POST Certificates/Retrieve
Returns the available certificate data and optional private key information for an enrolled certificate. After this call completes, you can use another utility to convert it to the necessary Format. If you want to download the certificate, call GET Certificates/Retrieve instead.
Requirements
- Permissions: The caller must have Read permission and Private Key Read permission to the Certificate object.
- Token scope: Certificate:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
CertificateDN |
The Trust Protection Platform Distinguished Name (DN) of the certificate. |
Format |
The format that you will use to manually convert the CertificateData result. Specify one of the following case sensitive values and use the exact spacing:
|
FriendlyName |
The label or alias to use for Base64, JKS, or PKCS #12 formats. Required for the JKS format. |
IncludeChain (Optional) |
When the Format is Base64, Base64 (PKCS #8), PKCS #7, PKCS #12, or JKS, you can include the parent or root chain in the return data.
|
IncludePrivateKey (Optional) |
When the Format is Base64 (PKCS #8), PKCS #12, or JKS, you can specify whether to return the private key:
|
KeystorePassword |
If the Format is JKS, you must set this value. Use the same requirements as required for Password. |
Password |
If the IncludePrivateKey value is true, this value must be set. Create a strong password by using a
|
RootFirstOrder (Optional) |
In the REST response, the order of the certificate chain of trust. Use when IncludeChain is true.
|
WorkToDoTimeout |
(Optional) The maximum wait time for certificate retrieval. Overrides the Platforms tree setting for the Certificate API ToDo Timeout setting. The maximum number of seconds to wait for the ToDo operation to complete. The default is zero seconds with a maximum value of 120 seconds. For example:WorkToDoTimeout: 60. For more information, see Certificates API configuration. |
Returns
Name |
Description |
---|---|
HTTP 200 |
If the certificate is currently in enrollment, provisioning, or in error, the response contains only the current Status and processing Stage of the Certificate object.
|
HTTP 202 |
When the certificate is not ready, this API call returns:
|
HTTP 400 |
Returns an Error message for bad parameters, data, or syntax:
|
Example: Get the certificate
Request
POST https://tpp.venafi.example/vedsdk/certificates/Retrieve Authorization:Bearer 4MyGeneratedBearerTknz== { "CertificateDN":"\\VED\\Policy\\retrieve-me.venafi.example", "Format":"Base64", "IncludeChain":true, "RootFirstOrder":true }
Response
HTTP/1.1 200 OK { "CertificateData":"c3ViamVjdD1DTj1WZW5hZmkgRXhhbXBsZSBSb290I...", "Filename":"retrieve-me.venafi.example.pem", "Format":"Base64" }