GET SSHCertificates/Template/Retrieve/PublicKeyData

Retrieves the CA public key from an SSH certificate template. The CA public key is in the OpenSSH format. After this call completes, you distribute and install the PublicKeyData as the CA key. The key allows SSH certificates from your template to be trusted. When the CA key changes, redistribute. Distribute the CA key to:

Requirements

  • Token scope:   No bearer access token is necessary for this API call.

Headers

None

Parameters

Name

Description

DN (Specify in the URL)

(Optional) The Distinguished Name (DN) of the SSH Certificate Issuance Template. Specify DN, Guid, or both.

To get the value from the Policy tree, switch to the Certificate Authority Templates folder.

For example: \\VED\\Certificate Authority\\SSH\\Templates\\template_client

Location of the Certificate Issuance Templates

Guid (Specify in the URL)

(Optional) The unique identifier of the template. Specify DN, Guid, or both. To get the value, open the template. For example:  {5ae4cea0-13e0-4698-87b0-12a10361a756}.

Returns

Response description

Name

Description

HTTP 200

For valid requests, this call returns a HTTP 200 message and the following data in the OpenSSH public key format:

  • [algorithm]: The algorithm of the CA public key.

  • [key]: The Base64 encoded CA public key.

  • [comment]: The comment contains the name of the CA key to easily identify the retrieved key.

HTTP 400

For invalid parameters, this call returns HTTP 400 Bad Request and:

  • Guid or DN is required

HTTP 404

For requests that contain invalid data, this call returns HTTP 404 Not Found and a message:

  • Public key was not found

  • Template was not found

Example: Get the CA public key from the template

IMPORTANT  The correct endpoint name is SSHCertificates, not SSH/Certificates.

Request

GET https://tpp.venafi.example/vedsdk/SSHCertificates/Template/Retrieve/PublicKeyData?
  DN=VED\\Certificate Authority\\SSH\\Templates\\template_client
Authorization:Bearer 4MyGeneratedBearerTknz==
Response
HTTP/1.1 200 OK
ssh-rsa AAAAB3Nz...== template_client - 1