Certificate
Certificate 1.10.0
| Version | v1.10 |
| Release | 2025.2 |
Description
The Certificate schema describes a certificate that proves the identity of a component, account, or service.
URIs
/redfish/v1/AccountService/Accounts/{ManagerAccountId}/Certificates/{CertificateId}
/redfish/v1/AccountService/ActiveDirectory/Certificates/{CertificateId}
/redfish/v1/AccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates/{CertificateId}
/redfish/v1/AccountService/LDAP/Certificates/{CertificateId}
/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates/{CertificateId}
/redfish/v1/AccountService/MultiFactorAuth/SecurID/Certificates/{CertificateId}
/redfish/v1/AccountService/OutboundConnections/{OutboundConnectionId}/Certificates/{CertificateId}
/redfish/v1/AccountService/OutboundConnections/{OutboundConnectionId}/ClientCertificates/{CertificateId}
/redfish/v1/Chassis/{ChassisId}/Certificates/{CertificateId}
/redfish/v1/Chassis/{ChassisId}/Drives/{DriveId}/Certificates/{CertificateId}
/redfish/v1/Chassis/{ChassisId}/Memory/{MemoryId}/Certificates/{CertificateId}
/redfish/v1/Chassis/{ChassisId}/NetworkAdapters/{NetworkAdapterId}/Certificates/{CertificateId}
/redfish/v1/Chassis/{ChassisId}/PowerSubsystem/PowerSupplies/{PowerSupplyId}/Certificates/{CertificateId}
/redfish/v1/Chassis/{ChassisId}/TrustedComponents/{TrustedComponentId}/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Drives/{DriveId}/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Memory/{MemoryId}/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Processors/{ProcessorId}/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Storage/{StorageId}/Controllers/{StorageControllerId}/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Storage/{StorageId}/Drives/{DriveId}/Certificates/{CertificateId} (deprecated)
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Storage/{StorageId}/StorageControllers/{StorageControllerId}/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Boot/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/KeyManagement/KMIPCertificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Memory/{MemoryId}/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Processors/{ProcessorId}/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/SecureBoot/SecureBootDatabases/{DatabaseId}/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Storage/{StorageId}/Controllers/{StorageControllerId}/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Storage/{StorageId}/Drives/{DriveId}/Certificates/{CertificateId} (deprecated)
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Storage/{StorageId}/StorageControllers/{StorageControllerId}/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/VirtualMedia/{VirtualMediaId}/Certificates/{CertificateId}
/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/VirtualMedia/{VirtualMediaId}/ClientCertificates/{CertificateId}
/redfish/v1/EventService/Subscriptions/{EventDestinationId}/Certificates/{CertificateId}
/redfish/v1/EventService/Subscriptions/{EventDestinationId}/ClientCertificates/{CertificateId}
/redfish/v1/Fabrics/{FabricId}/Switches/{SwitchId}/Certificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/Certificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/NetworkProtocol/HTTPS/Certificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/RemoteAccountService/Accounts/{ManagerAccountId}/Certificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/RemoteAccountService/ActiveDirectory/Certificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/RemoteAccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/RemoteAccountService/LDAP/Certificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/RemoteAccountService/MultiFactorAuth/ClientCertificate/Certificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/RemoteAccountService/MultiFactorAuth/SecurID/Certificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/SecurityPolicy/SPDM/RevokedCertificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/SecurityPolicy/SPDM/TrustedCertificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/SecurityPolicy/TLS/Client/RevokedCertificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/SecurityPolicy/TLS/Client/TrustedCertificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/SecurityPolicy/TLS/Server/RevokedCertificates/{CertificateId}
/redfish/v1/Managers/{ManagerId}/SecurityPolicy/TLS/Server/TrustedCertificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Drives/{DriveId}/Certificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Memory/{MemoryId}/Certificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Processors/{ProcessorId}/Certificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Storage/{StorageId}/Controllers/{StorageControllerId}/Certificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Storage/{StorageId}/Drives/{DriveId}/Certificates/{CertificateId} (deprecated)
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Storage/{StorageId}/StorageControllers/{StorageControllerId}/Certificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Boot/Certificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Certificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/KeyManagement/KMIPCertificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Memory/{MemoryId}/Certificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Processors/{ProcessorId}/Certificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/SecureBoot/SecureBootDatabases/{DatabaseId}/Certificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Storage/{StorageId}/Controllers/{StorageControllerId}/Certificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Storage/{StorageId}/Drives/{DriveId}/Certificates/{CertificateId} (deprecated)
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Storage/{StorageId}/StorageControllers/{StorageControllerId}/Certificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/VirtualMedia/{VirtualMediaId}/Certificates/{CertificateId}
/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/VirtualMedia/{VirtualMediaId}/ClientCertificates/{CertificateId}
/redfish/v1/Storage/{StorageId}/Controllers/{StorageControllerId}/Certificates/{CertificateId}
/redfish/v1/Storage/{StorageId}/StorageControllers/{StorageControllerId}/Certificates/{CertificateId}
/redfish/v1/Systems/{ComputerSystemId}/Boot/Certificates/{CertificateId}
/redfish/v1/Systems/{ComputerSystemId}/Certificates/{CertificateId}
/redfish/v1/Systems/{ComputerSystemId}/KeyManagement/KMIPCertificates/{CertificateId}
/redfish/v1/Systems/{ComputerSystemId}/Memory/{MemoryId}/Certificates/{CertificateId}
/redfish/v1/Systems/{ComputerSystemId}/Processors/{ProcessorId}/Certificates/{CertificateId}
/redfish/v1/Systems/{ComputerSystemId}/SecureBoot/SecureBootDatabases/{DatabaseId}/Certificates/{CertificateId}
/redfish/v1/Systems/{ComputerSystemId}/Storage/{StorageId}/Controllers/{StorageControllerId}/Certificates/{CertificateId}
/redfish/v1/Systems/{ComputerSystemId}/Storage/{StorageId}/Drives/{DriveId}/Certificates/{CertificateId} (deprecated)
/redfish/v1/Systems/{ComputerSystemId}/Storage/{StorageId}/StorageControllers/{StorageControllerId}/Certificates/{CertificateId}
/redfish/v1/Systems/{ComputerSystemId}/VirtualMedia/{VirtualMediaId}/Certificates/{CertificateId}
/redfish/v1/Systems/{ComputerSystemId}/VirtualMedia/{VirtualMediaId}/ClientCertificates/{CertificateId}
/redfish/v1/UpdateService/ClientCertificates/{CertificateId}
/redfish/v1/UpdateService/RemoteServerCertificates/{CertificateId}
Properties
| Property | Type | Attributes | Notes |
|---|---|---|---|
| Actions { | object | The available actions for this resource. | |
| #Certificate.Rekey (v1.1+) {} | object | This action generates a new key-pair for a certificate and produces a certificate signing request. For more information, see the Actions section below. | |
| #Certificate.Renew (v1.1+) {} | object | This action generates a certificate signing request by using the existing information and key-pair of the certificate. For more information, see the Actions section below. | |
| } | |||
| CertificateString | string | read-only required on create (null) | The string for the certificate. |
| CertificateType | string (enum) | read-only required on create (null) | The format of the certificate. For the possible property values, see CertificateType in Property details. |
| CertificateUsageTypes (v1.4+) [ ] | array (string (enum)) | read-only (null) | The types or purposes for this certificate. For the possible property values, see CertificateUsageTypes in Property details. |
| Fingerprint (v1.3+) | string | read-only | The fingerprint of the certificate. |
| FingerprintHashAlgorithm (v1.3+) | string | read-only | The hash algorithm for the fingerprint of the certificate. |
| Issuer { | object | The issuer of the certificate. | |
| AdditionalCommonNames (v1.6+) [ ] | array (string, null) | read-only | Additional common names of the entity. |
| AdditionalOrganizationalUnits (v1.6+) [ ] | array (string, null) | read-only | Additional organizational units of the entity. |
| AlternativeNames (v1.7+) [ ] | array (string, null) | read-only | The additional host names of the entity. |
| City | string | read-only | The city or locality of the organization of the entity. |
| CommonName | string | read-only | The common name of the entity. |
| Country | string | read-only | The country of the organization of the entity. |
| DisplayString (v1.6+) | string | read-only (null) | A human-readable string for this identifier. |
| DomainComponents (v1.6+) [ ] | array (string, null) | read-only | The domain components of the entity. |
| string | read-only (null) | The email address of the contact within the organization of the entity. | |
| Organization | string | read-only | The name of the organization of the entity. |
| OrganizationalUnit | string | read-only | The name of the unit or division of the organization of the entity. |
| State | string | read-only | The state, province, or region of the organization of the entity. |
| } | |||
| KeyUsage [ ] | array (string (enum)) | read-only (null) | The key usage extension, which defines the purpose of the public keys in this certificate. For the possible property values, see KeyUsage in Property details. |
| Links (v1.4+) { | object | The links to other resources that are related to this resource. | |
| Issuer (v1.4+) { | object | (null) | A link to the certificate of the CA that issued this certificate. |
| @odata.id | string (URI) | read-only | The unique identifier for a resource. |
| } | |||
| Oem {} | object | The OEM extension property. See the Resource schema for details on this property. | |
| Subjects (v1.4+) [ { | array | An array of links to certificates that were issued by the CA that is represented by this certificate. | |
| @odata.id | string (URI) | read-only | The unique identifier for a resource. |
| } ] | |||
| } | |||
| Oem {} | object | The OEM extension property. See the Resource schema for details on this property. | |
| Password (v1.10+) | string | read-write (null) | The password for the certificate. |
| SerialNumber (v1.3+) | string | read-only | The serial number of the certificate. |
| SignatureAlgorithm (v1.3+) | string | read-only | The algorithm used for creating the signature of the certificate. |
| SPDM (v1.5+) { | object | SPDM-related information for the certificate. | |
| SlotId (v1.5+) | integer | read-only (null) | Slot identifier of the certificate. |
| } | |||
| Status (v1.10+) {} | object | The status and health of the resource and its subordinate or dependent resources. See the Resource schema for details on this property. | |
| Subject { | object | The subject of the certificate. | |
| AdditionalCommonNames (v1.6+) [ ] | array (string, null) | read-only | Additional common names of the entity. |
| AdditionalOrganizationalUnits (v1.6+) [ ] | array (string, null) | read-only | Additional organizational units of the entity. |
| AlternativeNames (v1.7+) [ ] | array (string, null) | read-only | The additional host names of the entity. |
| City | string | read-only | The city or locality of the organization of the entity. |
| CommonName | string | read-only | The common name of the entity. |
| Country | string | read-only | The country of the organization of the entity. |
| DisplayString (v1.6+) | string | read-only (null) | A human-readable string for this identifier. |
| DomainComponents (v1.6+) [ ] | array (string, null) | read-only | The domain components of the entity. |
| string | read-only (null) | The email address of the contact within the organization of the entity. | |
| Organization | string | read-only | The name of the organization of the entity. |
| OrganizationalUnit | string | read-only | The name of the unit or division of the organization of the entity. |
| State | string | read-only | The state, province, or region of the organization of the entity. |
| } | |||
| UefiSignatureOwner (v1.2+) | string (uuid) | read-only (null) | The UEFI signature owner for this certificate. |
| ValidNotAfter | string (date-time) | read-only | The date when the certificate is no longer valid. |
| ValidNotBefore | string (date-time) | read-only | The date when the certificate becomes valid. |
Actions
Rekey (v1.1+)
Description
This action generates a new key-pair for a certificate and produces a certificate signing request.
Action URI
{Base URI of target resource}/Actions/Certificate.Rekey
Action parameters
| Parameter Name | Type | Attributes | Notes |
|---|---|---|---|
| ChallengePassword | string | optional | The challenge password to apply to the certificate for revocation requests. |
| KeyBitLength | integer | optional | The length of the key, in bits, if needed based on the KeyPairAlgorithm parameter value. |
| KeyCurveId | string | optional | The curve ID to use with the key, if needed based on the KeyPairAlgorithm parameter value. |
| KeyPairAlgorithm | string | optional | The type of key-pair for use with signing algorithms. |
Response Payload
| { | |||
| Certificate (v1.1+) { | object | required | The link to the certificate being rekeyed. |
| @odata.id | string (URI) | read-only | The unique identifier for a resource. |
| } | |||
| CSRString (v1.1+) | string | read-only required | The string for the certificate signing request. |
| } |
Request Example
{
"KeyPairAlgorithm": "TPM_ALG_RSA",
"KeyBitLength": 4096
}
Response Example
{
"CSRString": "-----BEGIN CERTIFICATE REQUEST-----...-----END CERTIFICATE REQUEST-----",
"Certificate": {
"@odata.id": "/redfish/v1/Managers/BMC/NetworkProtocol/HTTPS/Certificates/1"
}
}
Renew (v1.1+)
Description
This action generates a certificate signing request by using the existing information and key-pair of the certificate.
Action URI
{Base URI of target resource}/Actions/Certificate.Renew
Action parameters
| Parameter Name | Type | Attributes | Notes |
|---|---|---|---|
| ChallengePassword | string | optional | The challenge password to apply to the certificate for revocation requests. |
Response Payload
| { | |||
| Certificate (v1.1+) { | object | required | The link to the certificate being renewed. |
| @odata.id | string (URI) | read-only | The unique identifier for a resource. |
| } | |||
| CSRString (v1.1+) | string | read-only required | The string for the certificate signing request. |
| } |
Request Example
{
"ChallengePassword": "p4ssw0rd"
}
Response Example
{
"CSRString": "-----BEGIN CERTIFICATE REQUEST-----...-----END CERTIFICATE REQUEST-----",
"Certificate": {
"@odata.id": "/redfish/v1/Managers/BMC/NetworkProtocol/HTTPS/Certificates/1"
}
}
Property details
CertificateType
The format of the certificate.
| string | Description |
|---|---|
| PEM | A Privacy Enhanced Mail (PEM)-encoded single certificate. |
| PEMchain | A Privacy Enhanced Mail (PEM)-encoded certificate chain. |
| PKCS12 | A Base64-encoded PKCS12 certificate bundle. |
| PKCS7 | A Privacy Enhanced Mail (PEM)-encoded PKCS7 certificate. |
CertificateUsageTypes
The types or purposes for this certificate.
| string | Description |
|---|---|
| BIOS | This certificate is a BIOS certificate like those associated with UEFI. |
| Device | This certificate is a device type certificate like those associated with SPDM and other standards. |
| EK | This certificate is an EK certificate like those associated with TCG TPMs. |
| IAK | This certificate is an IAK certificate like those associated with TCG TPMs. |
| IDevID | This certificate is an IDevID certificate like those associated with TCG TPMs. |
| LAK | This certificate is an LAK certificate like those associated with TCG TPMs. |
| LDevID | This certificate is an LDevID certificate like those associated with TCG TPMs. |
| Platform | This certificate is a platform type certificate like those associated with SPDM and other standards. |
| SSH | This certificate is used for SSH. |
| User | This certificate is a user certificate like those associated with a manager account. |
| Web | This certificate is a web or HTTPS certificate like those used for event destinations. |
KeyUsage
The key usage extension, which defines the purpose of the public keys in this certificate.
| string | Description |
|---|---|
| ClientAuthentication | TLS WWW client authentication. |
| CodeSigning | Signs downloadable executable code. |
| CRLSigning | Verifies signatures on certificate revocation lists (CRLs). |
| DataEncipherment | Directly enciphers raw user data without an intermediate symmetric cipher. |
| DecipherOnly | Deciphers data while performing a key agreement. |
| DigitalSignature | Verifies digital signatures, other than signatures on certificates and CRLs. |
| EmailProtection | Email protection. |
| EncipherOnly | Enciphers data while performing a key agreement. |
| KeyAgreement | Key agreement. |
| KeyCertSign | Verifies signatures on public key certificates. |
| KeyEncipherment | Enciphers private or secret keys. |
| NonRepudiation | Verifies digital signatures, other than signatures on certificates and CRLs, and provides a non-repudiation service that protects against the signing entity falsely denying some action. |
| OCSPSigning | Signs OCSP responses. |
| ServerAuthentication | TLS WWW server authentication. |
| Timestamping | Binds the hash of an object to a time. |
Example response
{
"@odata.type": "#Certificate.v1_11_0.Certificate",
"Id": "1",
"Name": "HTTPS Certificate",
"CertificateString": "-----BEGIN CERTIFICATE-----\nMIIFsTCC [*truncated*] GXG5zljlu\n-----END CERTIFICATE-----",
"CertificateType": "PEM",
"Issuer": {
"Country": "US",
"State": "Oregon",
"City": "Portland",
"Organization": "Contoso",
"OrganizationalUnit": "ABC",
"CommonName": "manager.contoso.org"
},
"Subject": {
"Country": "US",
"State": "Oregon",
"City": "Portland",
"Organization": "Contoso",
"OrganizationalUnit": "ABC",
"CommonName": "manager.contoso.org"
},
"ValidNotBefore": "2018-09-07T13:22:05Z",
"ValidNotAfter": "2019-09-07T13:22:05Z",
"KeyUsage": [
"KeyEncipherment",
"ServerAuthentication"
],
"SerialNumber": "5d:7a:d8:df:f6:fc:c1:b3:ca:fe:fb:cc:38:f3:01:64:51:ea:05:cb",
"Fingerprint": "A6:E9:D2:5C:DC:52:DA:4B:3B:14:97:F3:A4:53:D9:99:A1:0B:56:41",
"FingerprintHashAlgorithm": "TPM_ALG_SHA1",
"SignatureAlgorithm": "sha256WithRSAEncryption",
"@odata.id": "/redfish/v1/Managers/BMC/NetworkProtocol/HTTPS/Certificates/1"
}
CertificateLocations 1.0.4
| Version | v1.0 |
| Release | 2018.3 |
Description
The CertificateLocations schema describes a resource that an administrator can use in order to locate all certificates installed on a given service.
URIs
/redfish/v1/CertificateService/CertificateLocations
Properties
| Property | Type | Attributes | Notes |
|---|---|---|---|
| Actions {} | object | The available actions for this resource. | |
| Links { | object | The links to other resources that are related to this resource. | |
| Certificates [ { | array | An array of links to the certificates installed on this service. | |
| @odata.id | string (URI) | read-only | The unique identifier for a resource. |
| } ] | |||
| Oem {} | object | The OEM extension property. See the Resource schema for details on this property. | |
| } | |||
| Oem {} | object | The OEM extension property. See the Resource schema for details on this property. |
Example response
{
"@odata.type": "#CertificateLocations.v1_0_4.CertificateLocations",
"Id": "CertificateLocations",
"Name": "Certificate Locations",
"Links": {
"Certificates": [
{
"@odata.id": "/redfish/v1/Managers/BMC/NetworkProtocol/HTTPS/Certificates/1"
}
]
},
"@odata.id": "/redfish/v1/CertificateService/CertificateLocations"
}
CertificateService 1.1.0
| Version | v1.1 |
| Release | 2025.1 |
Description
The CertificateService schema describes a certificate service that represents the actions available to manage certificates and links to the certificates.
URIs
/redfish/v1/CertificateService
Properties
| Property | Type | Attributes | Notes |
|---|---|---|---|
| Actions { | object | The available actions for this resource. | |
| #CertificateService.GenerateCSR {} | object | This action makes a certificate signing request. For more information, see the Actions section below. | |
| #CertificateService.ReplaceCertificate {} | object | This action replaces a certificate. For more information, see the Actions section below. | |
| } | |||
| CertificateLocations { | object | The information about the location of certificates. | |
| @odata.id | string (URI) | read-only | The unique identifier for a resource. |
| } | |||
| Oem {} | object | The OEM extension property. See the Resource schema for details on this property. |
Actions
GenerateCSR
Description
This action makes a certificate signing request.
Action URI
{Base URI of target resource}/Actions/CertificateService.GenerateCSR
Action parameters
| Parameter Name | Type | Attributes | Notes |
|---|---|---|---|
| AlternativeNames [ ] | array (string) | optional | The additional host names of the component to secure. |
| CertificateCollection { | object | required | The link to the certificate collection where the certificate is installed after the certificate authority (CA) signs the certificate. |
| @odata.id | string (URI) | read-only | The unique identifier for a resource. |
| } | |||
| ChallengePassword | string | optional | The challenge password to apply to the certificate for revocation requests. |
| City | string | optional | The city or locality of the organization making the request. |
| CommonName | string | required | The fully qualified domain name of the component to secure. |
| ContactPerson | string | optional | The name of the user making the request. |
| Country | string | optional | The two-letter country code of the organization making the request. |
| string | optional | The email address of the contact within the organization making the request. | |
| GivenName | string | optional | The given name of the user making the request. |
| Initials | string | optional | The initials of the user making the request. |
| KeyBitLength | integer | optional | The length of the key, in bits, if needed based on the KeyPairAlgorithm parameter value. |
| KeyCurveId | string | optional | The curve ID to use with the key, if needed based on the KeyPairAlgorithm parameter value. |
| KeyPairAlgorithm | string | optional | The type of key-pair for use with signing algorithms. |
| KeyUsage [ ] | array (string (enum)) | read-write | The usage of the key contained in the certificate. For the possible property values, see KeyUsage in Property details. |
| Organization | string | optional | The name of the organization making the request. |
| OrganizationalUnit | string | optional | The name of the unit or division of the organization making the request. |
| State | string | optional | The state, province, or region of the organization making the request. |
| Surname | string | optional | The surname of the user making the request. |
| UnstructuredName | string | optional | The unstructured name of the subject. |
Response Payload
| { | |||
| CertificateCollection { | object | required | The link to the certificate collection where the certificate is installed. |
| @odata.id | string (URI) | read-only | The unique identifier for a resource. |
| } | |||
| CSRString | string | read-only required | The string for the certificate signing request. |
| } |
Request Example
{
"Country": "US",
"State": "Oregon",
"City": "Portland",
"Organization": "Contoso",
"OrganizationalUnit": "ABC",
"CommonName": "manager.contoso.org",
"AlternativeNames": [
"manager.contoso.org",
"manager.contoso.com",
"manager.contoso.us"
],
"Email": "admin@contoso.org",
"KeyPairAlgorithm": "TPM_ALG_RSA",
"KeyBitLength": 4096,
"KeyUsage": [
"KeyEncipherment",
"ServerAuthentication"
],
"CertificateCollection": {
"@odata.id": "/redfish/v1/Managers/BMC/NetworkProtocol/HTTPS/Certificates"
}
}
Response Example
{
"CSRString": "-----BEGIN CERTIFICATE REQUEST-----...-----END CERTIFICATE REQUEST-----",
"CertificateCollection": {
"@odata.id": "/redfish/v1/Managers/BMC/NetworkProtocol/HTTPS/Certificates"
}
}
ReplaceCertificate
Description
This action replaces a certificate.
Action URI
{Base URI of target resource}/Actions/CertificateService.ReplaceCertificate
Action parameters
| Parameter Name | Type | Attributes | Notes |
|---|---|---|---|
| CertificateString | string | required | The string for the certificate. |
| CertificateType | string (enum) | required | The format of the certificate. For the possible property values, see CertificateType in Property details. |
| CertificateUri { | object | required | The link to the certificate that is being replaced. |
| @odata.id | string (URI) | read-only | The unique identifier for a resource. |
| } | |||
| Password (v1.1+) | string | optional | The password for the certificate. |
Request Example
{
"CertificateUri": {
"@odata.id": "/redfish/v1/Managers/BMC/NetworkProtocol/HTTPS/Certificates/1"
},
"CertificateString": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
"CertificateType": "PEM"
}
Property details
CertificateType
The format of the certificate.
| string | Description |
|---|---|
| PEM | A Privacy Enhanced Mail (PEM)-encoded single certificate. |
| PEMchain | A Privacy Enhanced Mail (PEM)-encoded certificate chain. |
| PKCS12 | A Base64-encoded PKCS12 certificate bundle. |
| PKCS7 | A Privacy Enhanced Mail (PEM)-encoded PKCS7 certificate. |
KeyUsage
The usage of the key contained in the certificate.
| string | Description |
|---|---|
| ClientAuthentication | TLS WWW client authentication. |
| CodeSigning | Signs downloadable executable code. |
| CRLSigning | Verifies signatures on certificate revocation lists (CRLs). |
| DataEncipherment | Directly enciphers raw user data without an intermediate symmetric cipher. |
| DecipherOnly | Deciphers data while performing a key agreement. |
| DigitalSignature | Verifies digital signatures, other than signatures on certificates and CRLs. |
| EmailProtection | Email protection. |
| EncipherOnly | Enciphers data while performing a key agreement. |
| KeyAgreement | Key agreement. |
| KeyCertSign | Verifies signatures on public key certificates. |
| KeyEncipherment | Enciphers private or secret keys. |
| NonRepudiation | Verifies digital signatures, other than signatures on certificates and CRLs, and provides a non-repudiation service that protects against the signing entity falsely denying some action. |
| OCSPSigning | Signs OCSP responses. |
| ServerAuthentication | TLS WWW server authentication. |
| Timestamping | Binds the hash of an object to a time. |
Example response
{
"@odata.type": "#CertificateService.v1_2_1.CertificateService",
"Id": "CertificateService",
"Name": "Certificate Service",
"Actions": {
"#CertificateService.GenerateCSR": {
"target": "/redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR",
"@Redfish.ActionInfo": "/redfish/v1/CertificateService/GenerateCSRActionInfo"
},
"#CertificateService.ReplaceCertificate": {
"target": "/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate",
"@Redfish.ActionInfo": "/redfish/v1/CertificateService/ReplaceCertificateActionInfo"
}
},
"CertificateLocations": {
"@odata.id": "/redfish/v1/CertificateService/CertificateLocations"
},
"@odata.id": "/redfish/v1/CertificateService"
}