Rotate Client Key API
Absolute Method
Path
https://{manager.system}/manager/api/{json|xml}/1.0/rotateClientKey.adm
| Parameter | Use | Default | Description |
|---|---|---|---|
| csr | required | The application sends the new certificate signing request and pass it to the Manager. | |
| expirationDate | optional | one year in the future | Date on which the certificate is no longer valid. |
- Capable Roles
- Vault Provisioner
- Return Value
- Returns Manager-generated certificate that uses the new CSR and revokes the old certificate.
Curl format
example.
curl --cacert {path to ca certificate}
--key {path to private key}
--cert {path to certificate}
'https://{manager.system}/manager/api/json/1.0/rotateClientKey.adm'
-d ‘expirationDate=1474199793453’
--data-urlencode 'csr={certificate signing request}’
Command to rotate client
key.
curl --cacert {path to ca certificate}
--key {path to private key}
--cert {path to certificate}
'https://{manager.system}/manager/api/json/1.0/rotateClientKey'
-d 'expirationDate=1474199793453'
--data-urlencode 'csr=-----BEGIN NEW CERTIFICATE REQUEST-----
MIIC6TCCAdECAQAwdDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdD
aGljYWdvMRMwEQYDVQQKEwpDbGV2ZXJzYWZlMREwDwYDVQQLEwhTZWN1cml0eTEYMBYGA1UEAxMP
d3d3LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8xi7aoUvBMo
xLJa+MjUhxtIPb8jcVzFKASblQGtVtNdd7K6AY5TY577RF/tdjpZtfzQUc+XyiSbSq+fvxdH1ulA
akaddXB3as46rgbrZc+nMJkMZ+tWoezT4aNABjfZyx7yW+Z8ht37blGpDMPgfpF7dag8MZoNBs3e
AL5t8gcyPyTrn16cZxJS0uqv5EO1Dn8J0VnHF92sUAOTHeuEALxIQeBOqJ/NvzyuXQV2agllBn8K
/eFITbnS99LCk0Tw/JLggLRLX4Yb8Wwtl+/Ci27Ij0tycJCZHVXSkxBLE+nR6jUknHr4cRP9bW4Z
8A1cEsTHP6h5RvXwYyL5+enGLwIDAQABoDAwLgYJKoZIhvcNAQkOMSEwHzAdBgNVHQ4EFgQUgBsa
QGtY0v8SCmLTJ2CpdZVV44IwDQYJKoZIhvcNAQELBQADggEBAIL+8YgssAh1XkpEfe9tb3UP+iKq
AJ2CggCaGBjZAuWfBsseQSu/iNyJqhWwGIdEy20tKQC9jlyNYFbO61by+vz8LmvRHkb1UfH9+EXs
JWkDw8wCsmOhXmISIS+Nqd40v3/5gqABYEsnp3fRpkdlGTGw2ws2TAAWh8kUxG41zKu0I48vMFxB
wSazoyNA2TIhIKaBEidAbimxk4BNpN+LGVWVUmBDEQGPQ8Uxn85Ny5k7JDyTJrNnnLBbbZn2U8ez
daIo7ztUOEsgNRuDsvSRWScmxxWT7GSdhUGc/FAbcZfaQJTEbTXN7G/ttorfoOtt3Lay2TdtWXxY
+yD9Ijm3yqQ=
-----END NEW CERTIFICATE REQUEST-----'
Response.
{
"responseData": {
"certificate": "-----BEGIN CERTIFICATE-----
\nMIIEYjCCAkqgAwIBAgIQNlDgJKxRqiAeDdSg2FheoTANBgkqhkiG9w0BAQ0FADCB\nkTELMAkGA1UEBhMCVVMxETAPBgNVBA
gMCElsbGlub2lzMRAwDgYDVQQHDAdDaGlj\nYWdvMRMwEQYDVQQKDApDbGV2ZXJzYWZlMRkwFwYDVQQDDBBkc05ldCBNYW5hZ2
Vy\nIENBMS0wKwYDVQQFEyRjNzNkZTBiMC1lMjJiLTQzNGEtYjMwZi1iMmQ0NTFiYTNm\nMWIwHhcNMTYwMTI0MTkxODM2WhcN
MTcwMTI1MTkxODM2WjBIMQswCQYDVQQGEwJV\nUzERMA8GA1UECBMISWxsaW5vaXMxCTAHBgNVBAcTADEJMAcGA1UEChMAMRAw
DgYD\nVQQDEwd0ZXN0MjEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoKH\nVafh4X1QrDRu0HFVnn2sUVfnHH
tdF7urTk/Z2zXYwRBREyVmoj2yW7u+qtX9iWB/\n34QlOhH3K0NNnSDgMPj8A1g8IO8hihb12EZ8dR4QyO1xmXzV9kJk4d89tc
tSM551\nPcSGUgounD8J7xJBdKmkixPJ73jBBlvr+WIpc/9NmRhJSvBpKZbvCV1BAH3MXtqf\nbhRVQm8DCZzmFk+SiDj9Y6tp
nleBzgSm6AG607gGMP0HpjM2Pyb4sioFaB5Sy3ad\nLXJNT2kfSiyintWhMc9nTHyxuUKjbYxuw/40Kb21dtQbsGgOeIhp7kOH
XWO46jXa\nLN9IpCQ35MjuWxBLowIDAQABMA0GCSqGSIb3DQEBDQUAA4ICAQBcBmKGB4WV7n43\nHg5kPxXLUA7Q3K5VwO5qoj
TjOwPMQxoa4KkDxlr+Ub4E64+IwlX99io9IFwHRuiw\nwpmT7s05AJeMXvL4NKNJkhRb75LiHPEBv3uVhwz9t25hdxZ54/GOjx
6v7IhhDyFj\nKJIF7TtQHFvUblfbEk0gc1wEm2lfexo4dLXCrjpkC0okmiRHpxqeBi8mh6HHA+xA\nOkKmHv4jVx3lyvVU7FnO
6/5fFGZ2jQ87kO6d8bWSI5MAQChXF63efVJBw8AaQCHy\npr6SrxCMMsQpsQpxQXA74SaTABisoOv0AAL9uk3QB4q0JYlAmyjK
NMx0b34Lksw2\ndWdrXQIzImyxuZBw1eUnkkSQFHyAvBlPHX6aJj0sDD53qq/Z60gXMJ8bUNB/Y+pV\nX5jj8MvV9MriFy0eFO
/TTAKGReChBULAdgIfssXKvi2ii4Yb50n5YxMMxDJftYEM\nRephZfOSRhrbSJWRJ7sCXOFacxiFZKF9ybagwCnUtelhdCJxkC
iVHgC1DKS8NZoT\nBrwRILer4GCbwH1q0yH2mTJeAKQut489Z6se9Iec6W8HFxODXm+plU6HreKKXig1\n4yqgs5IGXA3TPuPv
qSZMqYKRdE2KRuWaezWV4KGqxCxWd/STndG54Kv/sDPbiwHd\nWSaz+l1zpX0gQ5NYo6V/Glnh+YQCkg==\n-----END
CERTIFICATE-----\n"
},
"responseHeader": {
"requestId": "VqZ1DMCoDlIAABRNbXAAAACu",
"status": "ok",
"now": 1453749516501
},
"responseStatus": "ok"
}