GET Certificates/{guid}/ValidationResults

Returns anonymous SSL/TLS network validation and authenticated file validation results for a certificate and all of its installations. During validation, this method compares a certificate in the Trust Protection Platform inventory to the physical certificate on a device.

Network Validation requires set up. Prior to making this API call, either use POST Certificates/Validate or validate in the UI. For more information, see the Administration Guide.

Requirements

  • Permissions: The caller must have View permission and Read permission.
  • Token scope:  Certificate

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

{guid}

Specify this parameter as part of the URL. The GUID for the Certificate object that has already completed Network Validation. To get the GUID, call POST Config/DnToGuid and use a DN from the Credentials tree. For example,

Depending on your environment, the GUID may be expressed with or without curly braces {}. For example, {3d6b61d-1c71-4603-883f-25b8c2ceecdd}.

Returns

On error, this method returns a HTTP 404 Bad Request for a missing GUID resource ID or an invalid GUID. If no Network Validation occurred for the certificate, this method returns a HTTP 204 No Data.

If successful, Certificates/{guid}/ValidationResults returns a HTTP 200 and the following data:

Response description

Name

Returns

HTTP 200

For valid requests, this call returns a HTTP 200 message and the following data in the message body:

  • File: Appears only if the certificate has associated installations/applications that have a File Validation result.

    • PerformedOn: The date/time of the most recent certificate validation.

    • Installation: The Distinguished Name (DN) that shows the location in the Policy tree.

    • Result: An array of Certificates File validation states.

  • SslTls: An array of one or more network endpoints. For example, if a certificate has multiple hostnames or a hostname resolves to multiple IP addresses, more than one array element is present in the response.

    • Host: The target hostname or IP address that replied to a certificate validation request.
    • IpAddress: The target host IP V4 or V6 address that replied to a certificate validation request.
    • Port: The port number that Discovery used for validation with the host.
    • Result:
      • Chain: The BitMask and an array of matching Valuesshowing the result of certificate trust chain validation. For more information, see Certificates Chain Codes.
      • EndEntity: The BitMask and an array of matching Values that show the status of certificate installation on a device. For more information, see Certificates ValidationResults End Entity codes.
      • ID: The Unique ID of the validation.
      • Protocols: The BitMask and an array of matching Values showing all SSL or TLS protocols that the host accepts. For more information, see Certificates ValidationResults Protocols.
    • Sources: An array that identifies the criteria for validating the endpoint. Values are: CommonName, Installation, or SAN.

HTTP 400

For invalid requests, this call returns a HTTP 400 BadRequest and

GUID {guid} check failed; [Error Message]

Example: Retrieve host validation information

Request

GET https://tpp.venafi.example/vedsdk/Certificates/{2a67f1e9-9231-443f-8c6d-619203035b73}/ValidationResults
Authorization:Bearer 4MyGeneratedBearerTknz==

Response

HTTP/1.1 200 OK
{
   "File":[

   ],
   "SslTls":[
      {
         "Host":"192.168.6.90",
         "IpAddress":"192.168.6.90",
         "Port":44338,
         "Result":{
            "Chain":{
               "BitMask":2,
               "Values":[
                  "Success"
               ]
            },
            "EndEntity":{
               "BitMask":2,
               "Values":[
                  "Success"
               ]
            },
            "ID":62027,
            "Protocols":{
               "BitMask":16128,
               "Values":[
                  "Tls11",
                  "Tls12",
                  "Tls13"
               ]
            }
         },
         "Sources":[
            "Installation"
         ]
      }, ...
   ]
}