Code Signing Download Certificate
The "Code Signing Download Certificate" API facilitates the retrieval of code signing certificates securely. It enables users to download their code signing certificates.
Before you begin
- Configure the signing policy with relevant details, ensuring mapping to the enrolled certificate (also identified as the signing key on the signing policy page).
- Ensure that you have the necessary payload details of the code signing certificate you intend to download.
Request Structure
| Endpoint: | /code-signing-download-certificate |
| Type: | POST |
| Sample URL: | https://<IP/HostName/TenantName>:<GWPORT>/avxapi/code-signing-download-certificate?gwsource=externalTo understand the elements of the sample URL, click here. |
| Content-Type: | application/json |
| Name | Description |
|---|---|
| Token
|
(Mandatory) Use token retrieved from login
API. Example: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJwbGF0Zm9y bSIsImF1ZCI6ImF2eCIsImNsaWVudElkIjoiOTcwNzRlNDEtOGFmOS00NTZkLTlhNjQtZjB jNGJiOTA4MDQ4IiwiaXNzIjoiYXZ4IiwiZXhwIjoxNjUwMzY5MzY3LCJncmFudCB0eXBlIj oiY2xpZW50X2NyZWRlbnRpYWxzIn0.HZnkuUEjXIeqJWqpqi NWFHqIDI7GYf4cWx 6VwbjGD_0 |
| sessionId
|
(Mandatory) After successfully logging in, a unique
identifier assigned to a user's session after successful
authentication. The session ID remains valid until it expires.
The session ID is a string value. Example: "ce7f1a14-2bf9-4e4a-89a8-bc780a255813" |
| username
|
(Mandatory) AppViewX login username, represented as a string
value. Example: "User" |
| password
|
(Mandatory) AppViewX login username, represented as a string
value. Example: "AppViewX@123" |
| gwsource
|
(Mandatory) Source from which the request is triggered. The
values can be:
Type: String |
| Payload
|
(Mandatory) Input data for request body in application/json format. For payload details, see Payload section. |
Payload
| Name | Description |
|---|---|
| commonName
|
(Mandatory) Enter the common name of the requested
certificate. Example: "EJBCACertHSM" |
| serialNumber
|
(Mandatory) Enter the serial number of the requested certificate.
Example: "18:C1:CD:90:72:FA:84:5A:87:30:7B:F7:11:47:69:B5:B0:BB:D5:57" |
| policyName
|
(Mandatory) Enter the policyName to which the requested
certificate is mapped. Example: "FileBasedPolicy" |
| isKeyRequired
|
(Mandatory) Enter if private key is necessary in the certificate
package. Example: "false" |
| isChainRequired
|
(Mandatory) Enter if certificate chain is necessary along with
the code signing certificate. Example: "true" |
Response Structure
- Status Code: 200 OK
- Message: Successfully downloaded the certificate ZIP file.
- Headers:
- Content-Type: application/json
- Response: Certificate Info Package is downloaded.
Status Codes
| HTTP Code | appStatusCode | Response Message |
|---|---|---|
| 200 OK | - | null |
| 400 Bad Request | CODE_SIGNING_00240 | Policy does not exist. |
| 400 Bad Request | VALIDATION_ERROR_0004 | Invalid 'serialNumber'. |
| 403 Forbidden | CODE_SIGNING_00218 | Permissions are not there to download the certificate(s) for the requested Policy Name. |
| 403 Forbidden | CODE_SIGNING_0032 | Permissions are not there to sign the file/hash due to cert group/policy permissions are disabled. |
| 500 Internal Server Error | CODE_SIGNING_0070 | Signing Key is not mapped to the given policy. |
| 500 Internal Server Error | CODE_SIGNING_0073 | Certificate is not present in the cert inventory. |
| 500 Internal Server Error | CODE_SIGNING_0087 | Signing Key is Revoked/Expired. |
| 500 Internal Server Error | CODE_SIGNING_0060 | Error in generating the cert files during the Sign+/Certificate Package Creation. |
| 500 Internal Server Error | CODE_SIGNING_00221 | Error in generating the private key file during the Certificate File Downloading. |
| 500 Internal Server Error | CODE_SIGNING_00217 | Download operation failed for the requested Certificate(s). |
Sample Request/Response
This API is used for retrieving certificate file(s).
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/code-signing-download-certificate?gwsource=external{
"payload": {
"commonName": "AppViewXCertificate",
"serialNumber": "18:C1:CD:90:72:FA:84:5A:87:30:7B:F7:11:47:69:B5:B0:BB:D5:57",
"policyName": "FileBasedPolicy",
"isKeyRequired": "false",
"isChainRequired": "true"
}
}A ZIP file containing the full certificate chain will be downloaded.Reference
- IP/HostName/TenantName: Replace with the actual IP address, hostname,
or tenant name based on the specific configuration in AppViewX.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
The IP address will be included in the endpoint URL for an on-prem deployment.
- HostName: A human-readable label assigned to a device (host)
on a network
The hostname will be included in the endpoint URL for an on-prem deployment.
- TenantName: An identifier label for a tenant given to
indicate which tenant's data the API request will
access/modify
The tenant name will be included in the endpoint URL for a SaaS deployment.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
- GWPORT: AppViewX gateway port
A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.
Example: 31443
- avxapi: Path parameter value (static) that is part of the endpoint's URL
- Endpoint: Endpoint of the API, for example: execute-hook
- gwsource: Source or origin of a gateway, for example: external.