The POST /Enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)./PFX
 Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)./PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers./Deploy method is used to put a certificate into a certificate store. It is intended to be used immediately after using the POST /Enrollment/PFX method to enroll for a PFX using the Store value for the x-certificateformat header (see POST Enrollment PFX) or the POST /Enrollment/Renew method to renew a certificate already in a certificate store. This method returns HTTP 200 OK on a success with a message body containing the failed and succeeded stores.
 A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers./Deploy method is used to put a certificate into a certificate store. It is intended to be used immediately after using the POST /Enrollment/PFX method to enroll for a PFX using the Store value for the x-certificateformat header (see POST Enrollment PFX) or the POST /Enrollment/Renew method to renew a certificate already in a certificate store. This method returns HTTP 200 OK on a success with a message body containing the failed and succeeded stores.
Permissions for certificate stores can be set at the system-wide level or with fine-grained control at the certificate store container level. See Container Permissions for more information about the differences between system-wide and more targeted permissions.
Table 474: POST Enrollment PFX Deploy Input Parameters
| Name | Type | Description | 
|---|---|---|
| CertificateId | Body | Required in some cases. The integer for the certificate that needs to be deployed. This is returned in the response to the POST /Enrollment/PFX or POST /Enrollment/Renew request as the KeyfactorId. Note:  For enrollments that do not require manager approval (where the certificate is issued immediately), the CertificateId is required. The RequestId may be provided but is not required in this case. For enrollments that do require manager approval (where the certificate is not issued immediately), only the KeyfactorRequestId will be returned on the enrollment and the RequestId is required for deployment. | 
| JobTime | Body | A string containing the date and time when the certificate should be deployed. The date and time should be given using the ISO 8601 UTC time format YYYY-MM-DDTHH:mm:ss.000Z (e.g., 2023-11-19T16:23:01Z). Dates in the past will cause a management job to be created to run immediately. Dates in the future will result in a management job set to run in the future. The default is to create a management job that runs immediately. | 
| Password | Body | Required in some cases. A string with a password used to secure the certificate in the certificate store. This field is required for store types that require an entry password, such as PEM stores. | 
| RequestId | Body | Required in some cases. The integer of the request ID for the certificate that needs to be deployed. This is returned in the response to the POST /Enrollment/PFX or POST /Enrollment/Renew request as the KeyfactorRequestId. See the note under CertificateId regarding when this field is required and when it is not. | 
| StoreIds | Body | An array of strings containing the certificate store GUIDs for the stores to which the certificate should be added. The StoreIds parameter is obsolete as of Keyfactor Command version 9.4 and has been replaced by the Stores parameter. It is still supported for backward compatibility, but no longer required. | 
| Stores | Body | Required in some cases. An array of objects indicating the certificate stores to which the certificate should be deployed with additional properties as needed based on the store type and whether an existing certificate is being overwritten with the new certificate.  This replaces the StoresIDs and StoreTypes parameters as of Keyfactor Command version 9.4. | 
| StoreTypes | Body | An array of objects indicating the store types used with additional properties as needed based on the store type and whether an existing certificate is being overwritten with the new certificate. The StoreTypes parameter is obsolete as of Keyfactor Command version 9.4 and has been replaced by the Stores parameter. It is still supported for backward compatibility, but is no longer required. | 
Table 475: POST Enrollment PFX Deploy Response Data
| Name | Description | 
|---|---|
| SuccessfulStores | An array of strings containing the GUIDs for the certificates stores for which management jobs to deploy the certificate were successfully created. Note:  Successful creation of a management job to deploy a certificate to a certificate store does not necessarily mean that a certificate will successfully be deployed to the store. A management job may fail for any number of reasons (e.g., permissions on the store). Use the GET /Certificates/{id} method with includeLocations=true to confirm that the certificate has successfully been deployed to the target store(s). The locations won't appear in the certificate record until after a certificate store inventory has been completed for each store. | 
| FailedStores | An array of strings containing the GUIDs for the certificates stores for which management jobs to deploy the certificate could not be created. | 
 An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow
 An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (
 A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon ( ) at the top of the Management Portal page next to the Log Out button.
) at the top of the Management Portal page next to the Log Out button.Was this page helpful? Provide Feedback