GET /endpoint/signingCertificate/{uuid}/{resource}
Use this method to return information about the signed Certificate Authority (CA) root certificate for a specific resource type, in PEM format.
Note
This method is not support on ThinkServer and System x M4 servers.
Authentication
Authentication with username and password is required.
Request URL
GET https://{management_server_IP}/endpoint/signingCertificate/{uuid}/{resource}
where:
{uuid} specifies the UUID of the target device.
- {resource} can be one of the following values:
- updatedCIMCertificate. This resource type applies only to rack or tower server UUIDs.
- updatedLDAPCertificate. This resource type applies only to rack or tower server UUIDs.
- updatedSigningCertificate. This resource type applies only to chassis, storage device, and switch UUIDs.
Query parameters
None
Request body
None
Response codes
| Code | Description | Comments |
|---|---|---|
| 200 | OK | The request completed successfully. |
| 400 | Bad Request | A query parameter or request attribute is missing or not valid, or the operation is not supported. A descriptive error message is returned in the response body. |
| 404 | Not found | A specified resource cannot be found. A descriptive error message is returned in the response body. |
| 500 | Internal Server Error | An internal error occurred. A descriptive error message is returned in the response body. |
Response body
| Attributes | Type | Description | |||
|---|---|---|---|---|---|
| response | Array | ||||
| CertificateOwnerUUID | String | UUID of the certificate owner. | |||
| CurrentCertificatePEM | String | PEM representation of the certificate. | |||
| CurrentCertificateText | Array | ||||
| CertIssuer | String | Certificate user (for example, "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware, CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-03-10 10:49:01") | |||
| CertKeyFields | Array | ||||
| CertKeyFieldName | String | Identification of a component of the certificate key (for example, "Modulus" or "Exponent") | |||
| CertKeyFieldValue | String | Corresponds to the Key Field Name | |||
| CertPublicKeyAlgorithm | String | Public key algorithm (for example, "RSA") | |||
| CertPublicKeyLength | String | Length in bytes of the public key (for example, 2048) | |||
| CertSerialNumber | String | Certificate serial number | |||
| CertSignature | String | Digital signature of the device's signing certificate | |||
| CertSignatureAlgorithm | String | Algorithm used when signing the certificate (for example, "SHA1withRSA") | |||
| CertSubject | String | Contains the certificate subject (for example, "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware, CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-03-10 10:49:01") | |||
| CertValidNotBefore | String | Date before which the certificate is not valid. The timestamp is returned in ISO 8601 format (for example, "1970-01-01T00:00:00Z") | |||
| CertValidNotAfter | String | Date after which the certificate is not valid. The timestamp is returned in ISO 8601 format (for example, "2048-12-31T23:59:59Z") | |||
| CertX509Version | String | Version of the X.509 certificate standard (for example, 3) | |||
| TrustedCertificateText | |||||
| CertIssuer | String | Certificate user (for example, "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware, CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-03-10 10:49:01") | |||
| CertKeyFields | Array of objects | ||||
| CertKeyFieldName | String | Identification of a component of the certificate key (for example, "Modulus" or "Exponent") | |||
| CertKeyFieldValue | String | Corresponds to the Key Field Name | |||
| CertPublicKeyAlgorithm | String | Identifies the public key algorithm (for example, "RSA") | |||
| CertPublicKeyLength | String | Length in bytes of the public key (for example, 2048) | |||
| CertSerialNumber | String | Certificate serial number. | |||
| CertSignature | String | Digital signature of the device's signing certificate. | |||
| CertSignatureAlgorithm | String | Algorithm used when signing the certificate (for example, "SHA1withRSA") | |||
| CertSubject | String | Contains the certificate subject (for example, "2048-12-"L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware, CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-03-10 10:49:01") | |||
| CertValidNotAfter | String | Date after which the certificate is not valid. The timestamp is returned in ISO 8601 format (for example, "2048-12-31T23:59:59Z"). | |||
| CertValidNotBefore | String | Date before which the certificate is not valid. The timestamp is returned in ISO 8601 format (for example, "1970-01-01T00:00:00Z"). | |||
| CertX509Version | String | Version of the X.509 certificate standard (for example, 3) | |||
| result | String | Results of the request . This can be one of the following values.
| |||
| messages | Array | Information about one or more messages | |||
| id | String | Message identifier of a returned message | |||
| text | String | Message text associated with the message identifier | |||
| explanation | String | Additional information to clarify the reason for the message | |||
| recovery | Array | Recovery information | |||
| text | String | User actions that can be taken to recover from the event | |||
| URL | String | Link to the help system for more information, if available | |||
The following example is returned if the request is successful.
{
"response": {
"CertificateOwnerUUID": "A4AFBBC4770232049A45C6F315D66236",
"CurrentCertificatePem": "-----BEGIN CERTIFICATE-----\n
MIID8jCCAtqgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmzFHMEUGA1UEAxM+Q0Eg\n
Zm9yIEE0QUZCQkM0LTc3MDItMzIwNC05QTQ1LUM2RjMxNUQ2NjIzNiwgMTUtMDIt\n
MTAgMTcMDk6MTAxJTAjBgNVBAoTHEdlbmVyYXRlZCBieSBMZW5vdm8gRmlybXdh\n
cmUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUWDEPMA0GA1UEBxMGQXVzdGluMB4X\n
DTcwMDEwMTAwMDAwMFoXDTQ4MTIzMTIzNTk1OVowgZsxRzBFBgNVBAMTPkNBIGZv\n
ciBBNEFGQkJDNC03NzAyLTMyMDQtOUE0NS1DNkYzMTVENjYyMzYsIDE1LTAyLTEw\n
IDE3OjA5OjEwMSUwIwYDVQQKExxHZW5lcmF0ZWQgYnkgTGVub3ZvIEZpcm13YXJl\n
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzANBgNVBAcTBkF1c3RpbjCCASIw\n
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa2OjDQESDz3IDaoyaTUxAmnKx1\n
ADhDFdL4md892U6WQLMWoeVHC/K3dUUS+Q/G/wk1gvXG9QRTUE5GAF/3yLVKL5xv\n
nmYmSLN7vR/By4tOZiOq3AlR71Us+NjXe8PpTud7piqtW4+2Q/mG0vvf7MtiOmQA\n
rjp3wSo00ZOJMgSIMCcme3P0rETbbsGys/ENHBjBBxa1KZlAHzAMGkG7hY+eB0yZ\n
o9MdD8BW9ga9IaweiURhDJb8r5A3Bvk2+FQYeREYSeWrjrFZyHnkXtbZsMF8QnfB\n
7uCXUXv4xrQ2LnKOL7U98e0d8WBIf046WpiwKPvJCALlqNXtCc2Qh//CPY8CAwEA\n
AaM/MD0wDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAbYwHQYDVR0lBBYwFAYI\n
KwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQArAyb4oWH2ygxK\n
ZIk7+SNl8L7LO61T1nOrNmgYEL8rGmZQJyKqnZVz1PtTGIcns0gugXrKU+UB1ZDK\n
FduNHg4T4GIpR4IthAincZAixXazkFJwf3izsTPYcyYBjyC1m9SWEsPEIVHCioAC\n
YLV2ckxYHpv6HndTRK8uIao/CAUZred03YjW78BS4aO3f+O6+63v3K35l0fSXNt+\n
0WkmH0qqpBDT8TbLGDNLOZMs600qzwT5iCULtjjasYVk+AX7UMrTlRJRVHAiJwkN\n
tvZtDVgeg7F+8wT1NziFEMdhmVWGusNzjn/NGIwqoUSklAj1opEY8DTVvVJleR8E\n
eerb7LRI\n
-----END CERTIFICATE-----\n",
"CurrentCertificateText": {
"CertIssuer": "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware,
CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-02-10 17:09:10",
"CertKeyFields": [{
"CertKeyFieldName": "Modulus",
"CertKeyFieldValue": "271048568970922638816289246574090357265458099414808370919
281886788534054444179859860877756223515535535692043985133
920247835937311474482415474115881546386298345772977277703
889738976661671752896050924848676937463400627710682756206
455728233228873540065270672522555274006513099320198242184
165629194922013493162595675122867284737677938660088513778
021414424416050027951695260070630687666817287323852235784
628308447380269173245982978242585923660292564229591198152
753312259616860010312872853053847778720673669856945772078
674160619657578583115691288689774396225628869803901259504
3744288124532031867667540375136876751912844687"
},
{
"CertKeyFieldName": "Exponent",
"CertKeyFieldValue": "65537"
}],
"CertPublicKeyAlgorithm": "RSA",
"CertPublicKeyLength": "2048",
"CertSerialNumber": "1",
"CertSignature": "5429801536728126484921788109674957340505786174190498826058819020747
4770239829431744849742278189671984225642100534819994728280717964383
2346205725909393588045294261655402529795288123532822177313694727294
8505576830427563266892123849868454039161808952582099606601470853225
8557406200063053223925662224067475698600271681973176200072641843863
9698537975786851922608928463285272519227504508030554398740015658067
6076245524567045543895315911147204102157825173235800791699613031826
6267136731772955463679581356781990501612969896331192906025155987151
5253794309280892803820986988152462410627451082997470515603059993103
8218100454472",
"CertSignatureAlgorithm": "SHA256withRSA",
"CertSubject": "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware,
CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-02-10 17:09:10",
"CertValidNotAfter": "2048-12-31T23:59:59Z",
"CertValidNotBefore": "1970-01-01T00:00:00Z",
"CertX509Version": "3"
},
"TrustedCertificateText": {
"CertIssuer": "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware,
CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-02-10 17:09:10",
"CertKeyFields": [{
"CertKeyFieldName": "Modulus",
"CertKeyFieldValue": "271048568970922638816289246574090357265458099414808370919
428188678853405444417985986087775622351553553569204398513
392024783593731147448241547411588154638629834577297727770
388973897666167175289605092484867693746340062771068275620
645572823322887354006527067252255527400651309932019824218
416562919492201349316259567512286728473767793866008851377
802141442441605002795169526007063068766681728732385223578
462830844738026917324598297824258592366029256422959119815
2753312259616860010312872853053847778720673669856945772078
6741606196575785831156912886897743962256288698039012595043
744288124532031867667540375136876751912844687"
},
{
"CertKeyFieldName": "Exponent",
"CertKeyFieldValue": "65537"
}],
"CertPublicKeyAlgorithm": "RSA",
"CertPublicKeyLength": "2048",
"CertSerialNumber": "1",
"CertSignature": "5429801536728126484921788109674957340505786174190498826058819020747
4770239829431744849742278189671984225642100534819994728280717964383
2346205725909393588045294261655402529795288123532822177313694727294
8505576830427563266892123849868454039161808952582099606601470853225
8557406200063053223925662224067475698600271681973176200072641843863
9698537975786851922608928463285272519227504508030554398740015658067
6076245524567045543895315911147204102157825173235800791699613031826
6267136731772955463679581356781990501612969896331192906025155987151
5253794309280892803820986988152462410627451082997470515603059993103
8218100454472"
"CertSignatureAlgorithm": "SHA256withRSA",
"CertSubject": "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware,
CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-02-10 17:09:10",
"CertValidNotAfter": "2048-12-31T23:59:59Z",
"CertValidNotBefore": "1970-01-01T00:00:00Z",
"CertX509Version": "3",
}
},
"result": "success",
"messages": [{
"explanation": "The currently trusted certificate for the device matches the certificate
currently in use by the device. The untrusted connection is due to another
cause of certificate validation failure.",
"id": "FQXHMSE0120I",
"recovery": {
"text": "Connect to the device and verify that the certificate in use is not expired
and that the address the management server is using to connect to the device
is present in the certificate. Ensure that the public key algorithm and
signature algorithms in use in the certificate comply with the cryptography
settings on the management server. If these actions do not resolve the issue,
regenerate the devices certificate (selecting algorithms that comply with the
cryptography settings on the management server) and try the operation again to
resolve the untrusted connection. If the problem persists, collect service data
and contact Support.",
"URL": ""
},
"text": "The request to resolve the untrusted connection was not successful."
}]
}
Give documentation feedback