csrs
Creates, updates, deletes, gets or lists a csrs resource.
Overview
| Name | csrs |
| Type | Resource |
| Id | okta.idps.csrs |
Fields
The following fields are returned by SELECT queries:
- list_csrs_for_identity_provider
- get_csr_for_identity_provider
| Name | Datatype | Description |
|---|---|---|
id | string | Unique identifier for the CSR (example: h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50) |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
created | string (date-time) | Timestamp when the object was created (example: 2016-01-03T18:15:47.000Z) |
csr | string | Base64-encoded CSR in DER format (example: MIIC4DCCAcgCAQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk9rdGEsIEluYy4xDDAKBgNVBAsMA0RldjESMBAGA1UEAwwJU1AgSXNzdWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6m8jHVCr9/tKvvbFN59T4raoCs/78KRm4fSefHQOv1TKLXo4wTLbsqYWRWc5u0sd5orUMQgPQOyj3i6qh13mALY4BzrT057EG1BUNjGg29QgYlnOk2iX890e5BIDMQQEIKFrvOi2V8cLUkLvE2ydRn0VO1Q1frbUkYeStJYC5Api2JQsYRwa+1ZeDH1ITnIzUaugWhW2WB2lSnwZkenne5KtffxMPYVu+IhNRHoKaRA6Z51YNhMJIx17JM2hs/H4Ka3drk6kzDf7ofk/yBpb9yBWyU7CTSQhdoHidxqFprMDaT66W928t3AeOENHBuwn8c2K9WeGG+bELNyQRJVmawIDAQABoCowKAYJKoZIhvcNAQkOMRswGTAXBgNVHREEEDAOggxkZXYub2t0YS5jb20wDQYJKoZIhvcNAQELBQADggEBAA2hsVJRVM+A83X9MekjTnIbt19UNT8wX7wlE9jUKirWsxceLiZBpVGn9qfKhhVIpvdaIRSeoFYS2Kg/m1G6bCvjmZLcrQ5FcEBjZH2NKfNppGVnfC2ugtUkBtCB+UUzOhKhRKJtGugenKbP33zRWWIqnd2waF6Cy8TIuqQVPbwEDN9bCbAs7ND6CFYNguY7KYjWzQOeAR716eqpEEXuPYAS4nx/ty4ylonR8cv+gpq51rvq80A4k/36aoeM0Y6I4w64vhTfuvWW2UYFUD+/+y2FA2CSP4JfctySrf1s525v6fzTFZ3qZbB5OZQtP2b8xYWktMzywsxGKDoVDB4wkH4=) |
kty | string | Cryptographic algorithm family for the CSR's keypair (example: RSA) |
| Name | Datatype | Description |
|---|---|---|
id | string | Unique identifier for the CSR (example: h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50) |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
created | string (date-time) | Timestamp when the object was created (example: 2016-01-03T18:15:47.000Z) |
csr | string | Base64-encoded CSR in DER format (example: MIIC4DCCAcgCAQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk9rdGEsIEluYy4xDDAKBgNVBAsMA0RldjESMBAGA1UEAwwJU1AgSXNzdWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6m8jHVCr9/tKvvbFN59T4raoCs/78KRm4fSefHQOv1TKLXo4wTLbsqYWRWc5u0sd5orUMQgPQOyj3i6qh13mALY4BzrT057EG1BUNjGg29QgYlnOk2iX890e5BIDMQQEIKFrvOi2V8cLUkLvE2ydRn0VO1Q1frbUkYeStJYC5Api2JQsYRwa+1ZeDH1ITnIzUaugWhW2WB2lSnwZkenne5KtffxMPYVu+IhNRHoKaRA6Z51YNhMJIx17JM2hs/H4Ka3drk6kzDf7ofk/yBpb9yBWyU7CTSQhdoHidxqFprMDaT66W928t3AeOENHBuwn8c2K9WeGG+bELNyQRJVmawIDAQABoCowKAYJKoZIhvcNAQkOMRswGTAXBgNVHREEEDAOggxkZXYub2t0YS5jb20wDQYJKoZIhvcNAQELBQADggEBAA2hsVJRVM+A83X9MekjTnIbt19UNT8wX7wlE9jUKirWsxceLiZBpVGn9qfKhhVIpvdaIRSeoFYS2Kg/m1G6bCvjmZLcrQ5FcEBjZH2NKfNppGVnfC2ugtUkBtCB+UUzOhKhRKJtGugenKbP33zRWWIqnd2waF6Cy8TIuqQVPbwEDN9bCbAs7ND6CFYNguY7KYjWzQOeAR716eqpEEXuPYAS4nx/ty4ylonR8cv+gpq51rvq80A4k/36aoeM0Y6I4w64vhTfuvWW2UYFUD+/+y2FA2CSP4JfctySrf1s525v6fzTFZ3qZbB5OZQtP2b8xYWktMzywsxGKDoVDB4wkH4=) |
kty | string | Cryptographic algorithm family for the CSR's keypair (example: RSA) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_csrs_for_identity_provider | select | subdomain | Lists all certificate signing requests (CSRs) for an identity provider (IdP) | |
get_csr_for_identity_provider | select | subdomain | Retrieves a specific certificate signing request (CSR) by id | |
generate_csr_for_identity_provider | insert | subdomain | Generates a new key pair and returns a certificate signing request (CSR) for it > Note: The private key isn't listed in the signing key credentials for the identity provider (IdP) until it's published. | |
revoke_csr_for_identity_provider | delete | subdomain | Revokes a certificate signing request (CSR) and deletes the key pair from the identity provider (IdP) | |
publish_csr_for_identity_provider | exec | subdomain | Publishes the certificate signing request (CSR) with a signed X.509 certificate and adds it into the signing key credentials for the identity provider (IdP) > Notes: > * Publishing a certificate completes the lifecycle of the CSR, and it's no longer accessible. > * If the validity period of the certificate is less than 90 days, a 400 error response is returned. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
SELECT examples
- list_csrs_for_identity_provider
- get_csr_for_identity_provider
Lists all certificate signing requests (CSRs) for an identity provider (IdP)
SELECT
id,
_links,
created,
csr,
kty
FROM okta.idps.csrs
WHERE subdomain = '{{ subdomain }}' -- required;
Retrieves a specific certificate signing request (CSR) by id
SELECT
id,
_links,
created,
csr,
kty
FROM okta.idps.csrs
WHERE subdomain = '{{ subdomain }}' -- required;
INSERT examples
- generate_csr_for_identity_provider
- Manifest
Generates a new key pair and returns a certificate signing request (CSR) for it
> Note: The private key isn't listed in the signing key credentials for the identity provider (IdP) until it's published.
INSERT INTO okta.idps.csrs (
data__subject,
data__subjectAltNames,
subdomain
)
SELECT
'{{ subject }}',
'{{ subjectAltNames }}',
'{{ subdomain }}'
RETURNING
id,
_links,
created,
csr,
kty
;
# Description fields are for documentation purposes
- name: csrs
props:
- name: subdomain
value: string
description: Required parameter for the csrs resource.
- name: subject
value: object
- name: subjectAltNames
value: object
DELETE examples
- revoke_csr_for_identity_provider
Revokes a certificate signing request (CSR) and deletes the key pair from the identity provider (IdP)
DELETE FROM okta.idps.csrs
WHERE subdomain = '{{ subdomain }}' --required;
Lifecycle Methods
- publish_csr_for_identity_provider
Publishes the certificate signing request (CSR) with a signed X.509 certificate and adds it into the signing key credentials for the identity provider (IdP)
> Notes:
> * Publishing a certificate completes the lifecycle of the CSR, and it's no longer accessible.
> * If the validity period of the certificate is less than 90 days, a 400 error response is returned.
EXEC okta.idps.csrs.publish_csr_for_identity_provider
@subdomain='{{ subdomain }}' --required;