POST PKI/HashiCorp/CA/{guid}/Renew

Initiates the renewal or first time enrollment of a HashiCorp Vault PKI intermediate CA certificate. The CA key pair and CSR generate remotely in the vault.

Requirements

  • Permissions
    • The caller must have Write permission to the certificate.
    • The Vault token in the Password credential, which is assigned to the device, must have full permission to the HashiCorp pki/config/* and pki/intermediate/* Vault HTTP API endpoints.
  • Token scope:  Certificate:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

{guid}

In the request URL, specify the GUID of the HashiCorp application object. In Trust Protection Platform, the GUID represents the HashiCorp Vault PKI secrets engine in the Vault. To get the GUID, call GET PKI/HashiCorp/CA.

Returns

Response description

Name

Description

HTTP 400

For invalid requests, this method returns an error message for bad parameters, data, or syntax.

  • PKI configuration is not valid.
  • Certificate could not be provisioned because provisioning is forbidden by policy.
  • Could not store renewal request on certificate [CertificateDn]; Error [ToDo Engine result codes].

HTTP 200

For valid requests, this method returns a HTTP 200 message and the CreatePkiResponse object.

Example: Provision a new CA certificate to a HashiCorp PKI >secrets engine

Request for Example

POST https://test.venafi.example/vedsdk/PKI/HashiCorp/CA/{355d7a99-3efe-496b-bec1-72f52dad9744}/Renew 
Authorization:Bearer 4MyGeneratedBearerTknz==
{
 
}

Response for Example

HTTP/1.1 200 OK
{
    "CertificateDN": "\\VED\\Policy\\VK\\HashiCorp\\Device\\www.test.venafi.com",
    "CertificateGuid": "{30846f18-e00a-402b-8208-a379ed93f259}",
    "Guid": "{355d7a99-3efe-496b-bec1-72f52dad9744}"
}