GET /endpoint/signingCertificate/<UUID>/<resource>

Use the GET method to retrieve information about the signed Certificate Authority (CA) root certificate for a specific resource type, in PEM format.

Note: This method is not support on ThinkServer and System x M4 servers.

Authentication

Authentication with user name and password is required.

Request URL

GET https://<management_server_IP>/endpoint/signingCertificate/<UUID>/<resource>
where:
  • <UUID> specifies the UUID of the target device.

  • <resource> can be one of the following values:
    • updatedCIMCertificate. This resource type applies only to rack or tower server UUIDs.
    • updatedLDAPCertificate. This resource type applies only to rack or tower server UUIDs.
    • updatedSigningCertificate. This resource type applies only to chassis, storage device, and switch UUIDs.

Query parameters

None

Request body

None

Response codes

Code Description
200 OK. The request completed successfully.
400 Bad request. An argument is missing or is not valid. A descriptive error message will be returned in the body.
404 Not found. The user was not found. A descriptive error message will be returned in the body.
500 Internal server error. A descriptive error message will be returned in the body.

Response body

Attributes Type Description
response Array  
  CertificateOwnerUUID String UUID of the certificate owner.
  CurrentCertificatePEM String PEM representation of the certificate.
  CurrentCertificateText Array  
    CertIssuer String Certificate user (for example, "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware, CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-03-10 10:49:01")
    CertKeyFields Array  
      CertKeyFieldName String Identification of a component of the certificate key (for example, "Modulus" or "Exponent")
      CertKeyFieldValue String Corresponds to the Key Field Name
    CertPublicKeyAlgorithm String Public key algorithm (for example, "RSA")
    CertPublicKeyLength String Length in bytes of the public key (for example, 2048)
    CertSerialNumber String Certificate serial number
    CertSignature String Digital signature of the device's signing certificate
    CertSignatureAlgorithm String Algorithm used when signing the certificate (for example, "SHA1withRSA")
    CertSubject String Contains the certificate subject (for example, "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware, CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-03-10 10:49:01")
    CertValidNotBefore String Date before which the certificate is not valid. The timestamp is returned in ISO 8601 format (for example, "1970-01-01T00:00:00Z")
    CertValidNotAfter String Date after which the certificate is not valid. The timestamp is returned in ISO 8601 format (for example, "2048-12-31T23:59:59Z")
    CertX509Version String Version of the X.509 certificate standard (for example, 3)
  TrustedCertificateText    
    CertIssuer String Certificate user (for example, "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware, CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-03-10 10:49:01")
    CertKeyFields Array of objects  
      CertKeyFieldName String Identification of a component of the certificate key (for example, "Modulus" or "Exponent")
      CertKeyFieldValue String Corresponds to the Key Field Name
    CertPublicKeyAlgorithm String Identifies the public key algorithm (for example, "RSA")
    CertPublicKeyLength String Length in bytes of the public key (for example, 2048)
    CertSerialNumber String Certificate serial number.
    CertSignature String Digital signature of the device's signing certificate.
    CertSignatureAlgorithm String Algorithm used when signing the certificate (for example, "SHA1withRSA")
    CertSubject String Contains the certificate subject (for example, "2048-12-"L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware, CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-03-10 10:49:01")
    CertValidNotAfter String Date after which the certificate is not valid. The timestamp is returned in ISO 8601 format (for example, "2048-12-31T23:59:59Z").
    CertValidNotBefore String Date before which the certificate is not valid. The timestamp is returned in ISO 8601 format (for example, "1970-01-01T00:00:00Z").
    CertX509Version String Version of the X.509 certificate standard (for example, 3)
result String Results of the request . This can be one of the following values.
  • success. The request completed successfully.
  • failure. The request failed. A descriptive error message was returned.
messages Array Information about one or more messages
  id String Message identifier of a returned message
  text String Message text associated with the message identifier
  explanation String Additional information to clarify the reason for the message
  recovery Array Recovery information
    text String User actions that can be taken to recover from the event
    URL String Link to the help system for more information, if available

Response example

{
    "response": {
        "CertificateOwnerUUID": "A4AFBBC4770232049A45C6F315D66236",
        "CurrentCertificatePem": "-----BEGIN CERTIFICATE-----\n
                                  MIID8jCCAtqgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmzFHMEUGA1UEAxM+Q0Eg\n
                                  Zm9yIEE0QUZCQkM0LTc3MDItMzIwNC05QTQ1LUM2RjMxNUQ2NjIzNiwgMTUtMDIt\n
                                  MTAgMTcMDk6MTAxJTAjBgNVBAoTHEdlbmVyYXRlZCBieSBMZW5vdm8gRmlybXdh\n
                                  cmUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUWDEPMA0GA1UEBxMGQXVzdGluMB4X\n
                                  DTcwMDEwMTAwMDAwMFoXDTQ4MTIzMTIzNTk1OVowgZsxRzBFBgNVBAMTPkNBIGZv\n
                                  ciBBNEFGQkJDNC03NzAyLTMyMDQtOUE0NS1DNkYzMTVENjYyMzYsIDE1LTAyLTEw\n
                                  IDE3OjA5OjEwMSUwIwYDVQQKExxHZW5lcmF0ZWQgYnkgTGVub3ZvIEZpcm13YXJl\n
                                  MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzANBgNVBAcTBkF1c3RpbjCCASIw\n
                                  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa2OjDQESDz3IDaoyaTUxAmnKx1\n
                                  ADhDFdL4md892U6WQLMWoeVHC/K3dUUS+Q/G/wk1gvXG9QRTUE5GAF/3yLVKL5xv\n
                                  nmYmSLN7vR/By4tOZiOq3AlR71Us+NjXe8PpTud7piqtW4+2Q/mG0vvf7MtiOmQA\n
                                  rjp3wSo00ZOJMgSIMCcme3P0rETbbsGys/ENHBjBBxa1KZlAHzAMGkG7hY+eB0yZ\n
                                  o9MdD8BW9ga9IaweiURhDJb8r5A3Bvk2+FQYeREYSeWrjrFZyHnkXtbZsMF8QnfB\n
                                  7uCXUXv4xrQ2LnKOL7U98e0d8WBIf046WpiwKPvJCALlqNXtCc2Qh//CPY8CAwEA\n
                                  AaM/MD0wDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAbYwHQYDVR0lBBYwFAYI\n
                                  KwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQArAyb4oWH2ygxK\n
                                  ZIk7+SNl8L7LO61T1nOrNmgYEL8rGmZQJyKqnZVz1PtTGIcns0gugXrKU+UB1ZDK\n
                                  FduNHg4T4GIpR4IthAincZAixXazkFJwf3izsTPYcyYBjyC1m9SWEsPEIVHCioAC\n
                                  YLV2ckxYHpv6HndTRK8uIao/CAUZred03YjW78BS4aO3f+O6+63v3K35l0fSXNt+\n
                                  0WkmH0qqpBDT8TbLGDNLOZMs600qzwT5iCULtjjasYVk+AX7UMrTlRJRVHAiJwkN\n
                                  tvZtDVgeg7F+8wT1NziFEMdhmVWGusNzjn/NGIwqoUSklAj1opEY8DTVvVJleR8E\n
                                  eerb7LRI\n
                                  -----END CERTIFICATE-----\n",
        "CurrentCertificateText": {
            "CertIssuer": "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware,
                           CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-02-10 17:09:10",
            "CertKeyFields": [{
                "CertKeyFieldName": "Modulus",
                "CertKeyFieldValue": "271048568970922638816289246574090357265458099414808370919
                                      281886788534054444179859860877756223515535535692043985133
                                      920247835937311474482415474115881546386298345772977277703
                                      889738976661671752896050924848676937463400627710682756206
                                      455728233228873540065270672522555274006513099320198242184
                                      165629194922013493162595675122867284737677938660088513778
                                      021414424416050027951695260070630687666817287323852235784
                                      628308447380269173245982978242585923660292564229591198152
                                      753312259616860010312872853053847778720673669856945772078
                                      674160619657578583115691288689774396225628869803901259504
                                      3744288124532031867667540375136876751912844687"
            },
            {
                "CertKeyFieldName": "Exponent",
                "CertKeyFieldValue": "65537"
            }],
            "CertPublicKeyAlgorithm": "RSA",
            "CertPublicKeyLength": "2048",
            "CertSerialNumber": "1",
            "CertSignature": "5429801536728126484921788109674957340505786174190498826058819020747
                              4770239829431744849742278189671984225642100534819994728280717964383
                              2346205725909393588045294261655402529795288123532822177313694727294
                              8505576830427563266892123849868454039161808952582099606601470853225
                              8557406200063053223925662224067475698600271681973176200072641843863
                              9698537975786851922608928463285272519227504508030554398740015658067
                              6076245524567045543895315911147204102157825173235800791699613031826
                              6267136731772955463679581356781990501612969896331192906025155987151
                              5253794309280892803820986988152462410627451082997470515603059993103
                              8218100454472",
            "CertSignatureAlgorithm": "SHA256withRSA",
            "CertSubject": "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware,
                            CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-02-10 17:09:10",
            "CertValidNotAfter": "2048-12-31T23:59:59Z",
            "CertValidNotBefore": "1970-01-01T00:00:00Z",
            "CertX509Version": "3"
        },
        "TrustedCertificateText": {
            "CertIssuer": "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware,
                           CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-02-10 17:09:10",
            "CertKeyFields": [{
                "CertKeyFieldName": "Modulus",
                "CertKeyFieldValue": "271048568970922638816289246574090357265458099414808370919
                                      428188678853405444417985986087775622351553553569204398513
                                      392024783593731147448241547411588154638629834577297727770
                                      388973897666167175289605092484867693746340062771068275620
                                      645572823322887354006527067252255527400651309932019824218
                                      416562919492201349316259567512286728473767793866008851377
                                      802141442441605002795169526007063068766681728732385223578
                                      462830844738026917324598297824258592366029256422959119815
                                      2753312259616860010312872853053847778720673669856945772078
                                      6741606196575785831156912886897743962256288698039012595043
                                      744288124532031867667540375136876751912844687"
            },
            {
                "CertKeyFieldName": "Exponent",
                "CertKeyFieldValue": "65537"
            }],
            "CertPublicKeyAlgorithm": "RSA",
            "CertPublicKeyLength": "2048",
            "CertSerialNumber": "1",
            "CertSignature": "5429801536728126484921788109674957340505786174190498826058819020747
                              4770239829431744849742278189671984225642100534819994728280717964383
                              2346205725909393588045294261655402529795288123532822177313694727294
                              8505576830427563266892123849868454039161808952582099606601470853225
                              8557406200063053223925662224067475698600271681973176200072641843863
                              9698537975786851922608928463285272519227504508030554398740015658067
                              6076245524567045543895315911147204102157825173235800791699613031826
                              6267136731772955463679581356781990501612969896331192906025155987151
                              5253794309280892803820986988152462410627451082997470515603059993103
                              8218100454472"
            "CertSignatureAlgorithm": "SHA256withRSA",
            "CertSubject": "L=Austin,ST=TX,C=US,O=Generated by Lenovo Firmware,
                            CN=CA for A4AFBBC4-7702-3204-9A45-C6F315D66236\\, 15-02-10 17:09:10",
            "CertValidNotAfter": "2048-12-31T23:59:59Z",
            "CertValidNotBefore": "1970-01-01T00:00:00Z",
            "CertX509Version": "3",
        }
    },
    "result": "success",
    "messages": [{
        "explanation": "The currently trusted certificate for the device matches the certificate 
                        currently in use by the device. The untrusted connection is due to another 
                        cause of certificate validation failure.",
        "id": "FQXHMSE0120I",
        "recovery": {
            "text": "Connect to the device and verify that the certificate in use is not expired 
                     and that the address the management server is using to connect to the device 
                     is present in the certificate. Ensure that the public key algorithm and 
                     signature algorithms in use in the certificate comply with the cryptography 
                     settings on the management server. If these actions do not resolve the issue, 
                     regenerate the devices certificate (selecting algorithms that comply with the 
                     cryptography settings on the management server) and try the operation again to 
                     resolve the untrusted connection. If the problem persists, collect service data 
                     and contact Support.",
            "URL": ""
        },
        "text": "The request to resolve the untrusted connection was not successful."
    }]
}