GET SSHCertificates/Template/Retrieve/PublicKeyData

Retrieves the CA public key from an SSH certificate template. The CA public key is in the OpenSSH format. After this call completes, you distribute and install the PublicKeyData as the CA key. The key allows SSH certificates from your template to be trusted. When the CA key changes, redistribute. Distribute the CA key to:

OpenSSH servers: Required for hosts that allow users or applications to login via certificate authentication. For more information, see Configuring your OpenSSH servers to trust your SSH CA hosted by SSH Protect.
Clients (users or applications): Required on each client. For more information, see Configuring SSH Protect to issue SSH certificates.

Requirements

Token scope: No bearer access token is necessary for this API call.

Headers

None

Parameters

Name	Description
DN (Specify in the URL)	(Optional) The Distinguished Name (DN) of the SSH Certificate Issuance Template. Specify DN, Guid, or both. To get the value from the Policy tree, switch to the Certificate Authority Templates folder. For example: \\VED\\Certificate Authority\\SSH\\Templates\\template_client
Guid (Specify in the URL)	(Optional) The unique identifier of the template. Specify DN, Guid, or both. To get the value, open the template. For example: {5ae4cea0-13e0-4698-87b0-12a10361a756}.

Name

Description

DN (Specify in the URL)

(Optional) The Distinguished Name (DN) of the SSH Certificate Issuance Template. Specify DN, Guid, or both.

To get the value from the Policy tree, switch to the Certificate Authority Templates folder.

For example: \\VED\\Certificate Authority\\SSH\\Templates\\template_client

Location of the Certificate Issuance Templates

Guid (Specify in the URL)

(Optional) The unique identifier of the template. Specify DN, Guid, or both. To get the value, open the template. For example: {5ae4cea0-13e0-4698-87b0-12a10361a756}.

Returns

Response description
Name	Description
HTTP 200	For valid requests, this call returns a HTTP 200 message and the following data in the OpenSSH public key format: [algorithm]: The algorithm of the CA public key. [key]: The Base64 encoded CA public key. [comment]: The comment contains the name of the CA key to easily identify the retrieved key.
HTTP 400	For invalid parameters, this call returns HTTP 400 Bad Request and: Guid or DN is required
HTTP 404	For requests that contain invalid data, this call returns HTTP 404 Not Found and a message: Public key was not found Template was not found

Example: Get the CA public key from the template

IMPORTANT The correct endpoint name is SSHCertificates, not SSH/Certificates.

Request

GET https://tpp.venafi.example/vedsdk/SSHCertificates/Template/Retrieve/PublicKeyData?
  DN=VED\\Certificate Authority\\SSH\\Templates\\template_client

Authorization:Bearer 4MyGeneratedBearerTknz==

Response

HTTP/1.1 200 OK
ssh-rsa AAAAB3Nz...== template_client - 1