POST X509CertificateStore/Add

Adds a certificate or collection of certificates to the Certificate vault, which is also known as the certificate store. Associations for subject, issuer, serial number, hash, and valid dates are automatically created as part of this operation.

Requirements

  • Permissions:  The caller must have Write permission to the requested Owner object.
  • Token scope:  Certificate:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Specify either the CertificateString value or a collection of CertificateCollectionStrings.

Input parameters

Name

Description

CertificateCollectionStrings (Optional)

A collection of Base64‑encoded certificates to add. The forward slash (/) continuation character is optional.

CertificateString (Optional)

The Base64‑encoded certificate to add.

OwnerDN

Also known as the Owner object. The Distinguished Name for the owner of the certificate (Config namespace).

ProtectionKey (Optional)

The protection key to use for encrypting the certificate:

  • Null:Null: Do not encrypt the key.
  • Software: Default: Use the Venafi Software encryption key, formerly known as the DPAPI.

TypedNameValues (Optional)

An array that describes the certificate.

  • Name: The certificate name.
  • Type: The data type, for example String.
  • Value: The value.

Returns

Response description

Name

Description

LeafExisted

LeafExisted return value is only returned if a collection has already been stored. Boolean value that is true if the leaf already exists in the vault.

Result

A number indicating indicating success 0 or failure. Because this API is a wrapper for SecretStore, see SecretStore result codes.

VaultId

Integer that uniquely identifies the newly created item in the certificate vault.

Example 1: Storing a certificate

Request for Example 1

POST https://tpp.venafi.example/vedsdk/X509CertificateStore/Add
Authorization:Bearer 4MyGeneratedBearerTknz==
{  
   "CertificateString":"MIIBKDCB...",
   "OwnerDN":"\\VED\\Policy\\folder\\TestCert",
   "TypedNameValues":[  
      {  
         "Name":"Custom Purpose",
         "Type":"string",
         "Value":"Testing Web SDK"
      }
   ]
}

Response for Example 1

HTTP/1.1 200 OK
{  
   "Result":0,
   "VaultId":683
}

Example 2: Storing a certificate chain

Request for Example 2

POST https://tpp.venafi.example/vedsdk/X509CertificateStore/Add
 Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "ProtectionKey":"Software:Default",
   "CertificateCollectionStrings":[
      "MIIBcDCC...",
      "MIIBMDCA..."
   ],
   "OwnerDN":"\\VED\\Policy\\folder\\TestCert",
   "TypedNameValues":[
      {
         "Name":"Custom Purpose",
         "Type":"string",
         "Value":"Testing Web SDK"
      }
   ]
}

Response for Example 2

HTTP/1.1 200 OK
{ 
   "Result": 0, 
   "VaultId": 683
}