Certificate - Create Or Update

Service:

API Management

API Version:

2022-08-01

Crea o actualiza el certificado que se usa para la autenticación con el servidor back-end.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/certificates/{certificateId}?api-version=2022-08-01

Parámetros de identificador URI

Nombre	En	Requerido	Tipo	Description
certificateId	path	True	string	Identificador de la entidad de certificado. Debe ser único en la instancia de servicio de API Management actual. Regex pattern: ^[^*#&+:<>?]+$
resourceGroupName	path	True	string	Nombre del grupo de recursos. El nombre distingue mayúsculas de minúsculas.
serviceName	path	True	string	Nombre del servicio API Management. Regex pattern: ^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?$
subscriptionId	path	True	string	Identificador de la suscripción de destino.
api-version	query	True	string	Versión de API que se usará para la operación.

Encabezado de la solicitud

Nombre	Requerido	Tipo	Description
If-Match		string	ETag de la entidad. No es necesario al crear una entidad, pero es necesario al actualizar una entidad.

Cuerpo de la solicitud

Nombre	Tipo	Description
properties.data	string	Certificado codificado en base 64 mediante la representación application/x-pkcs12.
properties.keyVault	KeyVaultContractCreateProperties	Detalles de ubicación de KeyVault del certificado.
properties.password	string	Contraseña del certificado

Respuestas

Nombre	Tipo	Description
200 OK	CertificateContract	Los detalles del certificado se actualizaron correctamente. Headers ETag: string
201 Created	CertificateContract	El nuevo certificado se ha agregado correctamente. Headers ETag: string
Other Status Codes	ErrorResponse	Respuesta de error que describe el motivo del error de la operación.

Seguridad

azure_auth

Flujo de OAuth2 de Azure Active Directory.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Nombre	Description
user_impersonation	suplantación de su cuenta de usuario

Ejemplos

ApiManagementCreateCertificate

ApiManagementCreateCertificateWithKeyVault

ApiManagementCreateCertificate

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/tempcert?api-version=2022-08-01

{
  "properties": {
    "data": "****************Base 64 Encoded Certificate *******************************",
    "password": "****Certificate Password******"
  }
}

Java

/** Samples for Certificate CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificate.json
     */
    /**
     * Sample code: ApiManagementCreateCertificate.
     *
     * @param manager Entry point to ApiManagementManager.
     */
    public static void apiManagementCreateCertificate(
        com.azure.resourcemanager.apimanagement.ApiManagementManager manager) {
        manager
            .certificates()
            .define("tempcert")
            .withExistingService("rg1", "apimService1")
            .withData("****************Base 64 Encoded Certificate *******************************")
            .withPassword("****Certificate Password******")
            .create();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from typing import Any, IO, Union

from azure.identity import DefaultAzureCredential

from azure.mgmt.apimanagement import ApiManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-apimanagement
# USAGE
    python api_management_create_certificate.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ApiManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.certificate.create_or_update(
        resource_group_name="rg1",
        service_name="apimService1",
        certificate_id="tempcert",
        parameters={
            "properties": {
                "data": "****************Base 64 Encoded Certificate *******************************",
                "password": "****Certificate Password******",
            }
        },
    )
    print(response)


# x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificate.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armapimanagement_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4cd95123fb961c68740565a1efcaa5e43bd35802/specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificate.json
func ExampleCertificateClient_CreateOrUpdate_apiManagementCreateCertificate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armapimanagement.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewCertificateClient().CreateOrUpdate(ctx, "rg1", "apimService1", "tempcert", armapimanagement.CertificateCreateOrUpdateParameters{
		Properties: &armapimanagement.CertificateCreateOrUpdateProperties{
			Data:     to.Ptr("****************Base 64 Encoded Certificate *******************************"),
			Password: to.Ptr("****Certificate Password******"),
		},
	}, &armapimanagement.CertificateClientCreateOrUpdateOptions{IfMatch: nil})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.CertificateContract = armapimanagement.CertificateContract{
	// 	Name: to.Ptr("tempcert"),
	// 	Type: to.Ptr("Microsoft.ApiManagement/service/certificates"),
	// 	ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/tempcert"),
	// 	Properties: &armapimanagement.CertificateContractProperties{
	// 		ExpirationDate: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-03-17T21:55:07.000Z"); return t}()),
	// 		Subject: to.Ptr("CN=contoso.com"),
	// 		Thumbprint: to.Ptr("*******************3"),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ApiManagementClient } = require("@azure/arm-apimanagement");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates the certificate being used for authentication with the backend.
 *
 * @summary Creates or updates the certificate being used for authentication with the backend.
 * x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificate.json
 */
async function apiManagementCreateCertificate() {
  const subscriptionId = process.env["APIMANAGEMENT_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["APIMANAGEMENT_RESOURCE_GROUP"] || "rg1";
  const serviceName = "apimService1";
  const certificateId = "tempcert";
  const parameters = {
    data: "****************Base 64 Encoded Certificate *******************************",
    password: "****Certificate Password******",
  };
  const credential = new DefaultAzureCredential();
  const client = new ApiManagementClient(credential, subscriptionId);
  const result = await client.certificate.createOrUpdate(
    resourceGroupName,
    serviceName,
    certificateId,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

201

{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/tempcert",
  "type": "Microsoft.ApiManagement/service/certificates",
  "name": "tempcert",
  "properties": {
    "subject": "CN=contoso.com",
    "thumbprint": "*******************3",
    "expirationDate": "2018-03-17T21:55:07+00:00"
  }
}

Status code:

200

{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/tempcert",
  "type": "Microsoft.ApiManagement/service/certificates",
  "name": "tempcert",
  "properties": {
    "subject": "CN=contoso.com",
    "thumbprint": "*******************3",
    "expirationDate": "2018-03-17T21:55:07+00:00"
  }
}

ApiManagementCreateCertificateWithKeyVault

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/templateCertkv?api-version=2022-08-01

{
  "properties": {
    "keyVault": {
      "identityClientId": "ceaa6b06-c00f-43ef-99ac-f53d1fe876a0",
      "secretIdentifier": "https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert"
    }
  }
}

Java

import com.azure.resourcemanager.apimanagement.models.KeyVaultContractCreateProperties;

/** Samples for Certificate CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificateWithKeyVault.json
     */
    /**
     * Sample code: ApiManagementCreateCertificateWithKeyVault.
     *
     * @param manager Entry point to ApiManagementManager.
     */
    public static void apiManagementCreateCertificateWithKeyVault(
        com.azure.resourcemanager.apimanagement.ApiManagementManager manager) {
        manager
            .certificates()
            .define("templateCertkv")
            .withExistingService("rg1", "apimService1")
            .withKeyVault(
                new KeyVaultContractCreateProperties()
                    .withSecretIdentifier("fakeTokenPlaceholder")
                    .withIdentityClientId("ceaa6b06-c00f-43ef-99ac-f53d1fe876a0"))
            .create();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from typing import Any, IO, Union

from azure.identity import DefaultAzureCredential

from azure.mgmt.apimanagement import ApiManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-apimanagement
# USAGE
    python api_management_create_certificate_with_key_vault.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ApiManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.certificate.create_or_update(
        resource_group_name="rg1",
        service_name="apimService1",
        certificate_id="templateCertkv",
        parameters={
            "properties": {
                "keyVault": {
                    "identityClientId": "ceaa6b06-c00f-43ef-99ac-f53d1fe876a0",
                    "secretIdentifier": "https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert",
                }
            }
        },
    )
    print(response)


# x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificateWithKeyVault.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armapimanagement_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4cd95123fb961c68740565a1efcaa5e43bd35802/specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificateWithKeyVault.json
func ExampleCertificateClient_CreateOrUpdate_apiManagementCreateCertificateWithKeyVault() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armapimanagement.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewCertificateClient().CreateOrUpdate(ctx, "rg1", "apimService1", "templateCertkv", armapimanagement.CertificateCreateOrUpdateParameters{
		Properties: &armapimanagement.CertificateCreateOrUpdateProperties{
			KeyVault: &armapimanagement.KeyVaultContractCreateProperties{
				IdentityClientID: to.Ptr("ceaa6b06-c00f-43ef-99ac-f53d1fe876a0"),
				SecretIdentifier: to.Ptr("https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert"),
			},
		},
	}, &armapimanagement.CertificateClientCreateOrUpdateOptions{IfMatch: nil})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.CertificateContract = armapimanagement.CertificateContract{
	// 	Name: to.Ptr("templateCertkv"),
	// 	Type: to.Ptr("Microsoft.ApiManagement/service/certificates"),
	// 	ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/templateCertkv"),
	// 	Properties: &armapimanagement.CertificateContractProperties{
	// 		ExpirationDate: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2037-01-01T07:00:00.000Z"); return t}()),
	// 		KeyVault: &armapimanagement.KeyVaultContractProperties{
	// 			IdentityClientID: to.Ptr("ceaa6b06-c00f-43ef-99ac-f53d1fe876a0"),
	// 			SecretIdentifier: to.Ptr("https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert"),
	// 			LastStatus: &armapimanagement.KeyVaultLastAccessStatusContractProperties{
	// 				Code: to.Ptr("Success"),
	// 				TimeStampUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-22T00:24:53.319Z"); return t}()),
	// 			},
	// 		},
	// 		Subject: to.Ptr("CN=*.msitesting.net"),
	// 		Thumbprint: to.Ptr("EA**********************9AD690"),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ApiManagementClient } = require("@azure/arm-apimanagement");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates the certificate being used for authentication with the backend.
 *
 * @summary Creates or updates the certificate being used for authentication with the backend.
 * x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementCreateCertificateWithKeyVault.json
 */
async function apiManagementCreateCertificateWithKeyVault() {
  const subscriptionId = process.env["APIMANAGEMENT_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["APIMANAGEMENT_RESOURCE_GROUP"] || "rg1";
  const serviceName = "apimService1";
  const certificateId = "templateCertkv";
  const parameters = {
    keyVault: {
      identityClientId: "ceaa6b06-c00f-43ef-99ac-f53d1fe876a0",
      secretIdentifier:
        "https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ApiManagementClient(credential, subscriptionId);
  const result = await client.certificate.createOrUpdate(
    resourceGroupName,
    serviceName,
    certificateId,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

201

{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/templateCertkv",
  "type": "Microsoft.ApiManagement/service/certificates",
  "name": "templateCertkv",
  "properties": {
    "subject": "CN=*.msitesting.net",
    "thumbprint": "EA**********************9AD690",
    "expirationDate": "2037-01-01T07:00:00Z",
    "keyVault": {
      "secretIdentifier": "https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert",
      "identityClientId": "ceaa6b06-c00f-43ef-99ac-f53d1fe876a0",
      "lastStatus": {
        "code": "Success",
        "timeStampUtc": "2020-09-22T00:24:53.3191468Z"
      }
    }
  }
}

Status code:

200

{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/templateCertkv",
  "type": "Microsoft.ApiManagement/service/certificates",
  "name": "templateCertkv",
  "properties": {
    "subject": "CN=*.msitesting.net",
    "thumbprint": "EA**********************9AD690",
    "expirationDate": "2037-01-01T07:00:00Z",
    "keyVault": {
      "secretIdentifier": "https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert",
      "identityClientId": "ceaa6b06-c00f-43ef-99ac-f53d1fe876a0",
      "lastStatus": {
        "code": "Success",
        "timeStampUtc": "2020-09-22T00:24:53.3191468Z"
      }
    }
  }
}

Definiciones

Nombre	Description
CertificateContract	Detalles del certificado.
CertificateCreateOrUpdateParameters	Detalles de creación o actualización del certificado.
ErrorFieldContract	Contrato de campo de error.
ErrorResponse	Respuesta de error.
KeyVaultContractCreateProperties	Cree los detalles del contrato keyVault.
KeyVaultContractProperties	Detalles del contrato de KeyVault.
KeyVaultLastAccessStatusContractProperties	Emitir propiedades de actualización de contrato.

CertificateContract

Detalles del certificado.

Nombre	Tipo	Description
id	string	Identificador de recurso completo del recurso. Por ejemplo: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
name	string	Nombre del recurso.
properties.expirationDate	string	Fecha de expiración del certificado. La fecha se ajusta al siguiente formato: yyyy-MM-ddTHH:mm:ssZ según lo especificado por el estándar ISO 8601.
properties.keyVault	KeyVaultContractProperties	Detalles de ubicación de KeyVault del certificado.
properties.subject	string	Atributo Subject del certificado.
properties.thumbprint	string	Huella digital del certificado
type	string	Tipo de recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

CertificateCreateOrUpdateParameters

Detalles de creación o actualización del certificado.

Nombre	Tipo	Description
properties.data	string	Certificado codificado en base 64 mediante la representación application/x-pkcs12.
properties.keyVault	KeyVaultContractCreateProperties	Detalles de ubicación de KeyVault del certificado.
properties.password	string	Contraseña del certificado

ErrorFieldContract

Contrato de campo de error.

Nombre	Tipo	Description
code	string	Código de error de nivel de propiedad.
message	string	Representación legible del error de nivel de propiedad.
target	string	Nombre de propiedad.

ErrorResponse

Respuesta de error.

Nombre	Tipo	Description
error.code	string	Código del error definido por el servicio. Este código funciona como estado secundario del código de error HTTP especificado en la respuesta.
error.details	ErrorFieldContract[]	La lista de campos no válidos que se envían en la solicitud, en caso de error de validación.
error.message	string	Representación legible del error.

KeyVaultContractCreateProperties

Cree los detalles del contrato keyVault.

Nombre	Tipo	Description
identityClientId	string	Null para SystemAssignedIdentity o Id. de cliente para UserAssignedIdentity, que se usará para acceder al secreto del almacén de claves.
secretIdentifier	string	Identificador de secreto del almacén de claves para capturar el secreto. Proporcionar un secreto con versiones impedirá la actualización automática. Esto requiere que API Management servicio se configure con aka.ms/apimmsi

KeyVaultContractProperties

Detalles del contrato de KeyVault.

Nombre	Tipo	Description
identityClientId	string	Null para SystemAssignedIdentity o Id. de cliente para UserAssignedIdentity, que se usará para acceder al secreto del almacén de claves.
lastStatus	KeyVaultLastAccessStatusContractProperties	Última sincronización y actualización del estado del secreto del almacén de claves.
secretIdentifier	string	Identificador de secreto del almacén de claves para capturar el secreto. Proporcionar un secreto con versiones impedirá la actualización automática. Esto requiere que API Management servicio se configure con aka.ms/apimmsi

KeyVaultLastAccessStatusContractProperties

Emitir propiedades de actualización de contrato.

Nombre	Tipo	Description
code	string	Último código de estado para la sincronización y actualización del secreto desde el almacén de claves.
message	string	Detalles del error en blanco.
timeStampUtc	string	Última vez que se obtuvo acceso al secreto. La fecha se ajusta al siguiente formato: yyyy-MM-ddTHH:mm:ssZ según lo especificado por el estándar ISO 8601.