...
| Method | Endpoint | Parameter | Returned values | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Name | Is required? | Transfer method | Description | Name | Always returned? | Transfer method | Description | ||
| GET | /certificate/{caName} | CA name | Yes | Path parameter | Name of Certificate Authority which should sign sent CSR. Must match CertService's CMPv2 servers configuration. | Certificate chain | Yes | Body (JSON) | Base64 decoded  signed certificate with whole certificate chain (intermediate CA certificates). |
| Base64 encoded CSR (Certificate Signing Request) | Yes | Header | Certificate Signing Request for given component | Trusted certificates | Yes | Body (JSON) | Base64 decoded list of trusted certificates. In other words list of root CAs which should be treated as trust anchors. Must contain root CA which was used to sign certificate and may contain other root CAs. | ||
| Base64 encoded private key | Yes | Header | Private key. Needed to create proof of possession (PoP) | ||||||
Return HTTP codes:
| HTTP code | Description |
|---|---|
| 200 (OK) | Everything is ok. Certificate chain and trusted certificates returned |
| 400 (Bad Request) | Incorrect/missing CSR and/or private key |
| 401 (Unauthorized) | Missing client certificate or presented certificate is not trusted |
| 404 (Not found) | Invalid CA name in REST API call or wrong endpoint called |
| 500 (Internal Server Error) | In case of exception on server side. |
OpenAPI
Swagger will be added here 
...
Run CertService as docker via following command: TBA
| Code Block |
|---|
docker run -p 8080:8080/tcp $CONTAINER
|
Kubernetes
For Kubernetes helm chart is provided. Just fill in all values and deploy helm chart using following command: TBA
...