pki

PKI Commands.

pki Specification

Type Intermediate Resource
Element Name pki
Element URI /axapi/v3/pki
Element Attributes pki_attributes
Schema pki schema

Operations Allowed:

Operation Method URI Payload

Get Object

GET

/axapi/v3/pki

pki_attributes

pki Attributes

copy-cert

Description: copy-cert is a JSON Block . Please see below for copy-cert

Type: Object

Reference Object: /axapi/v3/pki/copy-cert

copy-key

Description: copy-key is a JSON Block . Please see below for copy-key

Type: Object

Reference Object: /axapi/v3/pki/copy-key

create-oper

Description: create-oper is a JSON Block . Please see below for create-oper

Type: Object

Reference Object: /axapi/v3/pki/create-oper

delete

Description: delete is a JSON Block . Please see below for delete

Type: Object

Reference Object: /axapi/v3/pki/delete

delete-oper

Description: delete-oper is a JSON Block . Please see below for delete-oper

Type: Object

Reference Object: /axapi/v3/pki/delete-oper

scep-cert-list

Description: scep-cert-list is a JSON List . Please see below for scep-cert-list

Type: List

Reference Object: /axapi/v3/pki/scep-cert/{name}

delete-oper

Specification
Type object

filename

Description:

Type: string

copy-key

Specification
Type object

dest-key

Description: Destination key file

Type: string

overwrite

Description: Overwrite the destination file if already present

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

rotation

Description: Specify rotation number of SCEP generated key file

Type: number

Range: 1-4

src-key

Description: Source key file

Type: string

copy-cert

Specification
Type object

dest-cert

Description: Destination certificate file

Type: string

overwrite

Description: Overwrite the destination file if already present

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

rotation

Description: Specify rotation number of SCEP generated certificate file

Type: number

Range: 1-4

src-cert

Description: Source certificate file

Type: string

create-oper

Specification
Type object

bits

Description: ‘1024’: 1024; ‘2048’: 2048; ‘4096’: 4096;

Type: string

Supported Values: 1024, 2048, 4096

Default: 1024

common-name

Description:

Type: string

Format: string-rlx

country

Description:

Type: string

csr-generate

Description:

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

division

Description:

Type: string

Format: string-rlx

email

Description:

Type: string

Format: email-addr

filename

Description:

Type: string

locality

Description:

Type: string

Format: string-rlx

organization

Description:

Type: string

Format: string-rlx

state-province

Description:

Type: string

Format: string-rlx

valid-days

Description:

Type: number

Range: 30-3650

Default: 730

scep-cert-list

Specification
Type list
Block object keys

dn

Description: Specify the Distinguished-Name to use while enrolling the certificate (Format: “cn=user, dc=example, dc=com”)

Type: string

Format: string-rlx

encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

enroll

Description: Initiates enrollment of device with the CA

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

interval

Description: Interval time in seconds to poll when SCEP response is PENDING (default 5)

Type: number

Range: 1-3600

Default: 5

key-length

Description: ‘1024’: Key size 1024 bits; ‘2048’: Key size 2048 bits(default); ‘4096’: Key size 4096 bits; ‘8192’: Key size 8192 bits;

Type: string

Supported Values: 1024, 2048, 4096, 8192

Default: 2048

log-level

Description: level for logging output of scepclient commands(default 1 and detailed 4)

Type: number

Range: 1-4

Default: 1

max-polltime

Description: Maximum time in seconds to poll when SCEP response is PENDING (default 180)

Type: number

Range: 15-432000

method

Description: ‘GET’: GET request; ‘POST’: POST request;

Type: string

Supported Values: GET, POST

Default: GET

minute

Description: Periodic interval in minutes

Type: number

Range: 2-255

Mutual Exclusion: minute and renew-every-type are mutually exclusive

name

Description: Specify Certificate name to be enrolled

Type: string

password

Description: Specify the password used to enroll the device’s certificate

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

renew-before

Description: Specify interval before certificate expiry to renew the certificate

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: renew-before and renew-every are mutually exclusive

renew-before-type

Description: ‘hour’: Number of hours before cert expiry; ‘day’: Number of days before cert expiry; ‘week’: Number of weeks before cert expiry; ‘month’: Number of months before cert expiry;

Type: string

Supported Values: hour, day, week, month

renew-before-value

Description: Value of renewal period

Type: number

Range: 1-255

renew-every

Description: Specify periodic interval in which to renew the certificate

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: renew-every and renew-before are mutually exclusive

renew-every-type

Description: ‘hour’: Periodic interval in hours; ‘day’: Periodic interval in days; ‘week’: Periodic interval in weeks; ‘month’: Periodic interval in months;

Type: string

Supported Values: hour, day, week, month

Mutual Exclusion: renew-every-type and minute are mutually exclusive

renew-every-value

Description: Value of renewal period

Type: number

Range: 1-255

secret-string

Description: secret password

Type: string

Format: password

subject-alternate-name

Description: subject-alternate-name is a JSON Block . Please see below for l310_subject-alternate-name

Type: Object

url

Description: Specify the Enrollment Agent’s absolute URL (Format: http://host/path )

Type: string

Format: string-rlx

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

scep-cert-list.subject-alternate-name

Specification
Type object

san-type

Description: ‘email’: Enter e-mail address of the subject; ‘dns’: Enter hostname of the subject; ‘ip’: Enter IP address of the subject;

Type: string

Supported Values: email, dns, ip

san-value

Description: Value of subject-alternate-name

Type: string

Format: string-rlx

delete

Specification
Type object

ca

Description: CA certificate file name

Type: string

cert-name

Description: Certificate file name

Type: string

Format: string-rlx

crl

Description: CRL file name

Type: string

private-key

Description: Private key file name

Type: string

Format: string-rlx