key usage extensions.

generated_private_key

string

Private key generated for the CSR.

hash_function

string

Hashing function.

key_usages

array[string]

A list of key usage extensions.

security_strength

integer

Security strength of the certificate in bits.

subject_alternatives

subject_alternatives

subject_name

string

Subject name details of the certificate. The format is a list of comma separated key=value pairs.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.