...
| Method | Endpoint | Parameter | Returned values | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Name | Is required? | Transfer method | Description | Name | Always returned? | Transfer method | Description | ||
| GET | /v1/certificate/{caName} | CA name | Yes | Path parameter | Name of Certificate Authority which should sign sent CSR. Must match CertService's CMPv2 servers configuration. | Error message | No, only if error occurred on server side | Body (JSON) | Verbose information what wrong happened on server side. |
| Base64 encoded CSR (Certificate Signing Request) | Yes | Header | Certificate Signing Request for given component | Certificate chain | No, only in success case. | Body (JSON) | Base64 encoded  signed certificate with whole certificate chain (intermediate CA certificates). Signed certificate should be returned first and then all intermediate certificates in following order: singer of previous certificate till certificate which is signed by root CA. All certificates are in PEM format. | ||
| Base64 encoded private key | Yes | Header | Private key. Needed to create proof of possession (PoP) | Trusted certificates | No, only in success case. | Body (JSON) | Base64 encoded list of trusted certificates. In other words list of root CAs which should be treated as trust anchors. Must contain root CA which was used to sign certificate and may contain other root CAs. Order doesn't matter. All certificates are in PEM format. | ||
Return HTTP codes:
| HTTP code | Description |
|---|---|
| 200 (OK) | Everything is ok. Certificate chain and trusted certificates returned |
| 400 (Bad Request) | Incorrect/missing CSR and/or private key |
| 401 (Unauthorized) | Missing client certificate or presented certificate is not trusted |
| 404 (Not found) | Invalid CA name in REST API call or wrong endpoint called |
| 500 (Internal Server Error) | In case of exception on server side. |
...
As the successful result of running CertService's client (exitCode = 0) following artifacts are created:
| Name | Description | |
|---|---|---|
| keystore.jks | Keystore with certificate chain. Protected by random generated password. | |
| keystore.pass | File with password to keystore | |
| truststore.jks | Truststore with all trusted certificates. Protected by random generated password. | |
| truststore.pass | File with password to truststore |
In case of error CertService's client returns other exit codes (errorCode != 0).
...