Device Certificates

πŸ“˜

This page is a work in progress

This group of REST API allows to manage the SSL certificates (used for the message signing) installed on a device.

For more informations about Certificate, please read Certificates

Get the Device Management Certificate from a Device

The following API will retrieve the device certificate installed on the given device:

GET /{scopeId}/devices/{deviceId}/certificate

The required path parameters to be used with this call are:

  • {scopeId} is the scopeId of the tenant (account) to which the desired device belongs and can be retrieved from the response of the authentication call; the "_" character can be used for indicating the scopeId of the user currently authenticated with the token;
  • {deviceId} is the id of the desired device.

Response

The response of this call will contain the device certificate from the given device. As an example:

{
  "type": "certificateInfo",
  "id": "E0eo-KqLHsA",
  "scopeId": "AQ",
  "createdOn": "2019-09-23T14:31:28.000Z",
  "createdBy": "AQ",
  "modifiedOn": "2019-09-23T14:31:28.000Z",
  "modifiedBy": "AQ",
  "optlock": 1,
  "name": "New Certificate",
  "algorithm": "SHA1withRSA",
  "ca": false,
  "certificate": "-----BEGIN CERTIFICATE-----\nMIIC+DCCAeCgAwIBAgIUXZP34kjEK16Pvqg4FK2fwwdrWKgwDQYJKoZIhvcNAQEF\nBQAwNjELMAkGA1UEBhMCSVQxETAPBgNVBAoMCEV1cm90ZWNoMRQwEgYDVQQDDAtF\ndXJvdGVjaCBDQTAeFw0xODAxMDEwMDAwMDBaFw0xOTAxMDEwMDAwMDBaMDYxCzAJ\nBgNVBAYTAklUMREwDwYDVQQKDAhFdXJvdGVjaDEUMBIGA1UEAwwLRXVyb3RlY2gg\nQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCO9bS1j5Hxuv3/BtP0\nL4o9DZNgkxQF0Er1J81xk87Wr4SBeZSdlz0pXk29xfq1EoM5qX+oy57/+o8oqZ3G\nAP5/DuLJmHH52qQClGB2r9aH4khKcEhlO31v1x0iRukB6MnR9+S1ARBOYrF5m1aG\nArlKfgrd9zK9FGqzZ8aK05i2U027Omhs86sBAeN+CjChwgcKEPUX6AA0lDFANRO5\n33sFwrES97PVGgwM7Zytv0Bih/ZXnwniRZdDxIZXOe7Qe6hiqMy/8K6AVGyw+OkB\nqCkNbuHixKSQ2OoST8/ST8VaJ2piKuVK2xRSyQRL8OsgWnqetJHzwuF6qahw85ap\nxKinAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEYrPDxCm28Dmg+ZGn92jzvLqWcp\nY88acnwaoUPQlrG1v/eluEg4oXN4DODYwrPOZS21pb2I4vMRuwBx0B4mcPxuXiQY\nzaJpJxHFImfxpd7z/ys80Ud3EcVeC5jWo+3sv9+z2GMf/oTO1pL+r7PqmNDSduLV\n6sl04qJ3NFXfi8bzRypEhUJV47CbQ8szt0+/Qu9bFID3L4IdQiFlg4rzGkVdKPgH\nfYQOg+AhUxsjLX+dl0Kq2IOw2gkhlblvTTlW7Da7WnN5yxxeuCnmNAwg9KUFiMTT\nSfVApHoFzXwkDIIErV25B8io++KkcfGjyt4+ngzMbcPpja2LES6QZBSTgkw=\n-----END CERTIFICATE-----\n",
  "certificateUsages": [],
  "forwardable": true,
  "issuer": "CN=Eurotech CA,O=Eurotech,C=IT",
  "keyUsageSettings": [],
  "notAfter": "2019-01-01T00:00:00.000Z",
  "notBefore": "2018-01-01T00:00:00.000Z",
  "serial": "534235944965964131784836439176327891479262091432",
  "signature": "Ris8PEKbbwOaD5kaf3aPO8upZyljzxpyfBqhQ9CWsbW/96W4SDihc3gM4NjCs85lLbWlvYji8xG7AHHQHiZw/G5eJBjNomknEcUiZ/Gl3vP/KzzRR3cRxV4LmNaj7ey/37PYYx/+hM7Wkv6vs+qY0NJ24tXqyXTionc0Vd+LxvNHKkSFQlXjsJtDyzO3T79C71sUgPcvgh1CIWWDivMaRV0o+Ad9hA6D4CFTGyMtf52XQqrYg7DaCSGVuW9NOVbsNrtac3nLHF64KeY0DCD0pQWIxNNJ9UCkegXNfCQMggStXbkHyKj74qRx8aPK3j6eDMxtw+mNrYsRLpBkFJOCTA==",
  "status": "VALID",
  "subject": "CN=Eurotech CA,O=Eurotech,C=IT",
  "version": 3
}

Install a Certificate on a Device

The following API allows one to install a certificate on a device:

POST /{scopeId}/devices/{deviceId}/certificate/_install?certificateId={certificateId_value}&certificateType={certificateType_value}

The required path parameters to be used with this call are:

  • {scopeId} is the scopeId of the tenant (account) to which the desired device belongs and can be retrieved from the response of the authentication call; the "_" character can be used for indicating the scopeId of the user currently authenticated with the token;
  • {deviceId} is the id of the desired device.

The required query parameters to be used with this call are:

  • certificateId is the id of the certificate to be installed; it is important to know a priori this id before performing this API;
  • certificateType is the type of the certificate to be installed; the two allowed values are DEVICE_MANAGEMENT and SSL. JWT type would not work.

It is also possible to add the optional timeout query parameter, an integer value which represents the timeout for the request in milliseconds.

Response

The response of this call will consist in an HTTP 200 status code in case the certificate has been successfully installed.

Revoke a Certificate on a Device

The following API allows one to revoke the current device certificate.

POST /{scopeId}/devices/{deviceId}/certificate/_revoke?certificateId={certificateId}&certificateType={certificateType}

The required path parameters to be used with this call are:

  • {scopeId} is the scopeId of the tenant (account) to which the desired device belongs and can be retrieved from the response of the authentication call; the "_" character can be used for indicating the scopeId of the user currently authenticated with the token;
  • {deviceId} is the id of the desired device.

The required query parameters to be used with this call are:

  • {certificateId} is the id of the certificate to be installed; it is important to know a priori this id before performing this API;
  • {certificateType} is the type of the certificate to be installed; the two allowed values are DEVICE_MANAGEMENT and SSL. JWT type would not work.

It is also possible to add the optional timeout query parameter, an integer value which represents the timeout for the request in milliseconds.

Response

The response of this call will consist in an HTTP 200 status code in case the certificate has been successfully revoked.