The POST /Certificates/Analyze method is used to parse a raw binary certificate returned from a CA
A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. into human-readable list of certificate details. For input data supplied with chain certificates, the output will include analysis of the primary certificate and the chain certificates. This method returns HTTP 200 OK on a success with a list of the contents of the certificate and the certificates in the chain, if applicable.
Permissions for certificates can be configured at multiple levels. You can apply them system-wide—for all certificates—or use fine-grained control by assigning permissions at the certificate collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). level. The appropriate level depends on how the certificates are accessed. See Certificate Collection Permissions for more information about system-wide versus more targeted permission models.
Table 312: POST Certificates Analyze Input Parameters
| Name | In | Description |
|---|---|---|
| Certificate | Body |
Required. A string containing either the PEM-encoded string of the certificate not including the header and footer (e.g., -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) or the base-64 encoded contents of the certificate. Both certificates with and without private keys are supported for analysis. |
| Password | Body | A string containing the password used to encrypt the private key of the certificate, if applicable. |
Table 313: POST Certificates Analyze Response Data
| Name | Description |
|---|---|
| IssuedDN | A string containing the distinguished name of the certificate. |
| IssuerDN | A string containing the distinguished name of the issuer of the certificate. |
| Thumbprint | A string containing the thumbprint of the certificate. |
| NotAfter | A string containing the date/time, in UTC, on which the certificate expires. |
| NotBefore | A string containing the date/time, in UTC, on which the certificate was issued by the certificate authority. |
| Metadata | An object containing the metadata fields populated for the certificate. |
| IsEndEntity | A Boolean indicating whether the certificate is the end entity of the chain (true) or not (false). |
An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (
) at the top of the Management Portal page next to the Log Out button.Was this page helpful? Provide Feedback