Certificate Management

Export certificate details to a CSV file

Export Certificate Details to CSV: Certificate details export involves several API calls:

Initiate the processing of certificate details to be exported:
GET api/v2/certificates/search_export

Get status of the export process:
GET api/v2/certificates/search_export_status

Download the CSV file:
GET api/v2/certificates/search_download_csv

Initiate the processing of certificate details to be exported

Initiates processing certificate details to query.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Roles

Category: Logs and Events Management

Role Description: Manage certificates, View certificates

HTTP method

POST

Request URI

api/v2/certificates/search_export

Request parameters

Parameter

Description

Sample Value

adminDeviceSpaceId

Required

Parameter Type: Body

Data Type: Number

Device space ID of the administrator.

1

ceSettingName

Required

Parameter Type: Request body

Data Type: String

Certificate enrollment configuration name.

LccalCE

certificateStatus

Required

Parameter Type: Request body

Data Type: String

Status of the target certificate.

Can be one of:

ACTIVE

EXPIRED

PENDING_REVOCATION

MANUAL_REVOCATION_REQUIRED

REVOKED

SENT

WAITING_SEND

GENERATING

HIGH_GENERATING

ACTIVE

userId

Parameter Type: Request body

Data Type: String

User ID associated with the target certificates.

 

deviceUUID

Parameter Type: Request body

Data Type: String

Device uuid associated with the target certificates.

5f1db255-8d3d-4943-8bab-d556cacce855

expiresAfter

Parameter Type: Request body

Data Type: Date

Gets certificates that are going to expire after this date.

The values are expressed milliseconds since Unix epoch time.

Example:

1785823788000 is epoch time for Tue, 04

expiresBefore

Parameter Type: Request body

Data Type: Date

Gets certificates that are going to expire before this date.

The values are expressed milliseconds since Unix epoch time.

Example:

1785823788000 is epoch time for Tue, 04

Response fields

Field

Description

exportStatusPollUrl

URL to get status of the search export.

csvDownloadUrl

URL to download the CSV file.

messages

Container for messages.

    type

Message type.

    messageKey

Message key.

    localizedMessage

Localized message with parameters resolved.

    messageParameters

 

Sample Request

curl -k -sS -u <userName>:<password> -XPOST -H "Content-Type: application/json" -d '{"adminDeviceSpaceId":"1","ceSettingName":"LocalCE","certificateStatus":"ACTIVE"}' 'https://[Ivanti EPMM]/api/v2/certificates/search_export'

Sample Responses

Success:

{

    "results": {

        "exportStatusPollUrl": "/api/v2/certificates/search_export_status",

        "csvDownloadUrl": "/api/v2/certificates/search_download_csv"

    },

    "messages": [

        {

            "type": "Info",

            "messageKey": "com.mobileiron.vsp.rest.controllers.CertificateManagementController.Messages.PROCESS_INITIATED",

            "localizedMessage": "Certificate details export process initiated successfully",

            "messageParameters": [ ]

        }

    ]

}

If the process is already initiated:

{

    "messages": [

        {

            "type": "Info",

            "messageKey": "com.mobileiron.vsp.rest.controllers.CertificateManagementController.Messages.PROCESS_INITIATED",

            "localizedMessage": "Certificate details export is already progress. It might be issued by a different user",

            "messageParameters": [ ]

        }

    ]

}

Get status of the export process

This call gets the status of the certificate details export process.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Roles

Category: Logs and Events Management

Role Description: Manage certificates, view certificates

Category: Device Management

Role Description: View dashboard, device page, device details

HTTP method

GET

Request URI

api/v2/certificates/search_export_status

Request parameters

Parameter

Description

Sample Value

adminDeviceSpaceId

Required

Parameter Type: Query

Data Type: Number

Device space ID of the administrator.

1

Response fields

Field

Description

Results

Container for results.

 

Boolean value that indicates whether the audit logs processing is progressing or not.

 

Audit Logs processing status/progress message.

"success" - If the processing is completed successfully.

"fail" - If the processing failed due to server error.

 

Path to the CSV file.

isExportStatusAvailable

Is the export progress status available.

Sample Request

curl -sS -k -u <userName>:<password> -G https://[Ivanti EPMM]/api/v2/certificates/
search_export_status?adminDeviceSpaceId=1

Sample Response

{

"results":{"isRunning":false,

"exportStatusMsg":"success",

"csvFileName":"/mi/tomcat/temp/certificates-5007291726810485269.csv",

"isExportStatusAvailable":true,"initiatedAt":1461110928255}

}

Download the CSV file

This call downloads the CSV file.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Roles

Category: Logs and Events Management

Role Description: Manage certificates, View certificates

Category: Device Management

Role Description: View dashboard, device page, device details

HTTP method

GET

Request URI

api/v2/certificates/search_download_csv

Request parameters

Parameter

Description

Sample Value

adminDeviceSpaceId

Required

Parameter Type: Query

Data Type: Number

Device space ID of the administrator.

1

Sample Request

curl -o output.csv -k -sS -u <userName>:<password> -XGET -H "Content-Type: text/csv" 'https://[Ivanti EPMM]/api/v2/certificates/search_download_csv?adminDeviceSpaceId=1'

Search/Retrieve certificate details

This call returns a list of certificate details.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Roles

Category: Logs and Events Management

Role Description: Manage certificates, View certificates

Category: Device Management

Role Description: View dashboard, device page, device details

HTTP method

GET

Request URI

api/v2/certificates/search

Request parameters

 

Parameter

Description

Sample Value

adminDeviceSpaceId

Required

Parameter Type: Request body

Data Type: Number

Device space ID of the administrator.

1

ceSettingName

Required

Parameter Type: Request body

Data Type: String

This is the certificate enrollment configuration name.

LocalICE

certificateStatus

Parameter Type: Request body

Data Type: String

Status of the target certificate.

Can be one of:

ACTIVE

EXPIRED

PENDING_REVOCATION

MANUAL_REVOCATION_REQUIRED

REVOKED

SENT

WAITING_SEND

GENERATING

HIGH_GENERATING

ACTIVE

userId

Parameter Type: Request body

Data Type: String

User ID associated with the target certificates.

 

deviceUUID

Parameter Type: Request body

Data Type: String

Device uuid associated with the target certificates.

5f1db255-8d3d-4943-8bab-d556cacce855

expiresAfter

Parameter Type: Request body

Data Type: Date

Gets certificates that are going to expire after this date.

The values are expressed milliseconds since Unix epoch time.

Example:

1785823788000 is epoch time for Tue, 04

expiresBefore

Parameter Type: Request body

Data Type: Date

Gets certificates that are going to expire before this date.

The values are expressed milliseconds since Unix epoch time.

Example:

1785823788000 is epoch time for Tue, 04

Response fields

Field

Description

results

An array of certificate objects.

    id

 

    serialNumber

 

    type

 

    trash

 

    expiredAt

 

    createdAt

 

    userId

 

    deviceId

 

    deviceUuid

 

    localCAId

 

    ceSettingName

 

    certificateStatus

 

    ceId

 

    consumerAppSettings

 

messages

Container for messages.

    type

Message type.

    messageKey

Message key.

    localizedMessage

Localized message with parameters resolved.

    messageParameters

 

resultCount

The number of entries that are being returned.

Sample request and response

Request

curl -k -sS -u userName>:<password> -XPOST -H "Content-Type: application/json"  -d '{"adminDeviceSpaceId":1",ceSettingName":"LocalCE","certificateStatus":"ACTIVE"}' 'https://[Ivanti EPMM]/api/v2/certificates/search'

Response

{

    "results": [

        {

            "id": 2,

            "serialNumber": 102,

            "type": "Centralized",

            "trash": true,

            "expiredAt": "2017-04-18",

            "createdAt": "2016-04-18",

            "userId": 9002,

            "deviceId": 1,

            "deviceUUid": null,

            "localCAId": 3,

            "ceSettingName": "LocalCE",

            "certificateStatus": "ACTIVE",

            "ceId": 8,

            "consumerAppSettings": [

                8

            ]

        },

...

    ],

    "messages": [

        {

            "type": "Info",

            "messageKey": "com.mobileiron.vsp.rest.controllers.CertificateManagementController.Messages.SUCCESS",

            "localizedMessage": "Certificates successfully retrieved",

            "messageParameters": [ ]

        }

    ],

    "resultCount": 6

}

Managing user certificates

You use the following calls to:

Upload user-provided certificates

Delete user-provided certificates

Get list of user provided certificate enrollment ID information with associated certificate details

Get list of all user provided certificate enrollment IDs' information with associated certificate details.

Error checking and validation

Ivanti EPMM will display an error message warning when a configuration is created without a private key password for configurations used by iOS_MDM_OTA, Android for Work and Windows. These configurations require a private key password and will not work without one.

Ivanti EPMM verifies the file type of user-provided certificates, generates an error message popup and does not save the file if it is not a valid PKCS#12.

Ivanti EPMM verifies if the supplied Certificate Enrollment ID (CEid) is a valid user provided configuration and generates an error message if it is not.

Ivanti EPMM verifies if the supplied userId is a valid user principal and generates an error message if it is not.

Ivanti EPMM will display an error message with response code 410 if the V1 API for managing user-provided certificates is used.

Upload user-provided certificate

Use this call to upload a user-provided certificate.

Note: Only upload version 3 and above certificates. If you upload version 2 or below certificates, then you may encounter issues when using Ivanti EPMM. User-provided certificates can only contain one private key. Uploaded PKCS#12 files containing more than one private key are not supported and will not work. You must repackage these certificates so the PKCS#12 file contains only one private key used to generate the certificate for the intended use.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Role

Category: User Management

Role Description: Manage user

HTTP method

POST

Request URI

/api/v2/configuration/CE/USER_PROVIDED/{CEid}/uploadCertificate

Request parameters

Parameter

Description

Sample Value

CEid

Required

Parameter Type: Query path

Data Type: String

Internal certificate ID

To find the value for CEid, use the call, Get CE configuration information.

10

file

Required

Parameter Type: Request payload

Data Type: Multi-part file

The location of the certificate p12 file

@//Users/patluri/Downloads/MIQAMDMProduction.p12

principal

Required

Parameter Type: Request payload

Data Type: String

Username of the certificate owner

See the note below about usernames containing special characters.

-F principal='theadmin'

password

Required

Parameter Type: Request payload

Data Type: Form-encoded string.

Password for the user-provided certificate. Optional if you are not unloading a user-provided certificate.

-F password='xyzsdmobile'

Response fields

Field

Description

messages

Container for messages.

    type

Message type.

    messageKey

Message key.

    localizedMessage

Localized message with parameters resolved.

Sample Request

curl -sS -v -k -u miadmin:Mi4man11 'https://[Ivanti EPMM]/api/v2/configuration/CE/USER_PROVIDED/10/uploadCertificate' -X POST -F [email protected]//Users/patluri/Downloads/MIQAMDMProduction.p12 -F password='xyzsdmobile' -F principal='theadmin'

Sample Response

{
    "messages": [
        {
            "type": "Info",
            "messageKey": "com.mobileiron.vsp.rest.controllers.UserProvidedCertificatesControllerV2.Messages.SUCCESS_UPLOAD",
            "localizedMessage": "Certificate successfully uploaded."
        }
    ]
}

Delete user-provided certificates

Use this call to delete a user-provided certificate.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Role

Category: User Management

Role Description: Manage user

HTTP method

POST

Request URI

api/v2/configuration/CE/USER_PROVIDED/{CEid}/deleteCertificate

Request parameters

Parameter

Description

Sample Value

CEid

Required

Parameter Type: Query path

Data Type: String

Internal certificate ID.

10

userId

Required

Parameter Type: Request payload

Data Type: String

Username of the certificate owner.

d '{"userId": "theadmin"}

Response fields

Field

Description

    type

Message type.

    messageKey

Message key.

    localizedMessage

Localized message with parameters resolved.

Sample Request

curl -k -sS -u <username>:<password> -XPOST -H "Content-Type: application/json" 'https://[Ivanti EPMM]/api/v2/configuration/CE/USER_PROVIDED/10/deleteCertificate' -d '{"userId": "theadmin"}'

Sample Response

{
    "messages": [
        {
            "type": "Info",
            "messageKey": "com.mobileiron.vsp.rest.controllers.UserProvidedCertificatesControllerV2.Messages.SUCCESS_DELETE_PRIVATE_KEY",
            "localizedMessage": "Successfully deleted private key from certificate."
        }
    ]
}

Get list of user provided certificate enrollment ID information with associated certificate details

This call gets a list of user provided certificate enrollment ID information with associated certificate details.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Role

Category: User Management

Role Description: Manage user

HTTP method

POST

Request URI

api/v2/configuration/CE/USER_PROVIDED/{CEid}/getCertificate

Request parameters

Parameter

Description

Sample Value

CEid

Required

Parameter Type: Query path

Data Type: String

Internal certificate ID.

10

usernId

Required

Parameter Type: Request payload

Data Type: String

Username of the certificate owner.

-d '{"userId": "theadmin"}'

Response fields

Field

Description

results

Container for results. Results are an array of the fields shown in the sample response below.

messages

Container for messages.

    type

Message type.

    messageKey

Message key.

    localizedMessage

Localized message with parameters resolved.

Sample Request

curl -k -sS -u <username>:<password> -XPOST -H "Content-Type: application/json" 'https://[Ivanti EPMM]/api/v2/configuration/CE/USER_PROVIDED/10/getCertificate' -d '{"userId": "theadmin"}'

Sample Response

{

    "results": {

        "id": null,

        "version": "3",

        "serialNumber": "xxx4493327816883622",

        "signatureAlgorithm": "SHA256WITHRSA",

        "issuer": "C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Application Integration 2 Certification Authority",

        "notBefore": 1573162384000,

        "notAfter": 1604698384000,

        "subject": "C=US, CN=APSP:9c3811ce-0ff0-4272-be0b-2df8f1f85bb5, UID=com.apple.mgmt.External.9c3811ce-0ff0-4272-be0b-2df8f1f85bb5",

        "subjectAltNames": null,

        "cert": null,

        "certType": null,

        "alias": null,

        "certData": null,

        "createdAt": null,

        "modifiedAt": null,

        "commonName": "APSP:xxx811ce-0ff0-4272-be0b-2df8f1f85bb5",

        "iPhoneUID": null,

        "iPhoneDevelopmentAPNSCert": false,

        "identity": false,

        "validTimeLine": false

    },

    "messages": [

        {

            "type": "Info",

            "messageKey": "com.mobileiron.vsp.rest.controllers.UserProvidedCertificatesControllerV2.Messages.SUCCESS_GET_CERTIFICATE",

            "localizedMessage": "Certificate successfully retrieved."

        }

    ]

}

Get list of all user provided certificate enrollment IDs' information with associated certificate details.

This call gets a list of all user provided certificate enrollment IDs information with associated certificate details.

Required Roles

You need to have access to the User Portal for this call.

 

 

HTTP method

POST

Request URI

api/v2/configuration/CE/USER_PROVIDED/all/getAllUserProvidedCertificateDetails

Request parameters

Parameter

Description

Sample Value

userId

Required

Parameter Type: Request payload

Data Type: String

Username of the certificate owner.

-d '{"userId": "theadmin"}'

Response fields

Field

Description

results

Container for results. Results are an array of the fields shown in the sample response below.

messages

Container for messages.

    type

Message type.

    messageKey

Message key.

    localizedMessage

Localized message with parameters resolved.

Sample Request

curl -k -sS -u <username>:<password> -XPOST -H "Content-Type: application/json" 'https://[Ivanti EPMM]/api/v2/configuration/CE/USER_PROVIDED/all/getAllUserProvidedCertificateDetails' -d '{"userId": "theadmin"}'

Sample Response

{

  "results": [

    {

      "ceId": 10,

      "certificateId": 11,

      "requirePassword": true,

      "displayName": "testUserProv",

      "certificateExpirationDate": 1604698384000,

      "certificateUploadedDate": 1577964355000,

      "isPkcs12": true

    }

  ],

  "messages": [

    {

      "type": "Info",

      "messageKey": "com.mobileiron.vsp.rest.controllers.UserProvidedCertificatesControllerV2.Messages.SUCCESS_GET_CE_DETAILS",

      "localizedMessage": "User provided certificate enrollment details successfully retrieved."

    }

  ]

}

Revoke certificates belonging to external certificate enrollment

Revoking certificates involves the following calls:

Determine if certificate revocation is in progress
GET api/v2/certificateCheckJob/attemptRevokeForPendingRevocation/status

Revoke certificates
POST api/v2/certificateCheckJob/attemptRevokeForPendingRevocation

Determine if certificate revocation is in progress

This call returns information about whether certificate revocation is already in progress.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Roles

Category: Logs and Events Management

Role Description: Manage certificates, View certificates

HTTP method

GET

Request URI

api/v2/certificateCheckJob/attemptRevokeForPendingRevocation/status

Sample request

curl -k -sS -u <username>:<password> -XGET 'https://[Ivanti EPMM]/api/v2/certificateCheckJob/attemptRevokeForPendingRevocation/status

Sample responses

Pending revocation certs are not being processed.

 

Pending revocation certs are being processed. Total duration so far 76 Seconds

Revoke certificates

This calls attempts to revoke certificates belonging to external certificate enrollment.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Roles

Category: Logs and Events Management

Role Description: Manage certificates, View certificates

HTTP method

POST

Request URI

api/v2/certificateCheckJob/attemptRevokeForPendingRevocation

Response fields

Field

Description

messages

Container for response.

    type

Message type.

    messageKey

Message key.

    localizedMessage

Localized message with parameters resolved.

Sample Request

curl -k -sS -u <username>:<password> -XPOST 'https://[Ivanti EPMM]e/api/v2/certificateCheckJob/attemptRevokeForPendingRevocation'

Sample Response

{

    "messages": [

        {

            "type": "Info",

            "messageKey": "com.mobileiron.vsp.messages.http.200",

            "localizedMessage": "Success"

        }

    ]

}

Get SCEP configuration information

This call gets SCEP configuration information for the provided sub-type.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Role

Category: User Management

Role Description: Manage user

HTTP method

GET

Request URI

api/v2/configuration/SCEP/{appsubtype}/summary

Request parameters

Parameter

Description

Sample Value

appsubtype

Required

Parameter Type: Path

Data Type: String

The sub-type about which to fetch information.

Can be:

BLUE_COAT

CLIENT_PROVIDED

USER_PROVIDED

ENTRUST

GLOBAL_SIGN,LOCAL

OPEN_TRUST

SCEP,SINGLE_FILE_IDENTITY

SYMANTEC_MANAGED_PKI

SYMANTEC_WS_MANAGED_PKI

USER_PROVIDED

Response fields

Field

Description

results

 

    name

 

    value

 

    appType

 

    appSubType

 

    rowType

 

resultCount

 

Sample request

curl -k -sS -u <username>:<password> -XGET 'https://[Ivanti EPMM]/api/v2/configuration/SCEP/USER_PROVIDED/summary'

Sample response

{"results":

    [{

        "name":"user-provided",

        "value":"10",

        "appType":"SCEP",

        "appSubType":"USER_PROVIDED",

        "rowType":"ADMIN"

    }],

"resultCount":1

}

Change SCEP challenge password

This call changes the SCEP configuration challenge password.

Required roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Roles

Category: Configuration Management

Role Description: Manage configuration, View configuration

HTTP method

POST

Request URI

api/v2/configuration/SCEP/SCEP/{id}/challenge

Request parameters

Parameter

Description

Sample Value

id

Required

Parameter Type: Path

Data Type: Number

The id of the SCEP configuration whose challenge password to change.

1

-d

Required

Parameter Type: Request body

Data Type: String

The new password.

123hjk

Sample request

curl -k -sS -i -u <username>:<password> -H "Content-Type: text/plain" -XPOST 'https://[Ivanti EPMM]/api/v2/configuration/SCEP/SCEP/1/challenge' -d "123hjk"

Verify Ivanti EPMM/SCEP Connectivity

This call verifies Ivanti EPMM/SCEP connectivity by retrieving a test certificate for an Identity Certificate configuration.

Required roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Roles

Category: Configuration Management

Role Description: Manage configuration, View configuration

HTTP method

GET

Request URI

api/v2/configuration/CE/issue_test_certificate

Request parameters

Parameter

Description

Sample Value

adminDeviceSpaceId

Required

Parameter Type: Query

Data Type: Number

Device space ID of the administrator.

1

ceConfigName

Required

Parameter Type: Query

Data Type: String

Name of the Identity Certificate configuration for which to fetch the certificate.

Test Scep

email

Optional

Parameter Type: Query

Data Type: String

Email address to use as the subject of the certificate rather than the default value of [email protected]

[email protected]

Sample request

curl -u username:password --location --request GET 'https://[Ivanti EPMM]/api/v2/configuration/CE/[email protected]&adminDeviceSpaceId=1&ceConfigName=Test Scep'

Sample response

{ "results": { "certificate": " [0] Version: 3 SerialNumber: 101 IssuerDN: CN=LOCAL CA Start Date: Wed Feb 16 05:50:05 UTC 2022 Final Date: Fri Feb 17 05:50:05 UTC 2023 SubjectDN: OU=appSetting:[CONSUMER_UUID], [email protected] Public Key: RSA Public Key [xx:xx:0c:29:68:08:6c:a9:9c:07:12:ba:10:ba:5c:6c:36:bc:aa:a3],[56:66:d1:a4] modulus: xxxxx3a59de98137ff762d79d2d704434debc57ba428abd4e137bc0cd1f2f14e0b8de27e89daa242bb3c395b453392195ba4210ea88a7c7c8b501f65dc8f68d5e2f75350656da49b624ce169e7e067d886b49fb70d69825dadfe43f489f2f5344954f90097b9fc2c1708c4c9859806fb6a9637495a911172e244ec2aa4a3897534a61c0323a96d365f5e95b742c9119e6bb1081a086b1f29ecb2aea91987326a4b9b1faeb9ee15767ebe4afc70021545060ef08f4e6febb638a6750d828577999bd6f56b283cd7926304d6828442ae312fe2b8b579a7a14849a1065f7297efff5cb0cbb99d6910f2e648e4212123cb872afef3ac412505f9307136f1690c581d public exponent: 10001 Signature Algorithm: SHA384WITHRSA Signature: xxxxx9455327837fc0587d6cadd85c6973aec817 550013c4afcfbd343874142c1128ec87ed936ad1 0cc5cade6767d5a25ef164d9992c68cc6c981c86 4a689efe43db09e51b4e7a8ab01d6e71c6065256 9228749be091f9950b74b9cb502890c8ae1c6f50 0be04d0986f9aafea016b17423d54fbdda0d7725 f5b54dc1aedc3100bcd0ddec9654a0edc8b10bca a1d4f330b4ce6c4c514f0d6bff77608a37082e89 9c6594555003fe54b755a7a20f13b1ebda7ff0ce 77ed58372c02de3bbb0db17f52c56e72c7067803 017fcd91063d6388e1e4d925dd92dec3c2333741 bc579ad3fe5a95a1081fad4e3f57696259f8b574 6b21411e090c1ef9f67e42b14b0c811b6927e579 3c4c83b386d3158cc0ad67b271c19abcda7539af edcf91c71eb72a7c9ac706aee39d7c5b3b04e142 2c1f321be8bd51595438f51fa1cac2db01da6db2 dedaa79623184f6694851397cd42eb46aa257e92 043f52f29450d92e0a92434f1baa8c374d9b58f5 b162d8e5d113ddbfbfd004c524b246317b431789 d4161a62 Extensions: critical(false) 2.5.29.35 value = Sequence Tagged [0] IMPLICIT DER Octet String[20] Tagged [1] Tagged [4] DER Sequence DER Set DER Sequence ObjectIdentifier(2.5.4.3) UTF8String(LOCAL CA) Tagged [2] IMPLICIT DER Octet String[8] critical(false) 2.5.29.14 value = DER Octet String[20] critical(true) BasicConstraints: isCa(false) critical(true) 2.5.29.37 value = Sequence ObjectIdentifier(1.3.6.1.5.5.7.3.2) critical(true) KeyUsage: 0xa0 critical(false) 2.5.29.31 value = Sequence Sequence Tagged [0] Tagged [0] Tagged [6] IMPLICIT DER Octet String[56] critical(false) 1.3.6.1.5.5.7.1.1 value = Sequence Sequence ObjectIdentifier(1.3.6.1.5.5.7.48.2) Tagged [6] IMPLICIT DER Octet String[56] ", "pem": "-----BEGIN CERTIFICATE----- MIIElxxxxx6gAwIBAgIBZTANBgkqhkiG9w0BAQwFADATMREwDwYDVQQDDAhMT0NB TCBDQTAeFw0yMjAyMTYwNTUwMDVaFw0yMzAyMTcwNTUwMDVaMEgxITAfBgNVBAMM GHRlc3R1c2VyQHlvdXJjb21wYW55LmNvbTEjMCEGA1UECwwaYXBwU2V0dGluZzpb Q09OU1VNRVJfVVVJRF0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9 glOlnemBN/92LXnS1wRDTevFe6Qoq9ThN7wM0fLxTguN4n6J2qJCuzw5W0Uzkhlb pCEOqIp8fItQH2Xcj2jV4vdTUGVtpJtiTOFp5+Bn2Ia0n7cNaYJdrf5D9Iny9TRJ VPkAl7n8LBcIxMmFmAb7apY3SVqREXLiROwqpKOJdTSmHAMjqW02X16Vt0LJEZ5r sQgaCGsfKeyyrqkZhzJqS5sfrrnuFXZ+vkr8cAIVRQYO8I9Ob+u2OKZ1DYKFd5mb 1vVrKDzXkmME1oKEQq4xL+K4tXmnoUhJoQZfcpfv/1ywy7mdaRDy5kjkISEjy4cq /vOsQSUF+TBxNvFpDFgdAgMBAAGjggE+MIIBOjBCBgNVHSMEOzA5gBSd8wHqH7wS k4tFRjDRqpDNrr2Z8aEXpBUwEzERMA8GA1UEAwwITE9DQUwgQ0GCCE1EMNOHwldZ MB0GA1UdDgQWBBRZSv2PG8Ox7Yiej4P3yNmJg5K2gjAMBgNVHRMBAf8EAjAAMBYG A1UdJQEB/wQMMAoGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDBJBgNVHR8EQjBA MD6gPKA6hjhodHRwOi8vZWFwcDQ2NS5hdXRvLm1vYmlsZWlyb24uY29tOjgwODAv bWlmcy9jYS81L2NhLmNybDBUBggrBgEFBQcBAQRIMEYwRAYIKwYBBQUHMAKGOGh0 dHA6Ly9lYXBwNDY1LmF1dG8ubW9iaWxlaXJvbi5jb206ODA4MC9taWZzL2NhLzUv Y2EuY2VyMA0GCSqGSIb3DQEBDAUAA4IBgQCqC5lFUyeDf8BYfWyt2Fxpc67IF1UA E8Svz700OHQULBEo7Iftk2rRDMXK3mdn1aJe8WTZmSxozGyYHIZKaJ7+Q9sJ5RtO eoqwHW5xxgZSVpIodJvgkfmVC3S5y1AokMiuHG9QC+BNCYb5qv6gFrF0I9VPvdoN dyX1tU3BrtwxALzQ3eyWVKDtyLELyqHU8zC0zmxMUU8Na/93YIo3CC6JnGWUVVAD /lS3VaeiDxOx69p/8M537Vg3LALeO7sNsX9SxW5yxwZ4AwF/zZEGPWOI4eTZJd2S 3sPCMzdBvFea0/5alaEIH61OP1dpYln4tXRrIUEeCQwe+fZ+QrFLDIEbaSfleTxM g7OG0xWMwK1nsnHBmrzadTmv7c+Rxx63Knyaxwau4518WzsE4UIsHzIb6L1RWVQ4 9R+hysLbAdptst7ap5YjGE9mlIUTl81C60aqJX6SBD9S8pRQ2S4KkkNPG6qMN02b WPWxYtjl0RPdv7/QBMUkskYxe0MXidQWGmI= -----END CERTIFICATE-----" }, "messages": [ { "type": "Info", "messageKey": "com.mobileiron.vsp.messages.certificates.issue.test.certificate.success", "localizedMessage": "Successfully issued a test certificate for the provided configuration." } ] }

Get CE configuration information

This call gets Certificate Enrollment (CE) configuration information for the provided sub-type.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Roles

Category: Logs and Events Management

Role Description: Manage certificates, View certificates

HTTP method

GET

Request URI

api/v2/configurations/CE/{caprotocol}/configurations

Request parameters

Parameter

Description

Sample Value

caprotocol

Required

Parameter Type: Path

Data Type: String

The sub-type about which to fetch information.

Can be:

BLUE_COAT,

CLIENT_PROVIDED,

USER_PROVIDED,

ENTRUST,

GLOBAL_SIGN,LOCAL,

OPEN_TRUST,

SCEP,SINGLE_FILE_IDENTITY,

SYMANTEC_MANAGED_PKI,

SYMANTEC_WS_MANAGED_PKI

USER_PROVIDED

Response fields

Field

Description

results

 

    name

 

    value

 

    appType

 

    appSubType

 

    rowType

 

resultCount

 

Sample request

curl -k -sS -u <username>:<password> -XGET 'https://[Ivanti EPMM]/api/v2/configurations/CE/USER_PROVIDED'

Sample response

{"results":

    [{

        "name":"user-provided",

        "value":"10",

        "appType":"SCEP",

        "appSubType":"USER_PROVIDED",

        "rowType":"ADMIN"

    }],

"resultCount":1

}

Search for users without certificates

This call searches for users without certificates.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Role

Category: User Management

Role Description: Manage user

HTTP method

POST

Request URI

api/v2/configurations/CE/{CEID}/users/withnocerts/search

Request parameters

Parameter

Description

Sample Value

CEID

Required

Parameter Type: Path

Data Type: Number

The id of the certificate enrollment configuration

32

Response fields

Field

Description

results

 

    id

 

    principal

 

    displayName

 

    firstName

 

    lastName

 

    emailAddress

 

messages

 

    type

 

    messageKey

 

    localizedMessage

 

resultCount

 

Sample request

curl -k -sS -u <username>:<password> -XPOST 'https://[Ivanti EPMM]/api/v2/configurations/CE/32/users/withnocerts/search'

Sample response

{

"results":[

            {

                "id":9001,

                "principal":"miadmin",

                "displayName":"miadmin",

                "firstName":null,

                "lastName":null,

                "emailAddress":"[email protected]"

            }

        ],

"messages":[      

            {

                "type":"Info",

                "messageKey":"com.mobileiron.vsp.rest.controllers.UserAndDeviceSummaryController.Messages.SUCCESS_GET_USERS_DETAILS",

                "localizedMessage":"User details successfully retrieved."

            }

        ],

"resultCount":1

}

Export summary for users without certificates

This call exports the summary for users without certificates.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Role

Category: User Management

Role Description: Manage user

HTTP method

POST

Request URI

api/v2/configurations/CE/{CEID}/users/withnocerts/search_export

Request parameters

Parameter

Description

Sample Value

CEID

Required

Parameter Type: Path

Data Type: Number

The id of the certificate enrollment configuration

10

Response fields

Field

Description

results

 

    exportStatusPollUrl

 

    csvDownloadUrl

 

messages

 

    type

 

    messageKey

 

    localizedMessage

 

Sample request

curl -k -sS -u <username>:<password> -XPOST 'https://[Ivanti EPMM]/api/v2/configurations/CE/10/users/withnocerts/search_export'

Sample response

{

    "results": {

        "exportStatusPollUrl": "/api/v2/configurations/CE/9/users/withnocerts/search_export_status",

        "csvDownloadUrl": "/api/v2/configurations/CE/9/users/withnocerts/search_download_csv"

    },

    "messages": [

        {

            "type": "Info",

            "messageKey": "com.mobileiron.vsp.rest.controllers.UserAndDeviceSummaryController.Messages.PROCESS_INITIATED",

            "localizedMessage": "User details export process initiated successfully."

        }

    ]

}

Export status summary for users without certificates

This call exports the status summary for users without certificates.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Role

Category: User Management

Role Description: Manage user

HTTP method

POST

Request URI

api/v2/configurations/CE/{CEID}/users/withnocerts/search_export_status

Request parameters

Parameter

Description

Sample Value

CEID

Required

Parameter Type: Path

Data Type: Number

The id of the certificate enrollment configuration

10

Response fields

Field

Description

results

 

    isRunning

 

    exportStatusMsg

 

    csvFileName

 

    isExportStatusAvailable

 

    initiatedAt

 

Sample request

curl -k -sS -u <username>:<password> -XPOST 'https://[Ivanti EPMM]/api/v2/configurations/CE/10/users/withnocerts/search_export_status'

Sample response

{

    "results": {

        "isRunning": false,

        "exportStatusMsg": "success",

        "csvFileName": "/mi/tomcat/temp/userdetails-3531617505787171123.csv",

        "isExportStatusAvailable": true,

        "initiatedAt": 1503354251055

    }

}

Download summary for users without certificates

This call downloads the user summary for users without certificates.

Required Roles

See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.

 

Required Role

Category: User Management

Role Description: Manage user

HTTP method

GET

Request URI

api/v2/configurations/CE/{CEID}/users/withnocerts/search_download_csv

Request parameters

Parameter

Description

Sample Value

CEID

Required

Parameter Type: Path

Data Type: Number

The id of the certificate enrollment configuration

10

Sample request

curl -o output.csv -k -sS -u <username>:<password> -XGET -H "Content-Type: text/csv" 'https://[Ivanti EPMM]/api/v2/configurations/CE/10/users/withnocerts/search_download_csv'