PUT Certificates Metadata All

The PUT /Certificates/Metadata Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates./All method is used to update one or more metadata values for a specified set of certificates. This endpoint An endpoint is a URL that enables the API to gain access to resources on a server. returns 204 with no content upon success.

Tip: The following permissions (see Security Roles and Claims) are required to use this feature:

/certificates/collections/metadata/modify/

/certificates/collections/metadata/modify/#/ (where # is a reference to a specific certificate collection ID—see CollectionID, below)

Permissions for certificates can be configured at multiple levels. You can apply them system-wide—for all certificates—or use fine-grained control by assigning permissions at the certificate collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). level. The appropriate level depends on how the certificates are accessed. See Certificate Collection Permissions for more information about system-wide versus more targeted permission models.

Table 315: PUT Certificates Metadata All Input Parameters

Name

Description

Query

Body

Required in some cases. A string containing a query to limit the certificates to update (e.g., field1 -eq value1 AND field2 -gt value2). Fields available for querying through the API for the most part match those that appear in the Keyfactor Command Management Portal search dropdowns. For querying guidelines, refer to: Certificate Search Page. A value for one of CertificateIds, Query, or CollectionId is required.

The query fields supported for this endpoint are:

AltKeySize
AltKeyAlgorithm (an OID string)
AltPublicKey
AltSigningAlgorithm
ArchivedKey
CA
CertId
CertificateAuthorityId
CertificateRenewed
CertState
CertStoreContainer
CertStoreFQDN
CertStorePath
CN (alias: IssuedCN)
DN (alias: IssuedDN)
EKU
EKUName
ExpirationDate (alias: NotAfter)
HasAltPrivateKey
HasPrivateKey
ImportDate
IsHybridCertificate
IssuedDate (aliases: NotBefore and EffectiveDate)

IssuerDN
KeyfactorRequestId
KeyAlgorithm (an OID string)
KeySize (alias: KeySizeInBits)
KeyUsage
NetBIOSPrincipal (alias: PrincipalName)
NetBIOSRequester (alias: RequesterName)
OU
OwnerRoleName
PublicKey
RevocationDate (alias: RevocationEffDate)
Revoker
RFC2818Compliant
SelfSigned
SerialNumber
SigningAlgorithm
SSLDNSName
SSLIPAddress (alias: SslHostName)
SSLNetworkName
SSLPort
SAN
TemplateDisplayName (alias: TemplateName)
TemplateId
TemplateShortName
Thumbprint

The following fields have been deprecated and may be removed in a future release; they will be honored if included in a request:

AltKeyType (an integer)
KeyType (an integer)

The following fields have been deprecated and may be removed in a future release; they will be ignored if included in a request:

CARequestID
CertRequestId
IsPfx
RequestResolutionDate

Note: Queries may be done using either the primary field name or the field alias(es).

Tip: To exclude revoked certificates from the update, include a query of:

CertState -ne \"2\"

To exclude expired certificates from the update, include a query of:

ExpirationDate -ge \"%TODAY%\"

CertificateIds

Body

Required in some cases. An array of integers indicating the Keyfactor Command certificate IDs to update. A value for one of CertificateIds, Query, or CollectionId is required.

Metadata

Body

Required. An array of objects containing information about the metadata field(s) to update. Show metadata details.

Name	Description
Value	Required. A string indicating the value that should be set for the metadata field.
MetadataName	Required. A string indicating the name of the metadata field that should be updated for the certificates.
OverwriteExisting	A Boolean that sets whether all the certificates being updated will have their metadata field overwritten to the value being provided, including those that already have a value in the given metadata field (true) or whether only the certificates that currently have no value in the given metadata field will be saved with the new value (false). The default is false.

For example:

Copy

"Metadata": [
   {
      "MetadataName": "AppOwnerEmailAddress", // This is a String field.
      "Value": "john.smith@keyexample.com",
      "OverwriteExisting": true
   },
   {
      "MetadataName": "SiteCode", // This is an Integer field.
      "Value": 5,
      "OverwriteExisting": true
   },
   {
      "MetadataName": "BusinessCritical", // This is a Boolean field.
      "Value": true,
      "OverwriteExisting": true
   },
   {
      "MetadataName": "Notes", // This is a BigText field.
      "Value": "Here are some notes about this certificate.",
      "OverwriteExisting": true
   },
   {
      "MetadataName": "BusinessUnit", // This is a Multiple Choice field.
      "Value": "E-Business", // This is a value pre-defined for the field.
      "OverwriteExisting": true
   },
   {
      "MetadataName": "TicketResolutionDate", // This is a Date field in yyyy-mm-dd format.
      "Value": "2021-07-23",
      "OverwriteExisting": true
   }
]

CollectionId

Query

Required in some cases. An optional integer that specifies the certificate collection (CollectionId) to validate whether the user has sufficient permissions to perform the action. If a CollectionId is not provided, the user must have appropriate permissions granted system-wide or via certificate store containers.Providing a CollectionId allows the system to check the user's permissions at the certificate collection level. Permissions are evaluated in the following order:System-wide certificate permissionsGranular certificate permissionsUse either ContainerId or CollectionId, not both. If both are specified, CollectionId takes precedence, and the ContainerId is ignored (defaults to 0).See Certificate Collection Permissions for more information.

This field can also be used to specify the certificate collection containing certificates that should be updated. A value for one of CertificateIds, Query, or CollectionId is required.

Tip: See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor API

An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow

A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (

) at the top of the Management Portal page next to the Log Out button.

Was this page helpful? Provide Feedback

Version v25.3

On this page: