GET SSHCertificates/Template/Retrieve/PublicKeyData
Retrieves the CA public key from an SSH certificate template. The CA public key is in the OpenSSH format. After this call completes, you distribute and install the PublicKeyData as the CA key. The key allows SSH certificates from your template to be trusted. When the CA key changes, redistribute. Distribute the CA key to:
-
OpenSSH servers: Required for hosts that allow users or applications to login via certificate authentication. For more information, see Configuring your OpenSSH servers to trust your SSH CA hosted by SSH Protect.
-
Clients (users or applications): Required on each client. For more information, see Configuring SSH Protect to issue SSH certificates.
Requirements
-
Token scope: No bearer access token is necessary for this API call.
Headers
None
Parameters
Name |
Description |
---|---|
DN (Specify in the URL) |
(Optional) The Distinguished Name (DN) of the SSH Certificate Issuance Template. Specify DN, Guid, or both. To get the value from the Policy tree, switch to the Certificate Authority Templates folder.For example: \\VED\\Certificate Authority\\SSH\\Templates\\template_client |
Guid (Specify in the URL) |
(Optional) The unique identifier of the template. Specify DN, Guid, or both. To get the value, open the template. For example: {5ae4cea0-13e0-4698-87b0-12a10361a756}.
|
Returns
Name |
Description |
---|---|
HTTP 200 |
For valid requests, this call returns a HTTP 200 message and the following data in the OpenSSH public key format:
|
HTTP 400 |
For invalid parameters, this call returns HTTP 400 Bad Request and:
|
HTTP 404 |
For requests that contain invalid data, this call returns HTTP 404 Not Found and a message:
|
Example: Get the CA public key from the template
IMPORTANT The correct endpoint name is SSHCertificates, not SSH/Certificates.
Request
GET https://tpp.venafi.example/vedsdk/SSHCertificates/Template/Retrieve/PublicKeyData? DN=VED\\Certificate Authority\\SSH\\Templates\\template_client
Authorization:Bearer 4MyGeneratedBearerTknz==
HTTP/1.1 200 OK ssh-rsa AAAAB3Nz...== template_client - 1