csrs
Creates, updates, deletes, gets or lists a csrs resource.
Overview
| Name | csrs |
| Type | Resource |
| Id | okta.apps.csrs |
Fields
The following fields are returned by SELECT queries:
- list_csrs_for_application
- get_csr_for_application
| Name | Datatype | Description |
|---|---|---|
id | string | (example: h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50) |
_links | object | Specifies link relations (see Web Linking) available for the current status of a CSR object using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
created | string (date-time) | Timestamp when the object was created (example: 2017-03-28T01:11:10.000Z) |
csr | string | (example: MIIC4DCCAcgCAQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk9rdGEsIEluYy4xDDAKBgNVBAsMA0RldjESMBAGA1UEAwwJU1AgSXNzdWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6m8jHVCr9/tKvvbFN59T4raoCs/78KRm4fSefHQOv1TKLXo4wTLbsqYWRWc5u0sd5orUMQgPQOyj3i6qh13mALY4BzrT057EG1BUNjGg29QgYlnOk2iX890e5BIDMQQEIKFrvOi2V8cLUkLvE2ydRn0VO1Q1frbUkYeStJYC5Api2JQsYRwa+1ZeDH1ITnIzUaugWhW2WB2lSnwZkenne5KtffxMPYVu+IhNRHoKaRA6Z51YNhMJIx17JM2hs/H4Ka3drk6kzDf7ofk/yBpb9yBWyU7CTSQhdoHidxqFprMDaT66W928t3AeOENHBuwn8c2K9WeGG+bELNyQRJVmawIDAQABoCowKAYJKoZIhvcNAQkOMRswGTAXBgNVHREEEDAOggxkZXYub2t0YS5jb20wDQYJKoZIhvcNAQELBQADggEBAA2hsVJRVM+A83X9MekjTnIbt19UNT8wX7wlE9jUKirWsxceLiZBpVGn9qfKhhVIpvdaIRSeoFYS2Kg/m1G6bCvjmZLcrQ5FcEBjZH2NKfNppGVnfC2ugtUkBtCB+UUzOhKhRKJtGugenKbP33zRWWIqnd2waF6Cy8TIuqQVPbwEDN9bCbAs7ND6CFYNguY7KYjWzQOeAR716eqpEEXuPYAS4nx/ty4ylonR8cv+gpq51rvq80A4k/36aoeM0Y6I4w64vhTfuvWW2UYFUD+/+y2FA2CSP4JfctySrf1s525v6fzTFZ3qZbB5OZQtP2b8xYWktMzywsxGKDoVDB4wkH4=) |
kty | string | (example: RSA) |
| Name | Datatype | Description |
|---|---|---|
id | string | (example: h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50) |
_links | object | Specifies link relations (see Web Linking) available for the current status of a CSR object using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
created | string (date-time) | Timestamp when the object was created (example: 2017-03-28T01:11:10.000Z) |
csr | string | (example: MIIC4DCCAcgCAQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk9rdGEsIEluYy4xDDAKBgNVBAsMA0RldjESMBAGA1UEAwwJU1AgSXNzdWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6m8jHVCr9/tKvvbFN59T4raoCs/78KRm4fSefHQOv1TKLXo4wTLbsqYWRWc5u0sd5orUMQgPQOyj3i6qh13mALY4BzrT057EG1BUNjGg29QgYlnOk2iX890e5BIDMQQEIKFrvOi2V8cLUkLvE2ydRn0VO1Q1frbUkYeStJYC5Api2JQsYRwa+1ZeDH1ITnIzUaugWhW2WB2lSnwZkenne5KtffxMPYVu+IhNRHoKaRA6Z51YNhMJIx17JM2hs/H4Ka3drk6kzDf7ofk/yBpb9yBWyU7CTSQhdoHidxqFprMDaT66W928t3AeOENHBuwn8c2K9WeGG+bELNyQRJVmawIDAQABoCowKAYJKoZIhvcNAQkOMRswGTAXBgNVHREEEDAOggxkZXYub2t0YS5jb20wDQYJKoZIhvcNAQELBQADggEBAA2hsVJRVM+A83X9MekjTnIbt19UNT8wX7wlE9jUKirWsxceLiZBpVGn9qfKhhVIpvdaIRSeoFYS2Kg/m1G6bCvjmZLcrQ5FcEBjZH2NKfNppGVnfC2ugtUkBtCB+UUzOhKhRKJtGugenKbP33zRWWIqnd2waF6Cy8TIuqQVPbwEDN9bCbAs7ND6CFYNguY7KYjWzQOeAR716eqpEEXuPYAS4nx/ty4ylonR8cv+gpq51rvq80A4k/36aoeM0Y6I4w64vhTfuvWW2UYFUD+/+y2FA2CSP4JfctySrf1s525v6fzTFZ3qZbB5OZQtP2b8xYWktMzywsxGKDoVDB4wkH4=) |
kty | string | (example: RSA) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_csrs_for_application | select | subdomain | Lists all Certificate Signing Requests for an application | |
get_csr_for_application | select | subdomain | Retrieves a Certificate Signing Request (CSR) for the app by csrId.Returns a Base64-encoded CSR in DER format if the Accept media type is application/pkcs10 or a CSR object if the Accept media type is application/json. | |
revoke_csr_from_application | delete | subdomain | Revokes a Certificate Signing Request and deletes the key pair from the app | |
generate_csr_for_application | exec | subdomain | Generates a new key pair and returns the Certificate Signing Request(CSR) for it. The information in a CSR is used by the Certificate Authority (CA) to verify and create your certificate. It also contains the public key that is included in your certificate. Returns CSR in pkcs#10 format if the Accept media type is application/pkcs10 or a CSR object if the Accept media type is application/json.> Note: The key pair isn't listed in the Key Credentials for the app until it's published. | |
publish_csr_from_application | exec | subdomain | Publishes a Certificate Signing Request (CSR) for the app with a signed X.509 certificate and adds it into the Application Key Credentials. > Note: Publishing a certificate completes the lifecycle of the CSR and it's no longer accessible. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
SELECT examples
- list_csrs_for_application
- get_csr_for_application
Lists all Certificate Signing Requests for an application
SELECT
id,
_links,
created,
csr,
kty
FROM okta.apps.csrs
WHERE subdomain = '{{ subdomain }}' -- required;
Retrieves a Certificate Signing Request (CSR) for the app by csrId.
Returns a Base64-encoded CSR in DER format if the Accept media type is application/pkcs10 or a CSR object if the Accept media type is application/json.
SELECT
id,
_links,
created,
csr,
kty
FROM okta.apps.csrs
WHERE subdomain = '{{ subdomain }}' -- required;
DELETE examples
- revoke_csr_from_application
Revokes a Certificate Signing Request and deletes the key pair from the app
DELETE FROM okta.apps.csrs
WHERE subdomain = '{{ subdomain }}' --required;
Lifecycle Methods
- generate_csr_for_application
- publish_csr_from_application
Generates a new key pair and returns the Certificate Signing Request(CSR) for it. The information in a CSR is used by the Certificate Authority (CA) to verify and create your certificate. It also contains the public key that is included in your certificate.
Returns CSR in pkcs#10 format if the Accept media type is application/pkcs10 or a CSR object if the Accept media type is application/json.
> Note: The key pair isn't listed in the Key Credentials for the app until it's published.
EXEC okta.apps.csrs.generate_csr_for_application
@subdomain='{{ subdomain }}' --required
@@json=
'{
"subject": "{{ subject }}",
"subjectAltNames": "{{ subjectAltNames }}"
}';
Publishes a Certificate Signing Request (CSR) for the app with a signed X.509 certificate and adds it into the Application Key Credentials.
> Note: Publishing a certificate completes the lifecycle of the CSR and it's no longer accessible.
EXEC okta.apps.csrs.publish_csr_from_application
@subdomain='{{ subdomain }}' --required;