Catatan
Akses ke halaman ini memerlukan otorisasi. Anda dapat mencoba masuk atau mengubah direktori.
Akses ke halaman ini memerlukan otorisasi. Anda dapat mencoba mengubah direktori.
Applies To: Azure
The scenarios / operations outlined in this article are:
- Request a KV Certificate with a supported issuer
- Get pending request - request status is "inProgress"
- Get pending request - request status is "complete"
- Get pending request - pending request status is "canceled" or "failed"
- Get pending request - pending request status is "deleted" or "overwritten"
- Create (or Import) when pending request exists - status is "inProgress"
- Merge when pending request is created with an issuer (DigiCert, for example)
- Request a cancellation while the pending request status is "inProgress"
- Delete a pending request object
- Create a KV certificate manually
- Merge when a pending request is created - manual certificate creation
Request a KV Certificate with a supported issuer
| Metode | Memohon URI |
|---|---|
| POST | https://mykeyvault.vault.azure.net/certificates/mycert1/create?api-version={api-version} |
The following examples require an object named "mydigicert" to already be available in your key vault with the issuer provider as DigiCert. The certificate issuer is an entity represented in Azure Key Vault (KV) as a CertificateIssuer resource. It's used to provide information about the source of a KV certificate; issuer name, provider, credentials, and other administrative details.
Permohonan
{
"policy": {
"x509_props": {
"subject": "CN=MyCertSubject1"
},
"issuer": {
"name": "mydigicert",
"cty": "OV-SSL",
}
}
}
Jawaban
StatusCode: 202, ReasonPhrase: 'Accepted'
Location: “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}&request_id=a76827a18b63421c917da80f28e9913d"
{
"id": “https://mykeyvault.vault.azure.net/certificates/mycert1/pending",
"issuer": {
"name": "mydigicert"
},
"csr": "MIICq......DD5Lp5cqXg==",
"cancellation_requested": false,
"status": "InProgress",
"status_details": "Pending certificate created. Certificate request is in progress. This may take some time based on the issuer provider. Please check again later",
"request_id": "a76827a18b63421c917da80f28e9913d"
}
Get pending request - request status is "inProgress"
| Metode | Memohon URI |
|---|---|
| GET | https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version} |
Permohonan
GET “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}&request_id=a76827a18b63421c917da80f28e9913d"
OR
GET “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}"
Nota
If request_id is specified in the query, it acts like a filter. If the request_id in the query and in the pending object are different, an http status code of 404 is returned.
Jawaban
StatusCode: 200, ReasonPhrase: 'OK'
{
"id": “https://mykeyvault.vault.azure.net/certificates/mycert1/pending",
"issuer": {
"name": "{issuer-name}"
},
"csr": "MIICq......DD5Lp5cqXg==",
"cancellation_requested": false,
"status": "inProgress",
"status_details": "…",
"request_id": "a76827a18b63421c917da80f28e9913d"
}
Get pending request - request status is "complete"
Permohonan
| Metode | Memohon URI |
|---|---|
| GET | https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version} |
GET “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}&request_id=a76827a18b63421c917da80f28e9913d"
OR
GET “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}"
Jawaban
StatusCode: 200, ReasonPhrase: 'OK'
{
"id": “https://mykeyvault.vault.azure.net/certificates/mycert1/pending",
"issuer": {
"name": "{issuer-name}"
},
"csr": "MIICq......DD5Lp5cqXg==",
"cancellation_requested": false,
"status": "completed",
"request_id": "a76827a18b63421c917da80f28e9913d",
"target": “https://mykeyvault.vault.azure.net/certificates/mycert1?api-version={api-version}"
}
Get pending request - pending request status is "canceled" or "failed"
Permohonan
| Metode | Memohon URI |
|---|---|
| GET | https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version} |
GET “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}&request_id=a76827a18b63421c917da80f28e9913d"
OR
GET “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}"
Jawaban
StatusCode: 200, ReasonPhrase: 'OK'
{
"id": “https://mykeyvault.vault.azure.net/certificates/mycert1/pending",
"issuer": {
"name": "{issuer-name}"
},
"csr": "MIICq......DD5Lp5cqXg==",
"cancellation_requested": false,
"status": "failed",
"status_details": "",
"request_id": "a76827a18b63421c917da80f28e9913d",
"error": {
"code": "<errorcode>",
"message": "<message>"
}
}
Nota
The value of the errorcode can be "Certificate issuer error" or "Request rejected" based on issuer or user error respectively.
Get pending request - pending request status is "deleted" or "overwritten"
A pending object can be deleted or overwritten by a create/import operation when its status isn't inProgress.
| Metode | Memohon URI |
|---|---|
| GET | https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version} |
Permohonan
GET “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}&request_id=a76827a18b63421c917da80f28e9913d"
OR
GET “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}"
Jawaban
StatusCode: 404, ReasonPhrase: 'Not Found'
{
"error": {
"code": "PendingCertificateNotFound",
"message": "…"
}
}
Create (or Import) when pending request exists - status is "inProgress"
A pending object has four possible states; "inprogress", "canceled", "failed", or "completed."
When a pending request's state is "inprogress", create (and import) operations will fail with an http status code of 409 (conflict).
To fix a conflict:
If the certificate is being manually created, you can either complete the KV certificate by doing a merge or delete on the pending object.
If the certificate is being created with an issuer, you can wait until the certificate completes, fails or is canceled. Alternatively, you can delete the pending object.
Nota
Deleting a pending object may or may not cancel the x509 certificate request with the provider.
| Metode | Memohon URI |
|---|---|
| POST | https://mykeyvault.vault.azure.net/certificates/mycert1/create?api-version={api-version} |
Permohonan
{
"policy": {
"x509_props": {
"subject": "CN=MyCertSubject1"
},
"issuer": {
"name": "mydigicert"
}
}
}
Jawaban
StatusCode: 409, ReasonPhrase: 'Conflict'
{
"error": {
"code": "Forbidden",
"message": "A new key vault certificate can not be created or imported while a pending key vault certificate's status is inProgress."
}
}
Merge when pending request is created with an issuer
Merge isn't allowed when a pending object is created with an issuer but is allowed when its state is inProgress.
If the request to create the x509 certificate fails or cancels for some reason, and if an x509 certificate can be retrieved by out-of-band means, a merge operation can be done to complete the KV certificate.
| Metode | Memohon URI |
|---|---|
| POST | https://mykeyvault.vault.azure.net/certificates/mycert1/pending/merge?api-version={api-version} |
Permohonan
{
"x5c": [ "MIICxTCCAbi………………………trimmed for brevitiy……………………………………………EPAQj8=" ]
}
Jawaban
StatusCode: 403, ReasonPhrase: 'Forbidden'
{
"error": {
"code": "Forbidden",
"message": "Merge is forbidden on pending object created with issuer : <issuer-name> while it is in progess."
}
}
Request a cancellation while the pending request status is "inProgress"
A cancellation can only be requested. A request may or may not be canceled. If a request isn't "inProgress", an http status of 400 (Bad Request) is returned.
| Metode | Memohon URI |
|---|---|
| PATCH | https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version} |
Permohonan
PATCH “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}&request_id=a76827a18b63421c917da80f28e9913d"
OR
PATCH “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}"
{
"cancellation_requested": true
}
Jawaban
StatusCode: 200, ReasonPhrase: 'OK'
{
"id": “https://mykeyvault.vault.azure.net/certificates/mycert1/pending",
"issuer": {
"name": "{issuer-name}"
},
"csr": "MIICq......DD5Lp5cqXg==",
"cancellation_requested": true,
"status": "inProgress",
"status_details": "…",
"request_id": "a76827a18b63421c917da80f28e9913d"
}
Delete a pending request object
Nota
Deleting the pending object may or may not cancel the x509 certificate request with the provider.
| Metode | Memohon URI |
|---|---|
| MENGHAPUS | https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version} |
Permohonan
DELETE “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}&request_id=a76827a18b63421c917da80f28e9913d"
OR
DELETE “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}"
Jawaban
StatusCode: 200, ReasonPhrase: 'OK'
{
"id": “https://mykeyvault.vault.azure.net/certificates/mycert1/pending",
"issuer": {
"name": "{issuer-name}"
},
"csr": "MIICq......DD5Lp5cqXg==",
"cancellation_requested": false,
"status": "inProgress",
"request_id": "a76827a18b63421c917da80f28e9913d",
}
Create a KV certificate manually
You can create a certificate issued with a CA of your choice through a manual creation process. Set the name of the issuer to “Unknown” or don't specify the issuer field.
| Metode | Memohon URI |
|---|---|
| POST | https://mykeyvault.vault.azure.net/certificates/mycert1/create?api-version={api-version} |
Permohonan
{
"policy": {
"x509_props": {
"subject": "CN=MyCertSubject1"
},
"issuer": {
"name": "Unknown"
}
}
}
Jawaban
StatusCode: 202, ReasonPhrase: 'Accepted'
Location: “https://mykeyvault.vault.azure.net/certificates/mycert1/pending?api-version={api-version}&request_id=a76827a18b63421c917da80f28e9913d"
{
"id": “https://mykeyvault.vault.azure.net/certificates/mycert1/pending",
"issuer": {
"name": "Unknown"
},
"csr": "MIICq......DD5Lp5cqXg==",
"status": "inProgress",
"status_details": "Pending certificate created. Please Perform Merge to complete the request.",
"request_id": "a76827a18b63421c917da80f28e9913d"
}
Merge when a pending request is created - manual certificate creation
| Metode | Memohon URI |
|---|---|
| POST | https://mykeyvault.vault.azure.net/certificates/mycert1/pending/merge?api-version={api-version} |
Permohonan
{
"x5c": [ "MIICxTCCAbi………………………trimmed for brevitiy……………………………………………EPAQj8=" ]
}
| Nama elemen | Diperlukan | Tipe | Version | Deskripsi |
|---|---|---|---|---|
| x5c | Ya | array | <introducing version> | X509 certificate chain as base 64 string array. |
Jawaban
StatusCode: 201, ReasonPhrase: 'Created'
Location: “https://mykeyvault.vault.azure.net/certificates/mycert1?api-version={api-version}"
{
"id": "https mykeyvault.vault.azure.net/certificates/mycert1/f366e1a9dd774288ad84a45a5f620352",
"kid": "https:// mykeyvault.vault.azure.net/keys/mycert1/f366e1a9dd774288ad84a45a5f620352",
"sid": " mykeyvault.vault.azure.net/secrets/mycert1/f366e1a9dd774288ad84a45a5f620352",
"cer": "……de34534……",
"x5t": "n14q2wbvyXr71Pcb58NivuiwJKk",
"attributes": {
"enabled": true,
"exp": 1530394215,
"nbf": 1435699215,
"created": 1435699919,
"updated": 1435699919
},
"pending": {
"id": "https:// mykeyvault.vault.azure.net/certificates/mycert1/pending"
},
"policy": {
"id": "https:// mykeyvault.vault.azure.net/certificates/mycert1/policy",
"key_props": {
"exportable": false,
"kty": "RSA",
"key_size": 2048,
"reuse_key": false
},
"secret_props": {
"contentType": "application/x-pkcs12"
},
"x509_props": {
"subject": "CN=Mycert1",
"ekus": ["1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2"],
"validity_months": 12
},
"lifetime_actions": [{
"trigger": {
"lifetime_percentage": 80
},
"action": {
"action_type": "EmailContacts"
}
}],
"issuer": {
"name": "Unknown"
},
"attributes": {
"enabled": true,
"created": 1435699811,
"updated": 1435699811
}
}
}