Certificate Management Calls

Get the Certificate Revocation List

This call gets the Certificate Revocation List (CRL).

Authentication

This call requires tenant admin credentials.

HTTP Method

GET

Request URI

/c/ca/<tenant-id>/AWS%20CA.crl

Request Parameters

Parameter

Argument Type

Description

Example Value

tenant-id

Path

The id of the tenant for which you want to download the CRL.

42591

Example Request

http://[Ivanti Neurons for MDM]/c/ca/42591/AWS%20CA.crl

Response

Returns HTTP code 200 OK and downloads a file named cert.cer.

Get List of Certificates Requiring Manual Revocation

This call returns a Comma Separated Value (CSV) file containing a list of certificates that cannot be revoked systematically and need to be revoked manually.

Required Permissions

This call requires tenant admin credentials.

HTTP Method

GET

Request URI

/api/v1/ca/getCertStatus/{caName}?format=csv

Request Parameters

Parameter

Argument Type

Description

Example Value

caName

Path

Required

Data Type: String

The certificate authority name. You can find this name in the Ivanti Neurons for MDM user interface by selecting Admin > Certificate Authority and selecting a name from the Name column of the Certificate Authority table.

attca

format

Query

Required

Data Type: String

Specifies the format of the return list. Use csv.

csv

Example Request

http://[Ivanti Neurons for MDM]/api/v1/ca/getCertStatus/attca?format=csv

Response

Returns a CSV file with information about external certificates in the state, Manual_Revoke, meaning, that need to be revoked manually. If the call does not find any certificates that need to be revoked manually, the call returns an empty CSV file. The CSV file contains the following header fields: caID, caName, certHash, mdmChannelId, notAfter, notBefore, serialNumber, storeState, subject, usageType.

Example Response

caID,caName,certHash,mdmChannelId,notAfter,notBefore,serialNumber,storeState,subject,usageType

18000,ExternalCA1,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:19 IST 2019,1007,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=WindowsPhoneEnrollmentCA,UID=1560761719200",

18000,ExternalCA2,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:18 IST 2019,1006,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=SentryCA,UID=1560761718373",

18000,ExternalCA3,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:20 IST 2019,1008,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=MobileIronVelaCA,UID=1560761720165",

18000,ExternalCA4,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:18 IST 2019,1005,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=MobileIronClientCA,UID=1560761718120",

18000,ExternalCA5,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:20 IST 2019,1009,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=MobileIronAgentCA,UID=1560761720790",

18000,ExternalCA6,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:22 IST 2019,1013,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=MacOSAgentScriptSignerCA,UID=1560761722353",

18000,ExternalCA7,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:17 IST 2019,1004,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=iOSMDMCA,UID=1560761717820",

Get list of manually revoked certificates for specific date

This call returns a Comma Separated Value (CSV) file containing a list of manually revoked certificates for a specific date.

Required Permissions

This call requires tenant admin credentials.

HTTP Method

GET

Request URI

/api/v1/ca/getCertStatusOnDate/?format=csv&manuallyRevokeDate=dd-mm-yyyy

Request Parameters

Parameter

Argument Type

Description

Example Value

format

Query

Required

Data Type: String

Specifies the format of the return list. Use csv.

csv

manuallyRevokeDate

Query

Required

Data Type: String

The certificate authority name. You can find this name in the Ivanti Neurons for MDM user interface by selecting Admin > Certificate Authority and selecting a name from the Name column of the Certificate Authority table.

09-12-2021

Example Request

curl --location --request GET 'https://[Ivanti Neurons for MDM]/api/v1/ca/getCertStatusOnDate/?format=csv&manuallyRevokeDate=09-12-2021' \ --header 'Authorization: Basic <token>'

Response

Returns a CSV file with list of manually revoked certificates for specific date.

Example Response

caID,caName,certHash,mdmChannelId,notAfter,notBefore,serialNumber,storeState,subject,usageType

32144,ExternalCAH,,,Fri Dec 08 10:14:47 UTC 2023,Wed Dec 08 10:14:47 UTC 2021,xxxx23856034564930745351291156834644115064648,Manual_Revoke,CN=externaledited,

32144,ExternalCAH,,,Fri Dec 08 10:09:43 UTC 2023,Wed Dec 08 10:09:43 UTC 2021,xxxx23856023995127432786986335255338386720582,Manual_Revoke,CN=external,

Upload User-Provided Certificates

Use this call to upload multiple user-provided certificates by specifying certificate enrollment IDs and usernames, and providing the certificate payloads (p12) and passwords for the certificate private key. You can quickly configure user-provided certificates for multiple users without requiring each user to upload certificates using the self-service user portal, improving security by reducing the use of username and password.

Authentication

This call requires tenant admin credentials.

HTTP Method

POST

Request URI

api/v1/user_provided

Request Parameters

Parameter

Argument Type

Description

Example Value

certData

Request body

Multipart P12 file.

@smes.p12

password

Request body

Password of the P12 file being uploaded.

123456

accountUid

Request body

Account uid of the end user for which the certificate is being uploaded.

[email protected]

policyId

Request body

Identity Certificate UP policy id for which the user provided certificate is uploaded.

35037

Example Request

curl -X POST https://[Ivanti Neurons for MDM]/api/v1/user_provided -H 'authorization: Basic <token>' -H 'cache-control: no-cache' -H 'content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW' -F password=123456 -F [email protected] -F policyId=35037 -F [email protected]

Response

{

"errors": null,

"result": true

}

Delete User-Provided Certificates in Bulk Using CSV File

Use this call along with an uploaded CSV file to to automate the deletion of private keys and passwords for user-provided certificate packages that have been stored on the system for individual users and for groups of users.

Authentication

This call requires tenant admin credentials.

HTTP Method

DELETE

Request URI

/api/v1/user_provided/clearPrivateKey/csv

Request Parameters

Parameter

Argument Type

Description

Example Value

csv-data

Request body

Identifies the CSV file to upload with the request. See CSV File Format for more information.

@test.csv

CSV File Format

certificateIds

for example:

certificateIds

3

7

10

13

This CSV file would delete certificates with the IDs 3, 7, 10, and 13. Do not include more than 1000 IDs per CSV file.

Example Request

curl -X DELETE \ https://[Ivanti Neurons for MDM]/api/v1/user_provided/clearPrivateKey/csv \ -H 'authorization: Basic <token>' \ -H 'content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW' \ -F [email protected]

Example responses

When the key is cleared:

{ "errors": null, "result": { "numberOfPrivateKeysCleared": 1, "invalidCertificateIds": [ ] } }

When there is an invalid key:

{ "errors": null, "result": { "numberOfPrivateKeysCleared": 0, "invalidCertificateIds": [ 3 ] } }

When there is both:

{ "errors": null, "result": { "numberOfPrivateKeysCleared": 6, "invalidCertificateIds": [ 3 ] } }

When key is already cleared:

{ "errors": null, "result": { "numberOfPrivateKeysCleared": 0, "invalidCertificateIds": [ 3 ] } }

When the cert count is more than 1000:

{ "errors": { "globalErrors": [ { "code": "CERT-114", "message": "Clear private key request size for certificates exceeds configured limit : 1,000 " } ], "fieldErrors": null }, "result": null }

When the file is invalid format:

{ "errors": { "globalErrors": [ { "code": "CSV-100", "message": "The uploaded CSV File is invalid." } ], "fieldErrors": null }, "result": null }

Delete User-Provided Certificates in Bulk Using Using Account and Policy

Use this call to automate the deletion of private keys and passwords for user-provided certificate packages that have been stored on the system for individual users and for groups of users.

Authentication

This call requires tenant admin credentials.

HTTP Method

DELETE

Request URI

/api/v1/user_provided/clearPrivateKey/csv

Request Parameters

Parameter

Argument Type

Description

Example Value

accountId

Request body

The accountID of the user whose certificates to delete.

10200

userProvidedCertificatePolicyIds

Request body

The Identity Certificate UP policy ids of the certificates to delete. Use a comma separated list to delete multiple certificates.

35497

Example Request

curl -X DELETE \ https://[Ivanti Neurons for MDM]/api/v1/user_provided/clearPrivateKey \ -H 'authorization: Basic <token>' \ -H 'content-type: application/json' \ -d '{"accountAndUPPolicyWrappers":[{"accountId":10200,"userProvidedCertificatePolicyIds":[35497]}]}'

Example responses

When call is successful:

{ "errors": null, "result": { "numberOfPrivateKeysCleared": 5, "invalidAccountIds": [ ], "invalidIdentityCertificateUPPolicyIds": [ ] } }

When account ids and policy ids are invalid:

{ "errors": null, "result": { "numberOfPrivateKeysCleared": 0, "invalidAccountIds": [ 10200 ], "invalidIdentityCertificateUPPolicyIds": [ 35497 ] } }

When the key is already cleared :

{ "errors": { "globalErrors": [ { "code": "KSF-101", "message": "Unable to open PKCS12 keystore. File format is not valid." } ], "fieldErrors": null }, "result": null }

When there are invalid policy ids :

{ "errors": { "globalErrors": null, "fieldErrors": [ { "code": "HTTP-400-3", "message": "Invalid account and(or) policies specified.", "field": "accountAndUPPolicyWrappers" } ] }, "result": null }