POST Certificates/Retrieve/{vaultid}
Returns a certificate based on the Vault ID. The requested certificate returns the appropriate mime-type and content disposition to allow HTTP clients to properly save the file.
Requirements
- Permissions: The caller must have Read permission. If the private key is included in the download, the caller must also have Private Key Read permission to the Certificate object.
- Token scope: Certificate:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
Format |
(Optional) The certificate format for the return data. Specify one of the following case sensitive values and use the exact spacing:
|
FriendlyName |
The label or alias to use for Base64, JKS, or PKCS #12 formats. Required for the JKS format. |
IncludeChain |
(Optional) When the Format is Base64, PKCS #7, PKCS #12, or JKS, you can include the parent or root chain in the return data.
|
IncludePrivateKey |
(Optional) When the Format is Base64 (PKCS #8), PKCS #12, or JKS, you can specify whether to return the private key:
|
KeystorePassword |
If the Format is JKS, you must set this value. Use the same requirements as required for Password. |
Password |
If the IncludePrivateKey value is true, this value must be set. Create a strong password by using a
|
RootFirstOrder (Optional) |
In the REST response, the order of the certificate chain of trust. Use when IncludeChain is true.
|
VaultId |
Required. The Secret Store location of the certificate. To get the VaultId for the current certificate version, call POST Config/Read. For a previous version of the certificate, call GET Certificates/{guid}/PreviousVersions. The Vault ID may be expressed with or without curly braces{}. For example, {376}. |
Returns
Name |
Description |
---|---|
HTTP 200 |
|
HTTP 400 |
For invalid requests, the method fails to return the certificate data and optional private key information. POST Certificates/Retrieve/{vaultid} returns a HTTP 400 BadRequest for missing parameters or one of the following errors:
|
Example: Get the certificate and private key in the Base64 format
Request
POST https://tpp.venafi.example/vedsdk/certificates/retrieve/198
{ "IncludePrivateKey":true, "Format":"Base64", "Password":"MynewPassw0rd" }
Response
HTTP/1.1 200 OK { "CertificateData":"LS0tLS1CRU...==", "Filename":"test.example.com.pem", "Format":"Base64" }