deliveryservices/xmlId/{{XMLID}}/sslkeys
GET
Retrieves SSL keys for a Delivery Service.
- Auth. Required:
Yes
- Roles Required:
None
- Permissions Required:
DS-SECURITY-KEY:READ, DELIVERY-SERVICE:READ
- Response Type:
Object
Request Structure
Name |
Description |
---|---|
XMLID |
The ‘xml_id’ of the desired Delivery Service |
Name |
Required |
Description |
---|---|---|
version |
no |
The version number of the SSL keys to retrieve |
decode |
no |
If |
Caution
There’s almost certainly no good reason to request the private key! Even when “base 64-encoded” do not let ANYONE see this who would be unable to request it themselves!
Response Structure
- businessUnit:
An optional field which, if present, contains the business unit entered by the user when generating the SSL certificate[1]
- certificate:
An object containing the actual generated key, certificate, and signature of the SSL keys
- crt:
Base 64-encoded (or not if the
decode
query parameter was given andtrue
) certificate for the Delivery Service identified bydeliveryservice
- csr:
Base 64-encoded (or not if the
decode
query parameter was given andtrue
) csr file for the Delivery Service identified bydeliveryservice
- key:
Base 64-encoded (or not if the
decode
query parameter was given andtrue
) private key for the Delivery Service identified bydeliveryservice
Caution
There’s almost certainly no good reason to request the private key! Even when “base 64-encoded” do not let ANYONE see this who would be unable to request it themselves!
- cdn:
The CDN of the Delivery Service for which the certs were generated
- city:
An optional field which, if present, contains the city entered by the user when generating the SSL certificate[1]
- country:
An optional field which, if present, contains the country entered by the user when generating the SSL certificate[1]
- deliveryservice:
The ‘xml_id’ of the Delivery Service for which the certificate was generated
- hostname:
The hostname generated by Traffic Ops that is used as the common name when generating the certificate - this will be a FQDN for DNS Delivery Services and a wildcard URL for HTTP Delivery Services
- organization:
An optional field which, if present, contains the organization entered by the user when generating certificate[1]
- state:
An optional field which, if present, contains the state entered by the user when generating certificate[1]
- version:
An integer that defines the “version” of the key - which may be thought of as the sequential generation; that is, the higher the number the more recent the key
- expiration:
The expiration date of the certificate for the Delivery Service in RFC 3339 format
- sans:
The SANs from the SSL certificate.
New in version 4.0.
HTTP/1.1 200 OK
Content-Type: application/json
{ "response": {
"certificate": {
"crt": "crt",
"key": "key",
"csr": "csr"
},
"deliveryservice": "my-ds",
"cdn": "qa",
"businessUnit": "CDN_Eng",
"city": "Denver",
"organization": "CDN",
"hostname": "foober.com",
"country": "US",
"state": "Colorado",
"version": "1",
"expiration": "2020-08-18T13:53:06Z",
"sans": ["*.foober.com", "*.foober2.com"]
}}
DELETE
- Auth. Required:
Yes
- Roles Required:
“admin” or “operations”
- Permissions Required:
DS-SECURITY-KEY:DELETE, DELIVERY-SERVICE:READ, DS-SECURITY-KEY:READ, DELIVERY-SERVICE:UPDATE
- Response Type:
Object (string)
Request Structure
Name |
Required |
Description |
---|---|---|
xmlId |
yes |
The xml_id of the desired Delivery Service |
Name |
Required |
Description |
---|---|---|
version |
no |
The version number of the SSL keys that shall be retrieved |
Response Structure
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Set-Cookie, Cookie
Access-Control-Allow-Methods: POST,GET,OPTIONS,PUT,DELETE
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: application/json
Set-Cookie: mojolicious=...; Path=/; Expires=Wed, 18 Mar 2020 17:36:10 GMT; Max-Age=3600; HttpOnly
Whole-Content-Sha512: Pj+zCoOXg19nGNxcSkjib2iDjG062Y3RcEEV+OYnwbGIsLcpa0BKZleY/qJOKT5DkSoX2qQkckUxUqdDxjVorQ==
X-Server-Name: traffic_ops_golang/
Date: Wed, 18 Mar 2020 16:36:10 GMT
Content-Length: 79
{
"response": "Successfully deleted ssl keys for demo1"
}