POST Certificates Download
The POST /Certificates/Download method is used to download a certificate from Keyfactor Command. This method returns HTTP 200 OK on a success with the base-64-encoded certificate without private key
Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure., including optional certificate chain, in DER A DER format certificate file is a DER-encoded binary certificate. It contains a single certificate and does not support storage of private keys. It sometimes has an extension of .der but is often seen with .cer or .crt., PEM A PEM format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PEM certificates always begin and end with entries like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. PEM certificates can contain a single certificate or a full certifiate chain and may contain a private key. Usually, extensions of .cer and .crt are certificate files with no private key, .key is a separate private key file, and .pem is both a certificate and private key. of P7B A PKCS #7 format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PKCS #7 certificates always begin and end with entries that look something like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. Unlike PEM files, PKCS #7 files can contain only a certificate and its certifiate chain but NOT its private key. Extensions of .p7b or .p7c are usually seen on certificate files of this format. format. For certificates with private keys in PEM or PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. format, use the POST /Certificates/Recover method (see POST Certificates Recover).
Certificate permission can be granted at either the global or collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). level. See note under CollectionId, below.
Table 215: POST Certificates Download Input Parameters
| Name | In | Description |
|---|---|---|
| CertID | Body |
Required*. The Keyfactor Command reference ID of the certificate to retrieve. One of the following is required:
|
| SerialNumber | Body |
Required*. The serial number of the certificate to retrieve. One of the following is required:
|
| IssuerDN | Body |
Required*. The distinguished name of the issuer of the certificate to retrieve. One of the following is required:
|
| Thumbprint | Body |
Required*. The thumbprint of the certificate to retrieve. One of the following is required:
|
| IncludeChain | Body | A Boolean indicating whether to include the certificate chain with the certificate (true) or not (false). If you select true, you must select a certificate format of PEM or P7B. |
| CollectionId | Query |
An integer specifying an optional certificate collection identifier to validate that the user executing the request has sufficient permissions to do so. If a certificate collection ID is not supplied, the user must have global permissions to complete the action. Supplying a certificate collection ID allows for a check of the user's certificate collection-level permissions to determine whether the user has sufficient permissions at a collection level to complete the action. See Certificate Permissions in the Keyfactor Command Reference Guide for more information. |
| x-certificateformat | Header |
The desired output format for the certificate. Supported options are:
|
Table 216: POST Certificates Download Response Data
| Name | Description |
|---|---|
| Content | The base-64-encoded certificate in DER, PEM or P7B format with the optional certificate chain. |
