POST PKI/HashiCorp/CA/{guid}/Renew
Initiates the renewal or first time enrollment of a HashiCorp Vault PKI intermediate CA certificate. The CA key pair and CSR generate remotely in the vault.
Requirements
- Permissions:
- The caller must have Write permission to the certificate.
- The Vault token in the Password credential, which is assigned to the device, must have full permission to the HashiCorp pki/config/* and pki/intermediate/* Vault HTTP API endpoints.
- Token scope: Certificate:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
{guid} |
In the request URL, specify the GUID of the HashiCorp application object. In Trust Protection Platform, the GUID represents the HashiCorp Vault PKI secrets engine in the Vault. To get the GUID, call GET PKI/HashiCorp/CA. |
Returns
Name |
Description |
---|---|
HTTP 400 |
For invalid requests, this method returns an error message for bad parameters, data, or syntax.
|
HTTP 200 |
For valid requests, this method returns a HTTP 200 message and the CreatePkiResponse object. |
Example: Provision a new CA certificate to a HashiCorp PKI >secrets engine
Request for Example
POST https://test.venafi.example/vedsdk/PKI/HashiCorp/CA/{355d7a99-3efe-496b-bec1-72f52dad9744}/Renew Authorization:Bearer 4MyGeneratedBearerTknz== { }
Response for Example
HTTP/1.1 200 OK { "CertificateDN": "\\VED\\Policy\\VK\\HashiCorp\\Device\\www.test.venafi.com", "CertificateGuid": "{30846f18-e00a-402b-8208-a379ed93f259}", "Guid": "{355d7a99-3efe-496b-bec1-72f52dad9744}" }