Skip to main content

POST /api/v1/maintenance/certificateSigningRequest

Use this method to generate a Certificate Signing Request (CSR) using specific server-certificate settings or regenerate the CSR using the current settings. The existing CSR is overwritten with the new CSR.

Authentication

Authentication with user name and password is required.

Resource URI

POST https://{orchestrator_server_IP}/api/v1/maintenance/certificateSigningRequest

Query parameters

None

Request body

AttributesRequired / OptionalTypeDescription
altNamesOptionalArray of objectsInformation about the Subject Alternative Names to be included in Certificate Signing Request
 nameRequiredStringSubject Alternative Name
 typeRequiredStringRFC 5280 GeneralName type of this Subject Alternative Name
commonNameOptionalStringName of the certificate owner. Typically, this is the fully-qualified domain name (FQDN) or IP address of the server that is using the certificate (for example, www.domainname.com or 10.15.23.99)

The length of this value cannot exceed 63 characters.

The default is LXCO.

countryOptionalStringTwo-letter ISO 3166 code for the country or region of origin associated with the certificate organization (for example, US for the United States)

To retrieve the country or region codes, use GET /api/v1/service/countryCodes.

The default is US.

organizationOptionalStringOrganization (company) that is to own the certificate. Typically, this is the legal incorporate name of a company. It should include any suffixes, such as Ltd., Inc., or Corp (for example, ACME International Ltd.)

The length of this value cannot exceed 60 characters.

The default is generated by the server firmware.

organizationUnitOptionalStringOrganizational unit that will own the certificate (for example, ABC Division)

The length of this value cannot exceed 60 characters.

The default is None.

stateLocalityOptionalStringFull name of the locality (city) to be associated with the certificate (for example, San Jose)

The length of the value cannot exceed 50 characters.

The default is Raleigh.

stateProvinceOptionalStringFull name of the state or province to be associated with the certificate (for example, California or New Brunswick)
The following example generates the certificate signing request using the specified server certificate settings
{
   "altNames": [{
      "name": "bar.example.org",
      "type": "DNS"
   },
   {
      "name": "foo.example.org",
      "type": "DNS"
   },
   {
      "name": "10.241.54.111",
      "type": "IP"
   },
   {
      "name": "test@test.com",
      "type": "email"
   }],
   "commonName": "10.241.54.169",
   "country": "US",
   "organization": "Lenovo",
   "organizationUnit": "LXCO",
   "stateLocality": "Raleigh",
   "stateProvince": "North Carolina"
}

Response codes

CodeDescriptionComments
200OKThe request completed successfully.
400Bad RequestA query parameter or request attribute is missing or not valid, or the operation is not supported. A descriptive error message is returned in the response body.
401UnauthorizedThe user cannot be authenticated. Authentication has not been provided or has failed. A descriptive error message is returned in the response body.
403ForbiddenThe orchestrator server was prevented from fulfilling the request. A descriptive error message is returned in the response body.
404Not foundThe resource cannot be found. A descriptive error message is returned in the response body.
408Request TimeoutThe orchestrator server did not receive a required request in a specific amount of time. A descriptive error message is returned in the response body.
409ConflictThere is a conflict with the current state of the resource. A descriptive error message is returned in the response body.
500Internal Server ErrorAn internal error occurred. A descriptive error message is returned in the response body.

Response header

Response body

AttributesTypeDescription
{message_attributes}variesStatus messages (see Status messages)