Certificate Service

The CertificateService describes a Certificate Service that represents the actions available to manage certificates and links to the certificates.

URI: /redfish/v1/CertificateService

Method: GET

Payload:

{

}

Response: 200

{

"@odata.type": "#CertificateService.v1_0_1.CertificateService",

"@odata.id": "/redfish/v1/CertificateService",

"Id": "CertificateService",

"Name": "Certificate Service",

"CertificateLocations": {

"@odata.id": "/redfish/v1/CertificateService/CertificateLocations"

},

"Actions": {

"Oem": {

},

"#CertificateService.GenerateCSR": {

"target": "/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR",

"@Redfish.ActionInfo": "/redfish/v1/CertificateService/GenerateCSRActionInfo"

},

"#CertificateService.ReplaceCertificate": {

"target": "/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate",

"@Redfish.ActionInfo": "/redfish/v1/CertificateService/ReplaceCertificateActionInfo"

}

}

}

Generating CSR

Generate a certificate signing request (CSR) for the SSL certificate.

Generating CSR Action Info

View the list of supported and required parameters to generate CSR.

URI: /redfish/v1/CertificateService/GenerateCSRActionInfo

Method: GET

Response: 200

{

"@odata.type": "#ActionInfo.v1_1_2.ActionInfo",

"@odata.id": "/redfish/v1/CertificateService/GenerateCSRActionInfo",

"Id": "GenerateCSRActionInfo",

"Name": "Generate CSR Action Info",

"Parameters": [

{

"Name": "CommonName",

"Required": true,

"DataType": "String"

},

{

"Name": "AlternativeNames",

"Required": false,

"DataType": "StringArray"

},

{

"Name": "Organization",

"Required": true,

"DataType": "String"

},

{

"Name": "OrganizationalUnit",

"Required": true,

"DataType": "String"

},

{

"Name": "City",

"Required": true,

"DataType": "String"

},

{

"Name": "State",

"Required": true,

"DataType": "String"

},

{

"Name": "Country",

"Required": true,

"DataType": "String"

},

{

"Name": "Email",

"Required": false,

"DataType": "String"

},

{

"Name": "KeyPairAlgorithm",

"Required": false,

"DataType": "String",

"AllowableValues": [

"TPM_ALG_RSA"

]

},

{

"Name": "KeyBitLength",

"Required": false,

"DataType": "Number",

"MinimumValue": 1024,

"MaximumValue": 4096

},

{

"Name": "CertificateCollection",

"Required": true,

"DataType": "Object"

},

{

"Name": "KeyUsage",

"Required": false,

"DataType": "StringArray",

"AllowableValues": [

"ServerAuthentication"

]

}

],

"Oem": {}

}

Generating a CSR Request

This action is used to perform a certificate signing request.

URI: /redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR

Method: POST

Payload:

{

"Country": "US"

"State": "California",

"City": "San Jose",

"Organization": "Supermicro Computer",

"OrganizationalUnit": "PM",

"CommonName": "Supermicro.com",

"KeyPairAlgorithm": "TPM_ALG_RSA",

"CertificateCollection": {"@odata.id": "/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates"}

}

Response: 200

Viewing Certificate Details

URI: /redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1

Method: GET

Response: 200

{

"@odata.type": "#Certificate.v1_1_0.Certificate",

"@odata.id": "/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1",

"Id": "1",

"Name": "HTTPS Certificate",

"CertificateString": "-----BEGIN CERTIFICATE-----\nMIIE3TCCA8WgAwIBAgIUcdkJIAr/gSwrinFL4k+XbWBnlR0wDQYJKoZIhvcNAQEL\nBQAwgZ0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQH\nEwhTYW4gSm9zZTEdMBsGA1UEChMUU3VwZXIgTWljcm8gQ29tcHV0ZXIxETAPBgNV\nBAsTCFNvZnR3YXJlMQ0wCwYDVQQDEwRJUE1JMSUwIwYJKoZIhvcNAQkBFhZzdXBw\nb3J0QHN1cGVybWljcm8uY29tMB4XDTIzMDUyMzAwMDAwMFoXDTMzMDUyMzAwMDAw\nMFowgZ0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQH\nEwhTYW4gSm9zZTEdMBsGA1UEChMUU3VwZXIgTWljcm8gQ29tcHV0ZXIxETAPBgNV\nBAsTCFNvZnR3YXJlMQ0wCwYDVQQDEwRJUE1JMSUwIwYJKoZIhvcNAQkBFhZzdXBw\nb3J0QHN1cGVybWljcm8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEA3VUR7jUFM9R28bo4iXdTxxIsGgyNS50PMWud1LTIYN/U07ClLvkpOtHdFcDX\nak7Rr6SyDfcoBTA8pxVbnxJarwKLE0X6IWYTAl5GGGydUL3RlZXqcVItx1GeXdTQ\ngQkbjGcHAHXDNnpPpIGp0YSZhAaHXW8i6gGsU8kTKDLgiOVmF1+Ni6yOaxkJCNOa\nAVYH1Vi1UEwBdvmVF7FDdIVoYrL/3lXKWijEFy/cy9WrloP0+kErf1TW9VB++gkH\nYhn7OLfVY9ao4ZugF3jOv3bnymF8Kf5UYXmvVkEwYo3qeUWk2/i+hw/FTYEGAWyn\nqRkR7T8+M5+KCB6C/nF4ei8XRwIDAQABo4IBETCCAQ0wHQYDVR0OBBYEFDNyIpBy\nqt3xgWWPYIzmTMMRue0xMIHdBgNVHSMEgdUwgdKAFDNyIpByqt3xgWWPYIzmTMMR\nue0xoYGjpIGgMIGdMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTER\nMA8GA1UEBxMIU2FuIEpvc2UxHTAbBgNVBAoTFFN1cGVyIE1pY3JvIENvbXB1dGVy\nMREwDwYDVQQLEwhTb2Z0d2FyZTENMAsGA1UEAxMESVBNSTElMCMGCSqGSIb3DQEJ\nARYWc3VwcG9ydEBzdXBlcm1pY3JvLmNvbYIUcdkJIAr/gSwrinFL4k+XbWBnlR0w\nDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWgZ7y++TsCziQnbMq/PB\nKdD+fqT5vqYCBuW8oKrlTdLwq7JHd0KjXI3CXy1g+AY454qxEwRC9dltaxaXlyTH\neF6WRQ/7fwpfkDE6II++yY1LCwGtmgw2pqbMepxlCEkSh2Ievlh2fGz3lBMfKZLl\n/yIGKfyrslITUr3DdOQGoTU0/rh2rEcGHgkc7SOC2bKoi3S01pAl/znhzGTqObar\n4OZiOYSJWhMRJCqJsuJ9BClfL7leCGqNx2u9YyWtveNMb6bdsYOqA3Vczuke6uIK\nysWtfiALcDr6RbZ1kE9HZ3BTTDJVX8TV3nlvc6KCh6KFNVYRKliMTWS9fZdIg5FR\nsQ==\n-----END CERTIFICATE-----",

"CertificateType": "PEM",

"Issuer": {

"Country": "US",

"State": "California",

"City": "San Jose",

"Organization": "Super Micro Computer",

"OrganizationalUnit": "Software",

"CommonName": "IPMI",

"Email": "support@supermicro.com"

},

"Subject": {

"Country": "US",

"State": "California",

"City": "San Jose",

"Organization": "Super Micro Computer",

"OrganizationalUnit": "Software",

"CommonName": "IPMI",

"Email": "support@supermicro.com"

},

"ValidNotBefore": "2023-05-23T00:00:00+00:00",

"ValidNotAfter": "2033-05-23T00:00:00+00:00",

"KeyUsage": [

"ServerAuthentication"

],

"Actions": {

"Oem": {},

"#Certificate.Rekey": {

"target": "/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1/Actions/Certificate.Rekey",

"@Redfish.ActionInfo": "/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1/RekeyActionInfo"

},

"#Certificate.Renew": {

"target": "/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1/Actions/Certificate.Renew"

}

}

}

Replacing a Certificate

You can replace an existing certificate. Note that the new file must be a signed certificate.

Replacing Certificate Action Info

View the list of supported and required parameters to generate CSR.

URI: /redfish/v1/CertificateService/ReplaceCertificateActionInfo

Method: GET

Payload:

{

}

Response:

{

"@odata.type": "#ActionInfo.v1_1_2.ActionInfo",

"@odata.id": "/redfish/v1/CertificateService/ReplaceCertificateActionInfo",

"Id": "ReplaceCertificateActionInfo",

"Name": "Replace Certificate Action Info",

"Parameters": [

{

"Name": "CertificateString",

"Required": true,

"DataType": "String"

},

{

"Name": "CertificateType",

"Required": true,

"DataType": "String",

"AllowableValues": [

"PEM"

]

},

{

"Name": "CertificateUri",

"Required": true,

"DataType": "Object"

}

],

"Oem": {}

}

Renewing a Certificate

URI: /redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1/Actions/Certificate.Renew

Method: POST

Payload:

{

"CertificateString": "-----BEGIN CERTIFICATE REQUEST-----

\nMIICvjCCAaYCAQAweTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx\nETAPBgNVBAcTCFNhbi

BKb3NlMRwwGgYDVQQKExNTdXBlcm1pY3JvIENvbXB1dGVy\nMQswCQYDVQQLEwJQTTEXMBUGA1UEAxMOU3VwZX

JtaWNyby5jb20wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHzmkX9rnVBenRS4OCAAbBN1JPXL

Sy5lUO\n8AYVzDAyBKsivNZSD9PTXRFYHketUwzihQk8Km3/DbFd2sF9ZIPCc8tiBlS+5dkb\np9g6qilv1Fjv

vVD0SYpYQl3km0JK1kh14AxEZARYfAI+j+RH/SA6+T6Nxzl2uB5K\nQQcMSdxjMJVF4Q7zMWVFP0NTN6oQkaXX

ATxh4o9G+SkdDCqVSXD47aYz+2Vfu8gR\nHCXptNYTElCDN62iDoHAcPQjEuvloJqcKwXczFLgefUgsEQ9YzxY

qx3lmpJrJYz/\nuUUbL1Flj7Tq91FfPNtmRhIAMY8fGBrpqjJr9CsL7zMUV1R7DlWVAgMBAAGgADAN\nBgkqhk

iG9w0BAQUFAAOCAQEAsnEznugI2+IZpjXiI7l+I3yDDQlv0jwtgx7hYCu4\n6F5qlDRzzAlZNvBOopynEzkmmM

q3vvpl2zdblEsYbLWcja+T1a+0UFgjILi1IIOM\nnJDk1pz34uzMAMQncAtJ1wtE3NWI6n6+Ni0lvwSqPv5svQ

+7zHITfwWbHR4KLyMF\nPM2+XA/47UIq4+SPDPSxSjaWkFRXGrQKzy+aVH28X/SCVXEArU8UFDFfuILAHYKa\n

oFDM3n3tbWcWVRyZdSPZVXYE9uWcZehlwIKh7t69gB6+WxjuONGCwviwNdX0x7A0\nLL8OdA5PISzKTGFESiEn

GP914qyovQ3QgtsZZNtFMAz66B==\n-----END CERTIFICATE REQUEST-----\n",

"CertificateType": "PEM",

"@odata.id": "/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1"

}

Response: 200

Replacing the Key Certificate

This action shall generate a new key pair for an existing certificate using the existing certificate data. The response shall contain a signing request that is to be signed by a certificate authority (CA). The service should retain the private key used for the generation of this request when the certificate is installed. The private key should not be part of the response.

URI: /redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1/Actions/Certificate.Rekey

Method: POST

Payload:

{

KeyPairAlgorithm": "TPM_ALG_RSA"

}

Response: 200