POST Certificates/Renew
Requests immediate renewal for an existing certificate. A renewable certificate cannot be currently processing, in error, or contain a 'Monitoring' Management Type. Optionally, this API call can renew a previously disabled certificate. The caller must have Write permission to the Certificate object that requires renewal.
Requirements
- Permissions:
- The caller must have Write permission to the Certificate object that requires renewal.
- Private Key Read permission permission to the Certificate object .
- Token scope: Certificate:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
Format |
(Optional) The certificate format:
|
Password |
If the IncludePrivateKey value is true, this value must be set. Create a strong password by using a
|
IncludePrivateKey |
(Optional) When the Format is Base64 (PKCS #8), PKCS #12, or JKS, you can specify whether to return the private key:
|
IncludeChain |
(Optional) When the Format is Base64, Base64, PKCS #7, PKCS #12, or JKS, you can include the parent or root chain in the return data.
|
FriendlyName |
The label or alias to use for Base64, JKS, or PKCS #12 formats. Required for the JKS format. |
RootFirstOrder |
The order of the certificate chain of trust. Use when IncludeChain is true:
|
KeystorePassword |
The default is false. If the Format is JKS, you must set this value. Use the same requirements as required for Password. |
CertificateDN |
The Distinguished Name (DN) of the certificate to renew. |
PKCS10 |
(Optional) The PKCS#10 Certificate Signing Request (CSR) to use for the renewal. Omit escape characters such as \n or \r\n. |
Reenable |
(Optional) The action to control a previously disabled certificate:
|
WorkToDoTimeout |
(Optional) The maximum wait time for the CA to renew a certificate. Overrides the Platforms tree setting for the Certificate API ToDo Timeout setting. The maximum number of seconds to wait for the ToDo operation to complete. The default is zero seconds with a maximum value of 120 seconds. For example:WorkToDoTimeout: 60. For more information, see Certificates API configuration. |
Returns
Name |
Description |
---|---|
HTTP 200 |
For valid requests, Certificates/Renew returns a HTTP 200 and a message body that varies depending on WorkToDoTimeout:
|
HTTP 202 |
The certificate request was valid however, processing has yet to complete. Upon completion, call POST Certificates/Retrieve to get the certificate.
|
HTTP 400 |
|
Example 1: Renew certificate for a DN
Request for Example 1
POST https://tpp.venafi.example/vedsdk/Certificates/Renew Authorization:Bearer 4MyGeneratedBearerTknz== { "CertificateDN":"\\VED\\Policy\\Marketing\\Zoey",
"WorkToDoTimeout": 60 }
Response for Example 1
HTTP/1.1 200 OK { "CertificateData":"LS0tLS1CR...0F", "Filename":"test56.domaine.fr.cer", "Format":"Base64", "Success":true }
Response when system is busy
HTTP/1.1 202 Accepted { "Error": "Certificate processing took longer than WorkToDoTimeout. Call certificates/retrieve...", "Success": false }
Example 2: Renew with certificate
Request for Example 2
POST https://tpp.venafi.example/vedsdk/Certificates/Renew Authorization:Bearer 4MyGeneratedBearerTknz== { "CertificateDN": "\\VED\\Policy\\Certificates\\test56.domaine.fr", "WorkToDoTimeout": 120, "CertificateData": "LS0tLS1CRU...NCg==" }
Response for Example 2
HTTP/1.1 200 OK { "CertificateData": "LS0tLS1CRU...NCg==" "Filename": "test56.domaine.fr.cer", "Format": "Base64", "Success": true }