Manually request an AS certificate chain for a given CSR
POST/cppki/certificates/request
✨Added in v0.34
Manually request a SCION CPPKI AS certificate chain for a given CSR
using the regular certificate renewal mechanism. The endpoint expects a
CSR and uses that to request a certificate renewal. The certificate
renewal request is signed by an active key/certificate of the appliance
such that the CA will be able to authenticate the renewal request and
issue the certificate. This is useful if one appliance has been
disconnected from the SCION network for several days and thus has no
valid AS certificate anymore that could be used for certificate renewal.
In such a case, one can generate a new CSR on the appliance that was
offline and use this endpoint on an appliance that still has a valid AS
certificate to request a new certificate on behalf of the sibling.The
returned certificate can then be deployed to the offline appliance using
the regular POST /cppki/certificates endpoint.
Request
Responses
- 200
- 400
- 500
success
bad request
internal error