Certificate Management Calls
Get the Certificate Revocation List
This call gets the Certificate Revocation List (CRL).
Authentication
This call requires tenant admin credentials.
HTTP Method
GET
Request URI
/c/ca/<tenant-id>/AWS%20CA.crl
Request Parameters
|
Parameter |
Argument Type |
Description |
Example Value |
|---|---|---|---|
|
tenant-id |
Path |
The id of the tenant for which you want to download the CRL. |
42591 |
Example Request
http://[Ivanti Neurons for MDM]/c/ca/42591/AWS%20CA.crl
Response
Returns HTTP code 200 OK and downloads a file named cert.cer.
Get List of Certificates Requiring Manual Revocation
This call returns a Comma Separated Value (CSV) file containing a list of certificates that cannot be revoked systematically and need to be revoked manually.
Required Permissions
This call requires tenant admin credentials.
HTTP Method
GET
Request URI
/api/v1/ca/getCertStatus/{caName}?format=csv
Request Parameters
|
Parameter |
Argument Type |
Description |
Example Value |
|---|---|---|---|
|
caName |
Path |
Required Data Type: String The certificate authority name. You can find this name in the Ivanti Neurons for MDM user interface by selecting Admin > Certificate Authority and selecting a name from the Name column of the Certificate Authority table. |
attca |
|
format |
Query |
Required Data Type: String Specifies the format of the return list. Use csv. |
csv |
Example Request
http://[Ivanti Neurons for MDM]/api/v1/ca/getCertStatus/attca?format=csv
Response
Returns a CSV file with information about external certificates in the state, Manual_Revoke, meaning, that need to be revoked manually. If the call does not find any certificates that need to be revoked manually, the call returns an empty CSV file. The CSV file contains the following header fields: caID, caName, certHash, mdmChannelId, notAfter, notBefore, serialNumber, storeState, subject, usageType.
Example Response
caID,caName,certHash,mdmChannelId,notAfter,notBefore,serialNumber,storeState,subject,usageType
18000,ExternalCA1,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:19 IST 2019,1007,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=WindowsPhoneEnrollmentCA,UID=1560761719200",
18000,ExternalCA2,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:18 IST 2019,1006,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=SentryCA,UID=1560761718373",
18000,ExternalCA3,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:20 IST 2019,1008,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=MobileIronVelaCA,UID=1560761720165",
18000,ExternalCA4,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:18 IST 2019,1005,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=MobileIronClientCA,UID=1560761718120",
18000,ExternalCA5,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:20 IST 2019,1009,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=MobileIronAgentCA,UID=1560761720790",
18000,ExternalCA6,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:22 IST 2019,1013,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=MacOSAgentScriptSignerCA,UID=1560761722353",
18000,ExternalCA7,,,Tue Jun 08 14:20:15 IST 2049,Mon Jun 17 14:20:17 IST 2019,1004,Manual_Revoke,"CN=usureshbabu.mobileiron.dev,OU=iOSMDMCA,UID=1560761717820",
Get list of manually revoked certificates for specific date
This call returns a Comma Separated Value (CSV) file containing a list of manually revoked certificates for a specific date.
Required Permissions
This call requires tenant admin credentials.
HTTP Method
GET
Request URI
/api/v1/ca/getCertStatusOnDate/?format=csv&manuallyRevokeDate=dd-mm-yyyy
Request Parameters
|
Parameter |
Argument Type |
Description |
Example Value |
|---|---|---|---|
|
format |
Query |
Required Data Type: String Specifies the format of the return list. Use csv. |
csv |
|
manuallyRevokeDate |
Query |
Required Data Type: String The certificate authority name. You can find this name in the Ivanti Neurons for MDM user interface by selecting Admin > Certificate Authority and selecting a name from the Name column of the Certificate Authority table. |
09-12-2021 |
Example Request
curl --location --request GET 'https://[Ivanti Neurons for MDM]/api/v1/ca/getCertStatusOnDate/?format=csv&manuallyRevokeDate=09-12-2021' \ --header 'Authorization: Basic <token>'
Response
Returns a CSV file with list of manually revoked certificates for specific date.
Example Response
caID,caName,certHash,mdmChannelId,notAfter,notBefore,serialNumber,storeState,subject,usageType
32144,ExternalCAH,,,Fri Dec 08 10:14:47 UTC 2023,Wed Dec 08 10:14:47 UTC 2021,xxxx23856034564930745351291156834644115064648,Manual_Revoke,CN=externaledited,
32144,ExternalCAH,,,Fri Dec 08 10:09:43 UTC 2023,Wed Dec 08 10:09:43 UTC 2021,xxxx23856023995127432786986335255338386720582,Manual_Revoke,CN=external,
Upload User-Provided Certificates
Use this call to upload multiple user-provided certificates by specifying certificate enrollment IDs and usernames, and providing the certificate payloads (p12) and passwords for the certificate private key. You can quickly configure user-provided certificates for multiple users without requiring each user to upload certificates using the self-service user portal, improving security by reducing the use of username and password.
Authentication
This call requires tenant admin credentials.
HTTP Method
POST
Request URI
api/v1/user_provided
Request Parameters
|
Parameter |
Argument Type |
Description |
Example Value |
|---|---|---|---|
|
certData |
Request body |
Multipart P12 file. |
@smes.p12 |
|
password |
Request body |
Password of the P12 file being uploaded. |
123456 |
|
accountUid |
Request body |
Account uid of the end user for which the certificate is being uploaded. |
|
|
policyId |
Request body |
Identity Certificate UP policy id for which the user provided certificate is uploaded. |
35037 |
Example Request
curl -X POST https://[Ivanti Neurons for MDM]/api/v1/user_provided -H 'authorization: Basic <token>' -H 'cache-control: no-cache' -H 'content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW' -F password=123456 -F [email protected] -F policyId=35037 -F [email protected]
Response
{
"errors": null,
"result": true
}
Delete User-Provided Certificates in Bulk Using CSV File
Use this call along with an uploaded CSV file to to automate the deletion of private keys and passwords for user-provided certificate packages that have been stored on the system for individual users and for groups of users.
Authentication
This call requires tenant admin credentials.
HTTP Method
DELETE
Request URI
/api/v1/user_provided/clearPrivateKey/csv
Request Parameters
|
Parameter |
Argument Type |
Description |
Example Value |
|---|---|---|---|
|
csv-data |
Request body |
Identifies the CSV file to upload with the request. See CSV File Format for more information. |
@test.csv |
CSV File Format
certificateIds
for example:
certificateIds
3
7
10
13
This CSV file would delete certificates with the IDs 3, 7, 10, and 13. Do not include more than 1000 IDs per CSV file.
Example Request
curl -X DELETE \ https://[Ivanti Neurons for MDM]/api/v1/user_provided/clearPrivateKey/csv \ -H 'authorization: Basic <token>' \ -H 'content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW' \ -F [email protected]
Example responses
When the key is cleared:
{ "errors": null, "result": { "numberOfPrivateKeysCleared": 1, "invalidCertificateIds": [ ] } }
When there is an invalid key:
{ "errors": null, "result": { "numberOfPrivateKeysCleared": 0, "invalidCertificateIds": [ 3 ] } }
When there is both:
{ "errors": null, "result": { "numberOfPrivateKeysCleared": 6, "invalidCertificateIds": [ 3 ] } }
When key is already cleared:
{ "errors": null, "result": { "numberOfPrivateKeysCleared": 0, "invalidCertificateIds": [ 3 ] } }
When the cert count is more than 1000:
{ "errors": { "globalErrors": [ { "code": "CERT-114", "message": "Clear private key request size for certificates exceeds configured limit : 1,000 " } ], "fieldErrors": null }, "result": null }
When the file is invalid format:
{ "errors": { "globalErrors": [ { "code": "CSV-100", "message": "The uploaded CSV File is invalid." } ], "fieldErrors": null }, "result": null }
Delete User-Provided Certificates in Bulk Using Using Account and Policy
Use this call to automate the deletion of private keys and passwords for user-provided certificate packages that have been stored on the system for individual users and for groups of users.
Authentication
This call requires tenant admin credentials.
HTTP Method
DELETE
Request URI
/api/v1/user_provided/clearPrivateKey/csv
Request Parameters
|
Parameter |
Argument Type |
Description |
Example Value |
|---|---|---|---|
|
accountId |
Request body |
The accountID of the user whose certificates to delete. |
10200 |
|
userProvidedCertificatePolicyIds |
Request body |
The Identity Certificate UP policy ids of the certificates to delete. Use a comma separated list to delete multiple certificates. |
35497 |
Example Request
curl -X DELETE \ https://[Ivanti Neurons for MDM]/api/v1/user_provided/clearPrivateKey \ -H 'authorization: Basic <token>' \ -H 'content-type: application/json' \ -d '{"accountAndUPPolicyWrappers":[{"accountId":10200,"userProvidedCertificatePolicyIds":[35497]}]}'
Example responses
When call is successful:
{ "errors": null, "result": { "numberOfPrivateKeysCleared": 5, "invalidAccountIds": [ ], "invalidIdentityCertificateUPPolicyIds": [ ] } }
When account ids and policy ids are invalid:
{ "errors": null, "result": { "numberOfPrivateKeysCleared": 0, "invalidAccountIds": [ 10200 ], "invalidIdentityCertificateUPPolicyIds": [ 35497 ] } }
When the key is already cleared :
{ "errors": { "globalErrors": [ { "code": "KSF-101", "message": "Unable to open PKCS12 keystore. File format is not valid." } ], "fieldErrors": null }, "result": null }
When there are invalid policy ids :
{ "errors": { "globalErrors": null, "fieldErrors": [ { "code": "HTTP-400-3", "message": "Invalid account and(or) policies specified.", "field": "accountAndUPPolicyWrappers" } ] }, "result": null }