How to Get Root CA Certificate and CRL


The APIs to get the root CA certificate and CRL are open to public.


The following API call paths are relative paths based on https://<enos_cluster_hostname>, where https://<enos_cluster_hostname> refers to the hostname of the EnOS cloud cluster instance. The EnOS cloud cluster has the following instances:

  • AWS-CN: https://developer.envisioncn.com


For private cloud instances, this would be your own domain name for EnOS.

Retrieving the Root CA Certificate

A root CA certificate is a certificate with the public key of the current CA. The root certificate is used to check the validity of an issued certificate.


To retrieve the root CA certificate, send the following API request:

GET https://<enos_cluster_hostname>/enos/CA/cacert/{issueAuthority}

where {issueAuthority} refers to the type of the certificate you are applying for, whose available options are ECC or RSA.

Retrieving the Certificate Revocation List

A revoked certificate is identified in the certificate revocation list (CRL) by its certificate serial number. To check whether a certificate is revoked, you will need to retrieve the CRL and check whether the corresponding certificate serial number is on that CRL. To retrieve the CRL, call the following API periodically.

GET https://<enos_cluster_hostname>/enos/CA/crl/{issueAuthority}

where {issueAuthority} refers to the type of the certificate you are apply for, whose available options are ECC or RSA.