Recover Deleted Certificate
Recovers the deleted certificate back to its current version under /certificates.
The RecoverDeletedCertificate operation performs the reversal of the Delete operation. The operation is applicable in vaults enabled for soft-delete, and must be issued during the retention interval (available in the deleted certificate's attributes).
POST https://{vaultBaseUrl}/deletedcertificates/{certificate-name}/recover?api-version={api-version}
URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
vaultBaseUrl
|
path | True |
|
The vault name, for example https://myvault.vault.azure.net. |
|
certificate-name
|
path | True |
|
The name of the deleted certificate |
|
api-version
|
query | True |
|
Client API version. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
A Certificate bundle of the original certificate and its attributes |
|
| Other Status Codes |
Key Vault error response describing why the operation failed. |
Definitions
| Action |
The action that will be executed. |
| CertificateAttributes |
The certificate attributes. |
| CertificateBundle | |
| CertificatePolicy |
The management policy. |
| Error |
The key vault server error. |
| IssuerParameters |
Parameters for the issuer of the X509 component of a certificate. |
| KeyProperties |
Properties of the key backing a certificate. |
| KeyVaultError | |
| LifetimeAction |
Action and its trigger that will be performed by Key Vault over the lifetime of a certificate. |
| SecretProperties |
Properties of the secret backing a certificate. |
| SubjectAlternativeNames |
The subject alternative names. |
| Trigger |
The condition that will execute the action. |
| X509CertificateProperties |
Properties of the X509 component of a certificate. |
The action that will be executed.
| Name | Type | Description |
|---|---|---|
| action_type |
|
The type of the action. |
The certificate attributes.
| Name | Type | Description |
|---|---|---|
| created |
|
Creation time in UTC. |
| enabled |
|
Determines whether the object is enabled. |
| exp |
|
Expiry date in UTC. |
| nbf |
|
Not before date in UTC. |
| recoveryLevel |
|
Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval. |
| updated |
|
Last updated time in UTC. |
| Name | Type | Description |
|---|---|---|
| attributes |
The certificate attributes. |
|
| cer |
|
CER contents of x509 certificate. |
| contentType |
|
The content type of the secret. |
| id |
|
The certificate id. |
| kid |
|
The key id. |
| policy |
The management policy. |
|
| sid |
|
The secret id. |
| tags |
|
Application specific metadata in the form of key-value pairs |
| x5t |
|
Thumbprint of the certificate. |
The management policy.
| Name | Type | Description |
|---|---|---|
| attributes |
The certificate attributes. |
|
| id |
|
The certificate id. |
| issuer |
Parameters for the issuer of the X509 component of a certificate. |
|
| key_props |
Properties of the key backing a certificate. |
|
| lifetime_actions |
Actions that will be performed by Key Vault over the lifetime of a certificate. |
|
| secret_props |
Properties of the secret backing a certificate. |
|
| x509_props |
Properties of the X509 component of a certificate. |
The key vault server error.
| Name | Type | Description |
|---|---|---|
| code |
|
The error code. |
| innererror | ||
| message |
|
The error message. |
Parameters for the issuer of the X509 component of a certificate.
| Name | Type | Description |
|---|---|---|
| cty |
|
Type of certificate to be requested from the issuer provider. |
| name |
|
Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. |
Properties of the key backing a certificate.
| Name | Type | Description |
|---|---|---|
| exportable |
|
Indicates if the private key can be exported. |
| key_size |
|
The key size in bytes. For example; 1024 or 2048. |
| kty |
|
The key type. |
| reuse_key |
|
Indicates if the same key pair will be used on certificate renewal. |
| Name | Type | Description |
|---|---|---|
| error |
The key vault server error. |
Action and its trigger that will be performed by Key Vault over the lifetime of a certificate.
| Name | Type | Description |
|---|---|---|
| action |
The action that will be executed. |
|
| trigger |
The condition that will execute the action. |
Properties of the secret backing a certificate.
| Name | Type | Description |
|---|---|---|
| contentType |
|
The media type (MIME type). |
The subject alternative names.
| Name | Type | Description |
|---|---|---|
| dns_names |
|
Domain names. |
| emails |
|
Email addresses. |
| upns |
|
User principal names. |
The condition that will execute the action.
| Name | Type | Description |
|---|---|---|
| days_before_expiry |
|
Days before expiry. |
| lifetime_percentage |
|
Percentage of lifetime at which to trigger. Value should be between 1 and 99. |
Properties of the X509 component of a certificate.
| Name | Type | Description |
|---|---|---|
| ekus |
|
The enhanced key usage. |
| key_usage |
|
List of key usages. |
| sans |
The subject alternative names. |
|
| subject |
|
The subject name. Should be a valid X509 distinguished Name. |
| validity_months |
|
The duration that the ceritifcate is valid in months. |