Use the GET method to view trusted certificates in the Keystore Service (KSS) keystore. If the keystore is password-protected, you must provide a Base64-encoded header value for the keystore password.
The following table summarizes the GET request parameters.
| Name | Description | Type |
|---|---|---|
keyAlias |
Alias for trusted certificate. | Query |
keystoreEntryType |
Type of keystore entry. Valid values include Certificate, TrustedCertificate, or CertificateChain. |
Query |
keystoreName |
Name of the keystore. | Query |
stripeName |
Name of the stripe. | Query |
| Media Types: | application/json |
The response body contains information about the certificate, including:
| Attribute | Description |
|---|---|
"CONTENT" |
Contents of the Base64-encoded certificate. |
"Extensions" |
Optional extensions that are used to issue a certificate for a specific purpose. Each extension includes the following:
|
"ISSUER_DN" |
List of trusted distinguished names. |
"NOT_AFTER" |
Date the certificate expires. |
"NOT_BEFORE" |
Date the certificate is activated. |
"SERIAL_NO" |
Serial number of the JKS keystore. |
"SIGNATURE" |
Base64-encoded signature key. |
"SIGNING_ALGORITHM" |
Signing algorithm for the alias. |
"SUBJECT_DN" |
Subject distinguished names list. |
The following example shows how to view all certificates for an alias by submitting a GET request on the REST resource using cURL.
curl -i -X GET -u username:password -H keystorePassword:cHdkMQ== http://myhost:7001/idaas/platform/admin/v1/keystoreservice/certificates?"stripeName=myStripe&keystoreName=myKeystore&keyAlias=client&keystoreEntryType=Certificate"
The following shows an example of the response header. For more about the HTTP status codes, see "HTTP Status Codes for HTTP Methods."
HTTP/1.1 200 OK
The following shows an example of the response body in JSON format.
{
"SUBJECT_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y",
"ISSUER_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y",
"NOT_BEFORE":"Fri Jul 25 02:45:11 PDT 2014",
"NOT_AFTER":"Thu Oct 23 02:45:11 PDT 2014",
"SERIAL_NO":"982191050",
"SIGNING_ALGORITHM":"1.2.840.10040.4.3",
"CONTENT":"-----BEGIN CERTIFICATE----- \nMIIC7DCCAqqgAwIBAgIEOosLyjALBgcqhkjOOAQDBQAwS
EKMAgGA1UEBhMBcjEKMAgGA1UECBMB\ncjEKMAgGA1UEBxMBcjEKMAgGA1UEChMBcjEKMAgGA1UECxM
cjEKMAgGA1UEAxMBUjAeFw0xNDA3\nMjUwOTQ1MTFaFw0xNDEwMjMwOTQ1MTFaMEgxCjAIBgNVBAYTA
IxCjAIBgNVBAgTAXIxCjAIBgNV\nBAcTAXIxCjAIBgNVBAoTAXIxCjAIBgNVBAsTAXIxCjAIBgNVBAM
AVIwggG3MIIBLAYHKoZIzjgE\nATCCAR8CgYEA\/X9TgR11EilS30qcLuzk5\/YRt1I870QAwx4\/gL
RJmlFXUAiUftZPY1Y+r\/F9bow\n9subVWzXgTuAHTRv8mZgt2uZUKWkn5\/oBHsQIsJPu6nX\/rfGG
/g7V+fGqKYVDwT7g\/bTxR7DAjVU\nE1oWkTL2dfOuK2HXKu\/yIgMZndFIAccCFQCXYFCPFSMLzLKS
YKi64QL8Fgc9QKBgQD34aCF1ps9\n3su8q1w2uFe5eZSvu\/o66oL5V0wLPQeCZ1FZV4661FlP5nEHE
GAtEkWcSPoTCgWE7fPCTKMyKbh\nPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFG
iaiD3+Fa5Z8GkotmXoB7VSVk\nAUw7\/s9JKgOBhAACgYAjhpZybXj6rlXDow8srnSFE9dZJJpCKaQV
ACagQogePV+xlqPClDOoiQJ\nuvuUGHerDrThC1\/Wq5Uj1+TnkSKTy0qYxmQoq56xALa47np9TKtqt
4Vy8eUUorakG4lrjNt\/EgR\nfO675n+qINkKXKpcxaCicupRCYPkPXlnT4mtyKMhMB8wHQYDVR0OBB
EFDKbmPa2Il6SylJRPTv8\nQ+4CqpEhMAsGByqGSM44BAMFAAMvADAsAhQbkmlaUG5QDR5mXUiYC74p
\/FBOwIUGx5lc5Y01ppo\nvK3UgL7M8E3eOfc=\n-----END CERTIFICATE-----",
"SIGNATURE":FEZN2l4SPFEK5jt2QZRb5Q==",
"Extensions":"{subjectKeyIDExtension {oid = 2.5.29.14 critical = false, value = 329b98f6b6225e92ca52513d3bfc43ee02aa9121}}"
}