Skip to content

PKI CA REST API

Endi S. Dewata edited this page Sep 24, 2020 · 16 revisions

Account Services

User Services

User Certificate Services

User Roles Services

Certificate Services

Certificate Request Template Services

Certificate Request Services

Examples

Client Certificate and Key Extraction

For operations that require client certificate authentication, extract the cert and key from P12 to PEM file:

$ openssl pkcs12 -in ~/.dogtag/pki-tomcat/ca_admin_cert.p12 -out file.crt.pem -clcerts -nokeys
$ openssl pkcs12 -in ~/.dogtag/pki-tomcat/ca_admin_cert.p12 -out file.key.pem -nocerts -nodes

Using curl

[GET] To list all cert requests pass both the cert and key as params to curl:

$ curl -v -k -E file.crt.pem --key file.key.pem https://<host>:8443/ca/rest/agent/certrequests

Note: Use -k if the CA chain is not imported system-wide

[GET] You can also pass a PKCS12 file to curl:

$ curl -k --cert-type P12 \
    --cert ~/.dogtag/pki-tomcat/ca_admin_cert.p12:<password> \
    https://<host>:8443/ca/rest/agent/certrequests

Using Postman

Go to File → Settings → Certificates (tab) → (Under Client Certificates) Add Certificate → Select cert and key

Note: Make sure to provide the correct hostname and port to ensure that the credentials are pinned with the request.

See Also

Clone this wiki locally