Download Private Key of a Certificate

The download private key of a certificate API downloads the private key of a certificate in the password protected PEM format.

Before you begin

  • The user should have the ACF permission to download the private key within the specified certificate’s category.
  • A certificate with the UUID specified for deletion should already exist.
  • Private key access should be enabled under the certificate policy of the associated certificate group.

Request Structure

Endpoint: /certificate/privatekey/download
Type: POST
Sample URL: 
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/certificate/privatekey/download?gwsource=external

To understand the elements of the sample URL, click here.
Headers
Content-Type: application/json
Table 1. Input Parameters
Name Description
sessionId

Header

 (Mandatory) Session Id received after login.

Type: String

Constraint: Required if username and password are not provided.
username

Header

 (Mandatory) AppViewX login username.

Type: String

Constraint: Required if sessionId is not provided.
password

Header

 (Mandatory) AppViewX login password.

Type: String

Constraint: Required if sessionId is not provided.
Content-Type

Header

 (Mandatory) Specifies the nature of the data in the payload.

Type: String

Constraint: Value of the parameter should be ‘application/json’
gwsource

Query

 (Mandatory) Source from which the request is triggered. (E.g. external)

Type: String
Payload Contains all the parameters to be sent in the request body for the post request.

Type: Payload

Payload

Table 2. Payload
Name Description
uuId (Mandatory) Universally Unique Identifier (UUID) of the certificate of which the private key is to be downloaded

Type: String
password (Optional) Password for encrypting the private key in the response.

Type: String

Response Structure

Table 3. Parameters
Name Description
response Contains the response attributes

Type: response
message Success message or failure description in case of error.

Type: String
appStatusCode Application specific status code for the response. It is a non-null value for a failure response.

Type: String
privateKeyPemEncoded Private key of certificate in password encrypted pem.

Type: String
success True if download is successful and False if error in downloading.

Type: Boolean
tags Additional information in case of failure response.
Table 4. response
Name Description
status Status of the download request

Type: String
zipFileName Name of the zipped file that contains the downloaded private key

Type: String
certContents Application specific status code for the response. It is a non-null value for a failure response.

Type: String
privateKeyPemEncoded Private key of certificate in password encrypted pem.

Type: String
success True if download is successful and False if error in downloading.

Type: Boolean
log Additional information in case of failure response

Status Codes

HTTP Code appStatusCode Response Message
417 Expectation failed CERT-GEN-0015 Field cannot be null/empty.

Remediation: Ensure the mandatory fields have valid value in the request. It should not be null or empty.
417 Expectation failed CERT-KEY-0006 Private key access is restricted in <policy> policy.

Remediation: Enable private key access in the mentioned policy.
400 Bad Request MANDATORY_FIELD_MISSING Mandatory field is missing or invalid.

Remediation: Ensure all the mandatory fields have valid value in the request.
500 Internal Server Error CERT-GEN-0027 Certificate private key download failed.

Sample Request/Response

Request Payload
{
"uuId": "60b8d6c4e5c7a920d4f4f1f4",
"password": "testPassword123"
}
Success Response
{
 "response": {
 "status": "Success",
 "zipFileName": null,
 "certContents": null,
 "privateKeyPemEncoded": "-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIE9jAoBgoqhkiG9w0BDAEDMBoEFEC4EngLMd1kbUJjHxgNyvApBAMFAgIIAASC\nBMhv4AkofevTbEa0BZ3HLOI/WIHelmYmHtwC26SDI1JGJWKUN1O0W52rIn30mjZG\niUxiu7F3ozQgrKBCHuM+lKxx4zYbmgukyodJtbzJ4EohmapiZQHJSf4DiJiHHa8X\nZ/r+sfNoRunhy3r/0SS0lNZqQvnM5dqSATkHTtrcD82NsKIx4GScFfG5yKhoAsS6\nEJQag7THPAbwaRPml54UZBsFnjmkG638utC511EWdbD0Z12L4zxhzPNxgnYFNQEg\n12552kjj5jGNZgojxZ52BpWe0ZfDkH+bvt7LC9M62n4d5vrivlfBd6R7ZMjDAD0M\nn2vtltgoKe9Nbxq/5oraGJt+8ql/sWlGWehx/L8Ue/weCzXtmectQd69M4idK7QQ\nAwOh/cdosut6uQUGzIrH3n59INWbkJ0HzlunJjLcvJzrhr191SYmMU0HNPjaVptD\n+UErWYqs4y1XEwOn1jrNQ8cBA0VvkwhAu1juWc0hoY9s6tv573dnljrNAtiVOtw4\nl3CsQlNMAXSHizpaM6pKXh8mCHfgZqzDmbmDTTDc9A37ekgnDfSRCEgzRKQl4bJT\noXYRJFTyjGqT4HdC9pKaj3B+IHfWae5iWOB5kCdaE9qCc9NjN8WzPed3U3ltNNzC\neW3mYihP++XCB9uNHyLZ9jCXh42RCCW/omVlgZR9VBvhrq3tmk8MCYp+cFdo2KsH\nlC+MAVL6NPI4jcGBNt2JUMG5coPXttF2OsHqucH95WqUDUBF5+ZmpvJSuCFb8SEc\nvAH35lwJnanZs4hPIlgywkRcIdu+Mv+lseOqFQvRypeRKPLGlWqZQZ83J5P2ENhv\nhQLv9hrYLKzpo4oMk4GTFeLNvYnayAa5sqAOACoI8QZRmjUPVffG3KEQ6F3vOTdX\n1BrpeSH6rbolqEUTcBpcagf+1XdoZ4f3h76K0yVH1KVE8Gz2uQvWqm33UThVU2ra\n0kWLxO2tz3tN0m21MLQhU4bWDMT5Yz5GdsLLQQgkiIzZ7vwfnYT6xtTPTJLre0X+\n927vNJnhVgtdydutSIMf+m+tH3knZ35K8MCBH7lLV+Ov0dj4DSbD/44eMuBOP7KW\n8u4FK0Mys4EeBc2nH9tQ/HTSDCRJGj8sycRHZGGCRRAuFtIBXy0F9lnbaoTCNnIS\ngeW/ZjuSBHH0csNxvJZS3rr62Pnl14IOueM5cklLa02LqON/gdRZwXQm7i0sOTEC\nvhX4Y3RgJ8+IZYx3MyeNKuUBFOuyRcl3my/C6K9okMyQhAgXr16YR/v/ioKihX8/\nRH0RC9OrSy6ad0lLRhye9/giEJ2JBfKq8QwwRUO1peD7lrzsde6gD8c9XRmbshgu\ndU00dmL0a26H/h+/T9UnS5D1KJUROHXeCX2ywakw/k1hR9xfiQsYJ6FVXGC38POW\nVnOK4gmRnGQPfDsqZJ32bm+cyqQ2nmXYHxGQO1S0k+U5JlmPk9EruaWal2rud8wO\ndAcT/ZUxaBXXjwRnOAr142Hh939KuMcb7IK7as0Ku2xoBxLSGFIkaQXCnLVavs1C\nGNs0ZrN9rDwua7e7VTug08oI0H0Fvqt5cgQAaFTDjM6Usy7AoKJVoP4jl4UsW78m\nTRAnJLIfDxCBX5b315bMMg5uTpZRDcIybY0=\n-----END ENCRYPTED PRIVATE KEY-----\n",
 "success": true,
 "log": false
 },
 "message": "private key downloaded successfully",
 "appStatusCode": null,
 "tags": {},
 "headers": null
 }

References

Understanding the sample URL
  • IP/HostName/TenantName: Replace with the actual IP address, hostname, or tenant name based on the specific configuration in AppViewX.
    • IP: A unique identifier assigned to each device connected to a computer network that uses the Internet Protocol for communication

      The IP address will be included in the endpoint URL for an on-prem deployment.

    • HostName: A human-readable label assigned to a device (host) on a network

      The hostname will be included in the endpoint URL for an on-prem deployment.

    • TenantName: An identifier label for a tenant given to indicate which tenant's data the API request will access/modify

      The tenant name will be included in the endpoint URL for a SaaS deployment.

  • GWPORT: AppViewX gateway port

    A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.

    Example: 31443

  • avxapi: Path parameter value (static) that is part of the endpoint's URL
  • Endpoint: Endpoint of the API, for example: execute-hook
  • gwsource: Source or origin of a gateway, for example: external.