Certificates

Specifies paths and operations for managing DTS root CA certificates.

Create a DTS root CA certificate

Creates a DTS root CA certificate which is used to sign DTS signer certificates.

A maximum of three DTS root CA certificates can be created per tenant.
Analytic events

ECOSYSTEM_DTS_CA_CERTIFICATE_CREATE_START
ECOSYSTEM_DTS_CA_CERTIFICATE_CREATE_SUCCESS
ECOSYSTEM_DTS_CA_CERTIFICATE_CREATE_FAIL

Roles: ["admin","dts-provider"]

SecuritybearerAuth

Request

Request Body schema: application/json

Any of:

commonName	string Indicates the common name of the DTS root CA certificate. When specified, the value must be a valid `PrintableString` and cannot be an empty string. If not provided and a custom domain is configured and verified, the custom domain is used followed by the words `DTS CA`. If no custom domain is configured, the tenant subdomain is used instead.
country	string Indicates the DTS provider's country. If not provided, a country is selected based on the region of the tenant subdomain cloud host. When specified, the value must be a valid Alpha 2 country code as per ISO 3166-1.
organisationName required	string Indicates the organization associated with the DTS root CA certificate.
notAfter	string <date-time> Used to set the date and time when the DTS root CA certificate expires. If not provided, calculated as `notBefore` + 20 years. If not provided and `notBefore` is not provided, calculated as time of creation + 20 years. Maximum value is 20 years from creation. Must be after `notBefore`, if provided.
notBefore	string <date-time> Used to set the date and time when the DTS root CA certificate becomes valid and can be used to sign other intermediate certificates. Must not be in the past. Must be before `notAfter`.

Responses

201

DTS root CA certificate created

400

Bad Request. The request was malformed or missing required parameters.

404

Not Found. The specified resource was not found.

409

Maximum number of DTS CA certificates reached. Please delete an existing certificate before creating a new one.

post/v1/ecosystems/certificates/ca

Request samples

application/json

{"commonName": "example.com",
"country": "US",
"organisationName": "Example Inc.",
"notAfter": "2024-10-22T00:00:00Z",
"notBefore": "2023-10-22T00:00:00Z"
}

Response samples

201
400
404
409

application/json

{"id": "782f1885-c7c2-4459-8426-b6d7c111b0b1",
"active": true,
"certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
"certificateFingerprint": "f6cad6e579d70b3973efa60624af731a580d1a11a7579e70f2f10f059dc86172",
"certificateData": {"commonName": "example.com",
"country": "US",
"organisationName": "Example Inc.",
"notAfter": "2024-10-22T00:00:00Z",
"notBefore": "2023-10-22T00:00:00Z"
},
"isManaged": true
}

Retrieve all DTS root CA certificates

Retrieves all DTS root CA certificates.

Analytic events

ECOSYSTEM_DTS_CA_CERTIFICATE_RETRIEVE_LIST_START
ECOSYSTEM_DTS_CA_CERTIFICATE_RETRIEVE_LIST_SUCCESS
ECOSYSTEM_DTS_CA_CERTIFICATE_RETRIEVE_LIST_FAIL

Roles: ["admin","dts-provider"]

SecuritybearerAuth

Request

query Parameters

limit	number [ 1 .. 1000 ] Default: 100 Range size of returned list. Example: limit=2
cursor	string Starting point for the list of entries. Example: cursor=Y3JlYXRlZEF0PTIwMjAtMDgtMjVUMDY6NDY6MDkuNTEwWiZpZD1h

Responses

200

DTS root CA certificates retrieved

400

Bad Request. The request was malformed or missing required parameters.

404

Not Found. The specified resource was not found.

get/v1/ecosystems/certificates/ca

Request samples

Response samples

200
400
404

application/json

{"data": [{"id": "782f1885-c7c2-4459-8426-b6d7c111b0b1",
"active": true,
"certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
"certificateFingerprint": "f6cad6e579d70b3973efa60624af731a580d1a11a7579e70f2f10f059dc86172",
"certificateData": {"commonName": "example.com",
"country": "US",
"organisationName": "Example Inc.",
"notAfter": "2024-10-22T00:00:00Z",
"notBefore": "2023-10-22T00:00:00Z"
},
"isManaged": true
}
],
"nextCursor": "Y3JlYXRlZEF0PTIwMjAtMDgtMjVUMDY6NDY6MDkuNTEwWiZpZD1hNjZmZmVhNS04NDhlLTQzOWQtODBhNC1kZGE1NWY1M2UzNmM"
}

Delete a DTS root CA certificate

Deletes a DTS root CA certificate.

Analytic events

ECOSYSTEM_DTS_CA_CERTIFICATE_DELETE_START
ECOSYSTEM_DTS_CA_CERTIFICATE_DELETE_SUCCESS
ECOSYSTEM_DTS_CA_CERTIFICATE_DELETE_FAIL

Roles: ["admin","dts-provider"]

SecuritybearerAuth

Request

path Parameters

dtsCaCertificateId

required

string <uuid>

Unique identifier of the DTS root CA certificate.

Example: b0aae560-10e7-4247-8e96-7cdd3578a1e2

Responses

204

DTS root CA certificate deleted

400

Bad Request. The request was malformed or missing required parameters.

404

Not Found. The specified resource was not found.

delete/v1/ecosystems/certificates/ca/{dtsCaCertificateId}

Request samples

Response samples

400
404

application/json

{"code": "string",
"message": "string",
"details": [{"value": "string",
"msg": "Invalid value",
"param": "id",
"location": "body"
}
]
}

Update a DTS root CA certificate

Updates a DTS root CA certificate.

Analytic events

ECOSYSTEM_DTS_CA_CERTIFICATE_UPDATE_START
ECOSYSTEM_DTS_CA_CERTIFICATE_UPDATE_SUCCESS
ECOSYSTEM_DTS_CA_CERTIFICATE_UPDATE_FAIL

Roles: ["admin","dts-provider"]

SecuritybearerAuth

Request

path Parameters

dtsCaCertificateId

required

string <uuid>

Unique identifier of the DTS root CA certificate.

Example: b0aae560-10e7-4247-8e96-7cdd3578a1e2

Request Body schema: application/json

active

required

boolean

Indicates if the DTS root CA certificate is active. Only active certificates can be used to sign other intermediate certificates.

Responses

200

DTS root CA certificate updated

400

Bad Request. The request was malformed or missing required parameters.

404

Not Found. The specified resource was not found.

put/v1/ecosystems/certificates/ca/{dtsCaCertificateId}

Request samples

application/json

{"active": true
}

Response samples

200
400
404

application/json

{"id": "782f1885-c7c2-4459-8426-b6d7c111b0b1",
"active": true,
"certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
"certificateFingerprint": "f6cad6e579d70b3973efa60624af731a580d1a11a7579e70f2f10f059dc86172",
"certificateData": {"commonName": "example.com",
"country": "US",
"organisationName": "Example Inc.",
"notAfter": "2024-10-22T00:00:00Z",
"notBefore": "2023-10-22T00:00:00Z"
},
"isManaged": true
}

Retrieve a DTS root CA certificate

Retrieves a DTS root CA certificate.

Analytic events

ECOSYSTEM_DTS_CA_CERTIFICATE_RETRIEVE_START
ECOSYSTEM_DTS_CA_CERTIFICATE_RETRIEVE_SUCCESS
ECOSYSTEM_DTS_CA_CERTIFICATE_RETRIEVE_FAIL

Roles: ["admin","dts-provider"]

SecuritybearerAuth

Request

path Parameters

dtsCaCertificateId

required

string <uuid>

Unique identifier of the DTS root CA certificate.

Example: b0aae560-10e7-4247-8e96-7cdd3578a1e2

Responses

200

DTS root CA certificate retrieved

404

Not Found. The specified resource was not found.

get/v1/ecosystems/certificates/ca/{dtsCaCertificateId}

Request samples

Response samples

200
404

application/json

{"id": "782f1885-c7c2-4459-8426-b6d7c111b0b1",
"active": true,
"certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
"certificateFingerprint": "f6cad6e579d70b3973efa60624af731a580d1a11a7579e70f2f10f059dc86172",
"certificateData": {"commonName": "example.com",
"country": "US",
"organisationName": "Example Inc.",
"notAfter": "2024-10-22T00:00:00Z",
"notBefore": "2023-10-22T00:00:00Z"
},
"isManaged": true
}

Retrieve a DTS root CA certificate revocation list

Retrieves the revocation list for a given DTS root CA certificate.

Request

path Parameters

dtsCaCertificateId

required

string <uuid>

Unique identifier of the DTS root CA certificate.

Example: b0aae560-10e7-4247-8e96-7cdd3578a1e2

Responses

200

DTS root CA certificate revocation list retrieved

404

Not Found. The specified resource was not found.

get/v1/ecosystems/certificates/ca/{dtsCaCertificateId}/crl

Request samples

Response samples

200
404

application/json

"string"

Retrieve all public DTS root CA certificates

Retrieves all public DTS root CA certificates.

Responses

200

Public DTS root CA certificates retrieved

get/v1/ecosystems/public/certificates/ca

Request samples

Response samples

200

application/json

{"rootCertificates": [{"certificate": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
"notBefore": "2023-10-22T00:00:00Z",
"notAfter": "2024-10-22T00:00:00Z",
"fingerprint": "f6cad6e579d70b3973efa60624af731a580d1a11a7579e70f2f10f059dc86172",
"commonName": "example.com"
}
]
}

Retrieve DTS root CA certificateDeprecated

Retrieves the latest DTS root CA certificate. This can be used by relying parties to verify a signed VICAL.

Request

path Parameters

ecosystemId

required

string <uuid>

The UUID of the ecosystem

Example: 87880d7e-a4d0-462e-8383-3f1e5e16865d

Responses

200

DTS root CA certificate retrieved

404

Not Found. The specified resource was not found.

get/v1/ecosystems/{ecosystemId}/vicals/public/certificates/ca/latest

Request samples

Response samples

404

application/json

{"code": "string",
"message": "string",
"details": [{"value": "string",
"msg": "Invalid value",
"param": "id",
"location": "body"
}
]
}

Retrieve DTS root CA certificate revocation listDeprecated

Retrieves revocation list for a given DTS root CA certificate.

Request

path Parameters

ecosystemId required	string <uuid> The UUID of the ecosystem Example: 87880d7e-a4d0-462e-8383-3f1e5e16865d
caCertificateId required	string <uuid> Unique identifier of the VICAL root CA certificate. Example: b0aae560-10e7-4247-8e96-7cdd3578a1e2

Responses

200

Revocation list retrieved

404

Not Found. The specified resource was not found.

get/v1/ecosystems/{ecosystemId}/vicals/public/certificates/ca/{caCertificateId}/crl

Request samples

Response samples

404

application/json

{"code": "string",
"message": "string",
"details": [{"value": "string",
"msg": "Invalid value",
"param": "id",
"location": "body"
}
]
}