Bulk Certificate Sign

`POST /puppet-ca/v1/sign`

The sign endpoint of the CA API allows you to request the signing of CSRs that match the certnames included in the payload.

The certnames must be in an array nested under a certnames key and be valid certnames. The usual checks for subject-alt-names allowed, authorization-extensions allowed, invalid extensions and valid signature are made.

POST /puppet-ca/v1/sign
Content-Type: application/json

{
  "certnames": [
    "one.example.com",
    "two.example.com"
  ]
}

Supported HTTP Methods

POST

Supported Response Formats

application/json

Parameters

None

Responses

Certificates signed

POST /puppet-ca/v1/sign

{
  "certnames": [
    "one.example.com",
    "two.example.com"
  ]
}

HTTP 200 OK
Content-Type: application/json

{
  "signed": [
    "one.example.com",
    "two.example.com"
  ],
  "no-csr": [],
  "signing-errors": []
}

Certname schema error

POST /puppet-ca/v1/sign
Content-Type: application/json

{
  "certnames": [
    1,
    2
  ]
}

HTTP 422 Unprocessable Entity

{
  "kind": "schema-violation",
  "msg": ""
  "details": {},
}

No CSRs for supplied certnames

POST /puppet-ca/v1/sign
Content-Type: application/json

{
  "certnames": [
    "nocsrone.example.com",
    "nocsrtwo.example.com"
  ]
}

HTTP 200 OK
Content-Type: application/json

{
  "signed": [],
  "no-csr": [
    "nocsrone.example.com",
    "nocsrtwo.example.com"
  ],
  "signing-errors": []
}

Signing errors for supplied certnames

POST /puppet-ca/v1/sign
Content-Type: application/json

{
  "certnames": [
    "badextension.example.com",
    "invalidsignature.example.com"
  ]
}

HTTP 200 OK
Content-Type: application/json

{
  "signed": [],
  "no-csr": [],
  "signing-errors": [
    "badextension.example.com",
    "invalidsignature.example.com"
  ]
}

`POST /puppet-ca/v1/sign/all`

The sign/all endpoint of the CA API allows you to request the signing of all outstanding CSRs.

POST /puppet-ca/v1/sign/all
Content-Type: application/json

{}