pki¶
PKI Commands
pki Specification¶
Type Intermediate Resource Element Name pki Element URI /axapi/v3/pki Element Attributes pki_attributes Schema pki schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/pki | pki_attributes |
pki attributes¶
ca-cert
Description: ca-cert is a JSON Block. Please see below for ca-cert
Type: Object
Reference Object: /axapi/v3/pki/ca-cert
cert
Description: cert is a JSON Block. Please see below for cert
Type: Object
Reference Object: /axapi/v3/pki/cert
cert-stats
Description: cert-stats is a JSON Block. Please see below for cert-stats
Type: Object
Reference Object: /axapi/v3/pki/cert-stats
copy-cert
Description: copy-cert is a JSON Block. Please see below for copy-cert
Type: Object
Reference Object: /axapi/v3/pki/copy-cert
copy-key
Description: copy-key is a JSON Block. Please see below for copy-key
Type: Object
Reference Object: /axapi/v3/pki/copy-key
create-oper
Description: create-oper is a JSON Block. Please see below for create-oper
Type: Object
Reference Object: /axapi/v3/pki/create-oper
delete
Description: delete is a JSON Block. Please see below for delete
Type: Object
Reference Object: /axapi/v3/pki/delete
delete-oper
Description: delete-oper is a JSON Block. Please see below for delete-oper
Type: Object
Reference Object: /axapi/v3/pki/delete-oper
placeholder
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
scep-cert-list
Type: List
Reference Object: /axapi/v3/pki/scep-cert/{name}
ssli
Description: ssli is a JSON Block. Please see below for ssli
Type: Object
Reference Object: /axapi/v3/pki/ssli
cert-stats¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
delete-oper¶
Specification Type object filename
Description
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
scep-cert-list¶
Specification Type list Block object keys days
Description Validity of self-signed certificate (default 1825)
Type: number
Range: 1-3650
Default: 1825
dn
Description Specify the Distinguished-Name to use while enrolling the certificate (Format: “cn=user, dc=example, dc=com”)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)end-date
Description End date of self-signed certificate in YYMMDDHHMMSS format specified in UTC time
Type: string
Maximum Length: 31 characters
Maximum Length: 1 characters
enroll
Description Initiates enrollment of device with the CA
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
interval
Description Interval time in seconds to poll when SCEP response is PENDING (default 5)
Type: number
Range: 1-3600
Default: 5
key-length
Description ‘1024’: Key size 1024 bits; ‘2048’: Key size 2048 bits(default); ‘4096’: Key size 4096 bits; ‘8192’: Key size 8192 bits;
Type: string
Supported Values: 1024, 2048, 4096, 8192
Default: 2048
log-level
Description level for logging output of scepclient commands(default 1 and detailed 4)
Type: number
Range: 1-4
Default: 1
max-polltime
Description Maximum time in seconds to poll when SCEP response is PENDING (default 180)
Type: number
Range: 15-432000
Default: 180
method
Description ‘GET’: GET request; ‘POST’: POST request;
Type: string
Supported Values: GET, POST
Default: GET
minute
Description Periodic interval in minutes
Type: number
Range: 2-255
Mutual Exclusion: minute and renew-every-type are mutually exclusive
name
Description Specify Certificate name to be enrolled
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
password
Description Specify the password used to enroll the device’s certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
renew-before
Description Specify interval before certificate expiry to renew the certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: renew-before and renew-every are mutually exclusive
renew-before-type
Description ‘hour’: Number of hours before cert expiry; ‘day’: Number of days before cert expiry; ‘week’: Number of weeks before cert expiry; ‘month’: Number of months before cert expiry;
Type: string
Supported Values: hour, day, week, month
renew-before-value
Description Value of renewal period
Type: number
Range: 1-255
renew-every
Description Specify periodic interval in which to renew the certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: renew-every and renew-before are mutually exclusive
renew-every-type
Description ‘hour’: Periodic interval in hours; ‘day’: Periodic interval in days; ‘week’: Periodic interval in weeks; ‘month’: Periodic interval in months;
Type: string
Supported Values: hour, day, week, month
Mutual Exclusion: renew-every-type and minute are mutually exclusive
renew-every-value
Description Value of renewal period
Type: number
Range: 1-255
secret-string
Description secret password
Type: string
Format: password
Maximum Length: 127 characters
Maximum Length: 1 characters
start-date
Description Start date of self-signed certificate in YYMMDDHHMMSS format specified in UTC time
Type: string
Maximum Length: 31 characters
Maximum Length: 1 characters
subject-alternate-name
Description: subject-alternate-name is a JSON Block. Please see below for scep-cert-list_subject-alternate-name
Type: Object
url
Description Specify the Enrollment Agent’s absolute URL (Format: http://host/path)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
scep-cert-list_subject-alternate-name¶
Specification Type object san-type
Description ‘email’: Enter e-mail address of the subject; ‘dns’: Enter hostname of the subject; ‘ip’: Enter IP address of the subject;
Type: string
Supported Values: email, dns, ip
san-value
Description Value of subject-alternate-name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
copy-key¶
Specification Type object dest-key
Description Destination key file
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
overwrite
Description Overwrite the destination file if already present
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rotation
Description Specify rotation number of SCEP generated key file
Type: number
Range: 1-4
src-key
Description Source key file
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
copy-cert¶
Specification Type object dest-cert
Description Destination certificate file
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
overwrite
Description Overwrite the destination file if already present
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rotation
Description Specify rotation number of SCEP generated certificate file
Type: number
Range: 1-4
src-cert
Description Source certificate file
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
ca-cert¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
cert¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
create-oper¶
Specification Type object bits
Description ‘1024’: 1024; ‘2048’: 2048; ‘4096’: 4096;
Type: string
Supported Values: 256, 384, 1024, 2048, 4096
Default: 1024
cert-type
Description ‘rsa’: rsa; ‘ecdsa’: ecdsa;
Type: string
Supported Values: rsa, ecdsa
Default: rsa
common-name
Description
Type: string
Format: string-rlx
Maximum Length: 64 characters
Maximum Length: 1 characters
country
Description
Type: string
Maximum Length: 3 characters
Maximum Length: 2 characters
csr-generate
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
digest
Description ‘sha1’: sha1; ‘sha256’: sha256; ‘sha384’: sha384; ‘sha512’: sha512;
Type: string
Supported Values: sha1, sha256, sha384, sha512
Default: sha1
division
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Description
Type: string
Format: email-addr
Maximum Length: 64 characters
Maximum Length: 1 characters
filename
Description
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
locality
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
organization
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
rootca
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
secured
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
state-province
Description
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
v3-request
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
valid-days
Description
Type: number
Range: 30-3650
Default: 730
ssli¶
Specification Type object generate
Description: generate is a JSON Block. Please see below for ssli_generate
Type: Object
Reference Object: /axapi/v3/pki/ssli/generate
revoke
Description: revoke is a JSON Block. Please see below for ssli_revoke
Type: Object
Reference Object: /axapi/v3/pki/ssli/revoke
ssli_revoke¶
Specification Type object port
Description port number
Type: number
Range: 0-65534
serial
Description Serial number in hex
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
vip-name
Description VIP name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
ssli_generate¶
Specification Type object crl
Description: crl is a JSON Block. Please see below for ssli_generate_crl
Type: Object
Reference Object: /axapi/v3/pki/ssli/generate/crl
ssli_generate_crl¶
Specification Type object port
Description port number
Type: number
Range: 0-65534
vip-name
Description VIP name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
delete¶
Specification Type object ca
Description CA certificate file name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
cert-name
Description Certificate file name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
crl
Description CRL file name
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
csr
Description CSR file name
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
private-key
Description Private key file name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters