Overview

 

Certificate Authority API for creating End Point Certificates signed by the ISE Internal CA. This API can take in certificate request details, create an RSA key pair, create a certificate and return the resulting key pair and certificate as a ZIP file. ZIP files are returned as an octet stream.

 

Please note that these examples are not meant to be used as is because they have references to DB data.
You should treat it as a basic template and edit it before sending to server.





Resource definition

Attribute

Type

Required

Default value

Description

name

String

Yes

Resource name

id

String

Yes

Resourse UUID

description

String

No

certTemplateName

String

Yes

format

Enum

Yes

Allowed values: PKCS12,PKCS12_CHAIN,PKCS8,PKCS8_CHAIN

password

String

Yes

certificateRequest

Map

Yes

Key value map


XML example: 

1.  XML
2.  <?xml version="1.0" encoding="UTF-8"?>
3.  <ns0:endpointcert xmlns:ns0="ca.ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns1="ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com">
4.     <certTemplateName>Certificate_Template_Name</certTemplateName>
5.     <certificateRequest>
6.        <entry>
7.           <key>san</key>
8.           <value>11-22-33-44-55-66</value>
9.        </entry>
10.      <entry>
11.         <key>cn</key>
12.         <value>userName [or] machineName</value>
13.      </entry>
14.   </certificateRequest>
15.   <format>PKCS8 [or] PKCS8_CHAIN [or] PKCS12 [or] PKCS12_CHAIN</format>
16.   <password>password</password>
17.</ns0:endpointcert>
18. 
19.JSON
20.{
21.  "ERSEndPointCert" : {
22.    "certTemplateName" : "Certificate_Template_Name",
23.    "format" : "PKCS8 [or] PKCS8_CHAIN [or] PKCS12 [or] PKCS12_CHAIN",
24.    "password" : "password",
25.    "certificateRequest" : {
26.      "san" : "11-22-33-44-55-66",
27.      "cn" : "userName [or] machineName"
28.    }
29.  }
30.}





Revision History

 

Revision 0

Resource Version

1.0

ISE Version

2.0

Description

Initial Ise Version




Api Reference

Create Certificate

Request:

Method:

PUT

URI:

https://10.56.60.175:9060/ers/config/endpointcert/certRequest

HTTP 'Content-Type' Header:

application/xml | application/json

HTTP 'Accept' Header:

application/xml | application/json

HTTP 'ERS-Media-Type' Header (Not Mandatory):

ca.endpointcert.1.0

HTTP 'X-CSRF-TOKEN' Header (Required Only if Enabled from GUI):

The Token value from the GET X-CSRF-TOKEN fetch request

Additional Information:

CertTemplateName

(Required):

Must be the name of an Internal CA template.

CertificateRequest

(Required):

Must have CN and SAN entries.

CN

(Required):

Must match the requester's User Name, unless the Requester is an ERS Admin. ERS Admins are allowed to create requests for any CN.

SAN

(Required):

Must be a valid MAC Address, delimited by '-'

Format

(Required):

Must be one of either PKCS12, PKCS12_CHAIN, PKCS8, or PKCS8_CHAIN

Password

(Required):

Protects the private key. Must have more than 8 characters, less than 15 characters, at least one upper case letter, at least one lower case letter, at least one digit, and can only contain [A-Z][a-z][0-9]_#


Request Content:

XML
<?xml version="1.0" encoding="UTF-8"?>
<ns0:endpointcert xmlns:ns0="ca.ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns1="ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com">
   <certTemplateName>Certificate_Template_Name</certTemplateName>
   <certificateRequest>
      <entry>
         <key>san</key>
         <value>11-22-33-44-55-66</value>
      </entry>
      <entry>
         <key>cn</key>
         <value>userName [or] machineName</value>
      </entry>
   </certificateRequest>
   <format>PKCS8 [or] PKCS8_CHAIN [or] PKCS12 [or] PKCS12_CHAIN</format>
   <password>password</password>
</ns0:endpointcert>
 
JSON
{
  "ERSEndPointCert" : {
    "certTemplateName" : "Certificate_Template_Name",
    "format" : "PKCS8 [or] PKCS8_CHAIN [or] PKCS12 [or] PKCS12_CHAIN",
    "password" : "password",
    "certificateRequest" : {
      "san" : "11-22-33-44-55-66",
      "cn" : "userName [or] machineName"
    }
  }
}


Response: (N/A)

HTTP Status:

200 (OK)


Content: 

[Response is returned as an Octet Stream representing a ZIP file.]

Get Version

Request:

Method:

GET

URI:

https://10.56.60.175:9060/ers/config/endpointcert/versioninfo

HTTP 'Content-Type' Header:

application/xml | application/json

 



                                                                                            
                                                                                           


Response: (Version Info)

HTTP Status:

200 (OK)


Content: 

XML
<?xml version="1.0" encoding="UTF-8"?>
<ns0:versionInfo xmlns:ns0="ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema">
   <currentServerVersion>1.0</currentServerVersion>
   <link rel="self" href="link" type="application/xml"/>
   <supportedVersions>0.9,0.8</supportedVersions>
</ns0:versionInfo>
 
JSON
{
  "VersionInfo" : {
    "currentServerVersion" : "1.0",
    "supportedVersions" : "0.9,0.8",
    "link" : {
      "rel" : "self",
      "href" : "link",
      "type" : "application/xml"
    }
  }
}