cacerts.json & devcerts.json
GET api/security/status/cacerts.json GET api/security/status/devcerts.json
The function cacerts.json gets an array of descriptions of installed CA certificates.
The function devcerts.json gets an array of descriptions of installed device certificates.
Response data:
For properties not existing in the certificate null will be given as value. See “nscerttype” below.
For each certificate in the list, the following attributes are given:
Attribute Name | Data Type | Description |
|---|---|---|
certificate:version | Integer | Certificate version |
certificate:serial | String | Certificate serial number |
certificate:subject | String (comma separated) | Certificate subject name |
certificate:issuer | String (comma separated) | Certificate issuer name |
certificate:expires | DateString (see description below) | Date when certificate expires |
certificate:issued | DateString (see description below) | Date when certificate was created |
certificate:sigalg | String | Algorithm certificate is signed with |
certificate:keytype | String | Type of the key used by this certificate |
certificate:keysize | Integer | Size of the key (number of bits) |
certificate:basicconst | String | Certificate basic constraints |
certificate:subjaltname | String (comma separated) | Subject alternate namesCould be DNS names and/or IP Numbers |
certificate:nscerttype | String | Netscape certificate type description |
certificate:keyusage | String | Key usage description |
certificate:thumbprint | String | The SHA1 sum of the certificate This is a 40 byte hexadecimal formatted string that can be used to identify the certificate. This thumbprint will internally be used as the filename of the certificate. |
usage:<protocol> | Bool (true, false) | For each, by the CompactCom 40 security module supported secure protocols, a protocol name attribute is included with boolean value indicating if the certificate is configured for usage with the protocol Note that this attribute is only present for devcerts.json |
DateString format: YYYY-MM-DD hh:mm:ss
YYYY | four-digit year |
MM | two-digit month (01=January, etc.) |
DD | two-digit day of month (01 through 31) |
hh | two-digit of hour (00 through 23) |
mm | two-digit of minute (00 through 59) |
ss | two-digit of second (00 through 59) |
JSON response example (cacerts.json):
The hex string at the beginning of the example is the SHA1 thumbprint of the certificate.
{
"24C7E186CA125AB5C49CA6945E3D37D85B84FACF" :
{
"certificate" :
{
"version" : 3,
"serial" : "C0:78:27:6E:A6:25:46:23",
"subject" : "C=SE, ST=Halland, L=Halmstad, O=HMS,
OU=Dev, CN=HMS-CA",
"issuer" : "C=SE, ST=Halland, L=Halmstad, O=HMS,
OU=Dev, CN=HMS-CA",
"issued" : "2017-01-19 14:43:54",
"expires" : "2027-01-17 14:43:54",
"sigalg" : "RSA with SHA-256",
"keytype" : "RSA",
"keysize" : 2048,
"basicconst": "Subject Type=CA, Path Length Constraint=0",
"subjaltname": "IP=10.10.12.88, DNS=abccmodule.hms.se",
"nscerttype" : null,
"keyusage" : "Key Cert Sign",
"thumbprint" "24C7E186CA125AB5C49CA6945E3D37D85B84FACF",
}
} ,
"F3A5EF014702937F37AC540898F36235E7A435B3" : {
"certificate" : { Certificate description… }
},
…
"A3C72403A85EA577DEB4661772E2D1D4B99904D2" : {
"certificate" : { Last certificate… }
]JSON response example (devcerts.json):
The hex string at the beginning of the example is the SHA1 thumbprint of the certificate.
{
"F3A5EF014702937F37AC540898F36235E7A435B3" :
{
"certificate" :
[
{
"version" : 3,
"serial" : "02",
"subject" : "C=SE, ST=Halland, L=Halmstad,
O=HMS Industrial Networks AB, OU=BU Anybus,
CN=10.11.20.55",
"issuer" : "C=SE, ST=Halland, L=Halmstad,
O=HMS Industrial Networks AB, OU=BU Anybus,
CN=10.11.20.55",
"issued" : "2019-05-29 06:41:21",
"expires" : "2020-05-28 06:41:21",
"sigalg" : "ECDSA with SHA256",
"keytype" : "EC",
"keysize" : 256,
"basicconst": null,
"subjaltname": "IP=10.11.20.55,",
"nscerttype" : null,
"keyusage" : null,
"thumbprint" "F3A5EF014702937F37AC540898F36235E7A435B3",
}
],
"usage" : { "https" : true }
}
}