Avi PKIProfile Object API

CLI ``` - show pkiprofile - delete pkiprofile - configure pkiprofile ```
More information: https://avinetworks.com/contact-us
Contact Info: support@avinetworks.com
Version: 20.1.9
BasePath:/api
All rights reserved
http://apache.org/licenses/LICENSE-2.0.html

Access

  1. HTTP Basic Authentication

Methods

[ Jump to Models ]

Table of Contents

  1. get /pkiprofile
  2. post /pkiprofile
  3. delete /pkiprofile/{uuid}
  4. get /pkiprofile/{uuid}/federated_info/
  5. get /pkiprofile/{uuid}
  6. patch /pkiprofile/{uuid}
  7. put /pkiprofile/{uuid}
Up
get /pkiprofile
(pkiprofileGet)

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
refers_to (optional)
Query Parameter — Filter to request all objects that refers to another Avi resource. Its syntax is refers_to=<obj_type>:<obj_uuid>. Eg. get all virtual services referring to pool p1 will be refers_to=pool:pool_p1_uuid
referred_by (optional)
Query Parameter — Filter to request all objects that are referred by another Avi resource. Its syntax is referred_by=<obj_type>:<obj_uuid>. Eg. get all pools referred_by virtual service vs1 - referred_by=virtualservice:vs_vs1_uuid
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type

PKIProfileApiResponse

Example data

Content-Type: application/json
{
  "next" : "aeiou",
  "count" : 123,
  "results" : [ {
    "ca_certs" : [ {
      "public_key" : "aeiou",
      "certificate_signing_request" : "aeiou",
      "signature" : "aeiou",
      "not_before" : "aeiou",
      "subject" : "",
      "certificate" : "aeiou",
      "serial_number" : "aeiou",
      "version" : "aeiou",
      "issuer" : {
        "country" : "aeiou",
        "email_address" : "aeiou",
        "organization" : "aeiou",
        "distinguished_name" : "aeiou",
        "locality" : "aeiou",
        "state" : "aeiou",
        "common_name" : "aeiou",
        "organization_unit" : "aeiou"
      },
      "not_after" : "aeiou",
      "days_until_expire" : 123,
      "expiry_status" : "aeiou",
      "subject_alt_names" : [ "aeiou" ],
      "chain_verified" : true,
      "fingerprint" : "aeiou",
      "signature_algorithm" : "aeiou",
      "text" : "aeiou",
      "key_params" : {
        "ec_params" : {
          "curve" : "aeiou"
        },
        "rsa_params" : {
          "exponent" : 123,
          "key_size" : "aeiou"
        },
        "algorithm" : "aeiou"
      },
      "self_signed" : true
    } ],
    "ignore_peer_chain" : true,
    "created_by" : "aeiou",
    "uuid" : "aeiou",
    "url" : "aeiou",
    "_last_modified" : "aeiou",
    "labels" : [ {
      "value" : "aeiou",
      "key" : "aeiou"
    } ],
    "validate_only_leaf_crl" : true,
    "tenant_ref" : "aeiou",
    "crl_check" : true,
    "crls" : [ {
      "update_interval" : 123,
      "last_update" : "aeiou",
      "distinguished_name" : "aeiou",
      "fingerprint" : "aeiou",
      "etag" : "aeiou",
      "text" : "aeiou",
      "body" : "aeiou",
      "common_name" : "aeiou",
      "server_url" : "aeiou",
      "last_refreshed" : "aeiou",
      "next_update" : "aeiou"
    } ],
    "name" : "aeiou",
    "markers" : [ {
      "values" : [ "aeiou" ],
      "key" : "aeiou"
    } ],
    "is_federated" : true
  } ]
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK PKIProfileApiResponse

401

log in failed

Up
post /pkiprofile
(pkiprofilePost)

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — PKIProfile object creation

Return type

PKIProfile

Example data

Content-Type: application/json
{
  "ca_certs" : [ {
    "public_key" : "aeiou",
    "certificate_signing_request" : "aeiou",
    "signature" : "aeiou",
    "not_before" : "aeiou",
    "subject" : "",
    "certificate" : "aeiou",
    "serial_number" : "aeiou",
    "version" : "aeiou",
    "issuer" : {
      "country" : "aeiou",
      "email_address" : "aeiou",
      "organization" : "aeiou",
      "distinguished_name" : "aeiou",
      "locality" : "aeiou",
      "state" : "aeiou",
      "common_name" : "aeiou",
      "organization_unit" : "aeiou"
    },
    "not_after" : "aeiou",
    "days_until_expire" : 123,
    "expiry_status" : "aeiou",
    "subject_alt_names" : [ "aeiou" ],
    "chain_verified" : true,
    "fingerprint" : "aeiou",
    "signature_algorithm" : "aeiou",
    "text" : "aeiou",
    "key_params" : {
      "ec_params" : {
        "curve" : "aeiou"
      },
      "rsa_params" : {
        "exponent" : 123,
        "key_size" : "aeiou"
      },
      "algorithm" : "aeiou"
    },
    "self_signed" : true
  } ],
  "ignore_peer_chain" : true,
  "created_by" : "aeiou",
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ],
  "validate_only_leaf_crl" : true,
  "tenant_ref" : "aeiou",
  "crl_check" : true,
  "crls" : [ {
    "update_interval" : 123,
    "last_update" : "aeiou",
    "distinguished_name" : "aeiou",
    "fingerprint" : "aeiou",
    "etag" : "aeiou",
    "text" : "aeiou",
    "body" : "aeiou",
    "common_name" : "aeiou",
    "server_url" : "aeiou",
    "last_refreshed" : "aeiou",
    "next_update" : "aeiou"
  } ],
  "name" : "aeiou",
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "is_federated" : true
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK PKIProfile

401

log in failed

Up
delete /pkiprofile/{uuid}
(pkiprofileUuidDelete)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name

Return type

String

Example data

Content-Type: application/json
"aeiou"

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

204

object deleted String

404

not found

Up
get /pkiprofile/{uuid}/federated_info/
(pkiprofileUuidFederatedInfoGet)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Return type

String

Example data

Content-Type: application/json
"aeiou"

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK String

401

log in failed

Up
get /pkiprofile/{uuid}
(pkiprofileUuidGet)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Query parameters

name (optional)
Query Parameter — object name
fields (optional)
Query Parameter — List of fields to be returned for the resource. Some fields like name, URL, uuid etc. are always returned.
include_name (optional)
Query Parameter — All the Avi REST reference URIs have a name suffix as URI#name. It is useful to get the referenced resource name without performing get on that object.
skip_default (optional)
Query Parameter — Default values are not set.
join_subresources (optional)
Query Parameter — It automatically returns additional dependent resources like runtime. Eg. join_subresources=runtime.

Return type

PKIProfile

Example data

Content-Type: application/json
{
  "ca_certs" : [ {
    "public_key" : "aeiou",
    "certificate_signing_request" : "aeiou",
    "signature" : "aeiou",
    "not_before" : "aeiou",
    "subject" : "",
    "certificate" : "aeiou",
    "serial_number" : "aeiou",
    "version" : "aeiou",
    "issuer" : {
      "country" : "aeiou",
      "email_address" : "aeiou",
      "organization" : "aeiou",
      "distinguished_name" : "aeiou",
      "locality" : "aeiou",
      "state" : "aeiou",
      "common_name" : "aeiou",
      "organization_unit" : "aeiou"
    },
    "not_after" : "aeiou",
    "days_until_expire" : 123,
    "expiry_status" : "aeiou",
    "subject_alt_names" : [ "aeiou" ],
    "chain_verified" : true,
    "fingerprint" : "aeiou",
    "signature_algorithm" : "aeiou",
    "text" : "aeiou",
    "key_params" : {
      "ec_params" : {
        "curve" : "aeiou"
      },
      "rsa_params" : {
        "exponent" : 123,
        "key_size" : "aeiou"
      },
      "algorithm" : "aeiou"
    },
    "self_signed" : true
  } ],
  "ignore_peer_chain" : true,
  "created_by" : "aeiou",
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ],
  "validate_only_leaf_crl" : true,
  "tenant_ref" : "aeiou",
  "crl_check" : true,
  "crls" : [ {
    "update_interval" : 123,
    "last_update" : "aeiou",
    "distinguished_name" : "aeiou",
    "fingerprint" : "aeiou",
    "etag" : "aeiou",
    "text" : "aeiou",
    "body" : "aeiou",
    "common_name" : "aeiou",
    "server_url" : "aeiou",
    "last_refreshed" : "aeiou",
    "next_update" : "aeiou"
  } ],
  "name" : "aeiou",
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "is_federated" : true
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK PKIProfile

401

log in failed

Up
patch /pkiprofile/{uuid}
(pkiprofileUuidPatch)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — PKIProfile object creation

Query parameters

name (optional)
Query Parameter — object name

Return type

PKIProfile

Example data

Content-Type: application/json
{
  "ca_certs" : [ {
    "public_key" : "aeiou",
    "certificate_signing_request" : "aeiou",
    "signature" : "aeiou",
    "not_before" : "aeiou",
    "subject" : "",
    "certificate" : "aeiou",
    "serial_number" : "aeiou",
    "version" : "aeiou",
    "issuer" : {
      "country" : "aeiou",
      "email_address" : "aeiou",
      "organization" : "aeiou",
      "distinguished_name" : "aeiou",
      "locality" : "aeiou",
      "state" : "aeiou",
      "common_name" : "aeiou",
      "organization_unit" : "aeiou"
    },
    "not_after" : "aeiou",
    "days_until_expire" : 123,
    "expiry_status" : "aeiou",
    "subject_alt_names" : [ "aeiou" ],
    "chain_verified" : true,
    "fingerprint" : "aeiou",
    "signature_algorithm" : "aeiou",
    "text" : "aeiou",
    "key_params" : {
      "ec_params" : {
        "curve" : "aeiou"
      },
      "rsa_params" : {
        "exponent" : 123,
        "key_size" : "aeiou"
      },
      "algorithm" : "aeiou"
    },
    "self_signed" : true
  } ],
  "ignore_peer_chain" : true,
  "created_by" : "aeiou",
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ],
  "validate_only_leaf_crl" : true,
  "tenant_ref" : "aeiou",
  "crl_check" : true,
  "crls" : [ {
    "update_interval" : 123,
    "last_update" : "aeiou",
    "distinguished_name" : "aeiou",
    "fingerprint" : "aeiou",
    "etag" : "aeiou",
    "text" : "aeiou",
    "body" : "aeiou",
    "common_name" : "aeiou",
    "server_url" : "aeiou",
    "last_refreshed" : "aeiou",
    "next_update" : "aeiou"
  } ],
  "name" : "aeiou",
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "is_federated" : true
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK PKIProfile

401

log in failed

Up
put /pkiprofile/{uuid}
(pkiprofileUuidPut)

Path parameters

uuid (required)
Path Parameter — UUID of the object to fetch

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

body (required)
Body Parameter — PKIProfile object creation

Query parameters

name (optional)
Query Parameter — object name

Return type

PKIProfile

Example data

Content-Type: application/json
{
  "ca_certs" : [ {
    "public_key" : "aeiou",
    "certificate_signing_request" : "aeiou",
    "signature" : "aeiou",
    "not_before" : "aeiou",
    "subject" : "",
    "certificate" : "aeiou",
    "serial_number" : "aeiou",
    "version" : "aeiou",
    "issuer" : {
      "country" : "aeiou",
      "email_address" : "aeiou",
      "organization" : "aeiou",
      "distinguished_name" : "aeiou",
      "locality" : "aeiou",
      "state" : "aeiou",
      "common_name" : "aeiou",
      "organization_unit" : "aeiou"
    },
    "not_after" : "aeiou",
    "days_until_expire" : 123,
    "expiry_status" : "aeiou",
    "subject_alt_names" : [ "aeiou" ],
    "chain_verified" : true,
    "fingerprint" : "aeiou",
    "signature_algorithm" : "aeiou",
    "text" : "aeiou",
    "key_params" : {
      "ec_params" : {
        "curve" : "aeiou"
      },
      "rsa_params" : {
        "exponent" : 123,
        "key_size" : "aeiou"
      },
      "algorithm" : "aeiou"
    },
    "self_signed" : true
  } ],
  "ignore_peer_chain" : true,
  "created_by" : "aeiou",
  "uuid" : "aeiou",
  "url" : "aeiou",
  "_last_modified" : "aeiou",
  "labels" : [ {
    "value" : "aeiou",
    "key" : "aeiou"
  } ],
  "validate_only_leaf_crl" : true,
  "tenant_ref" : "aeiou",
  "crl_check" : true,
  "crls" : [ {
    "update_interval" : 123,
    "last_update" : "aeiou",
    "distinguished_name" : "aeiou",
    "fingerprint" : "aeiou",
    "etag" : "aeiou",
    "text" : "aeiou",
    "body" : "aeiou",
    "common_name" : "aeiou",
    "server_url" : "aeiou",
    "last_refreshed" : "aeiou",
    "next_update" : "aeiou"
  } ],
  "name" : "aeiou",
  "markers" : [ {
    "values" : [ "aeiou" ],
    "key" : "aeiou"
  } ],
  "is_federated" : true
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK PKIProfile

401

log in failed

Up

Models

[ Jump to Methods ]

Table of Contents

  1. CRL
  2. KeyValue
  3. PKIProfile
  4. PKIProfileApiResponse
  5. RoleFilterMatchLabel
  6. SSLCertificate
  7. SSLCertificateDescription
  8. SSLKeyECParams
  9. SSLKeyParams
  10. SSLKeyRSAParams

CRL Up

body (optional)
String Certificate Revocation list from a given issuer in PEM format. This can either be configured directly or via the server_url. .
common_name (optional)
String Common name of the issuer in the Certificate Revocation list.
distinguished_name (optional)
String Distinguished name of the issuer in the Certificate Revocation list.
etag (optional)
String Cached etag to optimize the download of the CRL.
fingerprint (optional)
String Fingerprint of the CRL. Used to avoid configuring duplicates.
last_refreshed (optional)
String Last time CRL was refreshed by the system. This is an internal field used by the system.
last_update (optional)
String The date when this CRL was last issued.
next_update (optional)
String The date when a newer CRL will be available. Also conveys the date after which the CRL should be considered obsolete.
server_url (optional)
String URL of a server that issues the Certificate Revocation list. If this is configured, CRL will be periodically downloaded either based on the configured update interval or the next update interval in the CRL. CRL itself is stored in the body.
text (optional)
String Certificate Revocation list in plain text for readability.
update_interval (optional)
Integer Interval in minutes to check for CRL update. If not specified, interval will be 1 day. Allowed values are 30-525600. Unit is MIN. format: int32

KeyValue Up

key
String Key.
value (optional)
String Value.

PKIProfile Up

_last_modified (optional)
String UNIX time since epoch in microseconds. Units(MICROSECONDS).
ca_certs (optional)
array[SSLCertificate] List of Certificate Authorities (Root and Intermediate) trusted that is used for certificate validation.
created_by (optional)
String Creator name.
crl_check (optional)
Boolean When enabled, Avi will verify via CRL checks that certificates in the trust chain have not been revoked.
crls (optional)
array[CRL] Certificate Revocation Lists.
ignore_peer_chain (optional)
Boolean When enabled, Avi will not trust Intermediate and Root certs presented by a client. Instead, only the chain certs configured in the Certificate Authority section will be used to verify trust of the client's cert. Allowed in Basic(Allowed values- true) edition, Essentials(Allowed values- true) edition, Enterprise edition. Special default for Basic edition is true, Essentials edition is true, Enterprise is False.
is_federated (optional)
Boolean This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. . Field introduced in 17.1.3.
labels (optional)
array[KeyValue] Key value pairs for granular object access control. Also allows for classification and tagging of similar objects. Field deprecated in 20.1.5. Field introduced in 20.1.2. Maximum of 4 items allowed.
markers (optional)
array[RoleFilterMatchLabel] List of labels to be used for granular RBAC. Field introduced in 20.1.5. Allowed in Basic edition, Essentials edition, Enterprise edition.
name
String Name of the PKI Profile.
tenant_ref (optional)
String It is a reference to an object of type Tenant.
url (optional)
String url
uuid (optional)
String Unique object identifier of the object.
validate_only_leaf_crl (optional)
Boolean When enabled, Avi will only validate the revocation status of the leaf certificate using CRL. To enable validation for the entire chain, disable this option and provide all the relevant CRLs. Allowed in Basic(Allowed values- true) edition, Essentials(Allowed values- true) edition, Enterprise edition.

PKIProfileApiResponse Up

count
Integer format: int32
results
next (optional)

RoleFilterMatchLabel Up

key
String Key for filter match. Field introduced in 20.1.3.
values (optional)
array[String] Values for filter match. Multiple values will be evaluated as OR. Example key = value1 OR key = value2. Behavior for match is key = * if this field is empty. Field introduced in 20.1.3.

SSLCertificate Up

certificate (optional)
String certificate of SSLCertificate.
certificate_signing_request (optional)
String certificate_signing_request of SSLCertificate.
chain_verified (optional)
Boolean Placeholder for description of property chain_verified of obj type SSLCertificate field type str type boolean
days_until_expire (optional)
Integer Number of days_until_expire. format: int32
expiry_status (optional)
String Enum options - SSL_CERTIFICATE_GOOD, SSL_CERTIFICATE_EXPIRY_WARNING, SSL_CERTIFICATE_EXPIRED.
fingerprint (optional)
String fingerprint of SSLCertificate.
issuer (optional)
SSLCertificateDescription Placeholder for description of property issuer of obj type SSLCertificate field type str type object
key_params (optional)
SSLKeyParams Placeholder for description of property key_params of obj type SSLCertificate field type str type object
not_after (optional)
String not_after of SSLCertificate.
not_before (optional)
String not_before of SSLCertificate.
public_key (optional)
String public_key of SSLCertificate.
self_signed (optional)
Boolean Placeholder for description of property self_signed of obj type SSLCertificate field type str type boolean
serial_number (optional)
String serial_number of SSLCertificate.
signature (optional)
String signature of SSLCertificate.
signature_algorithm (optional)
String signature_algorithm of SSLCertificate.
subject (optional)
SSLCertificateDescription Placeholder for description of property subject of obj type SSLCertificate field type str type object
subject_alt_names (optional)
array[String] subjectAltName that provides additional subject identities.
text (optional)
String text of SSLCertificate.
version (optional)
String version of SSLCertificate.

SSLCertificateDescription Up

common_name (optional)
String common_name of SSLCertificateDescription.
country (optional)
String country of SSLCertificateDescription.
distinguished_name (optional)
String distinguished_name of SSLCertificateDescription.
email_address (optional)
String email_address of SSLCertificateDescription.
locality (optional)
String locality of SSLCertificateDescription.
organization (optional)
String organization of SSLCertificateDescription.
organization_unit (optional)
String organization_unit of SSLCertificateDescription.
state (optional)
String state of SSLCertificateDescription.

SSLKeyECParams Up

curve (optional)
String Enum options - SSL_KEY_EC_CURVE_SECP256R1, SSL_KEY_EC_CURVE_SECP384R1, SSL_KEY_EC_CURVE_SECP521R1.

SSLKeyParams Up

algorithm
String Enum options - SSL_KEY_ALGORITHM_RSA, SSL_KEY_ALGORITHM_EC.
ec_params (optional)
SSLKeyECParams Placeholder for description of property ec_params of obj type SSLKeyParams field type str type object
rsa_params (optional)
SSLKeyRSAParams Placeholder for description of property rsa_params of obj type SSLKeyParams field type str type object

SSLKeyRSAParams Up

exponent (optional)
Integer Number of exponent. format: int32
key_size (optional)
String Enum options - SSL_KEY_1024_BITS, SSL_KEY_2048_BITS, SSL_KEY_3072_BITS, SSL_KEY_4096_BITS.