PUT PKI/HashiCorp/CA/{guid}
Updates the configuration for a HashiCorp Vault PKI secrets engine that is managed by Trust Protection Platform. Updates can include renewal settings for the intermediate CA certificate.
Requirements
- Permissions: The caller must have the Write permission to the device, HashiCorp Vault PKI application, and certificate objects.
- Token scope: Certificate:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
{guid} |
In the request URL, specify the GUID of the HashiCorp application object. In Trust Protection Platform, the GUID represents the HashiCorp Vault PKI secrets engine in the Vault. To get the GUID, call GET PKI/HashiCorp/CA. |
Certificate |
(Optional) The attributes of the intermediate CA certificate for provisioning to the HashiCorp PKI secrets engine
|
CreatePKIRole |
(Optional) Works in conjunction with Roles. The setting to control role creation at the PkiPath of the HashiCorp vault:
|
CreateCertificateAuthority |
(Optional) The setting to control Sub CA creation:
|
CRLAddress |
(Optional) The URL of the endpoint that provides a Certificate Revoke List (CRL) for the intermediate CA. |
FolderDN | (Optional) The distinguished name of the Policy folder. |
Installation |
(Optional) Information about the vault:
|
KeyAlgorithm |
(Optional) Required when the HashiCorp Vault CA is responsible for generating the key pair and CSR. Use in conjunction with KeyBitSize.
|
KeyBitSize |
|
OCSPAddress |
(Optional) The URL of the Online Certificate Status Protocol ( OCSP) service that provides the revocation status of certificates by the intermediate CA. |
PkiPath |
The path name of the HashiCorp Vault where the PKI secrets engine is mounted. This value appears in Trust Protection Platform as the Application object name. |
Roles |
An array of role GUIDs. To get the GUIDs, call POST Config/FindObjectsOfClass with these parameters:
|
Returns
Name |
Description |
---|---|
HTTP 400 |
For invalid requests, this method returns an error message for bad parameters, data, or syntax.
|
HTTP 200 |
For valid requests, Certificates/Request returns a HTTP 200 message and the CreatePkiResponse object. |
Example: Assign a different HashiCorp role
Request for Example 1
PUT https://tpp.venafi.example/vedsdk/PKI/HashiCorp/CA/{355d7a99-3efe-496b-bec1-72f52dad9744} Authorization:Bearer 4MyGeneratedBearerTknz== { "PkiPath":"pki-issuer", "Roles":[ "{9bdb1c2b-f472-4e15-bb88-8b3afad9990c}" ] }
Response Example 1
HTTP/1.1 200 OK
{ "CertificateDN":null, "CertificateGuid":null, "Error":null, "Guid":"{a83477f6-ced1-449c-a557-31bb60331148}" }