Import Certificate Authority (CA) Response to a CSR

PUT {{apiPath}}/environments/{{envID}}/keys/{{keyID}}/csr

The PUT /environments/{{envID}}/keys/{{keyID}}/csr operation imports a Certificate Authority (CA) response to a CSR.

Prerequisites

1. If you've not already done so, use POST {{apiPath}}/environments/{{envID}}/keys to create a public key.
2. Use GET {{apiPath}}/environments/{{envID}}/keys/{{keyID}} to export the public key.
3. Copy the response to this request into a .csr file.
4. Generate a CA response for this CSR. You can do this using OpenSSL as a local certificate authority using a command similar to this:

::: shell openssl x509 -req [-digest] [-days expiry] -in CSR.csr -CA ca.pem -CAkey ca.key -CAcreateserial [-outform DER|PEM|NET] -out ca.resp.crt :::

For example:

::: shell openssl x509 -req -sha256 -days 365 -in CSRRSA.csr -CA carsa.pem -CAkey carsa.key -CAcreateserial -outform PEM -out carsa.resp.crt :::

1. You can then call PUT /environments/{{envID}}/keys/{{keyID}}/csr to import the CA reponse.

For more information, see:

• Create Key or Create Key with PKCS12 file
• Export a Certificate Signing Request (CSR)
• Certificate Management

Request Body

[{"name"=>"file", "value"=>nil, "datatype"=>"null"}]

HEADERS

RESPONSES

status: OK

{"_links":{"self":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/keys/f245a32f-f85a-4aab-abda-3bab8c8cb0b1"}},"id":"f245a32f-f85a-4aab-abda-3bab8cxxxxxx","name":"Doc test cert","serialNumber":12935964723820231176,"subjectDN":"CN=Doc test cert, OU=Ping Identity, O=Ping Identity, L=, ST=, C=US","issuerDN":"O=ping, C=ca","algorithm":"RSA","keyLength":2048,"createdAt":"2024-04-17T12:09:50.797Z","startsAt":"2024-05-10T12:18:37.000Z","expiresAt":"2025-05-10T12:18:37.000Z","validityPeriod":365,"signatureAlgorithm":"SHA256withRSA","usageType":"SIGNING","status":"VALID","organization":{"id":"bed432e6-676a-4ebe-b5a5-6b3b54e46bda"},"environment":{"id":"abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"default":false}