POST Certificate Authority Task Queue Test

The POST /CertificateAuthority/TaskQueue/Test method is used test the connectivity to the RabbitMQ instance using the task queue settings configured in Keyfactor Command. This method returns HTTP 200 OK on a success with success or fail and a message with more information, if applicable.

Tip:  The following permissions (see Security Roles and Claims) are required to use this feature:

/certificate_authorities/read/

Table 340: PUT Certificate Authority Task Queue Test Input Body

Name

In

Description
TaskQueueURL Body

Required. The amqp or amqps URL to the RabbitMQ instance. For example:

amqps://appsrvr12.keyexample.com

TokenURL

Body

Required in some cases. A string indicating the bearer token URL. This is the URL of the token endpoint for your identity provider instance.

This field is required if OAuth authentication is used.
ClientID Body

Required in some cases. A string indicating the client ID used to authenticate to RabbitMQ, if OAuth authentication is selected.

This field is required if OAuth authentication is used.
ClientSecret

Body

Required in some cases. An object indicating the client secret information to use for authentication along with the ClientID to make the connection to RabbitMQ, if OAuth authentication is selected.

Supported methods to store secret information are:

  • Keyfactor: Store the secret information in the Keyfactor secrets table.

    A Keyfactor secret is a user-defined username or password that is encrypted and stored securely in the Keyfactor Command database.

  • PAM Provider: Load the secret information from a PAM provider.

    See Privileged Access Management (PAM) for more information.

Value Description
Secret Value

A string containing the secret. This parameter is used when PAM is not used as the storage location.
Parameters An object indicating the parameters to supply for PAM authentication. These will vary depending on the PAM provider.
Provider

An integer indicating the ID of the PAM provider.

Use the GET /PamProviders method (see GET PAM Providers) to retrieve a list of all the PAM providers to determine the ID.

For example, an access keya secreta passworda username stored as a Keyfactor secret will look like:

Copy 
{
   "SecretValue": "AbCdEfGhIjKlMnOpQrStUvWxYz1234567890"
}
Copy 
{
   "SecretValue": "KEYEXAMPLE\\API-User"
}

A secret stored as a CyberArk PAM secret will look like (where the Provider value—1 in this example—is the Id value from GET PAM Providers and the Safe, Folder, and Object reference the information in the CyberArk safe needed for this record):

Copy 
{
   "Provider": "1",
   "Parameters":{
      "Safe":"MySafeName",
      "Folder":"MyFolderName",
      "Object":"MyObjectName"
   }
}

A secret stored as a Delinea PAM secret will look like (where the Provider value—2 in this example—is the Id value from GET PAM Providers and the SecretId and SecretFieldName contain the information created in the Delinea secret server for this purpose):

Copy 
{
   "Provider": "2",
   "Parameters":{
      "SecretId":"MyId"
      "SecretFieldName":"MyReferenceName"
   }
}

Due to its sensitive nature, this value is not returned in responses.

This field is required if OAuth authentication is used.
Scope Body A string indicating any scopes that should be included in token requests to the identity provider, if OAuth authentication is selected. If multiple scopes are desired, they should be separated by spaces.
Username

Body

Required in some cases. A string indicating the username used to authenticate to RabbitMQ, if Basic authentication is selected.

This field is required if Basic authentication is used.
Audience Body A string indicating the audience that should be included in token requests to the identity provider, if OAuth authentication is selected.
Password

Body

Required in some cases. An object indicating the password information to use for authentication along with the Username to make the connection to RabbitMQ, if Basic authentication is selected.

Supported methods to store secret information are:

  • Keyfactor: Store the secret information in the Keyfactor secrets table.

    A Keyfactor secret is a user-defined username or password that is encrypted and stored securely in the Keyfactor Command database.

  • PAM Provider: Load the secret information from a PAM provider.

    See Privileged Access Management (PAM) for more information.

Value Description
Secret Value

A string containing the secret. This parameter is used when PAM is not used as the storage location.
Parameters An object indicating the parameters to supply for PAM authentication. These will vary depending on the PAM provider.
Provider

An integer indicating the ID of the PAM provider.

Use the GET /PamProviders method (see GET PAM Providers) to retrieve a list of all the PAM providers to determine the ID.

For example, an access keya secreta passworda username stored as a Keyfactor secret will look like:

Copy 
{
   "SecretValue": "AbCdEfGhIjKlMnOpQrStUvWxYz1234567890"
}
Copy 
{
   "SecretValue": "KEYEXAMPLE\\API-User"
}

A secret stored as a CyberArk PAM secret will look like (where the Provider value—1 in this example—is the Id value from GET PAM Providers and the Safe, Folder, and Object reference the information in the CyberArk safe needed for this record):

Copy 
{
   "Provider": "1",
   "Parameters":{
      "Safe":"MySafeName",
      "Folder":"MyFolderName",
      "Object":"MyObjectName"
   }
}

A secret stored as a Delinea PAM secret will look like (where the Provider value—2 in this example—is the Id value from GET PAM Providers and the SecretId and SecretFieldName contain the information created in the Delinea secret server for this purpose):

Copy 
{
   "Provider": "2",
   "Parameters":{
      "SecretId":"MyId"
      "SecretFieldName":"MyReferenceName"
   }
}

Due to its sensitive nature, this value is not returned in responses.

This field is required if Basic authentication is used.
AuthType Body Required. A string indicating the type of authentication used to make the connection to RabbitMQ. Supported values are Basic or OAuth.

Table 341: POST Certificate Authority Task Queue Test Response Body

Name

Description
Success

A Boolean that indicates whether the connection to RabbitMQ from Keyfactor Command could successfully be made (true) or not (false).

Message

A string indicating a message about the validation test of the task queue configuration.
Tip:  See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor APIClosed An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflowClosed A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon () at the top of the Management Portal page next to the Log Out button.