deliveryservices/xmlId/{{XMLID}}/sslkeys

GET

Retrieves SSL keys for a Delivery Service.

Auth. Required:

Yes

Roles Required:

None

Permissions Required:

DS-SECURITY-KEY:READ, DELIVERY-SERVICE:READ

Response Type:

Object

Request Structure

Table 333 Request Path Parameters

Name

Description

XMLID

The ‘xml_id’ of the desired Delivery Service

Table 334 Request Query Parameters

Name

Required

Description

version

no

The version number of the SSL keys to retrieve

decode

no

If true, the returned keys will be decoded - if false, they will not be decoded

Caution

There’s almost certainly no good reason to request the private key! Even when “base 64-encoded” do not let ANYONE see this who would be unable to request it themselves!

Response Structure

businessUnit:

An optional field which, if present, contains the business unit entered by the user when generating the SSL certificate[1]

certificate:

An object containing the actual generated key, certificate, and signature of the SSL keys

crt:

Base 64-encoded (or not if the decode query parameter was given and true) certificate for the Delivery Service identified by deliveryservice

csr:

Base 64-encoded (or not if the decode query parameter was given and true) csr file for the Delivery Service identified by deliveryservice

key:

Base 64-encoded (or not if the decode query parameter was given and true) private key for the Delivery Service identified by deliveryservice

Caution

There’s almost certainly no good reason to request the private key! Even when “base 64-encoded” do not let ANYONE see this who would be unable to request it themselves!

cdn:

The CDN of the Delivery Service for which the certs were generated

city:

An optional field which, if present, contains the city entered by the user when generating the SSL certificate[1]

country:

An optional field which, if present, contains the country entered by the user when generating the SSL certificate[1]

deliveryservice:

The ‘xml_id’ of the Delivery Service for which the certificate was generated

hostname:

The hostname generated by Traffic Ops that is used as the common name when generating the certificate - this will be a FQDN for DNS Delivery Services and a wildcard URL for HTTP Delivery Services

organization:

An optional field which, if present, contains the organization entered by the user when generating certificate[1]

state:

An optional field which, if present, contains the state entered by the user when generating certificate[1]

version:

An integer that defines the “version” of the key - which may be thought of as the sequential generation; that is, the higher the number the more recent the key

expiration:

The expiration date of the certificate for the Delivery Service in RFC 3339 format

sans:

The SANs from the SSL certificate.

New in version 4.0.

#796 Response Example
HTTP/1.1 200 OK
Content-Type: application/json

{ "response": {
    "certificate": {
        "crt": "crt",
        "key": "key",
        "csr": "csr"
    },
    "deliveryservice": "my-ds",
    "cdn": "qa",
    "businessUnit": "CDN_Eng",
    "city": "Denver",
    "organization": "CDN",
    "hostname": "foober.com",
    "country": "US",
    "state": "Colorado",
    "version": "1",
    "expiration": "2020-08-18T13:53:06Z",
    "sans": ["*.foober.com", "*.foober2.com"]
}}

DELETE

Auth. Required:

Yes

Roles Required:

“admin” or “operations”

Permissions Required:

DS-SECURITY-KEY:DELETE, DELIVERY-SERVICE:READ, DS-SECURITY-KEY:READ, DELIVERY-SERVICE:UPDATE

Response Type:

Object (string)

Request Structure

Table 335 Request Path Parameters

Name

Required

Description

xmlId

yes

The xml_id of the desired Delivery Service

Table 336 Request Query Parameters

Name

Required

Description

version

no

The version number of the SSL keys that shall be retrieved

Response Structure

#797 Response Example
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Set-Cookie, Cookie
Access-Control-Allow-Methods: POST,GET,OPTIONS,PUT,DELETE
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: application/json
Set-Cookie: mojolicious=...; Path=/; Expires=Wed, 18 Mar 2020 17:36:10 GMT; Max-Age=3600; HttpOnly
Whole-Content-Sha512: Pj+zCoOXg19nGNxcSkjib2iDjG062Y3RcEEV+OYnwbGIsLcpa0BKZleY/qJOKT5DkSoX2qQkckUxUqdDxjVorQ==
X-Server-Name: traffic_ops_golang/
Date: Wed, 18 Mar 2020 16:36:10 GMT
Content-Length: 79

{
    "response": "Successfully deleted ssl keys for demo1"
}