Venafi (Certificate Management) - List certificates using REST API
by
Jeremy Canfield |
Updated: August 28 2023
| Venafi (Certificate Management) articles
This assumes you have already obtained a Bearer Token using curl. The following curl command can be used to view a certificates details. In this example, the details of the foo.example.com certificate will be retrieved.
curl
--insecure
--request GET
--header "Authorization: Bearer abc123"
--url https://tpp.example.com/vedsdk/certificates/?name=foo.example.com
AVOID TROUBLE
If the certificate name contains white space, you will have to use %20 in place of the white space.
curl
--insecure
--request GET
--header "Authorization: Bearer abc123"
--url https://tpp.example.com/vedsdk/certificates/?name=foo%20example%20com
If the foo.example.com certificate does not exist, something like this should be returned.
{
"Certificates":[],
"DataRange":"Certificates 0 - 0"
}
On the other hand, if the foo.example.com certificate exists, something like this should be returned.
{
"Certificates":
[
{"CreatedOn":"2021-06-16T10:44:08.6881441Z",
"DN":"\\VED\\Policy\\foo\\bar\\foo.example.com",
"Guid":"{2b23f743-5152-4366-a2f9-f7ab2249df1e}",
"Name":"foo.example.com",
"ParentDn":"\\VED\\Policy\\foo\\bar",
"SchemaClass":"X509 Server Certificate",
"X509":
{
"CN":"foo.example.com",
"SANS":
{
"DNS":
["foo.example.com"]},
"Serial":"3A000000EE30DCB759C4742F240001000000EE",
"Thumbprint":"291C767D7717D94610E1F89C3A2FE49EB76CEF21",
"ValidFrom":"2021-06-16T10:34:11.0000000Z",
"ValidTo":"2022-06-16T10:34:11.0000000Z"
},
"_links":
[
{"Details":"\/vedsdk\/certificates\/%7b2b23f743-5152-4366-a2f9-f7ab2249df1e%7d"}
]
}
],
"DataRange":"Certificates 1 - 1",
"TotalCount":1
}
Or the following can be done to gather even more details. In this example, 2b23f743-5152-4366-a2f9-f7ab2249df1e is the certificate GUID.
curl
--insecure
--request GET
--header "Authorization: Bearer abc123"
--url https://tpp.example.com/vedsdk/certificates/2b23f743-5152-4366-a2f9-f7ab2249df1e
Something like this should be returned.
{
'Contact' => [
'John Doe'
],
'CreatedBy' => [
'Aperture'
],
'ManagementType' => 'Provisioning',
'RenewalDetails' => {
'Country' => 'US',
'Subject' => 'foo.example.com',
'KeySize' => 2048,
'OrganizationalUnit' => [
'Information Technology'
],
'City' => 'Appleton',
'State' => 'WI',
'Organization' => 'Acme'
},
'SchemaClass' => 'X509 Server Certificate',
'ParentDn' => '\\VED\\Policy\\foo\\bar',
'ManagedBy' => 'Aperture',
'Guid' => '{2b23f743-5152-4366-a2f9-f7ab2249df1e}',
'CreatedOn' => '2021-06-16T10:44:08.6881441Z',
'Origin' => 'Aperture',
'Approver' => [
'local:{19ff170f-24b6-4d18-b8c3-ff394fef2773}'
],
'DN' => '\\VED\\Policy\\foo\\bar\\foo.example.com',
'ProcessingDetails' => {
'InProcess' => 1,
'Status' => 'Queued for renewal'
},
'CertificateDetails' => {
'S' => 'WI',
'KeyUsage' => 'KeyEncipherment, DigitalSignature',
'KeySize' => 2048,
'EnhancedKeyUsage' => 'Client Authentication(1.3.6.1.5.5.7.3.2),Server Authentication(1.3.6.1.5.5.7.3.1)',
'Serial' => '3A000000FB23C28B20CCBA47310001000000FB',
'Thumbprint' => '60270E2B209828820BE26DA48DE94FF96453F875',
'SubjectAltNameDNS' => [
'foo.example.com'
],
'OU' => [
'Information Technology'
],
'C' => 'US',
'CDPURI' => '',
'L' => 'Appleton',
'CN' => 'foo.example.com',
'KeyAlgorithm' => 'RSA',
'TemplateMinorVersion' => '4',
'O' => 'Acme',
'Subject' => 'CN=foo.example.com, OU=Information Technology, O=Acme, L=Appleton, S=WI, C=US',
'StoreAdded' => '2021-06-18T12:30:40.1679793Z',
'ValidTo' => '2022-06-18T12:20:40.0000000Z',
'SKIKeyIdentifier' => 'A4FEA09911A379C9567048F18B53FD7F7EBEE135',
'SignatureAlgorithmOID' => '1.2.840.113549.1.1.11',
'AIACAIssuerURL' => [
''
],
'AIAKeyIdentifier' => 'C0AAD11E2E32B5FEBAA4A47BED2DD21A0EB50C5C',
'ValidFrom' => '2021-06-18T12:20:40.0000000Z',
'SignatureAlgorithm' => 'sha256RSA',
'TemplateName' => 'WebServer-Annual',
'TemplateMajorVersion' => '100',
'TemplateOID' => '1.3.6.1.4.1.311.21.8.15834779.3475046.12272809.5410922.5223003.179.6107418.4478281',
'Issuer' => 'CN=fooCA, DC=example, DC=com',
'PublicKeyHash' => 'BC6E5FC22D4E69969C27EDB1B55EAE88E6416CC8'
},
'ValidationDetails' => {
'ValidationState' => 'Failure',
'LastValidationStateUpdate' => '2021-06-18T11:00:16.0000000Z'
},
'CertificateAuthorityDN' => '\\VED\\Policy\\Certificate Authorities\\fooCA\\myfoo',
'Consumers' => [
'\\VED\\Policy\\foo\\server001.example.com\\Apache-foo.example.com'
],
'Description' => 'foo.example.com',
'Name' => 'foo.example.com'
};
Did you find this article helpful?
If so, consider buying me a coffee over at 