Obtaining Enrollment Certificate Details Using API
This article provides information for managing Zscaler Private Access (ZPA) enrollment certificates using APIs. All APIs are rate limited. To learn more, see Understanding Rate Limiting.
Getting Details for All Enrollment Certificates
To get all enrollment certificates:
- Send a
GETrequest to the following endpoint in the enrollment-cert-controller:/mgmtconfig/v2/admin/customers/{customerId}/enrollmentCert. - Provide the
customerId, the ZPA tenant ID of the customer, in the request endpoint. For example:/mgmtconfig/v2/admin/customers/217246660302995456/enrollmentCert.
- View an example response
{ "totalPages": "15", "list": [ { "id": "22143", "creationTime": "1563925306", "modifiedBy": "217246660302995849", "description": "2", "name": "1", "allowSigning": false, "privateKeyPresent": true, "clientCertType": "NONE", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICwTCCAakCAQAwSjEQMA4GA1UEChMHWnNjYWxlcjEXMBUGA1UECxMOUHJpdmF0\nZSBBY2Nlc3MxHTAbBgNVBAMTFG15LW1vY2tjb21wYW55LmN\n-----END CERTIFICATE REQUEST-----\n" }, { "id": "22144", "modifiedTime": "1580448229", "creationTime": "1563925326", "modifiedBy": "217246660303023681", "cName": "my-mockcompany.com/12345", "validFromInEpochSec": "1563838926", "validToInEpochSec": "2510005326", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDSjCCAjKgAwIBAgIRAPq0bFzg30vMM3efHU83n9EwDQYJKoZIhvcNAQELBQAw\nTjEQMA4GA1UEChMHWnNjYWxlcjEXMBUGA1UECxMOUHJpdm\n-----END CERTIFICATE-----", "issuedTo": "O=Zscaler,OU=Private Access,CN=my-mockcompany.com/12345", "issuedBy": "O=Zscaler,OU=Private Access,CN=my-mockcompany.com/12345", "serialNo": "333243810239587973493898071045372878801", "description": "2", "name": "12345\"<>", "allowSigning": true, "privateKeyPresent": true, "clientCertType": "NONE", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICxTCCAa0CAQAwTjEQMA4GA1UEChMHWnNjYWxlcjEXMBUGA1UECxMOUHJpdmF0\nZSBBY2Nlc3MxITAfBgNVBAMTGG15LW1vY2tjb21wYW55Lm\n-----END CERTIFICATE REQUEST-----\n" }, { "id": "23164", "creationTime": "1612417564", "modifiedBy": "72057594037973665", "cName": "root.zscaler.com/clien2", "validFromInEpochSec": "1612331164", "validToInEpochSec": "2558497564", "certificate": "----BEGIN CERTIFICATE----\nMIIDSjCCAjKgAwIBAgIRAJePjUG/811dcldsFg74MxUwDQYJKoZIhvcNAQELBQAw\nTTEQMA4GA1UEChM\n----END CERTIFICATE----\n", "issuedTo": "O=Zscaler,OU=Private Access,CN=root.zscaler.com/clien2", "issuedBy": "O=Zscaler,OU=Private Access,CN=root.zscaler.com/clien2", "serialNo": "201458790843283302225978988853372400405", "name": "clien2", "allowSigning": true, "privateKeyPresent": true, "clientCertType": "ZAPP_CLIENT", "csr": "----BEGIN CERTIFICATE REQUEST----\nMIICxDCCAawCAQAwTTEQMA4GA1UEChMHWnNjYWxlcjEXMBUGA1UECxMOUHJpdmF0\nZSBBY2Nlc3MxIDAenk\n-----END CERTIFICATE REQUEST-----\n" } ] }
Close
A successful response returns code 200. To learn more, see API Response Codes and Error Messages.
To get enrollment certificates for use with creating provisioning keys, provide the privateKeyPresent EQ as set to true in the search parameters. For example: privateKeyPresent EQ true.
This API supports pagination. To get a paginated response:
- Send a
GETrequest to the following endpoint:/mgmtconfig/v2/admin/customers/{customerId}/enrollmentCert?page=1&pagesize=20. - Provide the following in the request endpoint:
customerId, the ZPA tenant ID of the customer, in the request endpoint.- Valid values for page and page size parameters.
For example: /mgmtconfig/v2/admin/customers/217246660302995456/enrollmentCert?page=1&pagesize=2.
- View an example response
{ "totalPages": "15", "list": [ { "id": "22143", "modifiedTime": "1646153872", "creationTime": "1563925306", "modifiedBy": "72057594038009308", "description": "2", "name": "1", "allowSigning": false, "privateKeyPresent": true, "clientCertType": "NONE", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICwTCCAakCAQAwSjEQMA4GA1UEChMHWnNjYWxlcjEXMBUGA1UECxM\n-----END CERTIFICATE REQUEST-----\n" }, { "id": "22144", "modifiedTime": "1646153872", "creationTime": "1563925326", "modifiedBy": "72057594038009308", "cName": "my-testcompany.com/12345", "validFromInEpochSec": "1563838926", "validToInEpochSec": "2510005326", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDSjCCAjKgAwIBAgIRAPq0bFzg30vMM3efHU83n9EwDQYJKoZIhvcNAQELBQAw\nTjEQMA4GA1UEChMHWnNjYWxlcj\n-----END CERTIFICATE-----", "issuedTo": "O=Zscaler,OU=Private Access,CN=my-mockcompany.com/12345", "issuedBy": "O=Zscaler,OU=Private Access,CN=my-mockcompany.com/12345", "serialNo": "333243810239587973493898071045372878801", "description": "2", "name": "12345\"<>", "allowSigning": true, "privateKeyPresent": true, "clientCertType": "NONE", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICxTCCAa0CAQAwTjEQMA4GA1UEChMHWnNjYWxlcjEXMBUGA1UECxMOUHJpdmF0\nZSBBY2Nlc3MxITAfBgNVBAMTGG=\n-----END CERTIFICATE REQUEST-----\n" } ] }
Close
If not provided, the default page size is 20. The maximum page size is 500.
A successful response returns code 200. To learn more, see API Response Codes and Error Messages.
This API supports a search option to search by features and fields. To search by features and fields:
- Send a
GETrequest to the following endpoint:/mgmtconfig/v1/admin/customers/73186051597795328/enrollmentCert&search={searchString}. - Provide the following in the request endpoint:
customerId: The ZPA tenant ID of the customer.- Valid search string values. The search string values are in the format
fieldName operator fieldValue. Only search string values that correspond to the values for valid fields and filters are supported. For example, the stringname%20LIKE%20testis supported for the Name filter, using the Contains (LIKE) operator, for thetestfilter value.
For example: /mgmtconfig/v1/admin/customers/73186051597795328/enrollmentCert&search=name%20LIKE%20test.
- View an example response
{ "totalPages": "15", "totalCount": "15", "list": [ { "id": "23841", "modifiedTime": "1646194497", "creationTime": "1614304266", "modifiedBy": "72057594038009308", "cName": "root.zscaler.com/Isolation Cert Test", "validFromInEpochSec": "1614217866", "validToInEpochSec": "2560384266", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDZDCCAkygAwIBAgIRAJWAvoGLsEiEGgOHCRoGwT4wDQYJKoZIhvcNAQELBQAw\nWjEQMA4GA1UEChMHWnNjYWxlcjEXMBUGA1UECxMOUHJpdmF0ZSBBY2Nlc3MxLTAr\nBgNVBAMTJHJvb3QuenNjYWxlci5jb20vSXNvbGF0aW9uIENlcnQgVGVzdDAgFw0y\nMTAyMjUwMTUxMDZaGA8yMDUxMDIxOTAxNTEwNlowWjEQMA4GA1UEChMHWnNjYWxl\ncjEXMBUGA1UECxMOUHJpdmF0ZSBBY2Nlc3MxLTArBgNVBAMTJHJvb3QuenNjYWxl\nci5jb20vSXNvbGF0aW9uIENlcnQgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEP\nADCCAQoCggEBANlcrFANmS4c8VDsQTD8j+N083qOryHzf02tUJnQG3SxqL9U7LSz\nJXkBzZqaTdPbitBYUQipwQdANJ76/ckNHPkJD0U0BMhcCxABRlOv/3gkKbDsP0GP\nSeIi/ZthsNkXfDwBydB4uKypmsPan5sNPtQfDKQb8vbzEZ6+YRdI24untMNHGYDV\n7xo5Pg50AVQIC4pZuvr0x3+67C5Hbx7NNrdWkagbYgtML3FkLxQ+EaPzVbvKohde\njtd6uqjb/ou9lJtVPImd5JmZCmeV+gFceHbccVi4MdsNqILeILD59WHKeo5BJkb1\nXz5TBErBk9LM63Nt9oTr7RpUuhxsSKQOOQMCAwEAAaMjMCEwDwYDVR0TAQH/BAUw\nAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAH0MrPIFr3KD\n7RH5D0IjgQNloBn+2cQlf0wLh3kcgldqBHZWUlXJRiVsIWZiVTW7hwUZ9WXHj8aYF2fLPxD7EBUBXlBJIEI3oyzwk\n6iAJ/0tu2vs=\n-----END CERTIFICATE-----\n", "issuedTo": "O=Zscaler,OU=Private Access,CN=root.zscaler.com/Isolation Cert Test", "issuedBy": "O=Zscaler,OU=Private Access,CN=root.zscaler.com/Isolation Cert Test", "serialNo": "198723449291334110913249869031511867710", "name": "Isolation Cert Test", "allowSigning": true, "privateKeyPresent": true, "clientCertType": "NONE", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIC0TCCAbkCAQAwWjEQMA4GA1UEChMHWnNjYWxlcjEXMBUGA1UECxMOUHJpdmF0\nZSBBY2Nlc3MxLTArBgNVBAMTJHJvb3QuenNjYWxlci5jb20vSXNvbGF0aW9uIENl\ncnQgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANlcrFANmS4c\n8VDsQTD8j+N083qOryHzf02tUJnQG3SxqL9U7LSzJXkBzZqaTdPbitBYUQipwQdA\nNJ76/ckNHPkJD0U0BMhcCxABRlOv/3gkKbDsP0GPSeIi/ZthsNkXfDwBydB4uKyp\nmsPan5sNPtQfDKQb8vbzEZ6+YRdI24untMNHGYDV7xo5Pg50AVQIC4pZuvr0x3+6\n7C5Hbx7NNrdWkagbYgtML3FkLxQ+EaPzVbvKohdejtd6uqjb/ou9lJtVPImd5JmZ\nCmeV+gFceHbccVi4MdsNqILeILD59WHKeo5BJkb1Xz5TBErBk9LM63Nt9oTr7RpU\nuhxsSKQOOQMCAwEAAaAyMDAGCSqGSIb3DQEJDjEjMCEwDwYDVR0TAQH/BAUwAwEB\n-----END CERTIFICATE REQUEST-----\n" } ] }
Close
If you use the ZPA API PortaI or the Reference Guide to make your API calls, the search field string does not require any characters. For example, name%20LIKE%20test is name LIKE test.
A successful response returns code 200. To learn more, see API Response Codes and Error Messages.
Getting Details of a Particular Enrollment Certificate
To get details of a particular enrollment certificate:
- Send a
GETrequest to the following endpoint in the enrollment-cert-controller:/mgmtconfig/v1/admin/customers/{customerId}/enrollmentCert/{enrollmentCertId}. - Provide the following parameters in the request:
customerId: The ZPA tenant ID of the customer.enrollmentCertId: The ID of the enrollment certificate.
For example: /mgmtconfig/v1/admin/customers/217246660302995456/enrollmentCert/22144.
- View an example response
{ "id": "22144", "modifiedTime": "1580448229", "creationTime": "1563925326", "modifiedBy": "217246660303023681", "cName": "my-mockcompany.com/12345", "validFromInEpochSec": "1563838926", "validToInEpochSec": "2510005326", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDSjCCAjKgAwIBAgIRAPq0bFzg30vMM3efHU83n9EwDQYJKoZIhvcNAQELBQAw\nTjEQMA4GA1UEChMHWnNjYWxlcjEXMBUGA1UECxMOUHJpdmF0ZSBB\n-----END CERTIFICATE-----", "issuedTo": "O=Zscaler,OU=Private Access,CN=my-mockcompany.com/12345", "issuedBy": "O=Zscaler,OU=Private Access,CN=my-mockcompany.com/12345", "serialNo": "333243810239587973493898071045372878801", "description": "2", "name": "12345\"<>", "allowSigning": true, "privateKeyPresent": true, "clientCertType": "NONE", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICxTCCAa0CAQAwTjEQMA4GA1UEChMHWnNjYWxlcjEXMBUGA1UECxMOUHJpdmF0\nZSBBY2Nlc3MxITAfBgNVBAMTGG15LW1vY2tjb21wYW55LmNvbS8x\n-----END CERTIFICATE REQUEST-----\n" }
Close
A successful response returns code 200. To learn more, see API Response Codes and Error Messages.