2. Certificate Signing Request

Create key

POST: /v1/key

Description: Create sub-key request.

Swagger

{
    "label": "sub_certificate_key",
    "password": null,
    "algorithm": "RSA",
    "keySize": 4096,
    "attributes": {
        "decrypt": false,
        "sign": true,
        "unwrap": false,        
        "extractable": false,
        "modifiable": true,
        "destroyable": true,        
    },
    "policy": null
}

CURL

curl -X POST -H "X-API-KEY: tsb-x-token_68..." -H "Content-Type: application/json" \
 https://integration-test.cloudshsm.com/v1/key -d '{
    "label": "sub_certificate_key",
    "password": null,
    "algorithm": "RSA",
    "keySize": 4096,
    "attributes": {
        "decrypt": false,
        "sign": true,
        "unwrap": false,                
        "extractable": false,
        "modifiable": true,
        "destroyable": true        
    },
    "policy": null
}'

Create a CSR

POST: /v1/certificate/synchronous/request

Description: Creates a certificate signing request (CSR) to be signed by a Root or intermediate-CA.

Swagger

{
    "signKeyName": "sub_certificate_key",
    "keyPassword": null,
    "signatureAlgorithm": "SHA256_WITH_RSA",
    "validity": 365,
    "standardCertificateAttributes": {
        "commonName": "SUB-Securosys-001",
        "country": "CH",    
        "stateOrProvinceName": "Zurich",
        "locality": "Zurich",
        "organizationName": "Securosys SA",
        "organizationUnitName": "Operations",
        "email": null,
        "title": null,
        "surname": null,
        "givenName": null,
        "initials": null,
        "pseudonym": null,
        "generationQualifier": null
    },
    "keyUsage": [
        "DIGITAL_SIGNATURE"
    ],
    "extendedKeyUsage": [
        "ANY_EXTENDED_KEY_USAGE"
    ]
}

CURL

curl -X POST -H "X-API-KEY: tsb-x-token_03..." -H "Content-Type: application/json" \
 https://integration-test.cloudshsm.com/v1/certificate/synchronous/request -d '{
    "signKeyName": "sub_certificate_key",
    "keyPassword": null,
    "signatureAlgorithm": "SHA256_WITH_RSA",
    "validity": 365,
    "standardCertificateAttributes": {
        "commonName": "SUB-Securosys-001",
        "country": "CH",    
        "stateOrProvinceName": "Zurich",
        "locality": "Zurich",
        "organizationName": "Securosys SA",
        "organizationIdentifier": "CHE-464.234.583 MWST",
        "organizationUnitName": "Operations",
    },
    "keyUsage": [
        "DIGITAL_SIGNATURE"
    ],
    "extendedKeyUsage": [
        "ANY_EXTENDED_KEY_USAGE"
    ]
}'

Respone

{
  "label": "sub_certificate_key",
  "certificateSigningRequest": "-----BEGIN NEW CERTIFICATE REQUEST-----\nMIIDEDCCAfgCAQAwdzELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0G\nA1UEBxMGWnVyaWNoMRUwEwYDVQQKEwxTZWN1cm9zeXMgU0ExEzARBgNVBAsTCk9w\nZXJhdGlvbnMxGjAYBgNVBAMTEVNVQi1TZWN1cm9zeXMtMDAxMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozSi0yjNuKIssL/AC7/VHTeUKMcaNPYzxvam\nRjUqAyEf2bs8N3peKCRP737Vlzzow/bN7IQIPdzQViY4ySbu3Hm3k/jCyguEL6+n\nEvtVD8X23x5diJRfP7fkp9Q9HPq6q3Hh2zqfU9Mb9vcyI1LWSymLpDa0whaS8l9r\nu9iJky2wE3ERhwACuaa4MkkyqEszdbq7TG+Tv5ye2vmH3SZfpgND05i/FyaN4KLY\n+jH670tpbdsSl2YQqgfkff+iLm+4du09g8ERPUs7kMhviA0AUsuiRl4mCu/uDZQb\nidIfLA0KHFzhpFWsk2roi398H27jOmQUxTmqV0V2LZFtUYExpQIDAQABoFQwUgYJ\nKoZIhvcNAQkOMUUwQzASBgNVHSUBAf8ECDAGBgRVHSUAMA4GA1UdDwEB/wQEAwIH\ngDAdBgNVHQ4EFgQUMTubYh4IdUuLGiPgzVNP2mevZ1cwDQYJKoZIhvcNAQELBQAD\nggEBABTMNe1DHC96MJoYP3mt5OpuwCxhEswCfnAgfpjsEG8DE2Cw1D1h4+pLbdXv\ncs8wwTlmr5jg/lu8NIyfCZowRO0OrG2hW8tWpTBro8Xj1eGfyDD9WbnkJNJ+1wfL\nmb13BUpVUKVBwFtu0OathJijmbxlkhifrw3b+uNEatwSpRI0jhjK7aAzOIxTPvqQ\nDLdtze9PwjCTICqqmOb3SdO3cgnu5iVWb5Ebv1OM3zHFR23lDiHS1oDPRNbB2b5W\nH3Y3/YEHs+8yLI+pz3pPAUXYZrbTwyfW6+1Zfx5IRqGclC8Ik4C3Wi2PG5SgI3kY\nKkIf5muXuXVAp1g3/PxbNUXfRFo=\n-----END NEW CERTIFICATE REQUEST-----\n"
}