- URL:
- https://<root>/machines/<machine>/sslcertificates/generate
- Methods:
POST- Version Introduced:
- 10.1
Access requirements
Required privileges
The Sever Administrator API requires privilege-based access. An administrator must be assigned a specific user privilege, or role, to access any given endpoint. Listed below are the user privileges or roles an administrator can be assigned that provides access to this endpoint. If multiple privileges are listed, only one needs to be assigned to gain access.
Note that administrators assigned a custom role must also have the administrative View all content privilege assigned to them to access the API directory as an administrator.
Tokens
This API requires token-based authentication. A token is automatically generated for administrators who sign in to the Server Administrator API directory's HTML interface. Tokens generated in this way are stored for the entirety of the session.
Those accessing the API directory outside of the HTML interface will need to acquire a session token from the generate operation in the Portal Directory API. For security reasons, all POST requests made to the Server Administrator API must include a token in the request body.
Description
The generate operation creates a self-signed certificate or acts as a starting point for getting a production-ready CA-signed certificate. The generated ceritifcate will be sorted in the keystore.
Request parameters
| Parameter | Description |
|---|---|
(Required) | A unique name that easily identifies the certificate. Example |
| The algorithm used to generate the key pairs. The default is RSA. Example |
| Specifies the size in bits to use when generating the cryptographic keys used to create the certificate. The larger the key size, the harder it is to break the encryption; however, the time to decrypt encrypted data increases with key size. For DSA, the key size can be between 512 and 1,024. For RSA, the recommended key size is 2,048 or greater. Example |
| Use the default ( Example Example |
| Use the domain name of your server name as the common name. If your server will be accessed on the Internet through the URL If your server will only be accessible on your local area network (LAN) through the URL Example |
| The name of your organizational unit. Example |
(Required) | The name of your organization. Example |
| The name of the city or locality. Example |
| The full name of your state or province. Example |
| The abbreviated code for your country. Example |
| The total time in days during which this certificate will be valid. The default is 90. Example |
| The subject alternative name (SAN) is an optional parameter that defines alternatives to the common name (CN) specified in the SSL certificate. There cannot be any spaces in the SAN parameter value. If no SAN is defined, a website can only be accessed (without SSL certificate errors) by using the common name in the URL. If a SAN is defined and a DNS name is present, the website can only be accessed by what is listed in the SAN. Multiple DNS names can be specified if desired. For example, the URLs Example |
| The response format. The default response format is Values: |
Example usage
The following is a sample POST request for the generate operation:
POST /<context>/admin/machines/MACHINE.EXAMPLE.COM/sslcertificates/generate HTTP/1.1
Host: organization.example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []
alias=myCert&keyalg=RSA&keysize=1024&sigalg=SHA1withRSA&commonName=SERVER.EXAMPLE.COM&organizationalUnit=GIS Department&organization=ESRI&city=Redlands&state=California&country=US&validity=120&san=DNS:www.esri.com,DNS:esri,IP:10.60.1.16JSON Response example
{"status": "success"}