Using the SSL Client Certificates REST API

Using the SSL Client Certificates REST API is straight forward, similar to the SSL Certificates API.

POST request

To POST a client certificate, specify a name and the PEM data containing the public certificate and the private key.

• The private key must be in unencrypted format. See the Project Administrators Guide for details on how to use OpenSSL to export your PEM data unencrypted.

• If the certificate is part of a chain of authority, all the certificates that make up the chain must be present.

There are input validations in place to avoid duplicates of name or certificate data. In practice this means that no two certificates can be uploaded with the same SHA-256 fingerprint hash.

{
    "name": "example",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIID4jCCAsqgAwIBAgIJAMTUjoIWiJ5EMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNV\nBAYTAkF ... 1gwMRVNKHYOIVr6273uOciQ=\n-----END CERTIFICATE-----\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDSEDyA2pBR85yX\nqSv4TWj ... \ndqZ+0L+5pSIlY7VfgTUedE4=\n-----END PRIVATE KEY-----\n"
}

POST response

The response returns the certificate name, along with some read-only fields, extracted from the certificate data:

{
    "name": "example",
    "fingerprintSHA256": "78:21:AA:31:79:6A:8A:83:36:8C:61:27:7F:FA:4D:1A:D9:97:3F:D8:BD:D5:D8:28:54:0A:5E:B5:40:94:1D:4A",
    "fingerprintSHA1": "BD:B8:03:DD:93:39:A6:38:5F:45:D0:44:0D:4F:4D:94:6C:BC:D4:C0",
    "validFrom": "2018-04-10T14:00:00Z",
    "validTo": "2019-04-10T14:00:00Z",
    "issuer": "CN=OPA Canberra Client Authority,OU=OPA,O=Oracle Australia,L=Canberra,ST=ACT,C=AU",
    "subject": "CN=Hub Web Service,OU=OPA,O=Oracle Australia,L=Canberra,ST=ACT,C=AU",
    "references": 0
}

This data allows you to verify the integrity of the supplied certificate.

The "references" property indicates how many connections refer to this client certificate by name.

The certificate data itself is kept confidential, and will never be returned by the REST service.