List Certificates with Application Connector Details
This API is used to fetch the complete list of
certificates in the inventory along with the corresponding application connector
details.
Before you Begin
- The user should have the following ACF permissions:
CERT+ > Certificate Inventory > {Certificate_Type}> View inventory
Here, {Certificate_Type}: Server, Client and Code signing
Request Structure
| Endpoint: | certificate/list |
| Type: | POST |
| Sample URL: |
To understand the elements of the sample URL, click here. |
| Headers | |
| Content-Type: | application/json |
| Name | Description |
|---|---|
| sessionId
|
(Mandatory if username and password
are not provided) Session ID received after login Type: String Constraint: Required if username and password are not provided. |
| username
|
(Mandatory only if sessionID is not provided)
Username for logging in to AppViewX Type: String |
| password
|
(Mandatory only if sessionID is not provided)
Password for logging in to AppViewX Type: String |
| content-type
|
(Mandatory) Payload content-type with
application/json value. Type: String Constraint: The value must be application/json. |
| gwsource
|
(Mandatory) The source from which the request is
triggered, e.g., external. Type: String |
| Payload
|
Contains all the parameters to be sent in the
request body for the put request. Type: Payload |
Payload
| Name | Description |
|---|---|
| nextPageToken | (Optional; not required for fetching the first set
of results) Reference point for fetching the subsequent set of list
of certificates, with application connector details, that the user
has access to The certificate/list API fetches only a limited set of results on each execution. The nextPageToken paramter is used as a reference point to continue fetching the next set of results. The nextPageToken value returned in the API's response can be used in the next request payload. Type: String |
| searchOptions | (Optional) Additional criteria to filter the search
results Type: searchOptions |
| Name | Description |
|---|---|
| limit | (Optional) Number of records to be fetched in the
response Type: Integer Default value: 100 Constraints: The value should be a valid integer <= 1000. If limit > 1000, the value is capped at 1000. |
Response Structure
Response returns string of type application/json with the following body parameters:
| Name | Description |
|---|---|
| response | Contains the response attributes Type: response |
| message | Success message or failure description in case of
error. Type: String |
| appStatusCode | Application specific status code for the response.
It is a non-null value for a failure response. Type: String |
| tags | Additional information in case of failure response. |
| Name | Description |
|---|---|
| data | Certificate details Type: data |
| nextPageToken | A continuation token for fetching the next batch of certificate details |
| Name | Description |
|---|---|
| commonName | Certificate common name |
| serialNumber | Serial number of the certificate |
| issuerCommonName | Common name of the issuing Certificate Authority |
| status | Status of the certificate |
| associatedObjects | Applications, services, or systems where the certificate is being used or linked |
| discoverySources | Source from where the certificate was certificate |
| subjectOrganization | Name of the organization that requested the certificate |
| subjectOrganizationUnit | Name of the business unit within the organization that requested the certificate |
| subjectLocality | Locality of the organization that requested the certificate |
| subjectState | State in which the organization that requested the certificate is located |
| subjectCountry | Country in which the organization that requested the certificate is located |
| issuerOrganization | Organization name of the issuing Certificate Authority |
| issuerOrganizationUnit | Buisiness unit name of the issuing Certificate Authority |
| issuerLocality | Locality of the issuing Certificate Authority |
| issuerState | State in which the issuing Certificate Authority is located |
| issuerCountry | Country in which the issuing Certificate Authority is located |
| version | Certificate version |
| validFrom | Starting date of the certificate's validity period |
| validTo | Ending date of the certificate's validity period |
| firstDiscoveryDate | Timestamp the certificate was first discovered |
| lastBeforeDiscoveryDate | Timestamp of the previous discovery before the most recent one |
| lastDiscoveryDate | Timestamp of the latest discovery |
| firstDiscoveryDateStr | Timestamp the certificate was first discovered |
| lastBeforeDiscoveryDateStr | Timestamp of the previous discovery before the most recent one |
| validFor | Certificate validity period |
| keyAlgorithmAndSize | Algorithm and key size used for private key encryption |
| signatureAlgorithm | Details of the signing algorithm used |
| signatureHashAlgorithm | Details of the hash algorithm used |
| keyUsage | Defines permitted uses of the certificate |
| extendedKeyUsage | Defines additional usage of the certificate |
| basicConstraints | Defines if the certificate is a CA certificate or an
end certificate For a CA certificate, it also specifies how many certificates can be present below in the certficate chain |
| group | Certificate group mapped to this certificate |
| subjectAlternativeNames | Subject Alternative Names (SAN) for the certificate |
| complianceStatus | Indicates if the certificate complies with the associated policies |
| applications | List of installed profiles containing the certificate |
| policyIdentifiers | Unique identifiers of the policies associated with the certificate |
| expiryStatus | Indicates if the certificate is expired or not |
| permission | Permissions granted to the certificate |
| category | Certificate category |
| uuid | Unique identifier assigned to the certificate |
| id | Resource ID |
| certificateAuthority | Issuing certificate authority |
| authorityKeyIdentifier | Provides the key identifier of the Issuing CA certificate that signed the SSL certificate |
| subjectKeyIdentifier | Identifier of the certificate itself, specified within the certificate |
| issuerSerialNumber | Serial number assigned to the issuing Certificate Authority |
| authorityInfoAccess | Provides information on how to access resources related to the certificate's issuer, such as the issuer's certificate or OCSP responder for revocation checks |
| certificatePolicies | Certificate policies associated with the certificate |
| crlDistributionPoints | URL of the Certificate Revocation List |
| thumbprintAlgorithm | A mathematical process that generates a unique, fixed-size "fingerprint" or digest of a certificate's data, used for verification and identification |
| thumbPrint | A unique identifier for a certificate, generated by a hash function (like SHA-1 or SHA-256) from the certificate's data, used for verification and identification |
| type | Certificate type |
| certAttributes | A nested JSON that contains the key-value pairs for the attributes added for the certificate |
| customAttributes | Attributes with additional certificate metadata details |
| issuingTemplate | A set of policies and rules that a Certification Authority (CA) uses to guide how it handles certificate requests, including parameters like validity period, encryption, and signature requirements |
| csrGenerationSource | Source of the certificate CSR generation |
| certificateHSMDetails | Details of the HSM used for CSR generation |
| deviceDetails | Details of the device on which the certificate was discovered |
| csrAvailable | Indicates if valid CSR is available for the certificate |
| enhancedSANTypes | Subject alternative names (SAN) for the certificate |
| autoRenewDate | Date of certificate auto renewal |
| autoRegenDate | Date of certificate auto regeneration |
| missingParamsForAutoRenew | Missing parameters obstructing certificate auto renewal |
| caConnectorName | Name of the application connector associated with the certificate |
| caSettingName | Name of the CASetting created in AppViewX for the chosen certificate authority |
| suspendedCertificate | Flag indicated if certificate is suspended or not |
| comments | Additional details related to the certificate |
| mailAddress | Email address of the organization requesting the certificate |
| streetAddress | Street address of the organization requesting the certificate |
| postalCode | Postal code address of the organization requesting the certificate |
| publicKeyModulus | Part of the public key used for encryption and signature verification, specifically the modulus value in the RSA algorithm |
| requestIds | IDs of the workflows associated with the certificate |
| orderId | Order ID of the certificate |
| publicKey | Public key associated with the certificate |
| ellipticCurve | If the keyType chosen is EC, then the ellipticCurve is specified depending on the bit length selected |
| issuedByRootCertificate | Indicates if certificate was issued directly by a root certificate |
| cumulativeSanCount | Number of SANs assigned to the certfiicate |
| caCertificateType | Certificate type used by the Certificate Authority |
| subject | Certificate subject |
| discoveryTypes | Discovery scan type used for discovering the certificate |
| certLifeCycleAction | Last CLM action performed |
| certLifeCycleActionTimestamp | Timestamp of the last CLM action performed |
| customExtensions | Any specific OIDs configured for the certficate |
| deviceNames | Devices for which the certificate has application connectors present |
| deviceProfiles | Device profiles for which the certificate has application connectors present |
| certSyncStatus | Provision to manage certificates after discovery |
| applicationCount | Number of applications associated with the certificate |
| applicationConnectors | Details of the application connectors associated with the certificate |
| applicationConnectorId
|
Unique identifier assigned to the application connector |
| vendorConnectorId
|
Unique identifier assigned to the vendor of the device the certificate is being pushed to |
| generalInformation
|
General details related to the application connector |
| deviceProfile
|
Profile details of the device the certificate will be pushed to |
| vendor
|
Name of the vendor of the device the certificate is being pushed to |
| name
|
Name of the application connector |
| description
|
Additional details related to the application connector |
| certSyncStatus
|
Indicates the provision to manage certificates after discovery |
| category
|
Category of the vendor of the device to which the certificate is being pushed |
| deviceName
|
User friendly name assigned to the device to which the certificate is being pushed |
| certificateDetails
|
Certificate details associated with the device |
| pushDetails
|
Configuration details related to pushing the certificate |
| securePush
|
Indicates if secure push is enabled This option ensures that the certificate is pushed to the target system securely, protected from any unauthorized access. |
| connectorType
|
Indicates if the connector is associated with a profile or is a default connector (not associated with a profile) |
| pushAutomatically
|
Indicates if auto push is enabled for the certificate |
| overwrite
|
Indicates if the overwrite option is enabled for the
certificate The Overwrite option is used to specify if existing certificates on the target system will be overwritten with the certificate being pushed. |
| privatekeyAvaliable | Indicates if the certificate private key is available |
Status Codes
| HTTP Code | appStatusCode | Response Message |
|---|---|---|
| 200 OK | null | Response with the list of certificates (100 default and upto 1000 based on limit set) and their app connector details |
| 401 Unauthorized | AVX_GW_003 | Authentication failed, reason - Invalid Credentials.
Remediation: Ensure that valid username and password or a valid sessionId is provided as header parameters. |
| 400 Bad Request | VALIDATION_ERROR_0004 | Invalid nextPageToken Remediation: Invalid nextPageToken. Please ensure the correct nextPageToken is sent. |
| 403 Forbidden | AVX_GW_005 | User does not have access to the targeted
API Remediation: {Certificate_Type}: Server, Client and Code
signing
|
| 403 Forbidden | CERT-ACF-0058 | User does not have relevant permission to perform
this action. Remediation: Ensure the given user has the proper ACF permissions for the respective certificate category (categories: server, client, and code signing). |
Sample Request/Response
Request Payload (first
request)
{
"searchOptions" :{"limit":1000}
}
Request Payload (subsequent
requests)
{
"searchOptions" :{"limit":1000},
"nextPageToken":"67d6ce66f6efc33357f91199"
}
Response
{
"response": {
"data": [
{
"commonName": "xzcxzc",
"serialNumber": "18:F7:58:A2:EE:AB:A3:D8",
"issuerCommonName": "AppViewX Intermediate CA",
"status": "Monitored",
"avxStatus": "Monitored",
"associatedObjects": [
"IBM_MQServer:@KDBLabel:@/var/mqm/qmgrs/TEST1/ssl/scb_multichain.kdb:@ind"
],
"discoverySources": [
"IBM_MQServer"
],
"subjectOrganization": "",
"subjectOrganizationUnit": "",
"subjectLocality": "",
"subjectState": "",
"subjectCountry": "",
"issuerOrganization": "AppViewX Inc",
"issuerOrganizationUnit": "",
"issuerLocality": "Seattle",
"issuerState": "Washington",
"issuerCountry": "US",
"version": "3",
"validFrom": 1586691547000,
"validTo": 1618227547000,
"firstDiscoveryDate": 1742227505601,
"lastBeforeDiscoveryDate": 1742227505601,
"lastDiscoveryDate": 1742227505601,
"firstDiscoveryDateStr": null,
"lastBeforeDiscoveryDateStr": null,
"validFor": "0 day(s)",
"keyAlgorithmAndSize": "RSA 4096",
"signatureAlgorithm": "SHA256withRSA",
"signatureHashAlgorithm": "SHA256",
"keyUsage": "DigitalSignature, KeyEncipherment",
"extendedKeyUsage": "Server Authentication(1.3.6.1.5.5.7.3.1) Client Authentication(1.3.6.1.5.5.7.3.2) ",
"basicConstraints": "Subject Type=End entity, Path Length=none",
"group": "Default",
"subjectAlternativeNames": [
"DNS : xzcxzc"
],
"complianceStatus": "Compliant",
"applications": [],
"policyIdentifiers": [],
"expiryStatus": "Expired",
"permission": "RW",
"category": "Server",
"uuid": "04b02861eb66fda5a6b423c537b91a9f2c915a95",
"id": "67d848328419ca79a24779cc",
"certificateAuthority": "AppViewX",
"authorityKeyIdentifier": "59:0F:79:63:FA:24:10:3B:65:25:A1:09:94:92:1D:96:6C:3D:DC:EA",
"subjectKeyIdentifier": "BD:50:5E:52:8E:CE:49:5E:66:ED:99:9C:8D:86:3C:A6:22:44:31:4E",
"issuerSerialNumber": "A7:F0:67:77:C1:FB:00:0F",
"authorityInfoAccess": [
"AuthorityInfoAccess : [ accessMethod : 1.3.6.1.5.5.7.48.1, alterativeName : , url : http:192.168.133.39/controller/avxocsp?issuerserialnumber=12101285962797744143 ]"
],
"certificatePolicies": [],
"crlDistributionPoints": [
"CrlDistributionPoint : [ name : , url : http:192.168.133.39/controller/avxcrl?crlFileName=12101285962797744143.crl ]"
],
"thumbprintAlgorithm": "SHA-1",
"thumbPrint": "9C:5A:7B:1C:BC:88:86:EE:AD:3D:2C:78:C0:79:1B:CF:4B:23:15:3A",
"type": "Others",
"genericFields": null,
"certAttributes": null,
"customAttributes": null,
"validFromDate": null,
"validToDate": null,
"discoveredFileNames": [
"IBM_MQServer::/var/mqm/qmgrs/TEST1/ssl/scb_multichain.kdb"
],
"issuingTemplate": null,
"csrGenerationSource": null,
"certificateHSMDetails": null,
"deviceDetails": null,
"newConnectors": [],
"csrAvailable": false,
"enhancedSANTypes": null,
"autoRenewDate": "",
"autoRegenDate": null,
"missingParamsForAutoRenew": null,
"base64ImageContent": null,
"caConnectorName": null,
"caSettingName": null,
"suspendedCertificate": false,
"comments": null,
"mailAddress": "",
"streetAddress": "",
"postalCode": "",
"publicKeyModulus": null,
"requestIds": null,
"orderId": null,
"publicKey": "30:82:02:0A:02:82:02:01:00:AB:F4:AC:96:18:27:78:15:75:4D:20:C5:20:7E:76:72:7D:39:EC:C6:1F:67:6A:03:F6:42:25:A4:A1:5E:99:FF:D8:0B:CC:CD:67:30:57:DA:95:AA:3C:6C:46:CA:02:FD:8B:26:6C:FC:BC:E7:1A:95:BC:D8:4B:96:4E:D2:ED:0A:C6:BD:3E:72:85:7B:36:F6:9E:78:DA:7C:D9:48:1F:26:72:C6:B1:31:BD:9F:3D:F7:90:AD:63:E1:31:D6:4E:05:A5:2D:F6:C7:3E:84:3E:9A:CF:A2:F5:93:F2:97:66:1E:E9:18:D3:1E:6C:B4:30:12:E5:B0:4B:18:0A:F7:66:35:5C:29:C1:6C:57:DE:86:89:56:C2:37:A1:85:33:14:E0:9C:AD:A0:4A:D1:BE:CB:46:FA:1D:E6:5A:D3:4B:04:2E:14:25:35:50:D3:38:52:90:1D:45:0E:79:B7:D1:72:15:B9:6F:57:AD:87:4C:21:48:F4:51:69:77:CD:A3:C9:B2:5F:FD:FB:EE:9A:22:51:38:C2:2E:1E:7A:7C:82:CF:29:B9:4A:30:66:2E:5F:15:62:39:26:B6:EC:95:C4:04:27:65:5F:90:84:91:78:97:6B:F9:E4:17:F1:2F:2F:91:FE:50:B3:7C:CF:77:4E:69:14:F3:9A:43:F0:D1:9F:6B:02:DE:FF:2E:E0:EB:5D:C6:1C:8F:70:F0:BA:C4:DE:3C:AA:55:87:F3:A6:7B:48:F0:DF:B9:68:4C:01:B6:2D:14:60:CA:D2:09:77:51:BC:D1:5C:F5:E5:01:E5:02:1E:F7:50:20:44:14:1B:C8:B0:F1:02:75:7E:1C:6D:E9:C3:0B:E3:E2:E8:A2:81:1E:67:63:35:B3:DC:BD:CB:61:C9:AA:87:13:1A:49:EA:09:EA:84:C7:BB:B3:17:8F:3C:6E:CB:D1:12:18:00:ED:41:26:12:69:C1:F7:80:0D:6F:6A:2A:C4:EB:7B:85:84:48:A3:BD:6C:8A:9B:D2:E7:70:7E:32:BD:8F:DE:4A:C5:32:A1:0F:51:E2:7D:B2:71:A2:89:6B:A4:2C:79:88:AA:D8:FA:39:EA:67:10:09:89:D3:C1:40:DA:3C:9C:69:AF:E0:9D:2D:C4:7F:CA:3A:CC:48:D4:B0:71:F6:4A:4C:61:ED:14:70:57:0A:20:9F:72:37:5F:3C:9F:84:F1:57:7B:54:99:6E:26:E2:79:55:B4:63:C0:1E:FA:F9:E4:51:58:93:D7:5B:31:BE:13:DD:86:9F:28:58:5A:E5:43:68:DC:7D:02:B3:18:D2:A1:E5:97:6F:6C:D4:36:D6:55:89:38:AF:51:71:BA:96:4A:6B:32:51:42:62:95:02:03:01:00:01",
"ellipticCurve": null,
"issuedByRootCertificate": false,
"cumulativeSanCount": 1,
"chainPriority": 0,
"caCertificateType": null,
"templateProfile": null,
"certificateTags": null,
"resourceTags": null,
"ocspStatus": null,
"enrollmentMethod": null,
"kubeService": null,
"subject": "CN=xzcxzc",
"discoveryTypes": [
"Server"
],
"certLifeCycleAction": null,
"certLifeCycleActionTimestamp": 0,
"isSsoActive": null,
"customExtensions": null,
"deviceNames": [
"IBMClient_Linux",
"IBM_MQServer"
],
"deviceProfiles": [
"IBMClient_Linux:@KDBLabel:@/var/mqm/qmgrs/TEST1/ssl/scb_multichain.kdb:@ind",
"IBM_MQServer:@KDBLabel:@/var/mqm/qmgrs/TEST1/ssl/scb_multichain.kdb:@ind"
],
"certSyncStatus": [
"syncronized",
"syncronized"
],
"applicationCount": "2",
"applicationConnectors": [
{
"applicationConnectorId": "IBMClient_Linux:@KDBLabel:@/var/mqm/qmgrs/TEST1/ssl/scb_multichain.kdb:@ind:@04b02861eb66fda5a6b423c537b91a9f2c915a95",
"vendorConnectorId": "67d8482fafab49654c8af0a2",
"generalInformation": {
"deviceProfile": "IBMClient_Linux:@KDBLabel:@/var/mqm/qmgrs/TEST1/ssl/scb_multichain.kdb:@ind",
"vendor": "IBMClient",
"name": "Server IBMClient Connector",
"description": "Connector from discovery",
"certSyncStatus": "syncronized",
"category": "Server",
"deviceName": "IBMClient_Linux"
},
"certificateDetails": {
"rootAndInterCertExist": true,
"profileType": "label",
"certDirectoryPath": "/var/mqm/qmgrs/TEST1/ssl",
"sslCertFilePath": "/var/mqm/qmgrs/TEST1/ssl/scb_multichain.kdb",
"rootCertLabel": "ttr",
"serverCertLabel": "ind",
"intermediateCertLabel": "ttI",
"certificateType": "KDB-.kdb"
},
"pushDetails": {
"securePush": "false",
"connectorType": "Profile Connector",
"pushAutomatically": "false",
"overwrite": "false"
},
"hiddenUiFields": null,
"validationSettings": {
"validationType": null,
"customApplications": null,
"defaultApplications": null
}
},
{
"applicationConnectorId": "IBM_MQServer:@KDBLabel:@/var/mqm/qmgrs/TEST1/ssl/scb_multichain.kdb:@ind:@04b02861eb66fda5a6b423c537b91a9f2c915a95",
"vendorConnectorId": "67d848308419ca79a247791b",
"generalInformation": {
"deviceProfile": "IBM_MQServer:@KDBLabel:@/var/mqm/qmgrs/TEST1/ssl/scb_multichain.kdb:@ind",
"vendor": "MQServer",
"name": "Server MQServer Connector",
"description": "Connector from discovery",
"certSyncStatus": "syncronized",
"category": "Server",
"deviceName": "IBM_MQServer"
},
"certificateDetails": {
"rootAndInterCertExist": true,
"profileType": "label",
"certDirectoryPath": "/var/mqm/qmgrs/TEST1/ssl",
"sslCertFilePath": "/var/mqm/qmgrs/TEST1/ssl/scb_multichain.kdb",
"rootCertLabel": "ttr",
"serverCertLabel": "ind",
"intermediateCertLabel": "ttI",
"certPathChecksum": "/var/mqm/qmgrs/TEST1/ssl/scb_multichain.kdb$@4290636108",
"qManagerName": "TEST1",
"certificateType": "KDB-.kdb"
},
"pushDetails": {
"securePush": "false",
"connectorType": "Profile Connector",
"pushAutomatically": "false",
"overwrite": "false"
},
"hiddenUiFields": null,
"validationSettings": {
"validationType": null,
"customApplications": null,
"defaultApplications": null
}
}
],
"cvss": 6.8,
"privatekeyAvaliable": true
}
],
"nextPageToken": "67d848328419ca79a24779cc"
},
"message": null,
"appStatusCode": null,
"tags": {},
"headers": null
}
References
Understanding the sample URL
- IP/HostName/TenantName: Replace with the actual IP address, hostname,
or tenant name based on the specific configuration in AppViewX.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
The IP address will be included in the endpoint URL for an on-prem deployment.
- HostName: A human-readable label assigned to a device (host)
on a network
The hostname will be included in the endpoint URL for an on-prem deployment.
- TenantName: An identifier label for a tenant given to
indicate which tenant's data the API request will
access/modify
The tenant name will be included in the endpoint URL for a SaaS deployment.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
- GWPORT: AppViewX gateway port
A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.
Example: 31443
- avxapi: Path parameter value (static) that is part of the endpoint's URL
- Endpoint: Endpoint of the API, for example: execute-hook
- gwsource: Source or origin of a gateway, for example: external.