Assign authentication certificate

POST
https://one.digicert.com/iot/api/v1/enrollment-profile/{{enrollment_profile_id}}/authentication-certificate

Use this endpoint to assign an authentication certificate to an enrollment profile.

You can only assign an authentication certificate to an enrollment profile that uses the EST, SCEP, or CMPv2 enrollment methods.

Example requests and responses

cURL
curl -X POST 'https://one.digicert.com/iot/api/v1/enrollment-profile/{{enrollment_profile_id}}/authentication-certificate' \
-H 'x-api-key: {{api_key}}' \
-H 'Content-Type: application/json' \
--data-raw '{
    "pem": {{auth_cert_pem}},
    "start_date": "2020-01-01",
    "end_date": "2021-01-01",
    "registered_values": [
        {
            "certificate_field": "subject.common_name",
            "matcher": "equals",
            "value": "common name registered value"
        },
        {
            "certificate_field": "subject.organization_unit",
            "matcher": "equals",
            "value": ["Unit 1", "Unit 2"]
        }
    ]
}'
201 Created
{
    "id": "a876d305-713c-4f0e-93c1-855a518f885e",
    "certificate": {
        "id": "0dd83c6a-63c2-4d52-acc9-7140e0fb0332",
        "name": "AuthCert-001"
    },
    "enrollment_profile": {
        "id": "IOT_c1ac3d12-c2cb-46f0-808e-d0110c280c77",
        "name": "EST"
    },    
    "start_date": "2020-01-01",
    "end_date": "2021-01-01",
    "usage_limit": 100,
    "registered_values": [
        {
            "certificate_field": "subject.common_name",
            "matcher": "equals",
            "value": "common name registered value",
            "multiple": false
        },
        {
            "certificate_field": "subject.organization_unit",
            "matcher": "equals",
            "value": [
                "Unit 1",
                "Unit 2"
            ],
            "multiple": true
        }
    ],
    "number_of_usage": 0,
    "status": "ACTIVE",
    "created_at": "2020-09-29T12:05:37.519512Z",
    "pem": {{auth_cert_pem}},
    "certificate_expires_on": "2021-03-03T10:19:17Z",
    "certificate_serial_number": "57db86ca2713c7060aa43971ef32f598c1521c56",
    "certificate_issuer_common_name": "IoT Predemo Company Issuing CA",
    "certificate_thumbprint": "f99a9e95b9b7c40b985b36ea7a444801ed177ad5bd9aa4464f53694df2b98143",
    "certificate_organization": "DigiCert",
    "certificate_organization_units": []
}

Path parameters

Name Description
enrollment_profile_id ID of the enrollment profile to assign the authentication certificate.

Request parameters

Name Req/Opt Type Description
pem required string Certificate body of the authentication certificate, in PEM format.
start_date optional string Start date for the period of time during which the enrollment profile can use the authentication certificate.
Format: YYYY-MM-DD
Can be earlier than the certificate’s “valid from” date. If not provided, there is no start date limitation.
end_date optional string End date for the period of time during which the enrollment profile can use the authentication certificate.
Format: YYYY-MM-DD
Can be later than the certificate’s “valid to” date. If not provided, there is no end date limitation.
usage_limit optional int Number of times the authentication certificate can be used.
If not provided, the authentication certificate does not have a usage limit.
registered_values optional object List of objects with details about the certificate fields to validate when using this authentication certificate.
If you don't need to validate certificate fields for this authentication certificate, omit the registered_values object from your request.
.. certificate_field required string Name of a certificate field to validate when using this authentication certificate.
Allowed values: See Certificate fields that support registered values.
.. matcher optional string Operator to use when comparing the value of the certificate field to the registered value.
Allowed values: equals
.. value required string/array A value or list of values to compare with the value of the chosen certificate_field.
Use a string to validate certificate fields that contain a string. Use an array to validate certificate fields that contain an array.

Response parameters

Name Type Description
id string Authentication certificate ID.
certificate object Object with information about the certificate.
.. id string Certificate ID.
.. name string Certificate common name.
enrollment_profile object Object with enrollment profile details.
.. id string Enrollment profile ID.
.. name string Enrollment profile name.
number_of_usage int Number of times the authentication certificate has been used.
usage_limit int Number of times the authentication certificate can be used for enrollment.
start_date string Start date for the period of time during which the enrollment profile can use the authentication certificate.
Format: YYYY-MM-DD
end_date string End date for the period of time during which the enrollment profile can use the authentication certificate.
Format: YYYY-MM-DD
status string Authentication certificate status.
Possible values: ACTIVE, DISABLED, or DELETED. Newly assigned authentication certificates are expected to have a status of ACTIVE.
created_at string Date and time (UTC) the authentication certificate was assigned.
pem object Certificate body, in PEM format.
certificate_expires_on string Date and time the certificate expires.
certificate_serial_number string Certificate serial number.
certificate_issuer_common_name string Common name of the certificate issuer.
certificate_thumbprint string Thumbprint of the certificate.
certificate_organization string Organization associated with the certificate.
certificate_organization_units array List of organization units associated with the certificate.
registered_values object List of objects with details about the certificate fields that are validated when using this authentication certificate.
Only returned for requests that include the registered_values request parameter.
.. certificate_field string Name of a certificate field that is validated when using this passcode.
Possible values: See Certificate fields that support registered values.
.. matcher string Operator used when comparing the value of the certificate field to the registered values.
Possible values: equals
.. value string/array The value or list of values that are compared with the value of the chosen certificate_field.
.. multiple bool Returns true when the data type of the certificate field is an array. Otherwise, false.

Certificate fields that support registered values

Field Type
subject.common_name string
subject.organization_name string
subject.organization_unit array
subject.country string
subject.state string
subject.locality string
subject.street_address array
subject.postal_code string
subject.email string
challenge_password string