deliveryservices/xmlId/{{XMLID}}/sslkeys

GET

Retrieves SSL keys for a Delivery Service.

Auth. Required

Yes

Roles Required

None

Permissions Required

DS-SECURITY-KEY:READ, DELIVERY-SERVICE:READ

Response Type

Object

Request Structure

Table 330 Request Path Parameters

Name

Description

XMLID

The ‘xml_id’ of the desired Delivery Service

Table 331 Request Query Parameters

Name

Required

Description

version

no

The version number of the SSL keys to retrieve

decode

no

If true, the returned keys will be decoded - if false, they will not be decoded

Caution

There’s almost certainly no good reason to request the private key! Even when “base 64-encoded” do not let ANYONE see this who would be unable to request it themselves!

Response Structure

businessUnit

An optional field which, if present, contains the business unit entered by the user when generating the SSL certificate1

certificate

An object containing the actual generated key, certificate, and signature of the SSL keys

crt

Base 64-encoded (or not if the decode query parameter was given and true) certificate for the Delivery Service identified by deliveryservice

csr

Base 64-encoded (or not if the decode query parameter was given and true) csr file for the Delivery Service identified by deliveryservice

key

Base 64-encoded (or not if the decode query parameter was given and true) private key for the Delivery Service identified by deliveryservice

Caution

There’s almost certainly no good reason to request the private key! Even when “base 64-encoded” do not let ANYONE see this who would be unable to request it themselves!

cdn

The CDN of the Delivery Service for which the certs were generated

city

An optional field which, if present, contains the city entered by the user when generating the SSL certificate1

country

An optional field which, if present, contains the country entered by the user when generating the SSL certificate1

deliveryservice

The ‘xml_id’ of the Delivery Service for which the certificate was generated

hostname

The hostname generated by Traffic Ops that is used as the common name when generating the certificate - this will be a FQDN for DNS Delivery Services and a wildcard URL for HTTP Delivery Services

organization

An optional field which, if present, contains the organization entered by the user when generating certificate1

state

An optional field which, if present, contains the state entered by the user when generating certificate1

version

An integer that defines the “version” of the key - which may be thought of as the sequential generation; that is, the higher the number the more recent the key

expiration

The expiration date of the certificate for the Delivery Service in RFC 3339 format

sans

The SANs from the SSL certificate.

New in version 4.0.

#786 Response Example
HTTP/1.1 200 OK
Content-Type: application/json

{ "response": {
    "certificate": {
        "crt": "crt",
        "key": "key",
        "csr": "csr"
    },
    "deliveryservice": "my-ds",
    "cdn": "qa",
    "businessUnit": "CDN_Eng",
    "city": "Denver",
    "organization": "KableTown",
    "hostname": "foober.com",
    "country": "US",
    "state": "Colorado",
    "version": "1",
    "expiration": "2020-08-18T13:53:06Z",
    "sans": ["*.foober.com", "*.foober2.com"]
}}

DELETE

Auth. Required

Yes

Roles Required

“admin” or “operations”

Permissions Required

DS-SECURITY-KEY:DELETE, DELIVERY-SERVICE:READ, DS-SECURITY-KEY:READ, DELIVERY-SERVICE:UPDATE

Response Type

Object (string)

Request Structure

Table 332 Request Path Parameters

Name

Required

Description

xmlId

yes

The xml_id of the desired Delivery Service

Table 333 Request Query Parameters

Name

Required

Description

version

no

The version number of the SSL keys that shall be retrieved

Response Structure

#787 Response Example
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Set-Cookie, Cookie
Access-Control-Allow-Methods: POST,GET,OPTIONS,PUT,DELETE
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: application/json
Set-Cookie: mojolicious=...; Path=/; Expires=Wed, 18 Mar 2020 17:36:10 GMT; Max-Age=3600; HttpOnly
Whole-Content-Sha512: Pj+zCoOXg19nGNxcSkjib2iDjG062Y3RcEEV+OYnwbGIsLcpa0BKZleY/qJOKT5DkSoX2qQkckUxUqdDxjVorQ==
X-Server-Name: traffic_ops_golang/
Date: Wed, 18 Mar 2020 16:36:10 GMT
Content-Length: 79

{
    "response": "Successfully deleted ssl keys for demo1"
}
1(1,2,3,4,5)

These optional fields will be present in the response if and only if they were specified during key generation; they are optional during key generation and thus cannot be guaranteed to exist or not exist.