How to Get Root CA Certificate and CRL¶
The APIs to get the root CA certificate and CRL are open to public.
The following API call paths are relative paths based on https://<enos_cluster_hostname>
, where https://<enos_cluster_hostname>
refers to the hostname of EnOS public cloud cluster instance.
For private cloud instances, this would be your own domain name for EnOS.
Retrieving the Root CA Certificate¶
A root CA certificate is a certificate with the public key of the current CA. The root certificate is used to check the validity of an issued certificate.
To retrieve the root CA certificate, send the following API request:
GET https://<enos_cluster_hostname>/enos/CA/cacert/{issueAuthority}
where {issueAuthority}
refers to the type of the certificate you are applying for, whose available options are ECC
or RSA
.
Retrieving the Certificate Revocation List¶
A revoked certificate is identified in the certificate revocation list (CRL) by its certificate serial number. To check whether a certificate is revoked, you will need to retrieve the CRL and check whether the corresponding certificate serial number is on that CRL. To retrieve the CRL, call the following API periodically.
GET https://<enos_cluster_hostname>/enos/CA/crl/{issueAuthority}
where {issueAuthority}
refers to the type of the certificate you are apply for, whose available options are ECC
or RSA
.