5.20.2 api cert user
Funkce /api/cert/user function helps you administer the user certificates.
The function is part of the System API service and the user must be assigned the System Control privilege for authentication if required.
The GET, PUT or DELETE method can be used for this function. The GET method returns information about one or more user certificates on the device. The PUT method uploads the given user certificate to the device. The DELETE method deletes a single user certificate from the device.
GET method
Request parameters for GET:
Parameter | Description |
|---|---|
id | An optional string value identifying an user certificate. The id value is user defined id, internal id or certificate fingerprint (hash). If id is not completed, the reply includes a long list of all user certificates in the device. |
The reply is in the application/json format and can include the following parameters:
Parameter | Description |
|---|---|
fingerprint | A fingerprint (hash) of the certificate. |
subjet,issuer | A dictionary which splits information for the Subject or the Issuer: Common Name (CN), Organization (O), Organization Unit (OU), Location (L), State (S), Country (C). |
id | A string value of the previously specified certificate identification. |
startDate | A date identifying when this certificate started to be valid. |
endDate | A date identifying when this certificate will cease to be valid. |
protected | A boolean value indicating whether the certificate is protected and therefore cannot be deleted from the device. Internal certificates with id starting with "#" are protected and cannot be deleted. |
systemUseOnly | A boolean value indicating whether the certificate should be selectable by the user as a certificate for any service. If it is |
Example: Get information of one certificate identified by id (fingerprint)
GET /api/cert/user?id=a164b11215a30f08603fd85c314327e274772b00 //request
{ //response
"success" : true,
"result" : {
"certificates" : [
{
"fingerprint" : "a164b11215a30f08603fd85c314327e274772b00",
"subject" : {
"CN" : "00-0001-0205",
"O" : "2N TELEKOMUNIKACE a.s.",
"S" : "Czech Republic",
"C" : "CZ"
},
"issuer" : {
"CN" : "My2N Device Utility Certificate Authority",
"O" : "2N TELEKOMUNIKACE a.s.",
"S" : "Czech Republic",
"C" : "CZ"
},
"startDate" : "2021-11-08T07:50:36Z",
"endDate" : "2022-02-06T07:50:36Z",
"protected" : false,
"id" : "#my2n-utility",
"systemUseOnly" : true
}
]
}
}
PUT method
If the same certificate is already on the device, it is overwritten.
Request parameters for PUT:
Parameter | Description |
|---|---|
blob-cert | A mandatory blob-cert contains the certificate in DER or PEM format. |
blob-pk | A mandatory blob-pk contains the private key in DER or PEM format. |
password | An optional password contains the password for the private key. |
id | An optional string of an unique user defined identification of a certificate. The user defined id starts with the '@' character. It must consist of 1-40 characters of the set: If a new certificate with the same id is uploaded, the original certificate is overwritten. |
The reply is in the application/json format and includes:
Parameter | Description |
|---|---|
fingerprint | A fingerprint (hash) of a certificate. |
replaced | A fingerprint of a replaced certificate. |
Example
PUT /api/cert/user //request
{ //response
"success" : true,
"result" : {
"certificates" : [
{
"fingerprint": "9623fa25e414aa930ed22348a22d04a4c4fda26b"
}
]
}
}
DELETE method
Request parameters for DELETE:
Parameter | Description |
|---|---|
id | A mandatory string value identifying a CA certificate. The id value is user defined id, internal id or certificate fingerprint (hash). Internal certificates with id starting with "#" are protected and cannot be deleted. |
The reply is in the application/json format.
Example
DELETE /api/cert/user?fingerprint=4deea7060d80bacf1643b4e0f0104c82995075b7 //request
{ //response
"success" : true
}