POST Enrollment CSR
The POST /Enrollment
Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)./CSR A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. method is used to enroll for a certificate using a certificate signing request A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. (CSR). This method returns HTTP 200 OK on a success with a message body containing a list of certificate details and any metadata Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In the context of Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates. that was associated with the certificate request.
A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. and CSR), renewal, and revocation requests all flow through Keyfactor Command workflow A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked.. This will result in no changes to the enrollment, renewal, and revocation user experience unless customizations have been added in workflow (see Workflow Definitions).Table 327: POST Enrollment CSR Input Parameters
| Name | In | Description |
|---|---|---|
| CSR | Body |
Required. The base-64 encoded CSR that will be passed in for enrollment. |
| Timestamp | Body |
Required. The current date and time. The date and time should be given using the ISO 8601 UTC time format YYYY-MM-DDTHH:mm:ss.000Z (e.g. 2021-05-19T16:23:01Z). |
| Template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received.
|
Body |
Required*. A string that sets the name of the certificate template that should be used to issue the certificate. The template short name should be used. This field is required unless the enrollment is being done against a standalone CA |
| CertificateAuthority | Body |
Required*. A string that sets the name of the certificate authority corpca01.keyexample.com\\CorpIssuingCA1 OR CorpIssuingCA1
If no certificate authority is provided, one will be chosen at random from the certificate authorities available for enrollment with the provided Template. This field is optional unless the enrollment is being done against a standalone CA, in which case it is required. |
| IncludeChain | Body |
A Boolean that sets whether to include the certificate chain in the response (true) or not (false). The default is false. |
| Metadata | Body |
An array of key/value pairs that set the values for the metadata fields that will be associated with the certificate once it is in Keyfactor Command. The key is the field name and the value is the value for the field. For example: "Metadata": {
"AppOwnerFirstName": "William", // This is a String field.
"AppOwnerLastName": "Smith",
"AppOwnerEmailAddress": "william.smith@keyexample.com",
"BusinessCritical": "true", // This is a Boolean field.
"BusinessUnit": "E-Business", // This is a Multiple Choice field with a pre-defined value.
"Notes": "Here are some notes.", // This is a BigText field.
"SiteCode": 3, // This is an integer field.
"TicketResolutionDate": "2021-07-23" // This is a Date field in yyyy-mm-dd format.
}
See the Certificate Metadata section of the Keyfactor Command Reference Guide for more information. |
| SANs | Body |
An array of key/value pairs that represent the elements for Keyfactor Command to use when generating the subject alternative name For example: "SANs": {
"dns": [
"dnssan1.keyexample.com",
"dnssan2.keyexample.com",
"dnssan3.keyexample.com"
],
"ip4": [
"192.168.2.73"
]
}
Note: Entering SANs with this option may either append or overwrite the SANs in the CSR request depending on how the issuing CA is configured. Please be sure to check that the certificate has the correct SANs after issuance. Any SAN added automatically as a result of the RFC 2818 compliance settings (see GET Templates) will still be added alongside anything you add here. See the SAN Attribute Policy Handler section of the Keyfactor Command Reference Guide for more information.
|
| AdditionalEnrollmentFields | Body | An array of key/value pairs that provide values for any custom enrollment fields set on the certificate template to supply custom request attributes to the CA during the enrollment process. For example: "AdditionalEnrollmentFields": { "CustomStringOne": "ValueOne", "CustomMultiChoiceTwo": "ValueTwo" } See the Certificate Template Operations section of the Keyfactor Command Reference Guide for more information. |
| x-CertificateFormat | Header |
Required. The desired output format for the certificate. Available options are DER |
Table 328: POST Enrollment CSR Response Data
| Value | Description |
|---|---|
| CertificateInformation |
Information about the certificate that was requested. |
| Metadata |
An array of the custom metadata values set on the certificate. The values vary depending on customization done in your environment. See the Certificate Metadata section of the Keyfactor Command Reference Guide for more information. |
