PUT /pkiprofile/{uuid}
/pkiprofile/{uuid}
UUID of the object to fetch
object name
Avi Tenant Header
Avi Tenant Header UUID
The caller is required to set Avi Version Header to the expected version of configuration. The response from the controller will provide and accept data according to the specified version. The controller will reject POST and PUT requests where the data is not compatible with the specified version.
Avi Controller may send back CSRF token in the response cookies. The caller should update the request headers with this token else controller will reject requests.
PKIProfile object creation
Show optional properties
{
"name": "string"
}
{
"_last_modified": "string",
"allow_pki_errors": [
"string"
],
"ca_certs": [
{
"certificate": "string",
"certificate_signing_request": "string",
"chain_verified": false,
"days_until_expire": 0,
"expiry_status": "string",
"fingerprint": "string",
"issuer": {
"common_name": "string",
"country": "string",
"distinguished_name": "string",
"email_address": "string",
"locality": "string",
"organization": "string",
"organization_unit": "string",
"state": "string"
},
"key_params": {
"algorithm": "string",
"ec_params": {
"curve": "string"
},
"rsa_params": {
"exponent": 0,
"key_size": "string"
}
},
"not_after": "string",
"not_before": "string",
"public_key": "string",
"self_signed": false,
"serial_number": "string",
"signature": "string",
"signature_algorithm": "string",
"subject": {
"common_name": "string",
"country": "string",
"distinguished_name": "string",
"email_address": "string",
"locality": "string",
"organization": "string",
"organization_unit": "string",
"state": "string"
},
"subject_alt_names": [
"string"
],
"text": "string",
"version": "string"
}
],
"configpb_attributes": {
"version": 0
},
"created_by": "string",
"crl_check": false,
"crl_file_refs": [
"string"
],
"ignore_peer_chain": false,
"is_federated": false,
"markers": [
{
"key": "string",
"values": [
"string"
]
}
],
"name": "string",
"tenant_ref": "string",
"url": "string",
"uuid": "string",
"validate_only_leaf_crl": false
}
OK
"PKIProfile Object"
UNIX time since epoch in microseconds. Units(MICROSECONDS).
Exempt errors during certificate verification. Enum options - ALLOW_EXPIRED_CRL, ALLOW_ALL_ERRORS. Field introduced in 30.1.1. Maximum of 1 items allowed. Allowed with any value in Enterprise, Enterprise with Cloud Services edition.
List of Certificate Authorities (Root and Intermediate) trusted that is used for certificate validation. Allowed with any value in Enterprise, Essentials, Basic, Enterprise with Cloud Services edition.
configpb_attributes
Creator name. Allowed with any value in Enterprise, Essentials, Basic, Enterprise with Cloud Services edition.
When enabled, Avi will verify via CRL checks that certificates in the trust chain have not been revoked. Allowed with any value in Enterprise, Essentials, Basic, Enterprise with Cloud Services edition.
Refers to FileObject containing CRL body. It is a reference to an object of type FileObject. Field introduced in 30.2.1. Allowed with any value in Enterprise, Enterprise with Cloud Services edition.
When enabled, Avi will not trust Intermediate and Root certs presented by a client. Instead, only the chain certs configured in the Certificate Authority section will be used to verify trust of the client's cert. Allowed with any value in Enterprise, Enterprise with Cloud Services edition. Allowed in Essentials (Allowed values- true), Basic (Allowed values- true) edition. Special default for Essentials edition is true, Basic edition is true, Enterprise edition is False.
This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. . Field introduced in 17.1.3. Allowed with any value in Enterprise, Essentials, Basic, Enterprise with Cloud Services edition.
List of labels to be used for granular RBAC. Field introduced in 20.1.5. Allowed with any value in Enterprise, Essentials, Basic, Enterprise with Cloud Services edition.
Name of the PKI Profile. Allowed with any value in Enterprise, Essentials, Basic, Enterprise with Cloud Services edition.
It is a reference to an object of type Tenant. Allowed with any value in Enterprise, Essentials, Basic, Enterprise with Cloud Services edition.
url
Allowed with any value in Enterprise, Essentials, Basic, Enterprise with Cloud Services edition.
When enabled, Avi will only validate the revocation status of the leaf certificate using CRL. To enable validation for the entire chain, disable this option and provide all the relevant CRLs. Allowed with any value in Enterprise, Enterprise with Cloud Services edition. Allowed in Essentials (Allowed values- true), Basic (Allowed values- true) edition.
log in failed
curl -X PUT -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '{"name:"string"}' https://{api_host}/api/pkiprofile/{uuid}