Skip to main content

POST – Certificate Rekey

Rekey action generates a new key pair for an existing certificate by using the existing certificate data. The response contains a Certificate Signing Request (CSR) that is used to be signed by a Certificate Authority (CA).

Request

POST https://{{ip}}/redfish/v1/AaccountService/Accounts/{ManagerAccountId}/
Certificates/{CertificateId}/Actions/Certificate.Rekey
POST https://{{ip}}/redfish/v1/Managers/Self/NetworkProtocol/HTTPS/Certificates/{CertificateId}/Actions/Certificate.Rekey
POST https://{{ip}}/redfish/v1/Systems/Self/Boot/Certificates/{CertificateId}/Actions/Certificate.Rekey
POST https://{{ip}}/redfish/v1/AccountService/LDAP/Certificates/1/Actions/Certificate.Rekey
POST https://{{ip}}/redfish/v1/AccountService/LDAP/Certificates/Oem/Ami/ClientCertificates/1/Actions/Certificate.Rekey
Content-Type: application/json
Request Body will be in JSON format. The properties are mentioned in the following table.
Table 1. Rekey Action Request Body Property

Name

Type

Description

ChallengePassword

String

The challenge password to apply to the certificate for revocation requests.

KeyBitLength

Number

The length of the key, in bits

Note

  1. If KeyBitLength is not specific, the default value is 2048.

  2. The maximun value of KeyBitLength is 2048.

  3. The minimum value of KeyBitLength is 512.

Note

  1. If using Rekey action for Boot Certificate Collection, then the Oem OwnerGuid property will set one default Guid value from 00000000-0000-0000-0000-000000000000 to 00000000-0000-0000-0000-FFFFFFFFFFFF.

  2. HTTPS Certificate Instance should follow these limition that based on Lighttpd :

    1. Max server certificate size is 10240.

    2. Max server private key size is 10240.

    3. Min server public key and private key size is 2048.

    4. Private key should not be encrypted.

    5. Certificate should not expire.

Request example

{
    "KeyBitLength": 512,
    "ChallengePassword": "challengepassword"
}

Response

The response of the request will be in JSON format. The properties are mentioned in the following table.
Table 2. Rekey Action Response Property

Name

Type

Read Only

Description

CSRString(M)

String

True

The string for the certificate signing request.

Certificate(M)

Object

True

The link to the certificate being rekeyed.

Messages

Array

True

This property shall contain an array of messages associated with the settings.

After successful post call, the new Task will be created and please check the certificate signing result in TaskService.

The Messages property will contain the Task information.