POST Enrollment PFX Replace
The POST /Enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)./PFX
A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers./Replace method is used to replace a certificate in a certificate store. It is intended to be used immediately after using the POST /Enrollment/PFX method to enroll for a PFX using the Replace value for the x-certificateformat header (see POST Enrollment PFX) or the POST /Enrollment/Renew method to renew a certificate already in a certificate store. This method returns HTTP 200 OK on a success with a message body containing the failed and succeeded stores.
Permissions for certificate stores can be set at the system-wide level or with fine-grained control at the certificate store container level. See Container Permissions for more information about the differences between system-wide and more targeted permissions.
Table 504: POST Enrollment PFX Replace Input Parameters
Name | In | Description |
---|---|---|
CertificateId | Body |
Required in some cases. The integer for the certificate that needs to be deployed. This is returned in the response to the POST /Enrollment/PFX request. Either the CertificateId or the RequestId is required but not both. |
ExistingCertificateId | Body |
Required. The integer of the certificate that will be replaced that is already in the store(s). A management job will be created to replace the certificate in all stores in which it is found. Use the GET /Certificates method to determine the certificate ID. This information is also available in the certificate details for a certificate in the Keyfactor Command Management Portal. |
JobTime | Body |
A string containing the date and time when the certificate should be deployed. The date and time should be given using the ISO 8601 UTC time format YYYY-MM-DDTHH:mm:ss.000Z (e.g., 2023-11-19T16:23:01Z). Dates in the past will cause a management job to be created to run immediately. Dates in the future will result in a management job set to run in the future. The default is to create a management job that runs immediately. |
Password | Body |
Required in some cases. A string with a password used to secure the certificate in the certificate store. This field is required for store types that require an entry password, such as PEM stores. |
RequestId | Body |
Required in some cases. The integer of the request ID for the certificate that needs to be deployed. This is returned in the response to the POST /Enrollment/PFX request. Either the CertificateId or the RequestId is required but not both. |
Table 505: POST Enrollment PFX Replace Response Data
Name | Description |
---|---|
SuccessfulStores | An array of strings containing the GUIDs for the certificates stores for which management jobs to deploy the certificate were successfully created. Note: Successful creation of a management job to deploy a certificate to a certificate store does not necessarily mean that a certificate will successfully be deployed to the store. A management job may fail for any number of reasons (e.g., permissions on the store). Use the GET /Certificates/{id} method with includeLocations=true to confirm that the certificate has successfully been deployed to the target store(s). The locations won't appear in the certificate record until after a certificate store inventory has been completed for each store. |
FailedStores | An array of strings containing the GUIDs for the certificates stores for which management jobs to deploy the certificate could not be created. |



Was this page helpful? Provide Feedback