Bootstrap FreeKB - Kong Enterprise Edition (KongEE) - List Certificates using REST API
Kong Enterprise Edition (KongEE) - List Certificates using REST API
Updated:   |  Kong Enterprise Edition (KongEE) articles

This assumes Kong has been secured with Role Based Access Control (RBAC) and you have created your Kong-Admin-Token. The following curl command can be used to list the endpoints that can be used with the API.

curl --header "Kong-Admin-Token: abc123" --request GET "https://kong.example.com/endpoints"

 

Something like this should be returned. Notice that the /certificates endpoint can be used.

{
    "data": [
        "/",
        "/acls",
        "/acls/{acls}",
        "/acls/{acls}/consumer",
        "/certificates",
        "/certificates/{certificates}",
        "/certificates/{certificates}/services",
        "/certificates/{certificates}/services/{services}",
        "/certificates/{certificates}/snis",
        "/certificates/{certificates}/snis/{snis}",
        "/certificates/{certificates}/upstreams",
        "/certificates/{certificates}/upstreams/{upstreams}"
    ]
}

 

The following curl command can be used to list every workspace.

curl --header "Kong-Admin-Token: abc123" --request GET "https://kong.example.com/certificates"

 

Something like this should be returned.

{
    "data": [
        {
            "cert": "-----BEGIN CERTIFICATE-----\nabc123...==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nxyz2123...==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\ngbf345...=\n-----END CERTIFICATE-----",
            "cert_alt": null,
            "created_at": 1560792466,
            "id": "8e252703-4ef2-40d1-85cd-1262c5cb35f4",
            "key": "-----BEGIN RSA PRIVATE KEY-----\nabc123...\n-----END RSA PRIVATE KEY-----",
            "key_alt": null,
            "snis": [
                "internal.example.com",
                "external.example.com"
            ],
            "tags": null
        }
    ],
    "next": null
}

 

Or, a specific certificate can be listed by including the ID of the certificate.

curl --header "Kong-Admin-Token: abc123" --request GET "https://kong.example.com/certificates/8e252703-4ef2-40d1-85cd-1262c5cb35f4"

 

Postgres

Undeneath the hood, the certiificates are stored in the certiificates table in the Kong Postgres database.

~]# psql --username postgres --dbname kong --command "select * from certiificates " --expanded
-[ RECORD 1 ]-
id         | 6f80c52c-117b-4638-b1e2-67b9d9040943
created_at | 2021-09-17 16:55:55+00
cert       | -----BEGIN CERTIFICATE-----                                     +
           | MIIGNzCCBR+gAwIBAgITOgAAAecRiIRL9G2UPAABAAAB5zANBgkqhkiG9w0.....+
           | -----END CERTIFICATE-----
key        | -----BEGIN RSA PRIVATE KEY-----                                 +
           | MIIEogIBAAKCAQEAzCSeGWJrgxtnf/HnHkq6RT63Y6dM40zAhNQS9jpgG4r.....+
           | -----END RSA PRIVATE KEY-----
tags       | 
ws_id      | 23dcd187-1f7a-463c-8565-8f6e5bfbb430
cert_alt   | 
key_alt    |

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter ffdd4c in the box below so that we can be sure you are a human.