POST X509CertificateStore/Lookup

Returns certificates from the certificate store, which is also known as the certificate vault.

Requirements

  • Permissions:  The caller must have the following permissions:
    • If the search is by Owner object, the caller must have Read permission to the OwnerDN.
    • If the search is by Name, the caller must have Read permission to any object that owns a vault entry with a matching association name.
    • If the search is by CertificateString, the caller must have Read permission to any object that owns the vault entry for the raw certificate.
  • Token scope:  Restricted

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Specify either CertificateString, or OwnerDN, or a Name with a corresponding Value.

Input parameters

Name

Description

CertificateString (Optional)

A raw Base64-encoded certificate.

Name (Optional)

An association name; required when Value is specified.

Also known as the Owner object.

Also known as the Owner object. The Distinguished Name (DN) of any object that owns a certificate vault entry. For example, Certificate objects or Discovery objects.

Value (Optional)

An association value; required when Name is specified.

Returns

Response description

Name

Description

VaultId

If the look up is by CertificateString, the vault ID.

VaultIds

If the look up is by OwnerDN, the list of vault IDs.

CertificateCollection

The list of Base64-encoded certificates matching Name and Value.

Result

A number indicating indicating success 0 or failure. Because this API is a wrapper for SecretStore, see SecretStore result codes.

Example: Find Vault IDs for a policy folder(Owner Id)

Request for Example 1

POST https://tpp.venafi.example/vedsdk/X509CertificateStore/Lookup
Authorization:Bearer 4MyGeneratedBearerTknz== 
{  
   "OwnerDN":"\\VED\\Policy\\folder\\TestCert"
}

Response for Example 1

HTTP/1.1 200 OK 
{  
   "Result":0,
   "VaultIds":[  
      683,
      684
   ]
}

Example: Lookup by Association Value

Request for Example 2

POST https://tpp.venafi.example/vedsdk/X509CertificateStore/Lookup
Authorization:Bearer 4MyGeneratedBearerTknz==
{  
   "Name":"Serial",
   "Value":"00ABCDEF0022"
}

Response for Example 2

HTTP/1.1 200 OK
{
   "CertificateCollectionStrings":[
      "MIIBcDCC..."
   ],
   "Result":0
}

Example: Look up by certificate

Request for Example 3

POST https://tpp.venafi.example/vedsdk/X509CertificateStore/Lookup
Authorization:Bearer 4MyGeneratedBearerTknz==
{  
   "CertificateString":"MIIBcDCC..."
}

Response for Example 3

HTTP/1.1 200 OK 
{  
   "Result":0,
   "VaultId":683
}