POST Certificate Collections
The POST /CertificateCollections method is used to create a new saved collection
The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). of certificates or update an existing collection. This method returns HTTP 200 OK on a success with details about the certificate collection.
Permissions for certificates can be set at either the global or certificate collection level. See Certificate Permissions in the Keyfactor Command Reference Guide for more information about global vs collection permissions.
Table 241: POST Certificate Collections Input Parameters
| Name | In | Description |
|---|---|---|
| Name | Body | Required. The name for the certificate collection. This name appears at the top of the page in the Keyfactor Command Management Portal for this collection and can be configured to appear on the Management Portal menu under Certificate Collections. It will also appear in other places within the Management Portal where you can reference certificate collections (e.g. expiration alerts and certain reports). Because it can appear on the menu and in selection dropdowns, the name should be fairly short. |
| Description | Body | Required. The description for the collection. This description appears at the top of the page in the Management Portal for this collection and can be more detailed than the collection name. See also CopyFromId. |
| Query | Body |
Required. A string containing the search criteria for the collection. For example: "Query": "(IssuedDate -ge \"%TODAY-7%\" AND TemplateShortName -ne NULL) OR (IssuedDate -ge \"%TODAY-7%\" AND IssuerDN -contains \"keyexample\")"
See Certificate Search Pagein the Keyfactor Command Reference Guide for querying guidelines. See also CopyFromId. |
| DuplicationField | Body |
An integer that sets the type of de-duplication (a.k.a. "ignore renewed certificate results by") to apply to the collection when using the collection in areas of Keyfactor Command that apply de-duplication (e.g. expiration alerts). For more information, see Saving Search Criteria as a Collection in the Keyfactor Command Reference Guide. |
| ShowOnDashboard | Body | A Boolean that sets whether the results from this collection are included on the Management Portal dashboard Certificate Counts by Collection graph (true) or not (false). |
| Favorite | Body | A Boolean that sets whether the collection appears on the Navigator—on the Certificates top-level menu dropdown—(true) or not (false). |
| CopyFromId | Body |
An integer identifying an existing certificate collection from which to copy the query string. Use the GET /CertificateCollections method (see GET Certificate Collections) to locate the ID of the collection whose query you wish to copy. When you use this parameter Example: Gina wants to create a new collection using the CopyFromId option. She first uses GET /CertificateCollections/{id} to list the collection she plans to copy from and sees the following results:
{
"Id": 10,
"Name": "Keyexample Collection",
"Description": "Certificates in the Keyexample Domain",
"Automated": false,
"Content": "CN -contains \"keyexample.com\"",
"DuplicationField": 2,
"ShowOnDashboard": false,
"Favorite": true
}Gina wants her new certificate collection to retain the same collection-level permissions as the Keyexample Collection. However, she wants the collection to report on a different domain name. The Keyexample Collection is configured to grant collection-level permissions of Read, Edit Metadata, and Download with Private Key to the Power Users role. At the Key Example company, users with the Power Users role do not have global certificate Read permissions because all certificate permissions are granted using certificate collection permissions. Only full Keyfactor Command administrators have global certificate Read permissions. Users with the Power Users role have Modify permissions for certificate collections to allow them to create new collections. This level of permissions is significant for what Gina wants to do. Gina holds the Power Users role and is not a full administrator. Gina uses POST /CertificateCollections/Copy (or POST /CertificateCollections—the behavior and output would be the same) to create a new certificate collection using the CopyFromId option with the following command: {
"CopyFromId": 10,
"Name": "Keyother Collection",
"Description": "Certificates in the Keyother Domain",
"Query": "CN -contains \"keyother.com\"",
"DuplicationField": 2,
"ShowOnDashboard": false,
"Favorite": true
}In the response, Gina sees the following: {
"Id": 15,
"Name": "Keyother Collection",
"Description": "Certificates in the Keyother Domain",
"Automated": false,
"Content": "(CN -contains \"keyexample.com\") AND (CN -contains \"keyother.com\")",
"Query": "(CN -contains \"keyexample.com\") AND (CN -contains \"keyother.com\")",
"DuplicationField": 2,
"ShowOnDashboard": false,
"Favorite": true
}Notice that Gina has not achieved her desired goal. The new collection contains a query for both the keyexample.com domain and the keyother.com domain. Gina's new query was appended to the existing query rather than overwriting the existing query. This happened because Gina does not have global Read permissions for certificates and is done to prevent a user from increasing the scope of certificates they can view. Gina asks Martha, who is a full Keyfactor Command administrator and has the global Read permissions for certificates, to copy the collection for her. Martha first deletes the first Keyother Collection that Gina created and then runs the same command that Gina ran to create a new collection. In the response, Martha sees the following: {
"Id": 16,
"Name": "Keyother Collection",
"Description": "Certificates in the Keyother Domain",
"Automated": false,
"Content": "(CN -contains \"keyother.com\")",
"Query": "(CN -contains \"keyother.com\")",
"DuplicationField": 2,
"ShowOnDashboard": false,
"Favorite": true
}Notice that when Martha runs the command, Gina's goal is achieved. |
Table 242: POST Certificate Collections Response Data
| Name | Description |
|---|---|
| ID | The Keyfactor Command reference ID for the certificate collection. The ID is automatically assigned by Keyfactor Command. |
| Name | The name for the certificate collection. This name appears at the top of the page in the Keyfactor Command Management Portal for this collection and can be configured to appear on the Management Portal menu under Certificate Collections. It will also appear in other places within the Management Portal where you can reference certificate collections (e.g. expiration alerts and certain reports). Because it can appear on the menu and in selection dropdowns, the name should be fairly short. |
| Description | The description for the collection. This description appears at the top of the page in the Management Portal for this collection and can be more detailed than the collection name. |
| Content |
A string containing the search criteria for the collection. |
| Query |
A string containing the search criteria for the collection. |
| DuplicationField |
An integer that sets the type of de-duplication (a.k.a. "ignore renewed certificate results by") to apply to the collection when using the collection in areas of Keyfactor Command that apply de-duplication (e.g. expiration alerts). For more information, see Saving Search Criteria as a Collection in the Keyfactor Command Reference Guide. |
| ShowOnDashboard | A Boolean that sets whether the results from this collection are included on the Management Portal dashboard Certificate Counts by Collection graph (true) or not (false). |
| Favorite | A Boolean that sets whether the collection appears on the Navigator—on the Certificates top-level menu dropdown—(true) or not (false). |
