Re: [Pki-users] Submitting a Certificate Request or CSR file by using CA Rest API

Thursday, 9 April 2020

On Wed, Apr 08, 2020 at 04:08:09PM +0200, Pascal Jakobi wrote:
...
 Fraser

 We are conscious that we can use ca-cert-request to send a csr towards the
 CA.

 But we want to avoid this.

 Our use case is to have a csr generated with openssl, then be able to send
 it to the CA with a simple curl/HTTP POST for further validation (we have
 cases where installing the pki-tools rpm is not doable).

 If this is possible, what is the target URI that should be used (you can
 point me to a some documentation if I missed some) ?

 Thanks again

 P
  Sure,

POST to /ca/rest/certrequests

The body shall be an XML document such as:

    <?xml version="1.0" encoding="UTF-8"
standalone="yes"?>
    <CertEnrollmentRequest>
        <ProfileID>{profile}</ProfileID>
        <Input id="i1">
            <ClassID>certReqInputImpl</ClassID>
            <Attribute name="cert_request_type">
                <Value>pkcs10</Value>
            </Attribute>
            <Attribute name="cert_request">
                <Value>{req}</Value>
            </Attribute>
        </Input>
    </CertEnrollmentRequest>

Where {profile} is replaced with the profile ID you want to use to
issue the certificate, and {req} is replaced with the PEM-encoded
PKCS #10 CSR.

REST API doc is here: https://www.dogtagpki.org/wiki/CA_REST_API.
In several cases (including for submitting certificate requests)
there are just links to Java source files where payload data are
specified.

Cheers,
Fraser

...

 Le 06/03/2020 à 01:53, Fraser Tweedale a écrit :
 > On Thu, Mar 05, 2020 at 02:19:51PM +0100, Amaury SIHARATH wrote:
 > > Hello,
 > > 
 > > I'm still a beginner and looking into Dogtak PKI recently. I wanted if it
 > > was possible to submit a Certificate Request or a CSR File to the CA by
 > > using a curl POST command with the CA Rest API, is the feature still up and
 > > running ? As it is implied by the documentation ?
 > > 
 > Yes, you can do that.  Let us know if you get stuck and we can help.
 > 
 > Cheers,
 > Fraser
 > 
 > > Best regards,
 > > 
 > > Amaury SIHARATH.
 > > _______________________________________________
 > > Pki-users mailing list
 > > Pki-users(a)redhat.com
 > > https://www.redhat.com/mailman/listinfo/pki-users
 > _______________________________________________
 > Pki-users mailing list
 > Pki-users(a)redhat.com
 > https://www.redhat.com/mailman/listinfo/pki-users
 > 

 _______________________________________________
 Pki-users mailing list
 Pki-users(a)redhat.com
 https://www.redhat.com/mailman/listinfo/pki-users 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Re: [Pki-users] Submitting a Certificate Request or CSR file by using CA Rest API