Document toolboxDocument toolbox

Certificates

Request certificate list

GET /cert/domain/{domain}

The Provisioning API allows listing the domain certificates, using the operation above. The result will be provided as a list containing all the certificates assigned to the required domain name, as in the following example:

[
{
"thumbprint": "dbe971d3f735335f3534f87da77d9a051bf60a31",
"type": "client",
"certificate": null,
"privateKey": "my-cert-key=\r\n",
"ca": "ommited-for-brevity=\r\n"
}
]

Download certificates

When downloading certificates, you must provide domain-level credentials. Reseller credentials do not contain the specific domain to download and thus cannot be used to download certificates.

There are two endpoints to download certificates:

  • GET/certificate?name=&pwd=

  • GET/certificate/{type}?name=&pwd=


The first is a legacy endpoint and remains just to ensure compatibility, but it just returns the same response as if calling the second one with type pkcs12.

Depending on the parameters given, the behavior will be different:

  • Name and password provided → The service will look for a certificate matching the given values. A failure response will be sent on errors.

  • Name given, but no password provided → The service will assume the domain API secret as the certificate password. If the certificate exists but has a different password, an error will be returned.

  • No name nor password →  In this case a certificate named '{domainName}_0' will be used, creating it when not found, using the domain API secret as the password.

The new endpoint can be used to download the certificate along with its keys and CA file in tarball format, using tar as the type.

Examples

GET /certificate?name=&pwd= 

Returns the pkcs12 certificate when found.

GET /certificate/pkcs12?name=&pwd= 

Same as above.

GET /certificate/tar?name=&pwd= 

This will use the tarball format instead.