Renew Certificate and Push

This API is used to renew a certificate based on the certificate group and certificate authority and push it to the selected device.

Before you begin

Before attempting to trigger these service requests, ensure that:
  • The workflow is enabled.
    Note: For more information on how to enable a workflow, refer the section on Managing Certificates using Automation Workflows.
  • The API user has the necessary RBAC permissions to trigger the workflow. You can check this in the Platform module under IDENTITY > Role > Authorized functions.

Request Structure

Endpoint: /visualworkflow-submit-request
Type: POST
Sample URL: 
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/visualworkflow-submit-request?gwsource=external

To understand the elements of the sample URL, click here.
Headers
Content-Type: application/json
Table 1. Input Parameters
Name Description
sessionId

Header

 (Mandatory, if username and password are not provided) Session ID received after login.

Type: String
username

Header

 (Mandatory if sessionId is not provided) AppViewX login username.

Type: String

Constraint: Required if sessionId is not provided.
password

Header

 (Mandatory if sessionId is not provided) AppViewX login password.

Type: String

Constraint: Required if sessionId is not provided.
gwsource

Query

 (Mandatory) Source from which the request is triggered

Type: String
Payload

Body

 Contains all the parameters to be sent in the request body for the put request.

Type: Payload

Payload

Table 2. Payload
Name Description
cert_category (Mandatory) Specifies the certificate category

Type: String

Possible Values: Server, Client
certificate_group (Mandatory) Specifies the group to which the created certificate must be tagged.

Type: String
certificate_authority (Mandatory) Name of the certificate authority that will issue the certificate.

Type: String
serial number (Mandatory) Serial number of the certificate

Type: String
common_name (Mandatory) Common name of the certificate

Type: String
san (Mandatory) Subject Alternative Name of the certificate

Type: String

Possible values: DNS, IP Address
dns_names (Mandatory) DNS values

Type: String

Example: www.appviewx.com

Constraints: Multiple values must be separated by a comma (,).
ip_addresses (Mandatory) IP values

Type: String

Example: 192.16x.xx.x

Constraints: Multiple values must be separated by a comma (,).
directory_names (Mandatory for EJBCA, Microsoft Enterprise CA, and Microsoft Standalone CA) Directory names for the certificate

Type: String
rfc822names (Mandatory for EJBCA, Microsoft Enterprise CA, and Microsoft Standalone CA) Email address(es) of the user(s) to whom the certificate is issued

Type: String
registered_ids (Mandatory for Microsoft Enterprise CA and Microsoft Standalone CA) Registered ID of the certificate

Type: String
uris (Mandatory for EJBCA, Microsoft Enterprise CA, and Microsoft Standalone CA) Uniform Resource Identifier of the certificate

Type: String
othernames (Mandatory for Microsoft Enterprise CA and Microsoft Standalone CA) Other names for the certificate

Type: String
validity_unit (Mandatory) Unit of time for the certificate's validity period

Type: String

Possible values: years, months, days
validity_value (Mandatory if validityUnit has been specified) Number of units of the time specified as the validity unit

Type: Integer
digicert_server_type (Mandatory only for DigiCert CA) DigiCert server type value

Type: String
orderId (Mandatory only for DigiCert CA) Order ID of the DigiCert certificate

Type: String
ejbca_end_entity_user_name (Mandatory only for EJBCA) User name of the EJBCA end entity

Type: String
ejbca_end_entity_profile_name (Mandatory only for EJBCA) Profile name of the EJBCA end entity

Type: String
ejbca_issuer_common_name (Mandatory only for EJBCA) Common name of the EJBCA issuer

Type: String
ejbca_certificate_profile_name (Mandatory only for EJBCA) Profile name associated with the EJBCA certificate

Type: String
entrust_additional_emails (Mandatory only for Entrust CA) Additional email addresses
microsoft_enterprise_template_name (Mandatory only for Microsoft Enterprise CA) Template name for Microsoft Enterprise

Type: String
check_attribute (Optional) Certificate attribute values

Type: String

Possible values: true, false

Constraints: The certificates_attributes field will be passed only if check_attribute = true.
cert_attributes (Mandatory if check_attributes = true) Certificate attribute settings

Type: Array of certificate attributes
hash_function (Optional) Hash function for the certificate

Type: String

Possible Values: SHA256
user_email (Optional) Email address for sending status notificatiosn for certificate create and push

Type: String
push_devices (Mandatory) Contains all device fields

Type: Array of attributes
Table 3. cert_attributes
Name Description
attribute (Optional) Certificate attribute name

Type: String
attribute_value (Optional) Corresponding certificate attribute value

Type: String
Table 4. Attributes for push_devices
Name Description
device_vendor (Mandatory) Device vendor type based on selection of device type

Type: String

Possible values: F5, LinuxServer, Citrix
device (Mandatory) Device name for the selected device vendor

Type: String
linux_actions (Mandatory) Linux action for the selected device vendor

Type: String

Possible values: Default, Create KDB label (*.kdb), Certificate Overwrite (*.kdb)
selected_profiles (Mandatory) Profile name for the device

Type: String
apache_custom_new (Mandatory for Apache devices) Provision to opt for pushing the certificate to a custom location

Type: String

Possible values: Yes, No
apache_certificate_location (Mandatory if apache_custom_new = Yes) Certificate path created by the user

Type: String
apache_key_location (Mandatory if apache_custom_new = Yes) Certificate Key path created by the user

Type: String
password (Mandatory if linux_actions = Default) Password for accessing the KDB file

Type: String
push_cert_type (Mandatory) Certificate type being pushed

Type: String

Response Structure

Table 5. Response Structure
Name Description
response Contains the response params for the search object request.

Type: Response
message Success message or failure description in case of error.

Type: String
appStatusCode Application specific status code for the response

Will be non-null for failure response

Type: String
tags More information in case of a failure response

Type: NA
Table 6. Response
Name Description
requestId Unique identifier for the request

Type: String
workflowVersion Version of the workflow

Type: String
message The message with the status and request number for the request

Type: String
status Status of the request

Type: String
stausCode Status code for the request

Type: String
requestType Request type

Type: String
workorderId The ID of the work order for the request If there is no workorder, the value will be 0.

Type: String

Status Codes

HTTP Code appStatusCode Response Message
200 OK NA Success

Remediation: NA
400 Bad Request avx-common-028 Invalid/ Incorrect payload

Remediation: Check and ensure if a valid value is given in the request payload field - input.
401 Unauthorized WORKFLOW_1679 User is not authorized.

Remediation: Ensure that logged-in user is authorized to access the workflow.
404 Not Found engine-db-015 Workflow not found.

Remediation: Ensure the workflow data is valid.
409 Conflict WORKFLOW_1475 Given workflow is not in enabled state.

Remediation: Enable the workflow.
500 Internal Server Error WORKFLOW_1617 Invalid form data. Please provide all mandatory data

Remediation: Ensure a valid value is given in the request payload field - input.
500 Internal Server Error NA Error while processing

Remediation: NA

Sample Request/Response

Sample Request
{
  "payload": {
    "header": {
      "workflowName": "Renew Certificate and Push"
    },
    "data": {
      "input": {
        "requestData": [
          {
            "sequenceNo": 1,
            "scenario": "scenario",
            "fieldInfo": {
              "info": "",
            
              "cert_category": "Server,Client",
              "certificate_group": "<mandatory field>",
              "certificate_authority": "Microsoft Enterprise,DigiCert,Ejbca,Entrust",
              "serial_number": "<mandatory field>",
              "common_name": "<mandatory field>",
              "san": "DNS,Directory Name,Email,IP Address,Registered ID,URL,Other Name",
              "dNSNames": "",
              "directoryNames": "",
              "iPAddresses": "",
              "registeredIDs": "",
              "otherNames": "",
              "uniformResourceIdentifiers": "",
              "rfc822Names": "",
              "validity_unit": "<mandatory field>",
              "validity_value": "<mandatory field>",
              "hash_function": "<mandatory field>",
              "attributes_available": "true",
              "cert_attributes": [
                {
                  "attribute": "",
                  "attribute_value": ""
                }
              ],
              "orderId": "",
              "digicert_server_type": "<mandatory field>",
              "ejbca_End_Entity_Profile_Name": "<mandatory field>",
              "ejbca_End_Entity_User_Name": "",
              "ejbca_Issuer_Common_Name": "<mandatory field>",
              "ejbca_Certificate_Profile_Name": "<mandatory field>",
              "microsoft_enterprise_template_name": "<mandatory field>",
              "entrust_additional_emails": "",
              "push_devices": [
                {
                  "device_type": "ADC,Server",
                  "device_vendor": "<mandatory field>",
                  "device": "<mandatory field>",
                  "linux_actions": "Default,Create KDB label (*.kdb),Certificate Overwrite (*.kdb)",
                  "selected_profiles": "<mandatory field>",
                  "password": "<mandatory field>",
                  "push_cert_type": "<mandatory field>"
                }
              ],
              "user_email": "(~get_logged_user_email_id~)"
            }
          }
        ]
      },
      "globalData": {},
      "task_action": 1
    }
  }
}
Note: Please refer to the request structure to identify the changeable values.
Sample Response
{
    "response": {
        "workorderId": "0",
        "requestType": "default",
        "requestId": "867",
        "workflowVersion": "master",
        "message": "Workflow Request is created with Id 867 . Request submitted to workflow engine for processing workorder.",
        "status": "In Progress",
        "statusCode": 0
    },
    "message": "Success",
    "appStatusCode": null,
    "tags": null,
    "headers": null
}

References

Understanding the sample URL
  • IP/HostName/TenantName: Replace with the actual IP address, hostname, or tenant name based on the specific configuration in AppViewX.
    • IP: A unique identifier assigned to each device connected to a computer network that uses the Internet Protocol for communication

      The IP address will be included in the endpoint URL for an on-prem deployment.

    • HostName: A human-readable label assigned to a device (host) on a network

      The hostname will be included in the endpoint URL for an on-prem deployment.

    • TenantName: An identifier label for a tenant given to indicate which tenant's data the API request will access/modify

      The tenant name will be included in the endpoint URL for a SaaS deployment.

  • GWPORT: AppViewX gateway port

    A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.

    Example: 31443

  • avxapi: Path parameter value (static) that is part of the endpoint's URL
  • Endpoint: Endpoint of the API, for example: execute-hook
  • gwsource: Source or origin of a gateway, for example: external.