Use Client Registration API to register the client certificate

You can use the method absolute path:

https://{manager.system}/manager/api/{json|xml}/1.0/clientRegistration.adm
With the Vault Provisioner roles:
Table 1. Request parameters
Parameter Use Default Description
csr required   The application generates the certificate signing request and passes it to the Manager.
expirationDate optional one year The value should be a millisecond time stamp.

Returns Manager-generated certificate for the associated account on successful registration.

Curl Format Example

curl -u {username:password} -k '
https://{manager.system}/manager/api/json/1.0/clientRegistration.adm' -d
'expirationDate={millisecond timestamp}' --data-urlencode 'csr={certificate signing request}’
Command to Register Client CSR
curl -u john_doe:john1234 
   -k 'https://{manager.system}/manager/api/json/1.0/clientRegistration.adm'
   -d 'expirationDate=1474199793453' 
   --data-urlencode 'csr=-----BEGIN NEW CERTIFICATE REQUEST-----
MIIC6TCCAdECAQAwdDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdD
aGljYWdvMRMwEQYDVQQKEwpDbGV2ZXJzYWZlMREwDwYDVQQLEwhTZWN1cml0eTEYMBYGA1UEAxMP
d3d3LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8xi7aoUvBMo
xLJa+MjUhxtIPb8jcVzFKASblQGtVtNdd7K6AY5TY577RF/tdjpZtfzQUc+XyiSbSq+fvxdH1ulA
akaddXB3as46rgbrZc+nMJkMZ+tWoezT4aNABjfZyx7yW+Z8ht37blGpDMPgfpF7dag8MZoNBs3e
AL5t8gcyPyTrn16cZxJS0uqv5EO1Dn8J0VnHF92sUAOTHeuEALxIQeBOqJ/NvzyuXQV2agllBn8K
/eFITbnS99LCk0Tw/JLggLRLX4Yb8Wwtl+/Ci27Ij0tycJCZHVXSkxBLE+nR6jUknHr4cRP9bW4Z
8A1cEsTHP6h5RvXwYyL5+enGLwIDAQABoDAwLgYJKoZIhvcNAQkOMSEwHzAdBgNVHQ4EFgQUgBsa
QGtY0v8SCmLTJ2CpdZVV44IwDQYJKoZIhvcNAQELBQADggEBAIL+8YgssAh1XkpEfe9tb3UP+iKq
AJ2CggCaGBjZAuWfBsseQSu/iNyJqhWwGIdEy20tKQC9jlyNYFbO61by+vz8LmvRHkb1UfH9+EXs
JWkDw8wCsmOhXmISIS+Nqd40v3/5gqABYEsnp3fRpkdlGTGw2ws2TAAWh8kUxG41zKu0I48vMFxB
wSazoyNA2TIhIKaBEidAbimxk4BNpN+LGVWVUmBDEQGPQ8Uxn85Ny5k7JDyTJrNnnLBbbZn2U8ez
daIo7ztUOEsgNRuDsvSRWScmxxWT7GSdhUGc/FAbcZfaQJTEbTXN7G/ttorfoOtt3Lay2TdtWXxY
+yD9Ijm3yqQ=
-----END NEW CERTIFICATE REQUEST-----'
Response
{
"responseData": {
"certificate": "-----BEGIN CERTIFICATE-----
\nMIIEYjCCAkqgAwIBAgIQM9oqHSIHEtRRWKyZHHaxpDANBgkqhkiG9w0BAQ0FADCB\nkTELMAkGA1UEBhMCVVMxETAPBgNVBA
gMCElsbGlub2lzMRAwDgYDVQQHDAdDaGlj\nYWdvMRMwEQYDVQQKDApDbGV2ZXJzYWZlMRkwFwYDVQQDDBBkc05ldCBNYW5hZ2
Vy\nIENBMS0wKwYDVQQFEyRjNzNkZTBiMC1lMjJiLTQzNGEtYjMwZi1iMmQ0NTFiYTNm\nMWIwHhcNMTYwMTI0MTYxODAyWhcN
MTcwMTI1MTYxODAyWjBIMQswCQYDVQQGEwJV\nUzERMA8GA1UECBMISWxsaW5vaXMxCTAHBgNVBAcTADEJMAcGA1UEChMAMRAw
DgYD\nVQQDEwd0ZXN0MjExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjESE\n+ETYc0+NrAqhH+nbBRxr+W/hW6
HodkMSMahTLQR1J4OvqZqjTbN8iG7rtz8EpGZ9\n7Q+e6kvyYaIHzFKoeAwVD6cIaT6/sghkY6ck4ZSI4iwqiZ4wmACgiiB+ei
W1RN9O\nstYfnH0dY9isbXLGYGNCCs1qJAh7u+5P6eB2lU6xjbJjafwYIOdcwEMFTu6Hym9T\nQJ+RvzIetQv47SE7R3lL+Uy9
DQqK3GV4VShAOg+BZgwdJoBakfUxMscs6xj43B6M\n37PpIZewl9LkFXzHND3vKwYUN3/+aeRVajKbVesRnBTkpAS0JnlUSXzX
FO6f7ReJ\nhQmoqLlDVLUScvNzZwIDAQABMA0GCSqGSIb3DQEBDQUAA4ICAQAuLqCVVYnxOMNe\ngnKotIq6ropSbIHNDJrcgr
7s+POUJdOlqWcUb4xW0AF3mn1vGXCjSdhn9lgqGrhW\nvVHn6nluFCAzxAUgFhTLl5Z9MCNtZsh7f/McZ5d2vd890x9lHhbNLw
L0e66n2uKH\nOKeONwmh9DTsvcfF8E1wP9e10Jji8ECUY3Zhkus5xIR7WhpmBMrvp6vahkGgLdpf\n+XVJtFGMlWwmXzWD4yOo
aQwUgx6DCXGiEPQbb0smZvijBsRcj0Htf9Mh7vPkhHJw\nWwaIse0B/ZBEs+y6DelxX38WJ4y/ARasPfPc9dAJWqk0Swp3/qbx
fe2FUBXTqgso\nSz3Izrfm4zq6OZsJJZjJSw8jz/GxDgEgfTua72fbNs53Pd8eY1miBfNxmaP68r79\nyGovACSnLXRPuqTQC8
G24lKUTaKv+Wq+YVnhlOwhTpMRMFo+ENf0Y6tF+Uy0j6dv\n/62xLT+YzUIpB8veKc7ZUIqt7agqapiRe9bNgGILIMMpaflFBb
BLK6je2wzJ5LaB\nfpZdl4vDmN0fl5rKAF5Ww8pxk4HTuycqyfOcgShLSV7avAp7p6t2Qz76aNCHzUvi\nw4ZycMK0zOY8Tow1
WbwE7txzFa0A3+7uVg9IM+We+nq61nEF+35YA++Ku+aezGM8\n6EMn0yUiW9l5ulKqsxesSaJiZy98IA==\n-----END
CERTIFICATE-----\n"
},
"responseHeader": {
"requestId": "VqZKusCoDlIAABRNQmoAAACz",
"status": "ok",
"now": 1453738682820
},
"responseStatus": "ok"
}
HTTP response is: 200 OK