Generate Certificate with rest API

I’m trying to write a script to generate a selfsigned certificate in Octopus. Using the SwaggerUI, I found the “/certificates/generate” endpoint. However I cannot figureout what body json payload is required?

Hi @Brian.Oberholtzer,

Thanks for reaching out with your question!

We have a handy script here you could repurpose here that contains the JSON payload/body for the certificates/generate endpoint:

$jsonPayload = @{
    Name = $certificateName
    Notes = $certificateNotes
    certificateData = @{
        HasValue = $true
        NewValue = $certificateContent
    }
    password = @{
        HasValue = $true
        NewValue = $certificatePfxPassword
    }
    EnvironmentIds = $certificateEnvironmentIds
    TenantIds = $certificateTenantIds
    TenantTags = $certificateTenantTags
    TenantedDeploymentParticipation = $certificateTenantedDeploymentParticipation
}

If you end up using the script itself, please read and understand what it’s doing before using in a production environment. Please let us know if you have any additional questions.

Regards,
Garrett

That Script you have referenced has things in the payload that I wouldn’t have for generating the certificate.
As an example:
NewValue = $certificateContent
is pulled from an existing certificate that one would have on disk.

This is the error I get when I attempt to do nearly any payload:
{ “ErrorMessage”: “There was a problem with your request.”, “Errors”: [ “Please supply either the common name
| or organization.” ],

However When I attempt to supply those parameters. I get this error:
{
“ErrorMessage”: “Object reference not set to an instance of an object.”
}

Hi @Brian.Oberholtzer,

Sorry about that, I misunderstood the endpoint there, I gave you a script to upload an existing certificate instead of generating a brand new one. You should be able to drop the example value from Swagger UI and into the body of that endpoint like so:

If you run the default you will see which values get automatically generated and which you will need to replace. For example, mine came out like this with no string replacements:

Please let me know if that helps you get unstuck.

Regards,
Garrett

I’m getting a 400 response when going through swaggar:

Hi @Brian.Oberholtzer,

It doesn’t look like our SwaggerUI has parameters for that particular POST.
Here was the JSON body from the examples I used in Postman to generate the new certificate:

{
“Archived”: “2022-01-18T21:16:50.141Z”,
“CertificateChain”: [
{
“IssuerDistinguishedName”: “string”,
“NotAfter”: “2022-01-18T21:16:50.141Z”,
“NotBefore”: “2022-01-18T21:16:50.141Z”,
“SerialNumber”: “string”,
“SignatureAlgorithmName”: “string”,
“SubjectDistinguishedName”: “string”,
“Thumbprint”: “string”,
“Version”: 0
}
],
“CertificateData”: {
“HasValue”: true,
“Hint”: “string”,
“NewValue”: “string”
},
“CertificateDataFormat”: “Pkcs12”,
“EnvironmentIds”: [
“string”
],
“HasPrivateKey”: true,
“Id”: “string”,
“IsExpired”: true,
“IssuerCommonName”: “string”,
“IssuerDistinguishedName”: “string”,
“IssuerOrganization”: “string”,
“LastModifiedBy”: “string”,
“LastModifiedOn”: “2022-01-18T21:16:50.141Z”,
“Links”: {
“additionalProp1”: “string”,
“additionalProp2”: “string”,
“additionalProp3”: “string”
},
“Name”: “string”,
“NotAfter”: “2022-01-18T21:16:50.141Z”,
“NotBefore”: “2022-01-18T21:16:50.141Z”,
“Notes”: “string”,
“Password”: {
“HasValue”: true,
“Hint”: “string”,
“NewValue”: “string”
},
“ReplacedBy”: “string”,
“SelfSigned”: true,
“SerialNumber”: “string”,
“SignatureAlgorithmName”: “string”,
“SpaceId”: “string”,
“SubjectAlternativeNames”: [
“string”
],
“SubjectCommonName”: “string”,
“SubjectDistinguishedName”: “string”,
“SubjectOrganization”: “string”,
“TenantedDeploymentParticipation”: “Untenanted”,
“TenantIds”: [
“string”
],
“TenantTags”: [
“string”
],
“Thumbprint”: “string”,
“Version”: 0
}

This returned:

{
“Id”: “Certificates-141”,
“Name”: “string”,
“Notes”: null,
“CertificateData”: {
“HasValue”: true,
“NewValue”: null,
“Hint”: null
},
“Password”: {
“HasValue”: true,
“NewValue”: null,
“Hint”: null
},
“EnvironmentIds”: [],
“TenantedDeploymentParticipation”: “Untenanted”,
“TenantIds”: [],
“TenantTags”: [],
“CertificateDataFormat”: “Pkcs12”,
“Archived”: null,
“ReplacedBy”: null,
“SubjectDistinguishedName”: “CN=string”,
“SubjectCommonName”: “string”,
“SubjectOrganization”: null,
“IssuerDistinguishedName”: “CN=string”,
“IssuerCommonName”: “string”,
“IssuerOrganization”: null,
“SelfSigned”: true,
“Thumbprint”: “208ED0D2redactedC2DB0B63E”,
“NotAfter”: “2122-01-18T21:35:03.000+00:00”,
“NotBefore”: “2022-01-18T21:35:03.000+00:00”,
“IsExpired”: false,
“HasPrivateKey”: true,
“Version”: 3,
“SerialNumber”: “288671604181B2E3”,
“SignatureAlgorithmName”: “SHA-256withECDSA”,
“SubjectAlternativeNames”: [],
“CertificateChain”: [],
“SpaceId”: “Spaces-1”,
“LastModifiedOn”: “2022-01-18T21:35:03.713+00:00”,
“LastModifiedBy”: “garrett”,
“Links”: {
“Self”: “/api/Spaces-1/certificates/Certificates-141”,
“Export”: “/api/Spaces-1/certificates/Certificates-141/export{?format,password,includePrivateKey,pemOptions}”,
“Archive”: “/api/Spaces-1/certificates/Certificates-141/archive”,
“Unarchive”: “/api/Spaces-1/certificates/Certificates-141/unarchive”,
“Usages”: “/api/Spaces-1/certificates/Certificates-141/usages”,
“Replace”: “/api/Spaces-1/certificates/Certificates-141/replace”
}
}

SwaggerUI is best used for API documentation/referencing and is not always the best way to make API calls.

Please let me know if this helps.

Regards,
Garrett

That worked, Thank you so much for your help!

1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.