Certificate Service

The CertificateService describes a Certificate Service that represents the actions available to manage certificates and links to the certificates.

URI: /redfish/v1/CertificateService

Method: GET

Response: 200

{

"@odata.type": "#CertificateService.v1_0_1.CertificateService",

"@odata.id": "/redfish/v1/CertificateService",

"Id": "CertificateService",

"Name": "Certificate Service",

"CertificateLocations": {

"@odata.id": "/redfish/v1/CertificateService/CertificateLocations"

"Actions": {

"Oem": {

"#CertificateService.GenerateCSR": {

"target": "/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR",

"@Redfish.ActionInfo": "/redfish/v1/CertificateService/GenerateCSRActionInfo"

"#CertificateService.ReplaceCertificate": {

"target": "/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate",

"@Redfish.ActionInfo": "/redfish/v1/CertificateService/ReplaceCertificateActionInfo"

}

Generating CSR

Generate a certificate signing request (CSR) for the SSL certificate.

Generating CSR Action Info

View the list of supported and required parameters to generate CSR.

URI: /redfish/v1/CertificateService/GenerateCSRActionInfo

Method: GET

Response: 200

{

"@odata.type": "#ActionInfo.v1_1_2.ActionInfo",

"@odata.id": "/redfish/v1/CertificateService/GenerateCSRActionInfo",

"Id": "GenerateCSRActionInfo",

"Name": "Generate CSR Action Info",

"Parameters": [

{

"Name": "CommonName",

"Required": true,

"DataType": "String"

{

"Name": "AlternativeNames",

"Required": false,

"DataType": "StringArray"

{

"Name": "Organization",

"Required": true,

"DataType": "String"

{

"Name": "OrganizationalUnit",

"Required": true,

"DataType": "String"

{

"Name": "City",

"Required": true,

"DataType": "String"

{

"Name": "State",

"Required": true,

"DataType": "String"

{

"Name": "Country",

"Required": true,

"DataType": "String"

{

"Name": "Email",

"Required": false,

"DataType": "String"

{

"Name": "KeyPairAlgorithm",

"Required": false,

"DataType": "String",

"AllowableValues": [

"TPM_ALG_RSA"

]

{

"Name": "KeyBitLength",

"Required": false,

"DataType": "Number",

"MinimumValue": 1024,

"MaximumValue": 4096

{

"Name": "CertificateCollection",

"Required": true,

"DataType": "Object"

{

"Name": "KeyUsage",

"Required": false,

"DataType": "StringArray",

"AllowableValues": [

"ServerAuthentication"

]

}

"Oem": {}

}

Generating a CSR Request

This action is used to perform a certificate signing request.

URI: /redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR

Method: POST

Payload:

{

"Country": "US"

"State": "California",

"City": "San Jose",

"Organization": "Supermicro Computer",

"OrganizationalUnit": "PM",

"CommonName": "Supermicro.com",

"KeyPairAlgorithm": "TPM_ALG_RSA",

"CertificateCollection": {"@odata.id": "/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates"}

}

Response: 200

Viewing Certificate Details

URI: /redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1

Method: GET

Response: 200

{

"@odata.type": "#Certificate.v1_1_0.Certificate",

"@odata.id": "/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1",

"Id": "1",

"Name": "HTTPS Certificate",

"CertificateString": "-----BEGIN CERTIFICATE-----

\nMIIE3TCCA8WgAwIBAgIUcdkJIAr/gSwrinFL4k+XbWBnlR0wDQYJKoZIhvcNA

QEL\nBQAwgZ0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDw

YDVQQH\nEwhTYW4gSm9zZTEdMBsGA1UEChMUU3VwZXIgTWljcm8gQ29tcHV0ZXI

xETAPBgNV\nBAsTCFNvZnR3YXJlMQ0wCwYDVQQDEwRJUE1JMSUwIwYJKoZIhvcN

AQkBFhZzdXBw\nb3J0QHN1cGVybWljcm8uY29tMB4XDTIzMDUyMzAwMDAwMFoXD

TMzMDUyMzAwMDAw\nMFowgZ0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm

9ybmlhMREwDwYDVQQH\nEwhTYW4gSm9zZTEdMBsGA1UEChMUU3VwZXIgTWljcm8

gQ29tcHV0ZXIxETAPBgNV\nBAsTCFNvZnR3YXJlMQ0wCwYDVQQDEwRJUE1JMSUw

IwYJKoZIhvcNAQkBFhZzdXBw\nb3J0QHN1cGVybWljcm8uY29tMIIBIjANBgkqh

kiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEA3VUR7jUFM9R28bo4iXdTxxIsGgyNS5

0PMWud1LTIYN/U07ClLvkpOtHdFcDX\nak7Rr6SyDfcoBTA8pxVbnxJarwKLE0X

6IWYTAl5GGGydUL3RlZXqcVItx1GeXdTQ\ngQkbjGcHAHXDNnpPpIGp0YSZhAaH

XW8i6gGsU8kTKDLgiOVmF1+Ni6yOaxkJCNOa\nAVYH1Vi1UEwBdvmVF7FDdIVoY

rL/3lXKWijEFy/cy9WrloP0+kErf1TW9VB++gkH\nYhn7OLfVY9ao4ZugF3jOv3

bnymF8Kf5UYXmvVkEwYo3qeUWk2/i+hw/FTYEGAWyn\nqRkR7T8+M5+KCB6C/nF

4ei8XRwIDAQABo4IBETCCAQ0wHQYDVR0OBBYEFDNyIpBy\nqt3xgWWPYIzmTMMR

ue0xMIHdBgNVHSMEgdUwgdKAFDNyIpByqt3xgWWPYIzmTMMR\nue0xoYGjpIGgM

IGdMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTER\nMA8GA1UEBx

MIU2FuIEpvc2UxHTAbBgNVBAoTFFN1cGVyIE1pY3JvIENvbXB1dGVy\nMREwDwY

DVQQLEwhTb2Z0d2FyZTENMAsGA1UEAxMESVBNSTElMCMGCSqGSIb3DQEJ\nARYW

c3VwcG9ydEBzdXBlcm1pY3JvLmNvbYIUcdkJIAr/gSwrinFL4k+XbWBnlR0w\nD

AYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWgZ7y++TsCziQnbMq/PB

\nKdD+fqT5vqYCBuW8oKrlTdLwq7JHd0KjXI3CXy1g+AY454qxEwRC9dltaxaXl

yTH\neF6WRQ/7fwpfkDE6II++yY1LCwGtmgw2pqbMepxlCEkSh2Ievlh2fGz3lB

MfKZLl\n/yIGKfyrslITUr3DdOQGoTU0/rh2rEcGHgkc7SOC2bKoi3S01pAl/zn

hzGTqObar\n4OZiOYSJWhMRJCqJsuJ9BClfL7leCGqNx2u9YyWtveNMb6bdsYOq

A3Vczuke6uIK\nysWtfiALcDr6RbZ1kE9HZ3BTTDJVX8TV3nlvc6KCh6KFNVYRK

liMTWS9fZdIg5FR\nsQ==\n-----END CERTIFICATE-----",

"CertificateType": "PEM",

"Issuer": {

"Country": "US",

"State": "California",

"City": "San Jose",

"Organization": "Super Micro Computer",

"OrganizationalUnit": "Software",

"CommonName": "IPMI",

"Email": "support@supermicro.com"

"Subject": {

"Country": "US",

"State": "California",

"City": "San Jose",

"Organization": "Super Micro Computer",

"OrganizationalUnit": "Software",

"CommonName": "IPMI",

"Email": "support@supermicro.com"

"ValidNotBefore": "2023-05-23T00:00:00+00:00",

"ValidNotAfter": "2033-05-23T00:00:00+00:00",

"KeyUsage": [

"ServerAuthentication"

"Actions": {

"Oem": {},

"#Certificate.Rekey": {

"target": "/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1/Actions/Certificate.Rekey",

"@Redfish.ActionInfo": "/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1/RekeyActionInfo"

"#Certificate.Renew": {

"target": "/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1/Actions/Certificate.Renew"

}

Replacing a Certificate

You can replace an existing certificate. Note that the new file must be a signed certificate.

Replacing Certificate Action Info

View the list of supported and required parameters to generate CSR.

URI: /redfish/v1/CertificateService/ReplaceCertificateActionInfo

Method: GET

Payload:

{

}

Response:

{

"@odata.type": "#ActionInfo.v1_1_2.ActionInfo",

"@odata.id": "/redfish/v1/CertificateService/ReplaceCertificateActionInfo",

"Id": "ReplaceCertificateActionInfo",

"Name": "Replace Certificate Action Info",

"Parameters": [

{

"Name": "CertificateString",

"Required": true,

"DataType": "String"

{

"Name": "CertificateType",

"Required": true,

"DataType": "String",

"AllowableValues": [

"PEM"

]

{

"Name": "CertificateUri",

"Required": true,

"DataType": "Object"

}

"Oem": {}

}

Renewing a Certificate

URI: /redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1/Actions/Certificate.Renew

Method: POST

Payload:

{

"CertificateString": "-----BEGIN CERTIFICATE REQUEST-----

\nMIICvjCCAaYCAQAweTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx\n

ETAPBgNVBAcTCFNhbiBKb3NlMRwwGgYDVQQKExNTdXBlcm1pY3JvIENvbXB1dGVy\nMQ

swCQYDVQQLEwJQTTEXMBUGA1UEAxMOU3VwZXJtaWNyby5jb20wggEiMA0GCSqG\nSIb3

DQEBAQUAA4IBDwAwggEKAoIBAQDHzmkX9rnVBenRS4OCAAbBN1JPXLSy5lUO\n8AYVzD

AyBKsivNZSD9PTXRFYHketUwzihQk8Km3/DbFd2sF9ZIPCc8tiBlS+5dkb\np9g6qilv

1FjvvVD0SYpYQl3km0JK1kh14AxEZARYfAI+j+RH/SA6+T6Nxzl2uB5K\nQQcMSdxjMJ

VF4Q7zMWVFP0NTN6oQkaXXATxh4o9G+SkdDCqVSXD47aYz+2Vfu8gR\nHCXptNYTElCD

N62iDoHAcPQjEuvloJqcKwXczFLgefUgsEQ9YzxYqx3lmpJrJYz/\nuUUbL1Flj7Tq91

FfPNtmRhIAMY8fGBrpqjJr9CsL7zMUV1R7DlWVAgMBAAGgADAN\nBgkqhkiG9w0BAQUF

AAOCAQEAsnEznugI2+IZpjXiI7l+I3yDDQlv0jwtgx7hYCu4\n6F5qlDRzzAlZNvBOop

ynEzkmmMq3vvpl2zdblEsYbLWcja+T1a+0UFgjILi1IIOM\nnJDk1pz34uzMAMQncAtJ

1wtE3NWI6n6+Ni0lvwSqPv5svQ+7zHITfwWbHR4KLyMF\nPM2+XA/47UIq4+SPDPSxSj

aWkFRXGrQKzy+aVH28X/SCVXEArU8UFDFfuILAHYKa\noFDM3n3tbWcWVRyZdSPZVXYE

9uWcZehlwIKh7t69gB6+WxjuONGCwviwNdX0x7A0\nLL8OdA5PISzKTGFESiEnGP914q

yovQ3QgtsZZNtFMAz66B==\n-----END CERTIFICATE REQUEST-----\n",

"CertificateType": "PEM",

"@odata.id": "/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1"

}

Response: 200

Replacing the Key Certificate

This action shall generate a new key pair for an existing certificate using the existing certificate data. The response shall contain a signing request that is to be signed by a certificate authority (CA). The service should retain the private key used for the generation of this request when the certificate is installed. The private key should not be part of the response.

URI: /redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1/Actions/Certificate.Rekey

Method: POST

Payload:

{

KeyPairAlgorithm": "TPM_ALG_RSA"

}

Response: 200

This manual was last published April 03, 2026.
This page was last updated April 03, 2026.