Sign Certificate

cURL

curl --request POST \
  --url https://us.infisical.com/api/v1/pki/certificates/sign-certificate \
  --header 'Content-Type: application/json' \
  --data '{
  "caId": "<string>",
  "certificateTemplateId": "<string>",
  "pkiCollectionId": "<string>",
  "csr": "<string>",
  "friendlyName": "<string>",
  "commonName": "<string>",
  "altNames": "",
  "ttl": "<string>",
  "notBefore": "<string>",
  "notAfter": "<string>",
  "keyUsages": [
    "digitalSignature"
  ],
  "extendedKeyUsages": [
    "clientAuth"
  ]
}'

{
  "certificate": "<string>",
  "issuingCaCertificate": "<string>",
  "certificateChain": "<string>",
  "serialNumber": "<string>"
}

POST

api

pki

certificates

sign-certificate

cURL

curl --request POST \
  --url https://us.infisical.com/api/v1/pki/certificates/sign-certificate \
  --header 'Content-Type: application/json' \
  --data '{
  "caId": "<string>",
  "certificateTemplateId": "<string>",
  "pkiCollectionId": "<string>",
  "csr": "<string>",
  "friendlyName": "<string>",
  "commonName": "<string>",
  "altNames": "",
  "ttl": "<string>",
  "notBefore": "<string>",
  "notAfter": "<string>",
  "keyUsages": [
    "digitalSignature"
  ],
  "extendedKeyUsages": [
    "clientAuth"
  ]
}'

{
  "certificate": "<string>",
  "issuingCaCertificate": "<string>",
  "certificateChain": "<string>",
  "serialNumber": "<string>"
}

Body

application/json

csr

string

required

The pem-encoded CSR to sign with the CA to be used for certificate issuance.

Minimum length: 1

ttl

string

required

The time to live for the certificate such as 1m, 1h, 1d, 1y, ...

caId

string

The ID of the CA to issue the certificate from.

certificateTemplateId

string

The ID of the certificate template to issue the certificate from.

pkiCollectionId

string

The ID of the PKI collection to add the certificate to.

friendlyName

string

A friendly name for the certificate.

commonName

string

The common name (CN) for the certificate.

Minimum length: 1

altNames

string

default:""

A comma-delimited list of Subject Alternative Names (SANs) for the certificate; these can be host names or email addresses.

notBefore

string

The date and time when the certificate becomes valid in YYYY-MM-DDTHH:mm:ss.sssZ format.

notAfter

string

The date and time when the certificate expires in YYYY-MM-DDTHH:mm:ss.sssZ format.

keyUsages

enum<string>[]

The key usage extension of the certificate.

Show child attributes

extendedKeyUsages

enum<string>[]

The extended key usage extension of the certificate.

Show child attributes

Response

Default Response

certificate

string

required

The issued certificate.

issuingCaCertificate

string

required

The certificate of the issuing CA.

certificateChain

string

required

The certificate chain of the issued certificate.

serialNumber

string

required

The serial number of the issued certificate.

Issue Certificate Create

Overview

Endpoints

Infisical PKI

Infisical SSH

Infisical KMS

Body

Response