Skip to main content

Retrieve security certificates

Contributors

GET /security/certificates/{uuid}

Introduced In: 9.6

Retrieves security certificates.

  • security certificate show

Parameters

Name Type In Required Description

uuid

string

path

True

Certificate UUID

fields

array[string]

query

False

Specify the fields to return.

Response

Status: 200, Ok
Name Type Description

_links

_links

authority_key_identifier

string

Provides the key identifier of the issuing CA certificate that signed the SSL certificate.

azure

azure

ca

string

Certificate authority

common_name

string

FQDN or custom common name. Provide on POST when creating a self-signed certificate.

expiry_time

string

Certificate expiration time, in ISO 8601 duration format or date and time format. Can be provided on POST if creating self-signed certificate. The expiration time range is between 1 day to 10 years.

hash_function

string

Hashing function. Can be provided on POST when creating a self-signed certificate. Hash functions md5 and sha1 are not allowed on POST.

intermediate_certificates

array[string]

Chain of intermediate Certificates in PEM format. Only valid in POST when installing a certificate.

key_size

integer

Key size of requested Certificate in bits. One of 512, 1024, 1536, 2048, 3072. Can be provided on POST if creating self-signed certificate with a minimum permissible value of 2048.

name

string

Certificate name or name of the certificate to be downloaded from the Azure Key Vault (AKV). If not provided in POST, a unique name specific to the SVM is automatically generated.

private_key

string

Private key Certificate in PEM format. Only valid for create when installing a CA-signed certificate. This is not audited.

public_certificate

string

Public key Certificate in PEM format. If this is not provided in POST, a self-signed certificate is created.

scope

string

Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".

serial_number

string

Serial number of certificate.

subject_alternatives

subject_alternatives

subject_key_identifier

string

Provides the key identifier used to identify the public key in the SSL certificate.

svm

svm

SVM, applies only to SVM-scoped objects.

type

string

Type of Certificate. The following types are supported:

  • client - a certificate and its private key used by an SSL client in ONTAP.

  • server - a certificate and its private key used by an SSL server in ONTAP.

  • client_ca - a Certificate Authority certificate used by an SSL server in ONTAP to verify an SSL client certificate.

  • server_ca - a Certificate Authority certificate used by an SSL client in ONTAP to verify an SSL server certificate.

  • root_ca - a self-signed certificate used by ONTAP to sign other certificates by acting as a Certificate Authority.

  • enum: ["client", "server", "client_ca", "server_ca", "root_ca"]

  • Introduced in: 9.6

  • x-nullable: true

uuid

string

Unique ID that identifies a certificate.

Example response
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "authority_key_identifier": "26:1F:C5:53:5B:D7:9E:E2:37:74:F4:F4:06:09:03:3D:EB:41:75:D7",
  "azure": {
    "client_certificate": "PEM Cert",
    "client_id": "aaaaaaaa-bbbb-aaaa-bbbb-aaaaaaaaaaaa",
    "client_secret": "abcdef",
    "key_vault": "https://kmip-akv-keyvault.vault.azure.net/",
    "oauth_host": "login.microsoftonline.com",
    "proxy": {
      "host": "proxy.eng.com",
      "password": "proxypassword",
      "port": 1234,
      "type": "string",
      "username": "proxyuser"
    },
    "tenant_id": "zzzzzzzz-yyyy-zzzz-yyyy-zzzzzzzzzzzz",
    "timeout": 25
  },
  "ca": "string",
  "common_name": "test.domain.com",
  "expiry_time": "2030-01-25 06:20:13 -0500",
  "hash_function": "string",
  "intermediate_certificates": [
    "-----BEGIN CERTIFICATE-----\nMIIBuzCCAWWgAwIBAgIIFTZBrqZwUUMwDQYJKoZIhvcNAQELBQAwHDENMAsGA1UE\nAxMEVEVTVDELMAkGA1UEBhMCVVMwHhcNMTgwNjA4MTgwOTAxWhcNMTkwNjA4MTgw\nOTAxWjAcMQ0wCwYDVQQDEwRURVNUMQswCQYDVQQGEwJVUzBcMA0GCSqGSIb3DQEB\nAQUAA0sAMEgCQQDaPvbqUJJFJ6NNTyK3Yb+ytSjJ9aa3yUmYTD9uMiP+6ycjxHWB\ne8u9z6yCHsW03ync+dnhE5c5z8wuDAY0fv15AgMBAAGjgYowgYcwDAYDVR0TBAUw\nAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFMJ7Ev/o/3+YNzYh5XNlqqjnw4zm\nMEsGA1UdIwREMEKAFMJ7Ev/o/3+YNzYh5XNlqqjnw4zmoSCkHjAcMQ0wCwYDVQQD\nEwRURVNUMQswCQYDVQQGEwJVU4IIFTZBrqZwUUMwDQYJKoZIhvcNAQELBQADQQAv\nDovYeyGNnknjGI+TVNX6nDbyzf7zUPqnri0KuvObEeybrbPW45sgsnT5dyeE/32U\n9Yr6lklnkBtVBDTmLnrC\n-----END CERTIFICATE-----\n"
  ],
  "key_size": 512,
  "name": "string",
  "private_key": "-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n",
  "public_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuzCCAWWgAwIBAgIIFTZBrqZwUUMwDQYJKoZIhvcNAQELBQAwHDENMAsGA1UE\nAxMEVEVTVDELMAkGA1UEBhMCVVMwHhcNMTgwNjA4MTgwOTAxWhcNMTkwNjA4MTgw\nOTAxWjAcMQ0wCwYDVQQDEwRURVNUMQswCQYDVQQGEwJVUzBcMA0GCSqGSIb3DQEB\nAQUAA0sAMEgCQQDaPvbqUJJFJ6NNTyK3Yb+ytSjJ9aa3yUmYTD9uMiP+6ycjxHWB\ne8u9z6yCHsW03ync+dnhE5c5z8wuDAY0fv15AgMBAAGjgYowgYcwDAYDVR0TBAUw\nAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFMJ7Ev/o/3+YNzYh5XNlqqjnw4zm\nMEsGA1UdIwREMEKAFMJ7Ev/o/3+YNzYh5XNlqqjnw4zmoSCkHjAcMQ0wCwYDVQQD\nEwRURVNUMQswCQYDVQQGEwJVU4IIFTZBrqZwUUMwDQYJKoZIhvcNAQELBQADQQAv\nDovYeyGNnknjGI+TVNX6nDbyzf7zUPqnri0KuvObEeybrbPW45sgsnT5dyeE/32U\n9Yr6lklnkBtVBDTmLnrC\n-----END CERTIFICATE-----\n",
  "scope": "string",
  "serial_number": "string",
  "subject_alternatives": {
    "dns": [
      "*.example.com"
    ],
    "email": [
      "abc@example.com"
    ],
    "ip": [
      "10.225.34.10"
    ],
    "uri": [
      "http://example.com"
    ]
  },
  "subject_key_identifier": "26:1F:C5:53:5B:D7:9E:E2:37:74:F4:F4:06:09:03:3D:EB:41:75:D8",
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  },
  "type": "string",
  "uuid": "string"
}

Error

Status: Default, Error
Name Type Description

error

returned_error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

proxy

Name Type Description

host

string

Proxy host.

password

string

Proxy password. Password is not audited.

port

integer

Proxy port.

type

string

Proxy type.

username

string

Proxy username.

azure

Name Type Description

client_certificate

string

PKCS12 certificate used by the application to prove its identity to AKV.

client_id

string

Application client ID of the deployed Azure application with appropriate access to an AKV.

client_secret

string

Secret used by the application to prove its identity to AKV.

key_vault

string

URI of the deployed AKV that is used by ONTAP for storing keys.

oauth_host

string

Open authorization server host name.

proxy

proxy

tenant_id

string

Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV.

timeout

integer

AKV connection timeout, in seconds. The allowed range is between 0 to 30 seconds.

verify_host

boolean

Verify the identity of the AKV host name. By default, verify_host is set to true.

subject_alternatives

Name Type Description

dns

array[string]

A list of DNS names for Subject Alternate name extension.

email

array[string]

A list of email addresses for Subject Alternate name extension

ip

array[string]

A list of IP addresses for Subject Alternate name extension.

uri

array[string]

A list of URIs for Subject Alternate name extension.

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

_links

_links

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.