POST
/
api
/
v1
/
pki
/
ca
/
{caId}
/
sign-intermediate
cURL
curl --request POST \
  --url https://us.infisical.com/api/v1/pki/ca/{caId}/sign-intermediate \
  --header 'Content-Type: application/json' \
  --data '{
  "csr": "<string>",
  "notBefore": "<string>",
  "notAfter": "<string>",
  "maxPathLength": -1
}'
{
  "certificate": "<string>",
  "certificateChain": "<string>",
  "issuingCaCertificate": "<string>",
  "serialNumber": "<string>"
}

Path Parameters

caId
string
required

The ID of the CA to sign the intermediate certificate with.

Body

application/json
csr
string
required

The pem-encoded CSR to sign with the CA.

Minimum length: 1
notAfter
string
required

The date and time when the intermediate CA expires in YYYY-MM-DDTHH:mm:ss.sssZ format.

notBefore
string

The date and time when the intermediate CA becomes valid in YYYY-MM-DDTHH:mm:ss.sssZ format.

maxPathLength
number
default:-1

The maximum number of intermediate CAs that may follow this CA in the certificate / CA chain. A maxPathLength of -1 implies no path limit on the chain.

Required range: x >= -1

Response

Default Response

certificate
string
required

The signed intermediate certificate.

certificateChain
string
required

The certificate chain of the intermediate certificate.

issuingCaCertificate
string
required

The certificate of the issuing CA.

serialNumber
string
required

The serial number of the intermediate certificate.