Certstore
The Certstore Web API
A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. (formerly known as the Jks API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command.) provides a set of methods to support management of certificate locations. Keyfactor Command currently supports management of certificates in the following remote locations:
- Java Keystore A Java KeyStore (JKS) is a file containing security certificates with matching private keys. They are often used by Java-based applications for authentication and encryption.
- PEM A PEM format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PEM certificates always begin and end with entries like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. PEM certificates can contain a single certificate or a full certifiate chain and may contain a private key. Usually, extensions of .cer and .crt are certificate files with no private key, .key is a separate private key file, and .pem is both a certificate and private key. file
- F5 BigIP Web Server
- F5 BigIP SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. Profiles
- Windows Machine Personal, Revoked, and Trusted Roots stores
- Citrix NetScaler virtual servers
Keyfactor Command can, through different Keyfactor Command Agents and Orchestrators, inventory, install, and remove certificates for each of these store types. For certain store types, additional actions are supported as well. The certstore API provides a way to programmatically schedule jobs for these stores. For more information about certificate stores and their support within Keyfactor Command, see the Reference Guide and Installing Orchestrators guide, or contact your Keyfactor representative. This API component currently has only one version, but for backward-compatibility, it can be accessed through the component name "Certstore" (e.g. /CMSApi/Certstore/1/AddCert) or the legacy name "Jks" (e.g. /CMSApi/Jks/1/AddCert). The set of methods in this API component that can be used to manage certificate stores and their scheduled jobs is listed below in Table 694: Certstore Endpoints.
Table 694: Certstore Endpoints
|
Endpoint |
Method |
Description |
|---|---|---|
|
AddCert |
POST |
Add given certificate (without private key |
|
AddCertStore |
POST |
Define a new certstore in Keyfactor Command |
|
AddCertStoreServer |
POST |
Define a new remote server (e.g. F5, NetScaler) in Keyfactor Command to be managed by a Keyfactor Command agent |
|
AddPFX |
POST |
Add a PFX |
| AddCertStoreType | POST | Add a Certificate Store Type to be used by a certificate store |
|
CreateJKS |
POST |
Create a Java Keystore |
|
EditCertStore |
POST |
Update a definition of an existing certificate store in Keyfactor Command |
|
EditCertStoreServer |
POST |
Update a definition of an existing remote server managed by a Keyfactor Command agent |
|
GetCertStoreTypes |
GET |
List all certificate store types |
|
Inventory |
POST |
Retrieve the inventory of a given certificate store |
|
Keystores |
GET |
Get a list of certificate stores defined in Keyfactor Command |
|
Remove |
POST |
Remove a certificate from a certificate store |
|
ScheduleInventory |
POST |
Schedule a certificate store inventory job schedule |
|
ScheduleJob |
POST |
Schedule a certificate store management job |
|
Status |
GET |
A synonym for GET /Status, included on this path for backwards-compatibility |
