Creates or updates the certificate being used for authentication with the backend.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/certificates/{certificateId}?api-version=2022-08-01
URI Parameters
| Name |
In |
Required |
Type |
Description |
|
certificateId
|
path |
True
|
string
|
Identifier of the certificate entity. Must be unique in the current API Management service instance.
Regex pattern: ^[^*#&+:<>?]+$
|
|
resourceGroupName
|
path |
True
|
string
|
The name of the resource group. The name is case insensitive.
|
|
serviceName
|
path |
True
|
string
|
The name of the API Management service.
Regex pattern: ^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?$
|
|
subscriptionId
|
path |
True
|
string
|
The ID of the target subscription.
|
|
api-version
|
query |
True
|
string
|
The API version to use for this operation.
|
| Name |
Required |
Type |
Description |
|
If-Match
|
|
string
|
ETag of the Entity. Not required when creating an entity, but required when updating an entity.
|
Request Body
| Name |
Type |
Description |
|
properties.data
|
string
|
Base 64 encoded certificate using the application/x-pkcs12 representation.
|
|
properties.keyVault
|
KeyVaultContractCreateProperties
|
KeyVault location details of the certificate.
|
|
properties.password
|
string
|
Password for the Certificate
|
Responses
| Name |
Type |
Description |
|
200 OK
|
CertificateContract
|
The certificate details were successfully updated.
Headers
ETag: string
|
|
201 Created
|
CertificateContract
|
The new certificate was successfully added.
Headers
ETag: string
|
|
Other Status Codes
|
ErrorResponse
|
Error response describing why the operation failed.
|
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name |
Description |
|
user_impersonation
|
impersonate your user account
|
Examples
ApiManagementCreateCertificate
Sample Request
PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/tempcert?api-version=2022-08-01
{
"properties": {
"data": "****************Base 64 Encoded Certificate *******************************",
"password": "****Certificate Password******"
}
}
/** Samples for Certificate CreateOrUpdate. */
public final class Main {
/*
* x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificate.json
*/
/**
* Sample code: ApiManagementCreateCertificate.
*
* @param manager Entry point to ApiManagementManager.
*/
public static void apiManagementCreateCertificate(
com.azure.resourcemanager.apimanagement.ApiManagementManager manager) {
manager
.certificates()
.define("tempcert")
.withExistingService("rg1", "apimService1")
.withData("****************Base 64 Encoded Certificate *******************************")
.withPassword("****Certificate Password******")
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.apimanagement import ApiManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-apimanagement
# USAGE
python api_management_create_certificate.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ApiManagementClient(
credential=DefaultAzureCredential(),
subscription_id="subid",
)
response = client.certificate.create_or_update(
resource_group_name="rg1",
service_name="apimService1",
certificate_id="tempcert",
parameters={
"properties": {
"data": "****************Base 64 Encoded Certificate *******************************",
"password": "****Certificate Password******",
}
},
)
print(response)
# x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificate.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armapimanagement_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4cd95123fb961c68740565a1efcaa5e43bd35802/specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificate.json
func ExampleCertificateClient_CreateOrUpdate_apiManagementCreateCertificate() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armapimanagement.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewCertificateClient().CreateOrUpdate(ctx, "rg1", "apimService1", "tempcert", armapimanagement.CertificateCreateOrUpdateParameters{
Properties: &armapimanagement.CertificateCreateOrUpdateProperties{
Data: to.Ptr("****************Base 64 Encoded Certificate *******************************"),
Password: to.Ptr("****Certificate Password******"),
},
}, &armapimanagement.CertificateClientCreateOrUpdateOptions{IfMatch: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.CertificateContract = armapimanagement.CertificateContract{
// Name: to.Ptr("tempcert"),
// Type: to.Ptr("Microsoft.ApiManagement/service/certificates"),
// ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/tempcert"),
// Properties: &armapimanagement.CertificateContractProperties{
// ExpirationDate: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-03-17T21:55:07.000Z"); return t}()),
// Subject: to.Ptr("CN=contoso.com"),
// Thumbprint: to.Ptr("*******************3"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ApiManagementClient } = require("@azure/arm-apimanagement");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates the certificate being used for authentication with the backend.
*
* @summary Creates or updates the certificate being used for authentication with the backend.
* x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificate.json
*/
async function apiManagementCreateCertificate() {
const subscriptionId = process.env["APIMANAGEMENT_SUBSCRIPTION_ID"] || "subid";
const resourceGroupName = process.env["APIMANAGEMENT_RESOURCE_GROUP"] || "rg1";
const serviceName = "apimService1";
const certificateId = "tempcert";
const parameters = {
data: "****************Base 64 Encoded Certificate *******************************",
password: "****Certificate Password******",
};
const credential = new DefaultAzureCredential();
const client = new ApiManagementClient(credential, subscriptionId);
const result = await client.certificate.createOrUpdate(
resourceGroupName,
serviceName,
certificateId,
parameters
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/tempcert",
"type": "Microsoft.ApiManagement/service/certificates",
"name": "tempcert",
"properties": {
"subject": "CN=contoso.com",
"thumbprint": "*******************3",
"expirationDate": "2018-03-17T21:55:07+00:00"
}
}
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/tempcert",
"type": "Microsoft.ApiManagement/service/certificates",
"name": "tempcert",
"properties": {
"subject": "CN=contoso.com",
"thumbprint": "*******************3",
"expirationDate": "2018-03-17T21:55:07+00:00"
}
}
ApiManagementCreateCertificateWithKeyVault
Sample Request
PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/templateCertkv?api-version=2022-08-01
{
"properties": {
"keyVault": {
"identityClientId": "ceaa6b06-c00f-43ef-99ac-f53d1fe876a0",
"secretIdentifier": "https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert"
}
}
}
import com.azure.resourcemanager.apimanagement.models.KeyVaultContractCreateProperties;
/** Samples for Certificate CreateOrUpdate. */
public final class Main {
/*
* x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificateWithKeyVault.json
*/
/**
* Sample code: ApiManagementCreateCertificateWithKeyVault.
*
* @param manager Entry point to ApiManagementManager.
*/
public static void apiManagementCreateCertificateWithKeyVault(
com.azure.resourcemanager.apimanagement.ApiManagementManager manager) {
manager
.certificates()
.define("templateCertkv")
.withExistingService("rg1", "apimService1")
.withKeyVault(
new KeyVaultContractCreateProperties()
.withSecretIdentifier("fakeTokenPlaceholder")
.withIdentityClientId("ceaa6b06-c00f-43ef-99ac-f53d1fe876a0"))
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.apimanagement import ApiManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-apimanagement
# USAGE
python api_management_create_certificate_with_key_vault.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ApiManagementClient(
credential=DefaultAzureCredential(),
subscription_id="subid",
)
response = client.certificate.create_or_update(
resource_group_name="rg1",
service_name="apimService1",
certificate_id="templateCertkv",
parameters={
"properties": {
"keyVault": {
"identityClientId": "ceaa6b06-c00f-43ef-99ac-f53d1fe876a0",
"secretIdentifier": "https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert",
}
}
},
)
print(response)
# x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificateWithKeyVault.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armapimanagement_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4cd95123fb961c68740565a1efcaa5e43bd35802/specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificateWithKeyVault.json
func ExampleCertificateClient_CreateOrUpdate_apiManagementCreateCertificateWithKeyVault() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armapimanagement.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewCertificateClient().CreateOrUpdate(ctx, "rg1", "apimService1", "templateCertkv", armapimanagement.CertificateCreateOrUpdateParameters{
Properties: &armapimanagement.CertificateCreateOrUpdateProperties{
KeyVault: &armapimanagement.KeyVaultContractCreateProperties{
IdentityClientID: to.Ptr("ceaa6b06-c00f-43ef-99ac-f53d1fe876a0"),
SecretIdentifier: to.Ptr("https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert"),
},
},
}, &armapimanagement.CertificateClientCreateOrUpdateOptions{IfMatch: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.CertificateContract = armapimanagement.CertificateContract{
// Name: to.Ptr("templateCertkv"),
// Type: to.Ptr("Microsoft.ApiManagement/service/certificates"),
// ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/templateCertkv"),
// Properties: &armapimanagement.CertificateContractProperties{
// ExpirationDate: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2037-01-01T07:00:00.000Z"); return t}()),
// KeyVault: &armapimanagement.KeyVaultContractProperties{
// IdentityClientID: to.Ptr("ceaa6b06-c00f-43ef-99ac-f53d1fe876a0"),
// SecretIdentifier: to.Ptr("https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert"),
// LastStatus: &armapimanagement.KeyVaultLastAccessStatusContractProperties{
// Code: to.Ptr("Success"),
// TimeStampUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-22T00:24:53.319Z"); return t}()),
// },
// },
// Subject: to.Ptr("CN=*.msitesting.net"),
// Thumbprint: to.Ptr("EA**********************9AD690"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ApiManagementClient } = require("@azure/arm-apimanagement");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates the certificate being used for authentication with the backend.
*
* @summary Creates or updates the certificate being used for authentication with the backend.
* x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificateWithKeyVault.json
*/
async function apiManagementCreateCertificateWithKeyVault() {
const subscriptionId = process.env["APIMANAGEMENT_SUBSCRIPTION_ID"] || "subid";
const resourceGroupName = process.env["APIMANAGEMENT_RESOURCE_GROUP"] || "rg1";
const serviceName = "apimService1";
const certificateId = "templateCertkv";
const parameters = {
keyVault: {
identityClientId: "ceaa6b06-c00f-43ef-99ac-f53d1fe876a0",
secretIdentifier:
"https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert",
},
};
const credential = new DefaultAzureCredential();
const client = new ApiManagementClient(credential, subscriptionId);
const result = await client.certificate.createOrUpdate(
resourceGroupName,
serviceName,
certificateId,
parameters
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/templateCertkv",
"type": "Microsoft.ApiManagement/service/certificates",
"name": "templateCertkv",
"properties": {
"subject": "CN=*.msitesting.net",
"thumbprint": "EA**********************9AD690",
"expirationDate": "2037-01-01T07:00:00Z",
"keyVault": {
"secretIdentifier": "https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert",
"identityClientId": "ceaa6b06-c00f-43ef-99ac-f53d1fe876a0",
"lastStatus": {
"code": "Success",
"timeStampUtc": "2020-09-22T00:24:53.3191468Z"
}
}
}
}
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/templateCertkv",
"type": "Microsoft.ApiManagement/service/certificates",
"name": "templateCertkv",
"properties": {
"subject": "CN=*.msitesting.net",
"thumbprint": "EA**********************9AD690",
"expirationDate": "2037-01-01T07:00:00Z",
"keyVault": {
"secretIdentifier": "https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert",
"identityClientId": "ceaa6b06-c00f-43ef-99ac-f53d1fe876a0",
"lastStatus": {
"code": "Success",
"timeStampUtc": "2020-09-22T00:24:53.3191468Z"
}
}
}
}
Definitions
CertificateContract
Certificate details.
| Name |
Type |
Description |
|
id
|
string
|
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
name
|
string
|
The name of the resource
|
|
properties.expirationDate
|
string
|
Expiration date of the certificate. The date conforms to the following format: yyyy-MM-ddTHH:mm:ssZ as specified by the ISO 8601 standard.
|
|
properties.keyVault
|
KeyVaultContractProperties
|
KeyVault location details of the certificate.
|
|
properties.subject
|
string
|
Subject attribute of the certificate.
|
|
properties.thumbprint
|
string
|
Thumbprint of the certificate.
|
|
type
|
string
|
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
|
CertificateCreateOrUpdateParameters
Certificate create or update details.
| Name |
Type |
Description |
|
properties.data
|
string
|
Base 64 encoded certificate using the application/x-pkcs12 representation.
|
|
properties.keyVault
|
KeyVaultContractCreateProperties
|
KeyVault location details of the certificate.
|
|
properties.password
|
string
|
Password for the Certificate
|
ErrorFieldContract
Error Field contract.
| Name |
Type |
Description |
|
code
|
string
|
Property level error code.
|
|
message
|
string
|
Human-readable representation of property-level error.
|
|
target
|
string
|
Property name.
|
ErrorResponse
Error Response.
| Name |
Type |
Description |
|
error.code
|
string
|
Service-defined error code. This code serves as a sub-status for the HTTP error code specified in the response.
|
|
error.details
|
ErrorFieldContract[]
|
The list of invalid fields send in request, in case of validation error.
|
|
error.message
|
string
|
Human-readable representation of the error.
|
KeyVaultContractCreateProperties
Create keyVault contract details.
| Name |
Type |
Description |
|
identityClientId
|
string
|
Null for SystemAssignedIdentity or Client Id for UserAssignedIdentity , which will be used to access key vault secret.
|
|
secretIdentifier
|
string
|
Key vault secret identifier for fetching secret. Providing a versioned secret will prevent auto-refresh. This requires API Management service to be configured with aka.ms/apimmsi
|
KeyVaultContractProperties
KeyVault contract details.
| Name |
Type |
Description |
|
identityClientId
|
string
|
Null for SystemAssignedIdentity or Client Id for UserAssignedIdentity , which will be used to access key vault secret.
|
|
lastStatus
|
KeyVaultLastAccessStatusContractProperties
|
Last time sync and refresh status of secret from key vault.
|
|
secretIdentifier
|
string
|
Key vault secret identifier for fetching secret. Providing a versioned secret will prevent auto-refresh. This requires API Management service to be configured with aka.ms/apimmsi
|
KeyVaultLastAccessStatusContractProperties
Issue contract Update Properties.
| Name |
Type |
Description |
|
code
|
string
|
Last status code for sync and refresh of secret from key vault.
|
|
message
|
string
|
Details of the error else empty.
|
|
timeStampUtc
|
string
|
Last time secret was accessed. The date conforms to the following format: yyyy-MM-ddTHH:mm:ssZ as specified by the ISO 8601 standard.
|