Avi SSLKeyAndCertificate Object API
CLI ``` - configure sslkeyandcertificate - show sslkeyandcertificate - delete sslkeyandcertificate - renew sslkeyandcertificate ``` Examples - **sslkeyandcertificate_example_1**: To generate a self-signed certificate ```json {'name': 'mycert', 'common_name': 'ACME Company', 'organization': 'ACME Company', 'locality': 'Sunnyvale', 'state': 'CA', 'country': 'US', 'self_signed': True, 'key_params': {'algorithm': 'SSL_KEY_ALGORITHM_RSA', 'rsa_params': {'key_size': 'SSL_KEY_1024_BITS'}}} ``` - **sslkeyandcertificate_example_2**: To generate a CA-signed certificate use the following sample. This will provide a Certificate Signing Request that you will have to use to get a CA-siged certificate ```json {'name': 'mycert2', 'common_name': 'ACME Company', 'organization': 'ACME Company', 'locality': 'Sunnyvale', 'state': 'CA', 'country': 'US', 'key_params': {'algorithm': 'SSL_KEY_ALGORITHM_RSA', 'rsa_params': {'key_size': 'SSL_KEY_1024_BITS'}}} ``` - **sslkeyandcertificate_example_3**: To import a CA-signed certificate ```json {'certificate': '\\n-----BEGIN CERTIFICATE-----\\nMIICmTCCAgKgAwIBAgIJAKfrg8i8iZZqMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV\\nBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UECgwMQWNtZSBDb21wYW55MR0wGwYD\\nVQQDDBRTeXN0ZW0gQWRtaW5pc3RyYXRvcjAeFw0xNTAxMTkwNzEyNThaFw0xNjAx\\nMTkwNzEyNThaMFAxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UECgwM\\nQWNtZSBDb21wYW55MR0wGwYDVQQDDBRTeXN0ZW0gQWRtaW5pc3RyYXRvcjCBnzAN\\nBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtT9psNKi/4oImbB4aIJLjJDPwTIAIrQP\\nLoC4R/GHrBCByRYVfoyxFrHJU9WSg9KTqxc6Ph6/zK2hoR+MchQStMP+K5W+4HcR\\nSW+1MJdMwRhm+egxH7hYwnrfsaQoo0GBPVb48deBB/yKTLj7trdGqWTD5oyZqr/B\\nk+kR0kXGzx8CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl\\nblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNhre4joManxHL+F\\nDWzYSVblWVdlMB8GA1UdIwQYMBaAFNhre4joManxHL+FDWzYSVblWVdlMA0GCSqG\\nSIb3DQEBCwUAA4GBAINlLdqGJW2Enow2ft+FRMZdo2qwOovuF4smNIFoXmSoywhW\\n7dyeAkeCyUjZrbqFRNsCf969aUSIE8pARjSnT9P4otOvIMCaIN215F0nzKKZbsIL\\nK4pA6A0h5GSd+aqol6P2vAWzLNE+kUbrE/PcZu9pozWp0GdoiAEu+BnqwWrC\\n-----END CERTIFICATE-----\\n'} ``` - **sslkeyandcertificate_example_4**: To import both key and certificate, use the following sample. ```json {'name': 'mycert3', 'key': '\\n-----BEGIN RSA PRIVATE KEY-----\\nProc-Type: 4,ENCRYPTED\\nDEK-Info: AES-256-CBC,23E2D6132285630DB8D67E25E465F0A6\\n\\n9sM1JGQHgo+rwuZ5L9piE7EGpp2fvY9QC8GgxEcdfw9OHfcj7CHRCCfXAUsxfBOe\\nTh1aGNH9mCmZ72LdrA9cnS/fwISClUoQe0tmVWRTagQptOZfW20HvHI37HGaZ2s1\\nMsqvOaqfQ1ZHa0U6WtzBw5/6PqL9LgDUGoQFSEtMHD06nuYoaynpfDk3eoftFwrx\\n0U3u0O5lc0a0VqwSvJynSYO1yaxoTzTEDZws4Cf1scLi/Wx5aBQHb5I3k6Dr1Ipm\\n59NCpKxjUI+XFUVMszVyQM6+dUUZ0rRU17f2toZFsGTdQ9M1vJLS1J7Ya2pAhlmm\\nX7fzy1NywL5kk+jRPWXRNrSKZg+qnutPSPD1689oDNqu4fwycbC+jZ7zJYXB/vio\\nagS3/UI8d2Lxs69IPFxwP0lhYuUiSEGfLwDwqEuRZNbvaZpwtp2kC6sf7xlKbQF7\\n24lz/LiL5t7xFsLuruOyWfb1fUwLjTZm4O6y8SI9JTSixPm4NCLGclcaTh33harN\\nQhsTf0+qMbovgAUv6myfnI4ajPCcu+Kwn2jMjUjWEFf3oj9A1NUfiT4SqiLcZ4AU\\nsvR8kHs0+rUVDiZ8kFXH0HQ+LI7itVCRoCooq3uqpqeZ5J8L+hZEeILjGCVNQluU\\nlTcEbAry3WibKzsk2bWARe0v+7i/r09EuwSzJ8+H2BOkrxmTr+WgC2RKBMKV+gLc\\nu3rxjeddL6hc0qgo2EN/Hp38FrVBwFLrDYHsBVRwdN6OsDW0OP67EJXikMD+qe2+\\nuUcXr00Sno+Wcgbm17m9SghESxXBj1N5eok6MSUZxbNlFNhxu4qbpiBDKZOrJ2e/\\nn8rxlg9XmJAQPfhY1EKbX7WFiaSa0y4tvbD2tWZfw8Yt97PRSVxumRWg5pbqRr1i\\nl7QTNWfIwk25xtIW5q4WnHjuVynurnREYdlTVd/vBsQcrgV0vaPVYEq+iFzkZBOy\\na0Z0001SHqsQE6ThC2+7ap855EKPpU7HxXqOAEas9z4C9HGgPogSFKT9H5MrDY2C\\nynuoU44hQ/qmR5TAfjO8OnBeLlAlPk0VpEAaOX5V7t8PWhhkAz3QRbQAPbDQ5BQx\\naGnBmi4/12h4EywHUdacj4/9uvUPVd1E476mxePfsDr+E3wtYqUWBzgHtoDxJ9Qn\\nSAL5hU3GrL3mEQQ1RK8kITANVXmlFa56XZXqGuYKxUfGGDGhLTE/VYh13I37hVZH\\nQ825Y+WqZRiRsRvV9W/Wq8H5I2+QU1flB1+kqpoVTxDhzJ15dOetZDTYXqjs6gMS\\nQpr/dYub0yR0zwmV1EKpuqchoYcwHpG4gsX42NRCfcdYoIxoa1Drr/xX4L0si40z\\npY00CT/YuCAJFxbhpzlqKnZz3okj8vzPocT8mjFZcajnyOtaWyILnrBKO/93tkEF\\nYednFMpQ2xdlq5bebhrZhYkf6XS21N8t1ETropoOX19Eh33yJUHh/rJ67I1ccRvZ\\neSI1LDB18B6+k2BdYCfjEhc33WgqUmoHEjxLYEdN0N0qr4ZG2JznQ9R7h/SQusGo\\nwG1rwolI5lxqX/M53KXoBoH1UcZp1yg/8qG2e8Ntx41a6j79oPh7YkXvJYHDh/xt\\n-----END RSA PRIVATE KEY-----\\n', 'certificate': '\\n-----BEGIN CERTIFICATE-----\\nMIIE+DCCAuCgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwQTELMAkGA1UEBhMCVVMx\\nEzARBgNVBAgMCkNhbGlmb3JuaWExHTAbBgNVBAMMFEdyZWcgSW50ZXJtZWRpYXRl\\nIENBMB4XDTE2MDIxMTE2MjYyNFoXDTE3MDIyMDE2MjYyNFowPDELMAkGA1UEBhMC\\nVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNv\\nbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM47ljnydqleK3Yapr//\\nAEqEdPuduGiqgEcY1qjx1vPwO/TU3iqNIJEUEcu/uvHxXqOmsXGUG9+/xMfsV/Lx\\nQAqhneXA2fxZtODmnCWq0SldPQi0mD63ir3jFqI+slS+n9ao20krBBYKpgqjstxh\\nbSez59h6Aoup8vM226gieMfw9Fac7govovJFQZ+lYywGbe2hzP3vftEoyO8itwdB\\novxXk/fmQSDfDPRGSJ4eSve2o8lP9xRRiyqkRKoNQ3UaJRK9L9JSvzdjbvVmUD5S\\n4le7sa6N7VgT73OiUFdwndCQNHN95+BMhGibNury7IXVg+yC94WUmp5L1UX8PixZ\\nv78CAwEAAaOB/jCB+zAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglg\\nhkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRl\\nMB0GA1UdDgQWBBSqF2GsfFBj6SkSpRjG9oK1cqvm2jBiBgNVHSMEWzBZgBQGr+y3\\nQMSnVEKwnT9quMhAYExFEaE9pDswOTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh\\nbGlmb3JuaWExFTATBgNVBAMMDEdyZWcgUm9vdCBDQYICEAAwDgYDVR0PAQH/BAQD\\nAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAudoCP\\nRNq/keBcTcL19UYo8X4tRwm350U5ccKwiKb8caEE2Crh3dyNyKDN3+ZKl8i8OwWN\\nx9PpTJANlmWYuOvhjLtvnkGidcxhCmVEpEms2h3+zrRIXijIENqhWpKzcQus7R6F\\nmMxW/KPt0rY80rfrZ2ReCkuhBEZzgL5udYL+AEYkvf7oGD/W18nDCUKEsm8T45jI\\ndBVs7PeFaEJSAlDW8T3OekV8CETvafwBx4UK9kHo7+mfZSHCiGhzodF3WGzPnLFs\\nB4OptAHfXUjIAEZ9pxdr8C/tXU9dVyQVdHjISKQdtWUBoHSwmZnIuEtWADfRjMi8\\ne2Le1qiC0IBMc7JAVZXZ1lbs7A5mKgsUy+1rRUVEkVgmgDfr1BcsstOeXpNcQS4K\\nebKterF/ZDmVYJdUD6o91xfAAy1onn1mzKhIfqMeCZEcz4nvuaLM2h5HsIOJPgLL\\n5LnaQxl+6cNx1u3+X1crPv0k1hs9yqn72LmD65ZqBpamiwJudSpu1RCPCAdNzzcO\\n9v2I8JlXhl0IKRXoAZX+VK1PJmZJ8giRTI+92XOWJlryyknm9Znp1djibZAbLnpI\\nrorY/feSmoZFEKUv74n7XrgbveEWjMbkZQHrNNPW0VZ3uXM30E81Wt6fCyyX5GO3\\ndTPtEDPf9zp/r0AHZKU+4Bg2ZAkrNMltCAjXSg==\\n-----END CERTIFICATE-----\\n', 'key_passphrase': 'avi123'} ```
Contact Info: support@avinetworks.com
Version: 21.1.6
BasePath:/api
All rights reserved
http://apache.org/licenses/LICENSE-2.0.html
Access
- HTTP Basic Authentication
[ Jump to Models ]
Table of Contents
get /sslkeyandcertificatepost /sslkeyandcertificatedelete /sslkeyandcertificate/{uuid}get /sslkeyandcertificate/{uuid}patch /sslkeyandcertificate/{uuid}put /sslkeyandcertificate/{uuid}post /sslkeyandcertificate/{uuid}/renew
Up
get /sslkeyandcertificate
(sslkeyandcertificateGet)
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
refers_to (optional)
Query Parameter — Filter to request all objects that refers to another Avi resource. Its syntax is refers_to=<obj_type>:<obj_uuid>. Eg. get all virtual services referring to pool p1 will be refers_to=pool:pool_p1_uuid
referred_by (optional)
Query Parameter — Filter to request all objects that are referred by another Avi resource. Its syntax is referred_by=<obj_type>:<obj_uuid>. Eg. get all pools referred_by virtual service vs1 - referred_by=virtualservice:vs_vs1_uuid
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.
Return type
Example data
Content-Type: application/json
{
"next" : "aeiou",
"count" : 123,
"results" : [ {
"key_passphrase" : "aeiou",
"enckey_base64" : "aeiou",
"certificate" : {
"public_key" : "aeiou",
"certificate_signing_request" : "aeiou",
"signature" : "aeiou",
"not_before" : "aeiou",
"subject" : "",
"certificate" : "aeiou",
"serial_number" : "aeiou",
"version" : "aeiou",
"issuer" : {
"country" : "aeiou",
"email_address" : "aeiou",
"organization" : "aeiou",
"distinguished_name" : "aeiou",
"locality" : "aeiou",
"state" : "aeiou",
"common_name" : "aeiou",
"organization_unit" : "aeiou"
},
"not_after" : "aeiou",
"days_until_expire" : 123,
"expiry_status" : "aeiou",
"subject_alt_names" : [ "aeiou" ],
"chain_verified" : true,
"fingerprint" : "aeiou",
"signature_algorithm" : "aeiou",
"text" : "aeiou",
"key_params" : {
"ec_params" : {
"curve" : "aeiou"
},
"rsa_params" : {
"exponent" : 123,
"key_size" : "aeiou"
},
"algorithm" : "aeiou"
},
"self_signed" : true
},
"hardwaresecuritymodulegroup_ref" : "aeiou",
"type" : "aeiou",
"ocsp_error_status" : "aeiou",
"uuid" : "aeiou",
"_last_modified" : "aeiou",
"ocsp_config" : {
"responder_url_lists" : [ "aeiou" ],
"ocsp_req_interval" : 123,
"max_tries" : 123,
"ocsp_resp_timeout" : 123,
"failed_ocsp_jobs_retry_interval" : 123,
"url_action" : "aeiou"
},
"dynamic_params" : [ {
"is_sensitive" : true,
"is_dynamic" : true,
"name" : "aeiou",
"value" : "aeiou"
} ],
"certificate_base64" : true,
"certificate_management_profile_ref" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"key_params" : "",
"enckey_name" : "aeiou",
"key" : "aeiou",
"ca_certs" : [ {
"ca_ref" : "aeiou",
"name" : "aeiou"
} ],
"format" : "aeiou",
"ocsp_responder_url_list_from_certs" : [ "aeiou" ],
"created_by" : "aeiou",
"url" : "aeiou",
"labels" : [ {
"value" : "aeiou",
"key" : "aeiou"
} ],
"ocsp_response_info" : {
"revocation_time" : "aeiou",
"ocsp_resp_from_responder_url" : "aeiou",
"ocsp_response" : "aeiou",
"this_update" : "aeiou",
"cert_status" : "aeiou",
"revocation_reason" : "aeiou",
"next_update" : "aeiou"
},
"enable_ocsp_stapling" : true,
"tenant_ref" : "aeiou",
"key_base64" : true,
"name" : "aeiou",
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"status" : "aeiou"
} ]
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
SSLKeyAndCertificateApiResponse
401
log in failed
Up
post /sslkeyandcertificate
(sslkeyandcertificatePost)
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — SSLKeyAndCertificate object creation
Return type
Example data
Content-Type: application/json
{
"key_passphrase" : "aeiou",
"enckey_base64" : "aeiou",
"certificate" : {
"public_key" : "aeiou",
"certificate_signing_request" : "aeiou",
"signature" : "aeiou",
"not_before" : "aeiou",
"subject" : "",
"certificate" : "aeiou",
"serial_number" : "aeiou",
"version" : "aeiou",
"issuer" : {
"country" : "aeiou",
"email_address" : "aeiou",
"organization" : "aeiou",
"distinguished_name" : "aeiou",
"locality" : "aeiou",
"state" : "aeiou",
"common_name" : "aeiou",
"organization_unit" : "aeiou"
},
"not_after" : "aeiou",
"days_until_expire" : 123,
"expiry_status" : "aeiou",
"subject_alt_names" : [ "aeiou" ],
"chain_verified" : true,
"fingerprint" : "aeiou",
"signature_algorithm" : "aeiou",
"text" : "aeiou",
"key_params" : {
"ec_params" : {
"curve" : "aeiou"
},
"rsa_params" : {
"exponent" : 123,
"key_size" : "aeiou"
},
"algorithm" : "aeiou"
},
"self_signed" : true
},
"hardwaresecuritymodulegroup_ref" : "aeiou",
"type" : "aeiou",
"ocsp_error_status" : "aeiou",
"uuid" : "aeiou",
"_last_modified" : "aeiou",
"ocsp_config" : {
"responder_url_lists" : [ "aeiou" ],
"ocsp_req_interval" : 123,
"max_tries" : 123,
"ocsp_resp_timeout" : 123,
"failed_ocsp_jobs_retry_interval" : 123,
"url_action" : "aeiou"
},
"dynamic_params" : [ {
"is_sensitive" : true,
"is_dynamic" : true,
"name" : "aeiou",
"value" : "aeiou"
} ],
"certificate_base64" : true,
"certificate_management_profile_ref" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"key_params" : "",
"enckey_name" : "aeiou",
"key" : "aeiou",
"ca_certs" : [ {
"ca_ref" : "aeiou",
"name" : "aeiou"
} ],
"format" : "aeiou",
"ocsp_responder_url_list_from_certs" : [ "aeiou" ],
"created_by" : "aeiou",
"url" : "aeiou",
"labels" : [ {
"value" : "aeiou",
"key" : "aeiou"
} ],
"ocsp_response_info" : {
"revocation_time" : "aeiou",
"ocsp_resp_from_responder_url" : "aeiou",
"ocsp_response" : "aeiou",
"this_update" : "aeiou",
"cert_status" : "aeiou",
"revocation_reason" : "aeiou",
"next_update" : "aeiou"
},
"enable_ocsp_stapling" : true,
"tenant_ref" : "aeiou",
"key_base64" : true,
"name" : "aeiou",
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"status" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
SSLKeyAndCertificate
401
log in failed
Up
delete /sslkeyandcertificate/{uuid}
(sslkeyandcertificateUuidDelete)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
Return type
String
Example data
Content-Type: application/json
"aeiou"
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
204
object deleted
String
404
not found
Up
get /sslkeyandcertificate/{uuid}
(sslkeyandcertificateUuidGet)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Query parameters
name (optional)
Query Parameter — object name
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.
Return type
Example data
Content-Type: application/json
{
"key_passphrase" : "aeiou",
"enckey_base64" : "aeiou",
"certificate" : {
"public_key" : "aeiou",
"certificate_signing_request" : "aeiou",
"signature" : "aeiou",
"not_before" : "aeiou",
"subject" : "",
"certificate" : "aeiou",
"serial_number" : "aeiou",
"version" : "aeiou",
"issuer" : {
"country" : "aeiou",
"email_address" : "aeiou",
"organization" : "aeiou",
"distinguished_name" : "aeiou",
"locality" : "aeiou",
"state" : "aeiou",
"common_name" : "aeiou",
"organization_unit" : "aeiou"
},
"not_after" : "aeiou",
"days_until_expire" : 123,
"expiry_status" : "aeiou",
"subject_alt_names" : [ "aeiou" ],
"chain_verified" : true,
"fingerprint" : "aeiou",
"signature_algorithm" : "aeiou",
"text" : "aeiou",
"key_params" : {
"ec_params" : {
"curve" : "aeiou"
},
"rsa_params" : {
"exponent" : 123,
"key_size" : "aeiou"
},
"algorithm" : "aeiou"
},
"self_signed" : true
},
"hardwaresecuritymodulegroup_ref" : "aeiou",
"type" : "aeiou",
"ocsp_error_status" : "aeiou",
"uuid" : "aeiou",
"_last_modified" : "aeiou",
"ocsp_config" : {
"responder_url_lists" : [ "aeiou" ],
"ocsp_req_interval" : 123,
"max_tries" : 123,
"ocsp_resp_timeout" : 123,
"failed_ocsp_jobs_retry_interval" : 123,
"url_action" : "aeiou"
},
"dynamic_params" : [ {
"is_sensitive" : true,
"is_dynamic" : true,
"name" : "aeiou",
"value" : "aeiou"
} ],
"certificate_base64" : true,
"certificate_management_profile_ref" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"key_params" : "",
"enckey_name" : "aeiou",
"key" : "aeiou",
"ca_certs" : [ {
"ca_ref" : "aeiou",
"name" : "aeiou"
} ],
"format" : "aeiou",
"ocsp_responder_url_list_from_certs" : [ "aeiou" ],
"created_by" : "aeiou",
"url" : "aeiou",
"labels" : [ {
"value" : "aeiou",
"key" : "aeiou"
} ],
"ocsp_response_info" : {
"revocation_time" : "aeiou",
"ocsp_resp_from_responder_url" : "aeiou",
"ocsp_response" : "aeiou",
"this_update" : "aeiou",
"cert_status" : "aeiou",
"revocation_reason" : "aeiou",
"next_update" : "aeiou"
},
"enable_ocsp_stapling" : true,
"tenant_ref" : "aeiou",
"key_base64" : true,
"name" : "aeiou",
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"status" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
SSLKeyAndCertificate
401
log in failed
Up
patch /sslkeyandcertificate/{uuid}
(sslkeyandcertificateUuidPatch)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — SSLKeyAndCertificate object creation
Query parameters
name (optional)
Query Parameter — object name
Return type
Example data
Content-Type: application/json
{
"key_passphrase" : "aeiou",
"enckey_base64" : "aeiou",
"certificate" : {
"public_key" : "aeiou",
"certificate_signing_request" : "aeiou",
"signature" : "aeiou",
"not_before" : "aeiou",
"subject" : "",
"certificate" : "aeiou",
"serial_number" : "aeiou",
"version" : "aeiou",
"issuer" : {
"country" : "aeiou",
"email_address" : "aeiou",
"organization" : "aeiou",
"distinguished_name" : "aeiou",
"locality" : "aeiou",
"state" : "aeiou",
"common_name" : "aeiou",
"organization_unit" : "aeiou"
},
"not_after" : "aeiou",
"days_until_expire" : 123,
"expiry_status" : "aeiou",
"subject_alt_names" : [ "aeiou" ],
"chain_verified" : true,
"fingerprint" : "aeiou",
"signature_algorithm" : "aeiou",
"text" : "aeiou",
"key_params" : {
"ec_params" : {
"curve" : "aeiou"
},
"rsa_params" : {
"exponent" : 123,
"key_size" : "aeiou"
},
"algorithm" : "aeiou"
},
"self_signed" : true
},
"hardwaresecuritymodulegroup_ref" : "aeiou",
"type" : "aeiou",
"ocsp_error_status" : "aeiou",
"uuid" : "aeiou",
"_last_modified" : "aeiou",
"ocsp_config" : {
"responder_url_lists" : [ "aeiou" ],
"ocsp_req_interval" : 123,
"max_tries" : 123,
"ocsp_resp_timeout" : 123,
"failed_ocsp_jobs_retry_interval" : 123,
"url_action" : "aeiou"
},
"dynamic_params" : [ {
"is_sensitive" : true,
"is_dynamic" : true,
"name" : "aeiou",
"value" : "aeiou"
} ],
"certificate_base64" : true,
"certificate_management_profile_ref" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"key_params" : "",
"enckey_name" : "aeiou",
"key" : "aeiou",
"ca_certs" : [ {
"ca_ref" : "aeiou",
"name" : "aeiou"
} ],
"format" : "aeiou",
"ocsp_responder_url_list_from_certs" : [ "aeiou" ],
"created_by" : "aeiou",
"url" : "aeiou",
"labels" : [ {
"value" : "aeiou",
"key" : "aeiou"
} ],
"ocsp_response_info" : {
"revocation_time" : "aeiou",
"ocsp_resp_from_responder_url" : "aeiou",
"ocsp_response" : "aeiou",
"this_update" : "aeiou",
"cert_status" : "aeiou",
"revocation_reason" : "aeiou",
"next_update" : "aeiou"
},
"enable_ocsp_stapling" : true,
"tenant_ref" : "aeiou",
"key_base64" : true,
"name" : "aeiou",
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"status" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
SSLKeyAndCertificate
401
log in failed
Up
put /sslkeyandcertificate/{uuid}
(sslkeyandcertificateUuidPut)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — SSLKeyAndCertificate object creation
Query parameters
name (optional)
Query Parameter — object name
Return type
Example data
Content-Type: application/json
{
"key_passphrase" : "aeiou",
"enckey_base64" : "aeiou",
"certificate" : {
"public_key" : "aeiou",
"certificate_signing_request" : "aeiou",
"signature" : "aeiou",
"not_before" : "aeiou",
"subject" : "",
"certificate" : "aeiou",
"serial_number" : "aeiou",
"version" : "aeiou",
"issuer" : {
"country" : "aeiou",
"email_address" : "aeiou",
"organization" : "aeiou",
"distinguished_name" : "aeiou",
"locality" : "aeiou",
"state" : "aeiou",
"common_name" : "aeiou",
"organization_unit" : "aeiou"
},
"not_after" : "aeiou",
"days_until_expire" : 123,
"expiry_status" : "aeiou",
"subject_alt_names" : [ "aeiou" ],
"chain_verified" : true,
"fingerprint" : "aeiou",
"signature_algorithm" : "aeiou",
"text" : "aeiou",
"key_params" : {
"ec_params" : {
"curve" : "aeiou"
},
"rsa_params" : {
"exponent" : 123,
"key_size" : "aeiou"
},
"algorithm" : "aeiou"
},
"self_signed" : true
},
"hardwaresecuritymodulegroup_ref" : "aeiou",
"type" : "aeiou",
"ocsp_error_status" : "aeiou",
"uuid" : "aeiou",
"_last_modified" : "aeiou",
"ocsp_config" : {
"responder_url_lists" : [ "aeiou" ],
"ocsp_req_interval" : 123,
"max_tries" : 123,
"ocsp_resp_timeout" : 123,
"failed_ocsp_jobs_retry_interval" : 123,
"url_action" : "aeiou"
},
"dynamic_params" : [ {
"is_sensitive" : true,
"is_dynamic" : true,
"name" : "aeiou",
"value" : "aeiou"
} ],
"certificate_base64" : true,
"certificate_management_profile_ref" : "aeiou",
"configpb_attributes" : {
"version" : 123
},
"key_params" : "",
"enckey_name" : "aeiou",
"key" : "aeiou",
"ca_certs" : [ {
"ca_ref" : "aeiou",
"name" : "aeiou"
} ],
"format" : "aeiou",
"ocsp_responder_url_list_from_certs" : [ "aeiou" ],
"created_by" : "aeiou",
"url" : "aeiou",
"labels" : [ {
"value" : "aeiou",
"key" : "aeiou"
} ],
"ocsp_response_info" : {
"revocation_time" : "aeiou",
"ocsp_resp_from_responder_url" : "aeiou",
"ocsp_response" : "aeiou",
"this_update" : "aeiou",
"cert_status" : "aeiou",
"revocation_reason" : "aeiou",
"next_update" : "aeiou"
},
"enable_ocsp_stapling" : true,
"tenant_ref" : "aeiou",
"key_base64" : true,
"name" : "aeiou",
"markers" : [ {
"values" : [ "aeiou" ],
"key" : "aeiou"
} ],
"status" : "aeiou"
}
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
SSLKeyAndCertificate
401
log in failed
Up
post /sslkeyandcertificate/{uuid}/renew
(sslkeyandcertificateUuidRenewPost)
Path parameters
uuid (required)
Path Parameter — UUID of the object to fetch
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
body (required)
Body Parameter — empty
Return type
String
Example data
Content-Type: application/json
"aeiou"
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
String
401
log in failed
[ Jump to Methods ]
Table of Contents
CertificateAuthorityConfigPbAttributesCustomParamsKeyValueOCSPConfigOCSPResponseInfoRoleFilterMatchLabelSSLCertificateSSLCertificateDescriptionSSLKeyAndCertificateSSLKeyAndCertificateApiResponseSSLKeyECParamsSSLKeyParamsSSLKeyRSAParams
ca_ref (optional)
String It is a reference to an object of type SSLKeyAndCertificate. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
name (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
version (optional)
Integer Protobuf version number. Gets incremented if there is se Diff of federated diff in config pbs.This field will be a monotonically increasing number indicating the number of Config Update operations. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition. format: int32
is_dynamic (optional)
Boolean Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
is_sensitive (optional)
Boolean Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
name
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
value (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
key
String Key. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
value (optional)
String Value. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
failed_ocsp_jobs_retry_interval (optional)
Integer Describes the Time Interval after which the next OCSP job needs to be scheduled in case of the OCSP job failures. Allowed values are 60-86400. Field introduced in 20.1.1. Unit is SEC. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
max_tries (optional)
Integer Maximum number of times the failed OCSP jobs can be scheduled. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
ocsp_req_interval (optional)
Integer Interval between the OCSP queries. Allowed values are 60-31536000. Field introduced in 20.1.1. Unit is SEC. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
ocsp_resp_timeout (optional)
Integer Time in seconds that the system waits for a reply from the OCSP responder before dropping the connection. Field introduced in 20.1.1. Unit is SEC. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
responder_url_lists (optional)
array[String] List of Responder URLs configured by user to do failover/override the AIA extension contained in the OCSP responder's SSL/TLS certificate. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
url_action (optional)
String Describes the type of action to take with the Responder URLs. Enum options - OCSP_RESPONDER_URL_FAILOVER, OCSP_RESPONDER_URL_OVERRIDE. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
cert_status
String Revocation status of the certificate. Enum options - OCSP_CERTSTATUS_GOOD, OCSP_CERTSTATUS_REVOKED, OCSP_CERTSTATUS_UNKNOWN. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
next_update (optional)
String The time at or before which newer information will be available about the status of the certificate. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
ocsp_resp_from_responder_url
String The OCSP Responder URL from which the response is received. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
ocsp_response
String Signed OCSP response received from the CA's OCSP Responder. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
revocation_reason (optional)
String The reason for the revocation of the certificate. Enum options - OCSP_REVOCATION_REASON_UNSPECIFIED, OCSP_REVOCATION_REASON_KEY_COMPROMISE, OCSP_REVOCATION_REASON_CA_COMPROMISE, OCSP_REVOCATION_REASON_AFFILIATION_CHANGED, OCSP_REVOCATION_REASON_SUPERSEDED, OCSP_REVOCATION_REASON_CESSATION_OF_OPERATION, OCSP_REVOCATION_REASON_CERTIFICATE_HOLD, OCSP_REVOCATION_REASON_REMOVE_FROM_CRL, OCSP_REVOCATION_REASON_PRIVILEGE_WITHDRAWN, OCSP_REVOCATION_REASON_AA_COMPROMISE. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
revocation_time (optional)
String ISO 8601 compatible timestamp at which the certificate was revoked or placed on hold. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
this_update (optional)
String The most recent time at which the status being indicated is known by the OCSP Responder to have been correct. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
key
String Key for filter match. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
values (optional)
array[String] Values for filter match. Multiple values will be evaluated as OR. Example key = value1 OR key = value2. Behavior for match is key = * if this field is empty. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
certificate (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
certificate_signing_request (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
chain_verified (optional)
Boolean Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
days_until_expire (optional)
Integer Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
expiry_status (optional)
String Enum options - SSL_CERTIFICATE_GOOD, SSL_CERTIFICATE_EXPIRY_WARNING, SSL_CERTIFICATE_EXPIRED. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
fingerprint (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
issuer (optional)
SSLCertificateDescription Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
key_params (optional)
SSLKeyParams Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
not_after (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
not_before (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
public_key (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
self_signed (optional)
Boolean Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
serial_number (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
signature (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
signature_algorithm (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
subject (optional)
SSLCertificateDescription Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
subject_alt_names (optional)
array[String] subjectAltName that provides additional subject identities. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
text (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
version (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
common_name (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
country (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
distinguished_name (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
email_address (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
locality (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
organization (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
organization_unit (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
state (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
_last_modified (optional)
String UNIX time since epoch in microseconds. Units(MICROSECONDS).
ca_certs (optional)
array[CertificateAuthority] CA certificates in certificate chain. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
certificate
SSLCertificate Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
certificate_base64 (optional)
Boolean States if the certificate is base64 encoded. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
certificate_management_profile_ref (optional)
String It is a reference to an object of type CertificateManagementProfile. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
configpb_attributes (optional)
ConfigPbAttributes Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
created_by (optional)
String Creator name. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
dynamic_params (optional)
array[CustomParams] Dynamic parameters needed for certificate management profile. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
enable_ocsp_stapling (optional)
Boolean Enables OCSP Stapling. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- false), Basic edition(Allowed values- false), Enterprise with Cloud Services edition.
enckey_base64 (optional)
String Encrypted private key corresponding to the private key (e.g. those generated by an HSM such as Thales nShield). Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
enckey_name (optional)
String Name of the encrypted private key (e.g. those generated by an HSM such as Thales nShield). Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
format (optional)
String Format of the Key/Certificate file. Enum options - SSL_PEM, SSL_PKCS12. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
hardwaresecuritymodulegroup_ref (optional)
String It is a reference to an object of type HardwareSecurityModuleGroup. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
key (optional)
String Private key. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
key_base64 (optional)
Boolean States if the private key is base64 encoded. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
key_params (optional)
SSLKeyParams Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
key_passphrase (optional)
String Passphrase used to encrypt the private key. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
labels (optional)
array[KeyValue] Key value pairs for granular object access control. Also allows for classification and tagging of similar objects. Field deprecated in 20.1.5. Field introduced in 20.1.2. Maximum of 4 items allowed. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
markers (optional)
array[RoleFilterMatchLabel] List of labels to be used for granular RBAC. Field introduced in 20.1.5. Allowed in Enterprise edition with any value, Essentials edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.
name
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
ocsp_config (optional)
OCSPConfig Configuration related to OCSP. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
ocsp_error_status (optional)
String Error reported during OCSP status query. Enum options - OCSP_ERR_CERTSTATUS_GOOD, OCSP_ERR_CERTSTATUS_REVOKED, OCSP_ERR_CERTSTATUS_UNKNOWN, OCSP_ERR_CERTSTATUS_SERVERFAIL_ERR, OCSP_ERR_CERTSTATUS_JOBDB, OCSP_ERR_CERTSTATUS_DISABLED, OCSP_ERR_CERTSTATUS_GETCERT, OCSP_ERR_CERTSTATUS_NONVSCERT, OCSP_ERR_CERTSTATUS_SELFSIGNED, OCSP_ERR_CERTSTATUS_CERTFINISH, OCSP_ERR_CERTSTATUS_CACERT, OCSP_ERR_CERTSTATUS_REQUEST, OCSP_ERR_CERTSTATUS_ISSUER_REVOKED, OCSP_ERR_CERTSTATUS_PARSE_CERT, OCSP_ERR_CERTSTATUS_HTTP_REQ, OCSP_ERR_CERTSTATUS_URL_LIST, OCSP_ERR_CERTSTATUS_HTTP_SEND, OCSP_ERR_CERTSTATUS_HTTP_RECV, OCSP_ERR_CERTSTATUS_HTTP_RESP. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- OCSP_ERR_CERTSTATUS_DISABLED), Basic edition(Allowed values- OCSP_ERR_CERTSTATUS_DISABLED), Enterprise with Cloud Services edition.
ocsp_responder_url_list_from_certs (optional)
array[String] This is an Internal field to store the OCSP Responder URLs contained in the certificate. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
ocsp_response_info (optional)
OCSPResponseInfo Information related to OCSP response. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
status (optional)
String Enum options - SSL_CERTIFICATE_FINISHED, SSL_CERTIFICATE_PENDING. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
tenant_ref (optional)
String It is a reference to an object of type Tenant. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
type (optional)
String Enum options - SSL_CERTIFICATE_TYPE_VIRTUALSERVICE, SSL_CERTIFICATE_TYPE_SYSTEM, SSL_CERTIFICATE_TYPE_CA. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
url (optional)
uuid (optional)
String Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
count
results
next (optional)
curve (optional)
String Enum options - SSL_KEY_EC_CURVE_SECP256R1, SSL_KEY_EC_CURVE_SECP384R1, SSL_KEY_EC_CURVE_SECP521R1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
algorithm
String Enum options - SSL_KEY_ALGORITHM_RSA, SSL_KEY_ALGORITHM_EC. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
ec_params (optional)
SSLKeyECParams Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
rsa_params (optional)
SSLKeyRSAParams Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
exponent (optional)
Integer Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition. format: int32
key_size (optional)
String Enum options - SSL_KEY_1024_BITS, SSL_KEY_2048_BITS, SSL_KEY_3072_BITS, SSL_KEY_4096_BITS. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.