POST Enrollment Renew

The POST /EnrollmentClosed Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)./Renew method is used to enroll for a certificate renewal for a certificate that exists in Keyfactor Command. This method returns HTTP 200 OK on a success with details of the new certificate. For certificates in a certificates store, this method does not automatically deploy the new certificate to the certificate store. In this case, the renew request should be followed by a call to either the POST /Enrollment/PFXClosed A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers./Deploy method or POST /Enrollment/PFX/Replace method to deploy the new certificate to the certificate store.

Tip:  The following permissions (see Security Overview) are required to use this feature:

Certificates: Read
CertificateEnrollment: EnrollPFX

Global or container-level schedule permissions for certificate stores are needed to install a certificate generated with this method into a certificate store using the POST /Enrollment/PFX/Deploy method (see POST Enrollment PFX Deploy) or POST /Enrollment/PFX/Replace method (see POST Enrollment PFX Replace).

Note:  As of Keyfactor Command version 10, enrollment (PFX and CSRClosed A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA.), renewal, and revocation requests all flow through Keyfactor Command workflowClosed A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked.. This will result in no changes to the enrollment, renewal, and revocation user experience unless customizations have been added in workflow (see Workflow Definitions).

Table 342: POST Enrollment Renew Input Parameters

Name In Description
CertificateId Body

Required*. The integer for the certificate in Keyfactor Command that needs to be renewed.

Either the CertificateId or the Thumbprint is required but not both.
Thumbprint Body

Required*. The thumbprint for the certificate that needs to be renewed.

Either the CertificateId or the Thumbprint is required but not both.
Timestamp Body

Required. The current date and time. The date and time should be given using the ISO 8601 UTC time format YYYY-MM-DDTHH:mm:ss.000Z (e.g. 2021-05-19T16:23:01Z).
CertificateAuthority Body

Required*. A string that sets the name of the certificate authorityClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. that will be used to enroll against. The certificate authority name should be provided in hostname\\logical name format. For example:

corpca01.keyexample.com\\CorpIssuingCA1

This field is required if one-click renewal is not supported for the certificate (see GET Enrollment Available Renewal ID or GET Enrollment Available Renewal Thumbprint).
TemplateClosed A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. Body

Required*. A string that sets the name of the certificate template that should be used to issue the certificate. The template short name should be used.

This field is required if one-click renewal is not supported for the certificate (see GET Enrollment Available Renewal ID or GET Enrollment Available Renewal Thumbprint).

Table 343: POST Enrollment Renew Response Data

Name Description
KeyfactorID ID of the certificate in Keyfactor Command.
KeyfactorRequestID ID of the request in Keyfactor Command.
Thumbprint Thumbprint of the certificate.
SerialNumber Serial number of the certificate.
IssuerDN Issuer DNClosed A distinguished name (DN) is the name that uniquely identifies an object in a directory. In the context of Keyfactor Command, this directory is generally Active Directory. A DN is made up of attribute=value pairs, separated by commas. Any of the attributes defined in the directory schema can be used to make up a DN. of the certificate.
RequestDisposition State of the request (e.g. issued).
DispositionMessage Enrollment message (e.g. The private keyClosed Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure. was successfully retained.).
Password A password generated for convenience for use on installation to a certificate store. This password may be used when deploying the certificate to a certificate store using the POST /Enrollment/Deploy method, though an alternate password may be used. The passwords do not need to match.
Tip:  For code examples, see the Keyfactor API Endpoint Utility. To find the embedded web copy of this utility, click the help icon () at the top of the Keyfactor Command Management Portal page next to the Log Out button.