Bootstrap FreeKB - Venafi (Certificate Management) - Dissociate a certificate with an Installation using REST API
Venafi (Certificate Management) - Dissociate a certificate with an Installation using REST API
Updated:   |  Venafi (Certificate Management) articles

This assumes you have already obtained a Bearer Token using curl. The following curl command can be used to view a certificates details. In this example, the details of the certificate with GUID 2b23f743-5152-4366-a2f9-f7ab2249df1e will be retrieved.

curl
--insecure
--request GET
--header "Authorization: Bearer abc123"
--header "Content-Type: application/json"
--url https://tpp.example.com/vedsdk/certificates/2b23f743-5152-4366-a2f9-f7ab2249df1e

 

Something like this should be returned. Notice in this example that one of the Consumers is \\VED\\Policy\\foo\\server1.example.com\\Apache-foo.example.com and that the status is Installation failed. This might be a scenario where it makes sense to dissociate an installation.

{
          'Contact' => [
                         'John Doe'
                       ],
          'CreatedBy' => [
                           'Aperture'
                         ],
          'ManagementType' => 'Provisioning',
          'RenewalDetails' => {
                                'Country' => 'US',
                                'Subject' => 'foo.example.com',
                                'KeySize' => 2048,
                                'OrganizationalUnit' => [
                                                          'Information Technology'
                                                        ],
                                'City' => 'Appleton',
                                'State' => 'WI',
                                'Organization' => 'Acme'
                              },
          'SchemaClass' => 'X509 Server Certificate',
          'ParentDn' => '\\VED\\Policy\\foo\\bar',
          'ManagedBy' => 'Aperture',
          'Guid' => '{2b23f743-5152-4366-a2f9-f7ab2249df1e}',
          'CreatedOn' => '2021-06-16T10:44:08.6881441Z',
          'Origin' => 'Aperture',
          'Approver' => [
                          'local:{19ff170f-24b6-4d18-b8c3-ff394fef2773}'
                        ],
          'DN' => '\\VED\\Policy\\foo\\bar\\foo.example.com',
          'ProcessingDetails' => {
                                   'InError' => 1,
                                   'Status' => 'Installation failed',
                                   'Stage' => 800
                                 },
          'CertificateDetails' => {
                                    'S' => 'WI',
                                    'KeyUsage' => 'KeyEncipherment, DigitalSignature',
                                    'KeySize' => 2048,
                                    'EnhancedKeyUsage' => 'Client Authentication(1.3.6.1.5.5.7.3.2),Server Authentication(1.3.6.1.5.5.7.3.1)',
                                    'Serial' => '3A000000FB23C28B20CCBA47310001000000FB',
                                    'Thumbprint' => '60270E2B209828820BE26DA48DE94FF96453F875',
                                    'SubjectAltNameDNS' => [
                                                             'foo.example.com'
                                                           ],
                                    'OU' => [
                                              'Information Technology'
                                            ],
                                    'C' => 'US',
                                    'CDPURI' => '',
                                    'L' => 'Appleton',
                                    'CN' => 'foo.example.com',
                                    'KeyAlgorithm' => 'RSA',
                                    'TemplateMinorVersion' => '4',
                                    'O' => 'Acme',
                                    'Subject' => 'CN=foo.example.com, OU=Information Technology, O=Acme, L=Appleton, S=WI, C=US',
                                    'StoreAdded' => '2021-06-18T12:30:40.1679793Z',
                                    'ValidTo' => '2022-06-18T12:20:40.0000000Z',
                                    'SKIKeyIdentifier' => 'A4FEA09911A379C9567048F18B53FD7F7EBEE135',
                                    'SignatureAlgorithmOID' => '1.2.840.113549.1.1.11',
                                    'AIACAIssuerURL' => [
                                                          ''
                                                        ],
                                    'AIAKeyIdentifier' => 'C0AAD11E2E32B5FEBAA4A47BED2DD21A0EB50C5C',
                                    'ValidFrom' => '2021-06-18T12:20:40.0000000Z',
                                    'SignatureAlgorithm' => 'sha256RSA',
                                    'TemplateName' => 'WebServer-Annual',
                                    'TemplateMajorVersion' => '100',
                                    'TemplateOID' => '1.3.6.1.4.1.311.21.8.15834779.3475046.12272809.5410922.5223003.179.6107418.4478281',
                                    'Issuer' => 'CN=fooCA, DC=example, DC=com',
                                    'PublicKeyHash' => 'BC6E5FC22D4E69969C27EDB1B55EAE88E6416CC8'
                                  },
          'ValidationDetails' => {
                                   'ValidationState' => 'Failure',
                                   'LastValidationStateUpdate' => '2021-06-18T11:00:16.0000000Z'
                                 },
          'CertificateAuthorityDN' => '\\VED\\Policy\\Certificate Authorities\\fooCA\\myfoo',
          'Consumers' => [
                           '\\VED\\Policy\\foo\\server001.example.com\\Apache-foo.example.com'
                         ],
          'Description' => 'foo.example.com',
          'Name' => 'foo.example.com'
        };

 

The following command can be used to remove (dissociate) the Consumer (Installation).

curl
--insecure
--request POST
--header "Authorization: Bearer abc123"
--header "Content-Type: application/json"
--url https://tpp.example.com/vedsdk/certificates/dissociate
--data '{ "CertificateDN": "\\VED\\Policy\\foo\\bar\\foo.example.com", "ApplicationDN": [ "\\VED\\Policy\\foo\\server001.example.com\\Apache-foo.example.com" ], "DeleteOrphans": true }'

 

Or like this.

curl
--insecure
--request POST
--header "Authorization: Bearer abc123"
--header "Content-Type: application/json"
--url https://tpp.example.com/vedsdk/certificates/dissociate
--data @foo.json

 

If the dissociate is successful, the following should be returned.

{"Success":true}

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter ce68da in the box below so that we can be sure you are a human.