Create a certificate signing request
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
POST /security/certificate-signing-request
Introduced In: 9.8
This API generates a Certificate Signing Request(CSR) and a private key pair. A CSR is a message sent securely to a certificate authority (CA) via any electronic media to apply for a digital identity certificate. This is a general utility API for users to generate a CSR.
Required properties
-
subject_name
- Subject details of the certificate, including but not limited to the common name. Can be omitted if subject_alternatives is specified. -
subject_alternatives
- Subject Alternate Name (SAN) extensions. Only required if a common name is not specified using subject_name.
Recommended optional properties
-
security_strength
- Key size of the certificate, in bits. Specifying a stronger security strength in bits is recommended when creating a certificate. A value of at least 128 is necessary when using EC algorithm if the certificate is to be used in the context of TLSv1.3. -
hash_function
- Hashing function. -
algorithm
- Asymmetric algorithm. Algorithm used to generate a public/private key pair when creating a certificate.
Default property values
If not specified in POST, the following default property values are assigned:
-
security_strength
- 112 -
hash_function
- sha256 -
algorithm
- rsa
Related ONTAP commands
-
security certificate generate-csr
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
Name | Type | Description |
---|---|---|
_links |
||
algorithm |
string |
Asymmetric Encryption Algorithm. |
csr |
string |
A Certificate Signing Request (CSR) provided to a CA for obtaining a CA-signed certificate. |
extended_key_usages |
array[string] |
A list of extended key usage extensions. |
generated_private_key |
string |
Private key generated for the CSR. |
hash_function |
string |
Hashing function. |
key_usages |
array[string] |
A list of key usage extensions. |
security_strength |
integer |
Security strength of the certificate in bits. |
subject_alternatives |
||
subject_name |
string |
Subject name details of the certificate. The format is a list of comma separated key=value pairs. |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"algorithm": "string",
"csr": "string",
"extended_key_usages": [
"string"
],
"generated_private_key": "string",
"hash_function": "string",
"key_usages": [
"string"
],
"security_strength": 112,
"subject_alternatives": {
"dns": [
"*.example.com"
],
"email": [
"abc@example.com"
],
"ip": [
"10.225.34.10"
],
"uri": [
"http://example.com"
]
},
"subject_name": "C=US,O=NTAP,CN=test.domain.com"
}
Response
Status: 200, Ok
Name | Type | Description |
---|---|---|
_links |
||
algorithm |
string |
Asymmetric Encryption Algorithm. |
csr |
string |
A Certificate Signing Request (CSR) provided to a CA for obtaining a CA-signed certificate. |
extended_key_usages |
array[string] |
A list of extended key usage extensions. |
generated_private_key |
string |
Private key generated for the CSR. |
hash_function |
string |
Hashing function. |
key_usages |
array[string] |
A list of key usage extensions. |
security_strength |
integer |
Security strength of the certificate in bits. |
subject_alternatives |
||
subject_name |
string |
Subject name details of the certificate. The format is a list of comma separated key=value pairs. |
Example response
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"algorithm": "string",
"csr": "string",
"extended_key_usages": [
"string"
],
"generated_private_key": "string",
"hash_function": "string",
"key_usages": [
"string"
],
"security_strength": 112,
"subject_alternatives": {
"dns": [
"*.example.com"
],
"email": [
"abc@example.com"
],
"ip": [
"10.225.34.10"
],
"uri": [
"http://example.com"
]
},
"subject_name": "C=US,O=NTAP,CN=test.domain.com"
}
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
3735554 |
Certificate signing request failed. |
3735664 |
Key size is not supported in FIPS mode. |
3735665 |
Hash function is not supported in FIPS mode. |
3735700 |
Key size is not supported. |
3735713 |
Security strength bits length is not supported. |
3735714 |
Security strength bits length is not supported in FIPS mode. |
3735715 |
Certificate creation requires a common name or SAN extensions. |
3735741 |
Key size is not applicable with the EC encryption algorithm. |
3735750 |
Cannot supply "critical" as the only value in a list of extension values. |
52560173 |
Hash function is not supported for digital signatures. |
52560423 |
Failed to read the relative distinguished names. |
Also see the table of common errors in the Response body overview section of this documentation.
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}