pki¶
PKI Commands
pki Specification¶
Parameter Value Type Intermediate Resource Element Name pki Element URI /axapi/v3/pki Element Attributes pki_attributes Partition Visibility shared Schema pki schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/pki | pki_attributes |
pki attributes¶
acme-cert-list
Type: List
Reference Object: /axapi/v3/pki/acme-cert/{name}
ca-cert
Description: ca-cert is a JSON Block. Please see below for ca-cert
Type: Object
Reference Object: /axapi/v3/pki/ca-cert
cert
Description: cert is a JSON Block. Please see below for cert
Type: Object
Reference Object: /axapi/v3/pki/cert
cert-stats
Description: cert-stats is a JSON Block. Please see below for cert-stats
Type: Object
Reference Object: /axapi/v3/pki/cert-stats
cmp-cert-list
Type: List
Reference Object: /axapi/v3/pki/cmp-cert/{name}
copy-cert
Description: copy-cert is a JSON Block. Please see below for copy-cert
Type: Object
Reference Object: /axapi/v3/pki/copy-cert
copy-key
Description: copy-key is a JSON Block. Please see below for copy-key
Type: Object
Reference Object: /axapi/v3/pki/copy-key
create-oper
Description: create-oper is a JSON Block. Please see below for create-oper
Type: Object
Reference Object: /axapi/v3/pki/create-oper
delete
Description: delete is a JSON Block. Please see below for delete
Type: Object
Reference Object: /axapi/v3/pki/delete
delete-oper
Description: delete-oper is a JSON Block. Please see below for delete-oper
Type: Object
Reference Object: /axapi/v3/pki/delete-oper
placeholder
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
scep-cert-list
Type: List
Reference Object: /axapi/v3/pki/scep-cert/{name}
ssli
Description: ssli is a JSON Block. Please see below for ssli
Type: Object
Reference Object: /axapi/v3/pki/ssli
ssli¶
Specification Value Type object generate
Description: generate is a JSON Block. Please see below for ssli_generate
Type: Object
Reference Object: /axapi/v3/pki/ssli/generate
revoke
Description: revoke is a JSON Block. Please see below for ssli_revoke
Type: Object
Reference Object: /axapi/v3/pki/ssli/revoke
ssli_revoke¶
Specification Value Type object port
Description port number
Type: number
Range: 0-65534
serial
Description Serial number in hex
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
vip-name
Description VIP name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
ssli_generate¶
Specification Value Type object crl
Description: crl is a JSON Block. Please see below for ssli_generate_crl
Type: Object
Reference Object: /axapi/v3/pki/ssli/generate/crl
ssli_generate_crl¶
Specification Value Type object port
Description port number
Type: number
Range: 0-65534
vip-name
Description VIP name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
cert-stats¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
cmp-cert-list¶
Specification Value Type list Block object keys allow-unprotected-errors
Description Accept missing or invalid protection of negative responses(CA likes EJCBA tends to not protect negative responses)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cert-type
Description Specify the type of certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cmp-trusted-ca
Description The specific CA to trust while verifying signature of CMP response message
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
cmp-trusted-cert
Description The specific CMP server certificate to use and directly trust when verifying signature of CMP response message
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
ec-key-length
Description ‘256’: Key size 256 bits; ‘384’: Key size 384 bits(default);
Type: string
Supported Values: 256, 384
Default: 384
ecdsa-type
Description ECDSA certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: ecdsa-type and rsa-type are mutually exclusive
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)enroll
Description Initiates enrollment of device with the CA
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-level
Description Level for logging output of CMP commands(default 1 and detailed 2)
Type: number
Range: 1-2
Default: 1
max-polltime
Description Maximum time in seconds a(n) enrollment/key update may take (default 120)
Type: number
Range: 5-1024
Default: 120
minute
Description Periodic interval in minutes
Type: number
Range: 2-255
Mutual Exclusion: minute and renew-every-type are mutually exclusive
name
Description Specify Certificate name to be enrolled
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
recipient-dn
Description Distinguished Name of the CMP message recipient, i.e., the CMP server (usually a CA or RA entity)) (DN OIDis case sensitive)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 2 characters
renew-before
Description Specify interval before certificate expiry to renew the certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: renew-before and renew-every are mutually exclusive
renew-before-type
Description ‘hour’: Number of hours before cert expiry; ‘day’: Number of days before cert expiry; ‘week’: Number of weeks before cert expiry; ‘month’: Number of months before cert expiry(1 month=30 days);
Type: string
Supported Values: hour, day, week, month
renew-before-value
Description Value of renewal period
Type: number
Range: 1-255
renew-every
Description Specify periodic interval in which to renew the certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: renew-every and renew-before are mutually exclusive
renew-every-type
Description ‘hour’: Periodic interval in hours; ‘day’: Periodic interval in days; ‘week’: Periodic interval in weeks; ‘month’: Periodic interval in months(1 month=30 days);
Type: string
Supported Values: hour, day, week, month
Mutual Exclusion: renew-every-type and minute are mutually exclusive
renew-every-value
Description Value of renewal period
Type: number
Range: 1-255
rsa-key-length
Description ‘1024’: Key size 1024 bits; ‘2048’: Key size 2048 bits(default); ‘4096’: Key size 4096 bits; ‘8192’: Key size 8192 bits;
Type: string
Supported Values: 1024, 2048, 4096, 8192
Default: 2048
rsa-type
Description RSA certificate (default)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: rsa-type and ecdsa-type are mutually exclusive
secret
Description Specify the pre-shared secret used to enroll the device’s certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
secret-string
Description pre-shared secret
Type: string
Format: password
Maximum Length: 127 characters
Maximum Length: 1 characters
subject-alternate-name
Description: subject-alternate-name is a JSON Block. Please see below for cmp-cert-list_subject-alternate-name
Type: Object
subject-dn
Description Distinguished Name to use while enrolling the certificate(For EJBCA CA, this is the subject DN of an End Entity) (DN OID is case sensitive)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 2 characters
url
Description CMP server’s absolute URL(http(s)://host:[port]/path), path is the location to use for the CMP server(aka CMP alias)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
cmp-cert-list_subject-alternate-name¶
Specification Value Type object san-type
Description ‘email’: Enter e-mail address of the subject; ‘dns’: Enter hostname of the subject; ‘ip’: Enter IP address of the subject;
Type: string
Supported Values: email, dns, ip
san-value
Description Value of subject-alternate-name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
copy-key¶
Specification Value Type object dest-key
Description Destination key file
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
overwrite
Description Overwrite the destination file if already present
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rotation
Description Specify rotation number of SCEP/CMP generated key file
Type: number
Range: 1-4
src-key
Description Source key file
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
copy-cert¶
Specification Value Type object dest-cert
Description Destination certificate file
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
overwrite
Description Overwrite the destination file if already present
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rotation
Description Specify rotation number of SCEP/CMP generated certificate file
Type: number
Range: 1-4
src-cert
Description Source certificate file
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
ca-cert¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
cert¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
delete-oper¶
Specification Value Type object filename
Description
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
acme-cert-list¶
Specification Value Type list Block object keys cert-type
Description Specify the type of certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
domain
Description Main domain you want to issue the cert for. CA will verify whether you control this domain
Type: string
Format: string-rlx
Maximum Length: 64 characters
Maximum Length: 1 characters
eab-hmac-key
Description The HMAC key for ACME External Account Binding
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
eab-key-id
Description The key identifier for ACME External Account Binding
Type: string
Format: string-rlx
Maximum Length: 256 characters
Maximum Length: 1 characters
ec-key-length
Description ‘256’: Key size 256 bits; ‘384’: Key size 384 bits(default);
Type: string
Supported Values: 256, 384
Default: 384
ecdsa-type
Description ECDSA certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: ecdsa-type and rsa-type are mutually exclusive
Description A valid email address for your ACME account. CA uses this email to send you expiration or other notices
Type: string
Format: string-rlx
Maximum Length: 64 characters
Maximum Length: 1 characters
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)enroll
Description Initiates enrollment with CA. Due to CA rate limit, A10 strongly recommend you set “run-with-staging-server” during test
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
force
Description Ignore the next renewal time and force to renew cert
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-level
Description Level for logging output of ACME commands(default 1 and detailed 2, including debug messages)
Type: number
Range: 1-2
Default: 1
minute
Description Periodic interval in minutes
Type: number
Range: 2-255
Mutual Exclusion: minute and renew-every-type are mutually exclusive
name
Description Specify Certificate name to be enrolled
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
renew-before
Description Specify interval before certificate expiry to renew the certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: renew-before and renew-every are mutually exclusive
renew-before-type
Description ‘hour’: Number of hours before cert expiry; ‘day’: Number of days before cert expiry; ‘week’: Number of weeks before cert expiry; ‘month’: Number of months before cert expiry(1 month=30 days);
Type: string
Supported Values: hour, day, week, month
renew-before-value
Description Value of renewal period
Type: number
Range: 1-255
renew-every
Description Specify periodic interval in which to renew the certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: renew-every and renew-before are mutually exclusive
renew-every-type
Description ‘hour’: Periodic interval in hours; ‘day’: Periodic interval in days; ‘week’: Periodic interval in weeks; ‘month’: Periodic interval in months(1 month=30 days);
Type: string
Supported Values: hour, day, week, month
Mutual Exclusion: renew-every-type and minute are mutually exclusive
renew-every-value
Description Value of renewal period
Type: number
Range: 1-255
rsa-key-length
Description ‘2048’: Key size 2048 bits(default); ‘3072’: Key size 3072 bits; ‘4096’: Key size 4096 bits; ‘8192’: Key size 8192 bits;
Type: string
Supported Values: 2048, 3072, 4096, 8192
Default: 2048
rsa-type
Description RSA certificate (default)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: rsa-type and ecdsa-type are mutually exclusive
san-domain
Description Subject-alternate-name dns(s) for your cert, sperated by /
Type: string
Format: string-rlx
Maximum Length: 2048 characters
Maximum Length: 1 characters
secret-string
Description The HMAC key for ACME External Account Binding
Type: string
Format: password
Maximum Length: 256 characters
Maximum Length: 1 characters
staging
Description Run ACME operation with staging server. Due to CA rate limit, A10 strongly recommends you set this during test
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
staging-url
Description ACME staging directory URL. By default, use Let’s encrypt as CA server
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
url
Description ACME directory URL. By default, use Let’s encrypt as CA server
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
vrid
Description Specify ha VRRP-A vrid. It is used to sync http-01 challenge token
Type: number
Range: 0-31
create-oper¶
Specification Value Type object bits
Description ‘256’: 256; ‘384’: 384; ‘1024’: 1024; ‘2048’: 2048; ‘4096’: 4096;
Type: string
Supported Values: 256, 384, 1024, 2048, 4096
Default: 1024
cert-type
Description ‘rsa’: rsa; ‘ecdsa’: ecdsa;
Type: string
Supported Values: rsa, ecdsa
Default: rsa
common-name
Description
Type: string
Format: string-rlx
Maximum Length: 64 characters
Maximum Length: 1 characters
country
Description
Type: string
Maximum Length: 3 characters
Maximum Length: 2 characters
csr-generate
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
digest
Description ‘sha1’: sha1; ‘sha256’: sha256; ‘sha384’: sha384; ‘sha512’: sha512;
Type: string
Supported Values: sha1, sha256, sha384, sha512
Default: sha1
division
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Description
Type: string
Format: email-addr
Maximum Length: 64 characters
Maximum Length: 1 characters
filename
Description
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
locality
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
organization
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
rootca
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
secured
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
state-province
Description
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
v3-request
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
valid-days
Description
Type: number
Range: 30-3650
Default: 730
scep-cert-list¶
Specification Value Type list Block object keys days
Description Validity of self-signed certificate (default 1825)
Type: number
Range: 1-3650
Default: 1825
dn
Description Specify the Distinguished-Name to use while enrolling the certificate (Format: “cn=user, dc=example, dc=com”)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)end-date
Description End date of self-signed certificate in YYMMDDHHMMSS format specified in UTC time
Type: string
Maximum Length: 31 characters
Maximum Length: 1 characters
enroll
Description Initiates enrollment of device with the CA
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
interval
Description Interval time in seconds to poll when SCEP response is PENDING (default 5)
Type: number
Range: 1-3600
Default: 5
key-length
Description ‘1024’: Key size 1024 bits; ‘2048’: Key size 2048 bits(default); ‘4096’: Key size 4096 bits; ‘8192’: Key size 8192 bits;
Type: string
Supported Values: 1024, 2048, 4096, 8192
Default: 2048
log-level
Description level for logging output of scepclient commands(default 1 and detailed 4)
Type: number
Range: 1-4
Default: 1
max-polltime
Description Maximum time in seconds to poll when SCEP response is PENDING (default 180)
Type: number
Range: 15-432000
Default: 180
method
Description ‘GET’: GET request; ‘POST’: POST request;
Type: string
Supported Values: GET, POST
Default: GET
minute
Description Periodic interval in minutes
Type: number
Range: 2-255
Mutual Exclusion: minute and renew-every-type are mutually exclusive
name
Description Specify Certificate name to be enrolled
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
password
Description Specify the password used to enroll the device’s certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
renew-before
Description Specify interval before certificate expiry to renew the certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: renew-before and renew-every are mutually exclusive
renew-before-type
Description ‘hour’: Number of hours before cert expiry; ‘day’: Number of days before cert expiry; ‘week’: Number of weeks before cert expiry; ‘month’: Number of months before cert expiry(1 month=30 days);
Type: string
Supported Values: hour, day, week, month
renew-before-value
Description Value of renewal period
Type: number
Range: 1-255
renew-every
Description Specify periodic interval in which to renew the certificate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: renew-every and renew-before are mutually exclusive
renew-every-type
Description ‘hour’: Periodic interval in hours; ‘day’: Periodic interval in days; ‘week’: Periodic interval in weeks; ‘month’: Periodic interval in months(1 month=30 days);
Type: string
Supported Values: hour, day, week, month
Mutual Exclusion: renew-every-type and minute are mutually exclusive
renew-every-value
Description Value of renewal period
Type: number
Range: 1-255
secret-string
Description secret password
Type: string
Format: password
Maximum Length: 127 characters
Maximum Length: 1 characters
start-date
Description Start date of self-signed certificate in YYMMDDHHMMSS format specified in UTC time
Type: string
Maximum Length: 31 characters
Maximum Length: 1 characters
subject-alternate-name
Description: subject-alternate-name is a JSON Block. Please see below for scep-cert-list_subject-alternate-name
Type: Object
url
Description Specify the Enrollment Agent’s absolute URL (Format: http://host/path)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
scep-cert-list_subject-alternate-name¶
Specification Value Type object san-type
Description ‘email’: Enter e-mail address of the subject; ‘dns’: Enter hostname of the subject; ‘ip’: Enter IP address of the subject;
Type: string
Supported Values: email, dns, ip
san-value
Description Value of subject-alternate-name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
delete¶
Specification Value Type object ca
Description CA certificate file name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
cert-name
Description Certificate file name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
crl
Description CRL file name
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
csr
Description CSR file name
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
private-key
Description Private key file name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters