POST Certificates/Validate

Initiates SSL/TLS network validation for one or more certificates and any associated applications.

Certificates/Validate initiates the same actions as when a user clicks Validate Now in the UI. File and SSL/TLS validation activities are based on the certificate validation settings in the UI. For more information, see Configuring validation for certificates. After network validation completes, the UI shows the current certificate status.

Requirements

  • Permissions:  The caller must have Write permission to the certificate.
  • Token scope:  Certificate:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Specify at least one parameter. For example, if you have a set of certificate names and a different set of GUIDs, you can validate both sets in the same Certificates/Validate API call.

Input parameters

Name

Description
CertificateDNs (Optional) An array of Certificate DNs.
Certificate GUIDs

(Optional) An array of GUIDs that uniquely identifies a Certificate object. To get the GUID, call POST Config/DnToGuid or in Policy tree, use the X509 User Certificate value that appears on the Support Attributes tab. Enclose the GUID in curly braces. For example, {724a3db3-8855-4ea9-986f-519f0c571148}.

Certificate Guid in UI

Returns

Response description

Name

Description

HTTP 200

For valid requests, this call returns a HTTP 200 message and the following data in the message body:

  • Success: true: Network validation successfully initiated for all requested certificates. Check Warning for invalid certificates, if any.

  • Warnings: (if any) The reason that certificate validation failed. For example:

    • Certificate is disabled. The certificate with [keyName] [key] is disabled.
    • Invalid certificate [KeyName]. The object with [KeyName] [key] has class [configObject.TypeName] and it is not a certificate.
    • Permissions error. The object with DN [PolicyDN] does not exist or you do not have permissions to view it.
    • Permissions error. The object with GUID [Guid] does not exist or you do not have permissions to view it.
    • Permissions error. You do not have Write permission to the Certificate [keyName] [key].
    • Validation failed. Validation of the application with DN [ApplicationDN] failed with error [Result].
    • Validation failed. Validation of the application with DN [ApplicationDN] failed with exception [Exception].
    • Validation failed. Validation of the certificate with [KeyName] [key] failed with error [Result].

HTTP 400

For invalid requests, this call returns a HTTP 400 BadRequest and the following data in the message body:

  • Success: false: Validation failed for at least one of the requested certificates.

  • Error: Possible reasons for failure:

    • ValidatedCertificateDNs An array of Certificate DNs that are valid.

    • ValidatedCertificateGUIDs

    • An array of Certificate GUIDs that are valid.

Example 1: Search for valid Certificate DNs

Request for example 1

POST https://tpp.venafi.example/vedsdk/Certificates/Validate
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "CertificateDNs":[
      "\\VED\\Policy\\Certificates\\demo.venafi.example",
      "\\VED\\Policy\\MoreCertificates\\WIN-OAQVSHMARJ3",
      "\\VED\\Policy\\MoreCertificates\\WIN-OAQVSHMARJ3 - 1"
   ]
}

Response for Example 1

HTTP/1.1 200 OK
{
    "Success": true,
    "ValidatedCertificateDNs": [
        "\\VED\\Policy\\Certificates\\demo.venafi.example",
        "\\VED\\Policy\\MoreCertificates\\WIN-OAQVSHMARJ3",
        "\\VED\\Policy\\MoreCertificates\\WIN-OAQVSHMARJ3 - 1"
    ],
    "ValidatedCertificateGUIDs": [],
    "Warnings": []
}

Example 2: Search for valid certificate GUIDs

Request for example 2

POST https://tpp.venafi.example/vedsdk/Certificates/Validate
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "CertificateGUIDs":[
      "{NotinTPP000-0000-0000-0000-000000000000}",
      "{NoRights000-0000-0000-0000-000000000000}",
      "{648174cb-a1df-4c4f-bc2d-4b3cce9dbe1a}"
   ]
}

Response for Example 2

HTTP/1.1 200 OK
{
   "Success":true,
   "ValidatedCertificateDNs":[

   ],
   "ValidatedCertificateGUIDs":[
      "{648174cb-a1df-4c4f-bc2d-4b3cce9dbe1a}"
   ],
   "Warnings":[
      "Permissions error. The object with GUID \"{NotinTPP000-0000-0000-0000-000000000000}\" does not exist or you do not have permissions to view it.",
      "Permissions error. The object with GUID \"{NoRights000-0000-0000-0000-000000000000}\" does not exist or you do not have permissions to view it."
   ]
}

Example 3: Search for valid Certificate DNs and Certificate GUIDs

Request for example 3

POST https://tpp.venafi.example/vedsdk/Certificates/Validate
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "CertifiateDNs":[
      "\\VED\\Policy\\Certificates\\demo.venafi.example",
      "\\VED\\Policy\\MoreCertificates\\WIN-OAQVSHMARJ3",
      "\\VED\\Policy\\MoreCertificates\\WIN-OAQVSHMARJ3 - 1"
   ],
   "CertificateGUIDs":[
      "{e984ffde-b8f5-48e8-bece-0528b01e8910}",
      "{648174cb-a1df-4c4f-bc2d-4b3cce9dbe1a}"
   ]
}

Response for Example 3

HTTP/1.1 200 OK
{
   "CertifiateDNs":[
      "\\VED\\Policy\\Certificates\\demo.venafi.example",
      "\\VED\\Policy\\MoreCertificates\\WIN-OAQVSHMARJ3",
      "\\VED\\Policy\\MoreCertificates\\WIN-OAQVSHMARJ3 - 1"
   ],
   "CertificateGUIDs":[
      "{e984ffde-b8f5-48e8-bece-0528b01e8910}",
      "{648174cb-a1df-4c4f-bc2d-4b3cce9dbe1a}"
   ]
}