POST SSHCertificates/CAKeyPair/Create
Creates or imports a new CA Key pair to the Certificate Authority tree. In the Certificate Authority tree, use the Key Pairs folder to monitor processing status. When the CA Key pair is Ready to Use, you can add it to a SSH certificate issuance template.
Requirements
-
Permissions:
-
The caller must have View permission, Write permission, and Create permission to the Parent DN folder.
-
- Token scope: SSH:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
|
Name |
Description |
|
|---|---|---|
| Name | The friendly name of the CA key. Example "Production - DMZ - Web Admins. | |
| ParentDN | (Optional) The Distinguished Name (DN) location of the CA Key Pair objects. The default is \\VED\\Certificate Authority\\SSH\\Key Pairs. | |
| KeyAlgorithm | (Optional) The key algorithm to generate new key material. The default is RSA4096. | |
| KeyStorage |
(Optional) The storage location of the private key.
|
|
| PrivateKeyData | (Optional) To import a CA key pair, specify the private key material. | |
| PrivateKeyPassphrase | (Optional) To import a CA Keypair, specify the passphrase to decrypt the PrivateKeyData. |
Returns
|
Name |
Description |
|---|---|
|
HTTP 200 or HTTP 202 |
The HTTP status code varies. If PrivateKeyData is in the request, the result is HTTP 202 Accepted. Otherwise, valid requests, return HTTP 200 and the following data in the message body:
|
|
HTTP 400 |
For invalid parameters or rejected requests, this call returns HTTP 400 Bad Request and Error. If KeyAlgorithm or KeyStorage values are invalid, the message body is:
|
|
HTTP 409 |
If the CA Keypair is a duplicate, this call returns HTTP 409 Conflict and the following message body:
|
|
HTTP 500 |
For requests that contained an invalid payload, this call returns HTTP 500 Internal Error and Error. |
Example 1: Create a CA key pair
Request for Example 1
POST https://tpp.venafi.example/vedsdk/SSHCertificates/CaKeyPair/Create
{
"Name":"CAkeyPair",
"KeyAlgorithm":"RSA4096",
"KeyStorage":"Software"
}
Response for Example 1
HTTP/1.1 200 OK
{
"CreatedOn":"2021-10-29T22:42:15.7172324Z",
"DN":"\\VED\\Certificate Authority\\SSH\\Key Pairs\\CAkeyPair",
"FingerprintSHA256":"2W9PIHdbQkx7I8sVzspVu4u2pHBqYvMehxGCG0zv2lQ",
"Guid":"{355f2e22-dfa1-49d4-ae0a-5f2acbd3702c}",
"KeyAlgorithm":"RSA4096",
"KeyStorage":"Software",
"Name":"CAkeyPair",
"ProcessingDetails":{
"Status":"ReadyForUse",
"StatusDescription":null
},
"PublicKeyData":"ssh-rsa AAAAB3Nza...== CAkeyPair",
"Response":{
"ErrorMessage":"",
"Success":true
}
}
Example 2: Import a CA key pair
Request for Example 2
POST https://tpp.venafi.example/vedsdk/SSHCertificates/CaKeyPair/Create
{
"Name":"K971Test",
"PrivateKeyPassphrase":"12345",
"PrivateKeyData":"-----BEGIN OPENSSH PRIVATE KEY-----\...-----END OPENSSH PRIVATE KEY-----"
}
Response for Example 2
HTTP/1.1 200 OK
{
"CreatedOn":"2021-10-29T22:11:18.1478492Z",
"DN":"\\VED\\Certificate Authority\\SSH\\Key Pairs\\K971Test",
"FingerprintSHA256":"S9NKPpchKABo75NjPJC2La2Qb9BmMi/mEZyfj2GUo+s",
"Guid":"{4bbd3627-a3d9-4e26-9b5c-cdd12cdb5299}",
"KeyAlgorithm":"RSA3072",
"KeyStorage":"Software",
"Name":"K971",
"ProcessingDetails":{
"Status":"ReadyForUse",
"StatusDescription":null
},
"PublicKeyData":"ssh-rsa AAAAB3Nza...= K971Test",
"Response":{
"ErrorMessage":"",
"Success":true
}
}