Bulk certificate sign

POST /puppet-ca/v1/sign

The sign endpoint of the CA API allows you to request the signing of CSRs that match the certnames included in the payload.

The certnames must be in an array nested under a certnames key and be valid certnames. The usual checks for subject-alt-names allowed, authorization-extensions allowed, invalid extensions and valid signature are made.

Copy 
POST /puppet-ca/v1/sign
Content-Type: application/json

{
  "certnames": [
    "one.example.com",
    "two.example.com"
  ]
}

Supported HTTP methods

POST

Supported response formats

application/json

Parameters

None

Responses

Certificates signed

Copy 
POST /puppet-ca/v1/sign

{
  "certnames": [
    "one.example.com",
    "two.example.com"
  ]
}

HTTP 200 OK
Content-Type: application/json

{
  "signed": [
    "one.example.com",
    "two.example.com"
  ],
  "no-csr": [],
  "signing-errors": []
}

Certname schema error

Copy 
POST /puppet-ca/v1/sign
Content-Type: application/json

{
  "certnames": [
    1,
    2
  ]
}

HTTP 422 Unprocessable Entity

{
  "kind": "schema-violation",
  "msg": ""
  "details": {},
}

No CSRs for supplied certnames

Copy 
POST /puppet-ca/v1/sign
Content-Type: application/json

{
  "certnames": [
    "nocsrone.example.com",
    "nocsrtwo.example.com"
  ]
}

HTTP 200 OK
Content-Type: application/json

{
  "signed": [],
  "no-csr": [
    "nocsrone.example.com",
    "nocsrtwo.example.com"
  ],
  "signing-errors": []
}

Signing errors for supplied certnames

Copy 
POST /puppet-ca/v1/sign
Content-Type: application/json

{
  "certnames": [
    "badextension.example.com",
    "invalidsignature.example.com"
  ]
}

HTTP 200 OK
Content-Type: application/json

{
  "signed": [],
  "no-csr": [],
  "signing-errors": [
    "badextension.example.com",
    "invalidsignature.example.com"
  ]
}

POST /puppet-ca/v1/sign/all

The sign/all endpoint of the CA API allows you to request the signing of all outstanding CSRs.

Copy 
POST /puppet-ca/v1/sign/all
Content-Type: application/json

{}

Supported HTTP methods

POST

Supported response formats

application/json

Parameters

None

Responses

Copy 
POST /puppet-ca/v1/sign/all
Content-Type: application/json

{}

HTTP 200 OK
Content-Type: application/json

{
  "signed": [
    "one.example.com",
    "two.example.com"
  ],
  "no-csr": [],
  "signing-errors": [
    "badextension.example.com",
    "invalidsignature.example.com"
  ]
}