Certificate Management
Export certificate details to a CSV file
Export Certificate Details to CSV: Certificate details export involves several API calls:
•Initiate the processing of certificate details to be exported:
GET api/v2/certificates/search_export
•Get status of the export process:
GET api/v2/certificates/search_export_status
•Download the CSV file:
GET api/v2/certificates/search_download_csv
Initiate the processing of certificate details to be exported
Initiates processing certificate details to query.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Roles |
|
Category: Logs and Events Management Role Description: Manage certificates, View certificates |
HTTP method
POST
Request URI
api/v2/certificates/search_export
Request parameters
|
Parameter |
Description |
Sample Value |
|
adminDeviceSpaceId |
Required Parameter Type: Body Data Type: Number Device space ID of the administrator. |
1 |
|
ceSettingName |
Required Parameter Type: Request body Data Type: String Certificate enrollment configuration name. |
LccalCE |
|
certificateStatus |
Required Parameter Type: Request body Data Type: String Status of the target certificate. Can be one of: •ACTIVE •EXPIRED •PENDING_REVOCATION •MANUAL_REVOCATION_REQUIRED •REVOKED •SENT •WAITING_SEND •GENERATING •HIGH_GENERATING |
ACTIVE |
|
userId |
Parameter Type: Request body Data Type: String User ID associated with the target certificates. |
|
|
deviceUUID |
Parameter Type: Request body Data Type: String Device uuid associated with the target certificates. |
5f1db255-8d3d-4943-8bab-d556cacce855 |
|
expiresAfter |
Parameter Type: Request body Data Type: Date Gets certificates that are going to expire after this date. |
The values are expressed milliseconds since Unix epoch time. Example: 1785823788000 is epoch time for Tue, 04 |
|
expiresBefore |
Parameter Type: Request body Data Type: Date Gets certificates that are going to expire before this date. |
The values are expressed milliseconds since Unix epoch time. Example: 1785823788000 is epoch time for Tue, 04 |
Response fields
|
Field |
Description |
|
exportStatusPollUrl |
URL to get status of the search export. |
|
csvDownloadUrl |
URL to download the CSV file. |
|
messages |
Container for messages. |
|
type |
Message type. |
|
messageKey |
Message key. |
|
localizedMessage |
Localized message with parameters resolved. |
|
messageParameters |
|
Sample Request
curl -k -sS -u <userName>:<password> -XPOST -H "Content-Type: application/json" -d '{"adminDeviceSpaceId":1,"ceSettingName":"LocalCE","certificateStatus":"ACTIVE"}' 'https://[Ivanti EPMM]/api/v2/certificates/search_export'
Sample Responses
Success:
{
"results": {
"exportStatusPollUrl": "/api/v2/certificates/search_export_status",
"csvDownloadUrl": "/api/v2/certificates/search_download_csv"
},
"messages": [
{
"type": "Info",
"messageKey": "com.mobileiron.vsp.rest.controllers.CertificateManagementController.Messages.PROCESS_INITIATED",
"localizedMessage": "Certificate details export process initiated successfully",
"messageParameters": [ ]
}
]
}
If the process is already initiated:
{
"messages": [
{
"type": "Info",
"messageKey": "com.mobileiron.vsp.rest.controllers.CertificateManagementController.Messages.PROCESS_INITIATED",
"localizedMessage": "Certificate details export is already progress. It might be issued by a different user",
"messageParameters": [ ]
}
]
}
Get status of the export process
This call gets the status of the certificate details export process.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Roles |
|
Category: Logs and Events Management Role Description: Manage certificates, view certificates |
|
Category: Device Management Role Description: View dashboard, device page, device details |
HTTP method
GET
Request URI
api/v2/certificates/search_export_status
Request parameters
|
Parameter |
Description |
Sample Value |
|
adminDeviceSpaceId |
Required Parameter Type: Query Data Type: Number Device space ID of the administrator. |
1 |
Response fields
|
Field |
Description |
|
Results |
Container for results. |
|
Boolean value that indicates whether the audit logs processing is progressing or not. |
|
|
Audit Logs processing status/progress message. "success" - If the processing is completed successfully. "fail" - If the processing failed due to server error. |
|
|
Path to the CSV file. |
|
|
isExportStatusAvailable |
Is the export progress status available. |
Sample Request
curl -sS -k -u <userName>:<password> -G https://[Ivanti EPMM]/api/v2/certificates/
search_export_status?adminDeviceSpaceId=1
Sample Response
{
"results":{"isRunning":false,
"exportStatusMsg":"success",
"csvFileName":"/mi/tomcat/temp/certificates-5007291726810485269.csv",
"isExportStatusAvailable":true,"initiatedAt":1461110928255}
}
Download the CSV file
This call downloads the CSV file.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Roles |
|
Category: Logs and Events Management Role Description: Manage certificates, View certificates |
|
Category: Device Management Role Description: View dashboard, device page, device details |
HTTP method
GET
Request URI
api/v2/certificates/search_download_csv
Request parameters
|
Parameter |
Description |
Sample Value |
|
adminDeviceSpaceId |
Required Parameter Type: Query Data Type: Number Device space ID of the administrator. |
1 |
Sample Request
curl -o output.csv -k -sS -u <userName>:<password> -XGET -H "Content-Type: text/csv" 'https://[Ivanti EPMM]/api/v2/certificates/search_download_csv?adminDeviceSpaceId=1'
Search/Retrieve certificate details
This call returns a list of certificate details.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Roles |
|
Category: Logs and Events Management Role Description: Manage certificates, View certificates |
|
Category: Device Management Role Description: View dashboard, device page, device details |
HTTP method
GET
Request URI
api/v2/certificates/search
Request parameters
|
Parameter |
Description |
Sample Value |
|
adminDeviceSpaceId |
Required Parameter Type: Request body Data Type: Number Device space ID of the administrator. |
1 |
|
ceSettingName |
Required Parameter Type: Request body Data Type: String This is the certificate enrollment configuration name. |
LocalICE |
|
certificateStatus |
Parameter Type: Request body Data Type: String Status of the target certificate. Can be one of: •ACTIVE •EXPIRED •PENDING_REVOCATION •MANUAL_REVOCATION_REQUIRED •REVOKED •SENT •WAITING_SEND •GENERATING •HIGH_GENERATING |
ACTIVE |
|
userId |
Parameter Type: Request body Data Type: String User ID associated with the target certificates. |
|
|
deviceUUID |
Parameter Type: Request body Data Type: String Device uuid associated with the target certificates. |
5f1db255-8d3d-4943-8bab-d556cacce855 |
|
expiresAfter |
Parameter Type: Request body Data Type: Date Gets certificates that are going to expire after this date. |
The values are expressed milliseconds since Unix epoch time. Example: 1785823788000 is epoch time for Tue, 04 |
|
expiresBefore |
Parameter Type: Request body Data Type: Date Gets certificates that are going to expire before this date. |
The values are expressed milliseconds since Unix epoch time. Example: 1785823788000 is epoch time for Tue, 04 |
Response fields
|
Field |
Description |
|
results |
An array of certificate objects. |
|
id |
|
|
serialNumber |
|
|
type |
|
|
trash |
|
|
expiredAt |
|
|
createdAt |
|
|
userId |
|
|
deviceId |
|
|
deviceUuid |
|
|
localCAId |
|
|
ceSettingName |
|
|
certificateStatus |
|
|
ceId |
|
|
consumerAppSettings |
|
|
messages |
Container for messages. |
|
type |
Message type. |
|
messageKey |
Message key. |
|
localizedMessage |
Localized message with parameters resolved. |
|
messageParameters |
|
|
resultCount |
The number of entries that are being returned. |
Sample request and response
Request
curl -k -sS -u userName>:<password> -XPOST -H "Content-Type: application/json" -d '{"adminDeviceSpaceId":1",ceSettingName":"LocalCE","certificateStatus":"ACTIVE"}' 'https://[Ivanti EPMM]/api/v2/certificates/search'
Response
{
"results": [
{
"id": 2,
"serialNumber": 102,
"type": "Centralized",
"trash": true,
"expiredAt": "2017-04-18",
"createdAt": "2016-04-18",
"userId": 9002,
"deviceId": 1,
"deviceUUid": null,
"localCAId": 3,
"ceSettingName": "LocalCE",
"certificateStatus": "ACTIVE",
"ceId": 8,
"consumerAppSettings": [
8
]
},
...
],
"messages": [
{
"type": "Info",
"messageKey": "com.mobileiron.vsp.rest.controllers.CertificateManagementController.Messages.SUCCESS",
"localizedMessage": "Certificates successfully retrieved",
"messageParameters": [ ]
}
],
"resultCount": 6
}
Managing user certificates
You use the following calls to:
•Upload user-provided certificates
•Delete user-provided certificates
•Get list of user provided certificate enrollment ID information with associated certificate details
•Get list of all user provided certificate enrollment IDs' information with associated certificate details.
Error checking and validation
•Ivanti EPMM will display an error message warning when a configuration is created without a private key password for configurations used by iOS_MDM_OTA, Android for Work and Windows. These configurations require a private key password and will not work without one.
•Ivanti EPMM verifies the file type of user-provided certificates, generates an error message popup and does not save the file if it is not a valid PKCS#12.
•Ivanti EPMM verifies if the supplied Certificate Enrollment ID (CEid) is a valid user provided configuration and generates an error message if it is not.
•Ivanti EPMM verifies if the supplied userId is a valid user principal and generates an error message if it is not.
•Ivanti EPMM will display an error message with response code 410 if the V1 API for managing user-provided certificates is used.
Upload user-provided certificate
Use this call to upload a user-provided certificate.
Note: Only upload version 3 and above certificates. If you upload version 2 or below certificates, then you may encounter issues when using Ivanti EPMM. User-provided certificates can only contain one private key. Uploaded PKCS#12 files containing more than one private key are not supported and will not work. You must repackage these certificates so the PKCS#12 file contains only one private key used to generate the certificate for the intended use.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Role |
|
Category: User Management Role Description: Manage user |
HTTP method
POST
Request URI
/api/v2/configuration/CE/USER_PROVIDED/{CEid}/uploadCertificate
Request parameters
|
Parameter |
Description |
Sample Value |
|
CEid |
Required Parameter Type: Query path Data Type: String Internal certificate ID To find the value for CEid, use the call, Get CE configuration information. |
10 |
|
file |
Required Parameter Type: Request payload Data Type: Multi-part file The location of the certificate p12 file |
@//Users/patluri/Downloads/MIQAMDMProduction.p12 |
|
principal |
Required Parameter Type: Request payload Data Type: String Username of the certificate owner See the note below about usernames containing special characters. |
-F principal='theadmin' |
|
password |
Required Parameter Type: Request payload Data Type: Form-encoded string. Password for the user-provided certificate. Optional if you are not unloading a user-provided certificate. |
-F password='xyzsdmobile' |
Response fields
|
Field |
Description |
|
messages |
Container for messages. |
|
type |
Message type. |
|
messageKey |
Message key. |
|
localizedMessage |
Localized message with parameters resolved. |
Sample Request
curl -sS -v -k -u <password> 'https://[Ivanti EPMM]/api/v2/configuration/CE/USER_PROVIDED/10/uploadCertificate' -X POST -F file=@//Users/patluri/Downloads/MIQAMDMProduction.p12 -F password='xyzsdmobile' -F principal='theadmin'
Sample Response
{
"messages": [
{
"type": "Info",
"messageKey": "com.mobileiron.vsp.rest.controllers.UserProvidedCertificatesControllerV2.Messages.SUCCESS_UPLOAD",
"localizedMessage": "Certificate successfully uploaded."
}
]
}
Delete user-provided certificates
Use this call to delete a user-provided certificate.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Role |
|
Category: User Management Role Description: Manage user |
HTTP method
POST
Request URI
api/v2/configuration/CE/USER_PROVIDED/{CEid}/deleteCertificate
Request parameters
|
Parameter |
Description |
Sample Value |
|
CEid |
Required Parameter Type: Query path Data Type: String Internal certificate ID. |
10 |
|
userId |
Required Parameter Type: Request payload Data Type: String Username of the certificate owner. |
d '{"userId": "theadmin"} |
Response fields
|
Field |
Description |
|
type |
Message type. |
|
messageKey |
Message key. |
|
localizedMessage |
Localized message with parameters resolved. |
Sample Request
curl -k -sS -u <username>:<password> -XPOST -H "Content-Type: application/json" 'https://[Ivanti EPMM]/api/v2/configuration/CE/USER_PROVIDED/10/deleteCertificate' -d '{"userId": "theadmin"}'
Sample Response
{
"messages": [
{
"type": "Info",
"messageKey": "com.mobileiron.vsp.rest.controllers.UserProvidedCertificatesControllerV2.Messages.SUCCESS_DELETE_PRIVATE_KEY",
"localizedMessage": "Successfully deleted private key from certificate."
}
]
}
Get list of user provided certificate enrollment ID information with associated certificate details
This call gets a list of user provided certificate enrollment ID information with associated certificate details.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Role |
|
Category: User Management Role Description: Manage user |
HTTP method
POST
Request URI
api/v2/configuration/CE/USER_PROVIDED/{CEid}/getCertificate
Request parameters
|
Parameter |
Description |
Sample Value |
|
CEid |
Required Parameter Type: Query path Data Type: String Internal certificate ID. |
10 |
|
usernId |
Required Parameter Type: Request payload Data Type: String Username of the certificate owner. |
-d '{"userId": "theadmin"}' |
Response fields
|
Field |
Description |
|
results |
Container for results. Results are an array of the fields shown in the sample response below. |
|
messages |
Container for messages. |
|
type |
Message type. |
|
messageKey |
Message key. |
|
localizedMessage |
Localized message with parameters resolved. |
Sample Request
curl -k -sS -u <username>:<password> -XPOST -H "Content-Type: application/json" 'https://[Ivanti EPMM]/api/v2/configuration/CE/USER_PROVIDED/10/getCertificate' -d '{"userId": "theadmin"}'
Sample Response
{
"results": {
"id": null,
"version": "3",
"serialNumber": "xxx4493327816883622",
"signatureAlgorithm": "SHA256WITHRSA",
"issuer": "C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Application Integration 2 Certification Authority",
"notBefore": 1573162384000,
"notAfter": 1604698384000,
"subject": "C=US, CN=APSP:9c3811ce-0ff0-4272-be0b-2df8f1f85bb5, UID=com.apple.mgmt.External.9c3811ce-0ff0-4272-be0b-2df8f1f85bb5",
"subjectAltNames": null,
"cert": null,
"certType": null,
"alias": null,
"certData": null,
"createdAt": null,
"modifiedAt": null,
"commonName": "APSP:xxx811ce-0ff0-4272-be0b-2df8f1f85bb5",
"iPhoneUID": null,
"iPhoneDevelopmentAPNSCert": false,
"identity": false,
"validTimeLine": false
},
"messages": [
{
"type": "Info",
"messageKey": "com.mobileiron.vsp.rest.controllers.UserProvidedCertificatesControllerV2.Messages.SUCCESS_GET_CERTIFICATE",
"localizedMessage": "Certificate successfully retrieved."
}
]
}
Get list of all user provided certificate enrollment IDs' information with associated certificate details.
This call gets a list of all user provided certificate enrollment IDs information with associated certificate details.
Required Roles
You need to have access to the User Portal for this call.
HTTP method
POST
Request URI
api/v2/configuration/CE/USER_PROVIDED/all/getAllUserProvidedCertificateDetails
Request parameters
|
Parameter |
Description |
Sample Value |
|
userId |
Required Parameter Type: Request payload Data Type: String Username of the certificate owner. |
-d '{"userId": "theadmin"}' |
Response fields
|
Field |
Description |
|
results |
Container for results. Results are an array of the fields shown in the sample response below. |
|
messages |
Container for messages. |
|
type |
Message type. |
|
messageKey |
Message key. |
|
localizedMessage |
Localized message with parameters resolved. |
Sample Request
curl -k -sS -u <username>:<password> -XPOST -H "Content-Type: application/json" 'https://[Ivanti EPMM]/api/v2/configuration/CE/USER_PROVIDED/all/getAllUserProvidedCertificateDetails' -d '{"userId": "theadmin"}'
Sample Response
{
"results": [
{
"ceId": 10,
"certificateId": 11,
"requirePassword": true,
"displayName": "testUserProv",
"certificateExpirationDate": 1604698384000,
"certificateUploadedDate": 1577964355000,
"isPkcs12": true
}
],
"messages": [
{
"type": "Info",
"messageKey": "com.mobileiron.vsp.rest.controllers.UserProvidedCertificatesControllerV2.Messages.SUCCESS_GET_CE_DETAILS",
"localizedMessage": "User provided certificate enrollment details successfully retrieved."
}
]
}
Revoke certificates belonging to external certificate enrollment
Revoking certificates involves the following calls:
•Determine if certificate revocation is in progress
GET api/v2/certificateCheckJob/attemptRevokeForPendingRevocation/status
•Revoke certificates
POST api/v2/certificateCheckJob/attemptRevokeForPendingRevocation
Determine if certificate revocation is in progress
This call returns information about whether certificate revocation is already in progress.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Roles |
|
Category: Logs and Events Management Role Description: Manage certificates, View certificates |
HTTP method
GET
Request URI
api/v2/certificateCheckJob/attemptRevokeForPendingRevocation/status
Sample request
curl -k -sS -u <username>:<password> -XGET 'https://[Ivanti EPMM]/api/v2/certificateCheckJob/attemptRevokeForPendingRevocation/status
Sample responses
Pending revocation certs are not being processed.
Pending revocation certs are being processed. Total duration so far 76 Seconds
Revoke certificates
This calls attempts to revoke certificates belonging to external certificate enrollment.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Roles |
|
Category: Logs and Events Management Role Description: Manage certificates, View certificates |
HTTP method
POST
Request URI
api/v2/certificateCheckJob/attemptRevokeForPendingRevocation
Response fields
|
Field |
Description |
|
messages |
Container for response. |
|
type |
Message type. |
|
messageKey |
Message key. |
|
localizedMessage |
Localized message with parameters resolved. |
Sample Request
curl -k -sS -u <username>:<password> -XPOST 'https://[Ivanti EPMM]e/api/v2/certificateCheckJob/attemptRevokeForPendingRevocation'
Sample Response
{
"messages": [
{
"type": "Info",
"messageKey": "com.mobileiron.vsp.messages.http.200",
"localizedMessage": "Success"
}
]
}
Get SCEP configuration information
This call gets SCEP configuration information for the provided sub-type.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Role |
|
Category: User Management Role Description: Manage user |
HTTP method
GET
Request URI
api/v2/configuration/SCEP/{appsubtype}/summary
Request parameters
|
Parameter |
Description |
Sample Value |
|
appsubtype |
Required Parameter Type: Path Data Type: String The sub-type about which to fetch information. Can be: •BLUE_COAT •CLIENT_PROVIDED •USER_PROVIDED •ENTRUST •GLOBAL_SIGN,LOCAL •OPEN_TRUST •SCEP,SINGLE_FILE_IDENTITY •SYMANTEC_MANAGED_PKI •SYMANTEC_WS_MANAGED_PKI |
USER_PROVIDED |
Response fields
|
Field |
Description |
|
results |
|
|
name |
|
|
value |
|
|
appType |
|
|
appSubType |
|
|
rowType |
|
|
resultCount |
|
Sample request
curl -k -sS -u <username>:<password> -XGET 'https://[Ivanti EPMM]/api/v2/configuration/SCEP/USER_PROVIDED/summary'
Sample response
{"results":
[{
"name":"user-provided",
"value":"10",
"appType":"SCEP",
"appSubType":"USER_PROVIDED",
"rowType":"ADMIN"
}],
"resultCount":1
}
Change SCEP challenge password
This call changes the SCEP configuration challenge password.
Required roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Roles |
|
Category: Configuration Management Role Description: Manage configuration, View configuration |
HTTP method
POST
Request URI
api/v2/configuration/SCEP/SCEP/{id}/challenge
Request parameters
|
Parameter |
Description |
Sample Value |
|
id |
Required Parameter Type: Path Data Type: Number The id of the SCEP configuration whose challenge password to change. |
1 |
|
-d |
Required Parameter Type: Request body Data Type: String The new password. |
123hjk |
Sample request
curl -k -sS -i -u <username>:<password> -H "Content-Type: text/plain" -XPOST 'https://[Ivanti EPMM]/api/v2/configuration/SCEP/SCEP/1/challenge' -d "123hjk"
Verify Ivanti EPMM/SCEP Connectivity
This call verifies Ivanti EPMM/SCEP connectivity by retrieving a test certificate for an Identity Certificate configuration.
Required roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Roles |
|
Category: Configuration Management Role Description: Manage configuration, View configuration |
HTTP method
GET
Request URI
api/v2/configuration/CE/issue_test_certificate
Request parameters
|
Parameter |
Description |
Sample Value |
|
adminDeviceSpaceId |
Required Parameter Type: Query Data Type: Number Device space ID of the administrator. |
1 |
|
ceConfigName |
Required Parameter Type: Query Data Type: String Name of the Identity Certificate configuration for which to fetch the certificate. |
Test Scep |
|
|
Optional Parameter Type: Query Data Type: String Email address to use as the subject of the certificate rather than the default value of [email protected]. |
Sample request
curl -u username:password --location --request GET 'https://[Ivanti EPMM]/api/v2/configuration/CE/[email protected]&adminDeviceSpaceId=1&ceConfigName=Test Scep'
Sample response
{ "results": { "certificate": " [0] Version: 3 SerialNumber: 101 IssuerDN: CN=LOCAL CA Start Date: Wed Feb 16 05:50:05 UTC 2022 Final Date: Fri Feb 17 05:50:05 UTC 2023 SubjectDN: OU=appSetting:[CONSUMER_UUID], [email protected] Public Key: RSA Public Key [xx:xx:0c:29:68:08:6c:a9:9c:07:12:ba:10:ba:5c:6c:36:bc:aa:a3],[56:66:d1:a4] modulus: xxxxx3a59de98137ff762d79d2d704434debc57ba428abd4e137bc0cd1f2f14e0b8de27e89daa242bb3c395b453392195ba4210ea88a7c7c8b501f65dc8f68d5e2f75350656da49b624ce169e7e067d886b49fb70d69825dadfe43f489f2f5344954f90097b9fc2c1708c4c9859806fb6a9637495a911172e244ec2aa4a3897534a61c0323a96d365f5e95b742c9119e6bb1081a086b1f29ecb2aea91987326a4b9b1faeb9ee15767ebe4afc70021545060ef08f4e6febb638a6750d828577999bd6f56b283cd7926304d6828442ae312fe2b8b579a7a14849a1065f7297efff5cb0cbb99d6910f2e648e4212123cb872afef3ac412505f9307136f1690c581d public exponent: 10001 Signature Algorithm: SHA384WITHRSA Signature: xxxxx9455327837fc0587d6cadd85c6973aec817 550013c4afcfbd343874142c1128ec87ed936ad1 0cc5cade6767d5a25ef164d9992c68cc6c981c86 4a689efe43db09e51b4e7a8ab01d6e71c6065256 9228749be091f9950b74b9cb502890c8ae1c6f50 0be04d0986f9aafea016b17423d54fbdda0d7725 f5b54dc1aedc3100bcd0ddec9654a0edc8b10bca a1d4f330b4ce6c4c514f0d6bff77608a37082e89 9c6594555003fe54b755a7a20f13b1ebda7ff0ce 77ed58372c02de3bbb0db17f52c56e72c7067803 017fcd91063d6388e1e4d925dd92dec3c2333741 bc579ad3fe5a95a1081fad4e3f57696259f8b574 6b21411e090c1ef9f67e42b14b0c811b6927e579 3c4c83b386d3158cc0ad67b271c19abcda7539af edcf91c71eb72a7c9ac706aee39d7c5b3b04e142 2c1f321be8bd51595438f51fa1cac2db01da6db2 dedaa79623184f6694851397cd42eb46aa257e92 043f52f29450d92e0a92434f1baa8c374d9b58f5 b162d8e5d113ddbfbfd004c524b246317b431789 d4161a62 Extensions: critical(false) 2.5.29.35 value = Sequence Tagged [0] IMPLICIT DER Octet String[20] Tagged [1] Tagged [4] DER Sequence DER Set DER Sequence ObjectIdentifier(2.5.4.3) UTF8String(LOCAL CA) Tagged [2] IMPLICIT DER Octet String[8] critical(false) 2.5.29.14 value = DER Octet String[20] critical(true) BasicConstraints: isCa(false) critical(true) 2.5.29.37 value = Sequence ObjectIdentifier(1.3.6.1.5.5.7.3.2) critical(true) KeyUsage: 0xa0 critical(false) 2.5.29.31 value = Sequence Sequence Tagged [0] Tagged [0] Tagged [6] IMPLICIT DER Octet String[56] critical(false) 1.3.6.1.5.5.7.1.1 value = Sequence Sequence ObjectIdentifier(1.3.6.1.5.5.7.48.2) Tagged [6] IMPLICIT DER Octet String[56] ", "pem": "-----BEGIN CERTIFICATE----- MIIElxxxxx6gAwIBAgIBZTANBgkqhkiG9w0BAQwFADATMREwDwYDVQQDDAhMT0NB TCBDQTAeFw0yMjAyMTYwNTUwMDVaFw0yMzAyMTcwNTUwMDVaMEgxITAfBgNVBAMM GHRlc3R1c2VyQHlvdXJjb21wYW55LmNvbTEjMCEGA1UECwwaYXBwU2V0dGluZzpb Q09OU1VNRVJfVVVJRF0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9 glOlnemBN/92LXnS1wRDTevFe6Qoq9ThN7wM0fLxTguN4n6J2qJCuzw5W0Uzkhlb pCEOqIp8fItQH2Xcj2jV4vdTUGVtpJtiTOFp5+Bn2Ia0n7cNaYJdrf5D9Iny9TRJ VPkAl7n8LBcIxMmFmAb7apY3SVqREXLiROwqpKOJdTSmHAMjqW02X16Vt0LJEZ5r sQgaCGsfKeyyrqkZhzJqS5sfrrnuFXZ+vkr8cAIVRQYO8I9Ob+u2OKZ1DYKFd5mb 1vVrKDzXkmME1oKEQq4xL+K4tXmnoUhJoQZfcpfv/1ywy7mdaRDy5kjkISEjy4cq /vOsQSUF+TBxNvFpDFgdAgMBAAGjggE+MIIBOjBCBgNVHSMEOzA5gBSd8wHqH7wS k4tFRjDRqpDNrr2Z8aEXpBUwEzERMA8GA1UEAwwITE9DQUwgQ0GCCE1EMNOHwldZ MB0GA1UdDgQWBBRZSv2PG8Ox7Yiej4P3yNmJg5K2gjAMBgNVHRMBAf8EAjAAMBYG A1UdJQEB/wQMMAoGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDBJBgNVHR8EQjBA MD6gPKA6hjhodHRwOi8vZWFwcDQ2NS5hdXRvLm1vYmlsZWlyb24uY29tOjgwODAv bWlmcy9jYS81L2NhLmNybDBUBggrBgEFBQcBAQRIMEYwRAYIKwYBBQUHMAKGOGh0 dHA6Ly9lYXBwNDY1LmF1dG8ubW9iaWxlaXJvbi5jb206ODA4MC9taWZzL2NhLzUv Y2EuY2VyMA0GCSqGSIb3DQEBDAUAA4IBgQCqC5lFUyeDf8BYfWyt2Fxpc67IF1UA E8Svz700OHQULBEo7Iftk2rRDMXK3mdn1aJe8WTZmSxozGyYHIZKaJ7+Q9sJ5RtO eoqwHW5xxgZSVpIodJvgkfmVC3S5y1AokMiuHG9QC+BNCYb5qv6gFrF0I9VPvdoN dyX1tU3BrtwxALzQ3eyWVKDtyLELyqHU8zC0zmxMUU8Na/93YIo3CC6JnGWUVVAD /lS3VaeiDxOx69p/8M537Vg3LALeO7sNsX9SxW5yxwZ4AwF/zZEGPWOI4eTZJd2S 3sPCMzdBvFea0/5alaEIH61OP1dpYln4tXRrIUEeCQwe+fZ+QrFLDIEbaSfleTxM g7OG0xWMwK1nsnHBmrzadTmv7c+Rxx63Knyaxwau4518WzsE4UIsHzIb6L1RWVQ4 9R+hysLbAdptst7ap5YjGE9mlIUTl81C60aqJX6SBD9S8pRQ2S4KkkNPG6qMN02b WPWxYtjl0RPdv7/QBMUkskYxe0MXidQWGmI= -----END CERTIFICATE-----" }, "messages": [ { "type": "Info", "messageKey": "com.mobileiron.vsp.messages.certificates.issue.test.certificate.success", "localizedMessage": "Successfully issued a test certificate for the provided configuration." } ] }
Get CE configuration information
This call gets Certificate Enrollment (CE) configuration information for the provided sub-type.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Roles |
|
Category: Logs and Events Management Role Description: Manage certificates, View certificates |
HTTP method
GET
Request URI
api/v2/configurations/CE/{caprotocol}/configurations
Request parameters
|
Parameter |
Description |
Sample Value |
|
caprotocol |
Required Parameter Type: Path Data Type: String The sub-type about which to fetch information. Can be: •BLUE_COAT, •CLIENT_PROVIDED, •USER_PROVIDED, •ENTRUST, •GLOBAL_SIGN,LOCAL, •OPEN_TRUST, •SCEP,SINGLE_FILE_IDENTITY, •SYMANTEC_MANAGED_PKI, •SYMANTEC_WS_MANAGED_PKI |
USER_PROVIDED |
Response fields
|
Field |
Description |
|
results |
|
|
name |
|
|
value |
|
|
appType |
|
|
appSubType |
|
|
rowType |
|
|
resultCount |
|
Sample request
curl -k -sS -u <username>:<password> -XGET 'https://[Ivanti EPMM]/api/v2/configurations/CE/USER_PROVIDED'
Sample response
{"results":
[{
"name":"user-provided",
"value":"10",
"appType":"SCEP",
"appSubType":"USER_PROVIDED",
"rowType":"ADMIN"
}],
"resultCount":1
}
Search for users without certificates
This call searches for users without certificates.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Role |
|
Category: User Management Role Description: Manage user |
HTTP method
POST
Request URI
api/v2/configurations/CE/{CEID}/users/withnocerts/search
Request parameters
|
Parameter |
Description |
Sample Value |
|
CEID |
Required Parameter Type: Path Data Type: Number The id of the certificate enrollment configuration |
32 |
Response fields
|
Field |
Description |
|
results |
|
|
id |
|
|
principal |
|
|
displayName |
|
|
firstName |
|
|
lastName |
|
|
emailAddress |
|
|
messages |
|
|
type |
|
|
messageKey |
|
|
localizedMessage |
|
|
resultCount |
|
Sample request
curl -k -sS -u <username>:<password> -XPOST 'https://[Ivanti EPMM]/api/v2/configurations/CE/32/users/withnocerts/search'
Sample response
{
"results":[
{
"id":9001,
"principal":"miadmin",
"displayName":"miadmin",
"firstName":null,
"lastName":null,
"emailAddress":"[email protected]"
}
],
"messages":[
{
"type":"Info",
"messageKey":"com.mobileiron.vsp.rest.controllers.UserAndDeviceSummaryController.Messages.SUCCESS_GET_USERS_DETAILS",
"localizedMessage":"User details successfully retrieved."
}
],
"resultCount":1
}
Export summary for users without certificates
This call exports the summary for users without certificates.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Role |
|
Category: User Management Role Description: Manage user |
HTTP method
POST
Request URI
api/v2/configurations/CE/{CEID}/users/withnocerts/search_export
Request parameters
|
Parameter |
Description |
Sample Value |
|
CEID |
Required Parameter Type: Path Data Type: Number The id of the certificate enrollment configuration |
10 |
Response fields
|
Field |
Description |
|
results |
|
|
exportStatusPollUrl |
|
|
csvDownloadUrl |
|
|
messages |
|
|
type |
|
|
messageKey |
|
|
localizedMessage |
|
Sample request
curl -k -sS -u <username>:<password> -XPOST 'https://[Ivanti EPMM]/api/v2/configurations/CE/10/users/withnocerts/search_export'
Sample response
{
"results": {
"exportStatusPollUrl": "/api/v2/configurations/CE/9/users/withnocerts/search_export_status",
"csvDownloadUrl": "/api/v2/configurations/CE/9/users/withnocerts/search_download_csv"
},
"messages": [
{
"type": "Info",
"messageKey": "com.mobileiron.vsp.rest.controllers.UserAndDeviceSummaryController.Messages.PROCESS_INITIATED",
"localizedMessage": "User details export process initiated successfully."
}
]
}
Export status summary for users without certificates
This call exports the status summary for users without certificates.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Role |
|
Category: User Management Role Description: Manage user |
HTTP method
POST
Request URI
api/v2/configurations/CE/{CEID}/users/withnocerts/search_export_status
Request parameters
|
Parameter |
Description |
Sample Value |
|
CEID |
Required Parameter Type: Path Data Type: Number The id of the certificate enrollment configuration |
10 |
Response fields
|
Field |
Description |
|
results |
|
|
isRunning |
|
|
exportStatusMsg |
|
|
csvFileName |
|
|
isExportStatusAvailable |
|
|
initiatedAt |
|
Sample request
curl -k -sS -u <username>:<password> -XPOST 'https://[Ivanti EPMM]/api/v2/configurations/CE/10/users/withnocerts/search_export_status'
Sample response
{
"results": {
"isRunning": false,
"exportStatusMsg": "success",
"csvFileName": "/mi/tomcat/temp/userdetails-3531617505787171123.csv",
"isExportStatusAvailable": true,
"initiatedAt": 1503354251055
}
}
Download summary for users without certificates
This call downloads the user summary for users without certificates.
Required Roles
See Authentication for complete details on ensuring that the credentials you use for basic authentication belong to a user with the necessary role for this API call.
|
Required Role |
|
Category: User Management Role Description: Manage user |
HTTP method
GET
Request URI
api/v2/configurations/CE/{CEID}/users/withnocerts/search_download_csv
Request parameters
|
Parameter |
Description |
Sample Value |
|
CEID |
Required Parameter Type: Path Data Type: Number The id of the certificate enrollment configuration |
10 |
Sample request
curl -o output.csv -k -sS -u <username>:<password> -XGET -H "Content-Type: text/csv" 'https://[Ivanti EPMM]/api/v2/configurations/CE/10/users/withnocerts/search_download_csv'