Update Certificate - Update Certificate
Updates the specified attributes associated with the given certificate.
The UpdateCertificate operation applies the specified update on the given certificate; the only elements updated are the certificate's attributes. This operation requires the certificates/update permission.
PATCH {vaultBaseUrl}/certificates/{certificate-name}/{certificate-version}?api-version=7.0
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
vault
|
path | True |
|
The vault name, for example https://myvault.vault.azure.net. |
certificate-name
|
path | True |
|
The name of the certificate in the given key vault. |
certificate-version
|
path | True |
|
The version of the certificate. |
api-version
|
query | True |
|
Client API version. |
Request Body
Name | Type | Description |
---|---|---|
attributes |
The attributes of the certificate (optional). |
|
policy |
The management policy for the certificate. |
|
tags |
|
Application specific metadata in the form of key-value pairs. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
The updated certificate. |
|
Other Status Codes |
Key Vault error response describing why the operation failed. |
Examples
UpdateCertificate
Sample Request
PATCH {vaultBaseUrl}/certificates/updateCert01/c3d31d7b36c942ad83ef36fc0785a4fc?api-version=7.0
{
"attributes": {
"enabled": true,
"nbf": 1430344421,
"exp": 2208988799
},
"tags": {
"department": "KeyVaultTest"
}
}
Sample Response
{
"id": "https://testvault1021.vault.azure.net/certificates/updateCert01/c3d31d7b36c942ad83ef36fc0785a4fc",
"kid": "https://testvault1021.vault.azure.net/keys/updateCert01/c3d31d7b36c942ad83ef36fc0785a4fc",
"sid": "https://testvault1021.vault.azure.net/secrets/updateCert01/c3d31d7b36c942ad83ef36fc0785a4fc",
"x5t": "fLi3U52HunIVNXubkEnf8tP6Wbo",
"cer": "MIICODCCAeagAwIBAgIQqHmpBAv+CY9IJFoUhlbziTAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTE1MDQyOTIxNTM0MVoXDTM5MTIzMTIzNTk1OVowFzEVMBMGA1UEAxMMS2V5VmF1bHRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5bVAT73zr4+N4WVv2+SvTunAw08ksS4BrJW/nNliz3S9XuzMBMXvmYzU5HJ8TtEgluBiZZYd5qsMJD+OXHSNbsLdmMhni0jYX09h3XlC2VJw2sGKeYF+xEaavXm337aZZaZyjrFBrrUl51UePaN+kVFXNlBb3N3TYpqa7KokXenJQuR+i9Gv9a77c0UsSsDSryxppYhKK7HvTZCpKrhVtulF5iPMswWe9np3uggfMamyIsK/0L7X9w9B2qN7993RR0A00nOk4H6CnkuwO77dSsD0KJsk6FyAoZBzRXDZh9+d9R76zCL506NcQy/jl0lCiQYwsUX73PG5pxOh02OwKwIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwCQYFKw4DAh0FAANBAGqIjo2geVagzuzaZOe1ClGKhZeiCKfWAxklaGN+qlGUbVS4IN4V1lot3VKnzabasmkEHeNxPwLn1qvSD0cX9CE=",
"attributes": {
"enabled": true,
"nbf": 1430344421,
"exp": 2208988799,
"created": 1482188981,
"updated": 1482188981
},
"tags": {
"department": "KeyVaultTest"
}
}
Definitions
Action |
The action that will be executed. |
Action |
The type of the action. |
Certificate |
The certificate management attributes. |
Certificate |
A certificate bundle consists of a certificate (X509) plus its attributes. |
Certificate |
Management policy for a certificate. |
Certificate |
The certificate update parameters. |
Deletion |
Reflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable' the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval. |
Error |
The key vault server error. |
Issuer |
Parameters for the issuer of the X509 component of a certificate. |
Json |
Elliptic curve name. For valid values, see JsonWebKeyCurveName. |
Json |
JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. |
Key |
Properties of the key pair backing a certificate. |
Key |
The key vault error exception. |
Lifetime |
Action and its trigger that will be performed by Key Vault over the lifetime of a certificate. |
Secret |
Properties of the key backing a certificate. |
Subject |
The subject alternate names of a X509 object. |
Trigger |
A condition to be satisfied for an action to be executed. |
X509Certificate |
Properties of the X509 component of a certificate. |
Action
The action that will be executed.
Name | Type | Description |
---|---|---|
action_type |
The type of the action. |
ActionType
The type of the action.
Name | Type | Description |
---|---|---|
AutoRenew |
|
|
EmailContacts |
|
CertificateAttributes
The certificate management attributes.
Name | Type | Description |
---|---|---|
created |
|
Creation time in UTC. |
enabled |
|
Determines whether the object is enabled. |
exp |
|
Expiry date in UTC. |
nbf |
|
Not before date in UTC. |
recoveryLevel |
Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval. |
|
updated |
|
Last updated time in UTC. |
CertificateBundle
A certificate bundle consists of a certificate (X509) plus its attributes.
Name | Type | Description |
---|---|---|
attributes |
The certificate attributes. |
|
cer |
|
CER contents of x509 certificate. |
contentType |
|
The content type of the secret. |
id |
|
The certificate id. |
kid |
|
The key id. |
policy |
The management policy. |
|
sid |
|
The secret id. |
tags |
|
Application specific metadata in the form of key-value pairs |
x5t |
|
Thumbprint of the certificate. |
CertificatePolicy
Management policy for a certificate.
Name | Type | Description |
---|---|---|
attributes |
The certificate attributes. |
|
id |
|
The certificate id. |
issuer |
Parameters for the issuer of the X509 component of a certificate. |
|
key_props |
Properties of the key backing a certificate. |
|
lifetime_actions |
Actions that will be performed by Key Vault over the lifetime of a certificate. |
|
secret_props |
Properties of the secret backing a certificate. |
|
x509_props |
Properties of the X509 component of a certificate. |
CertificateUpdateParameters
The certificate update parameters.
Name | Type | Description |
---|---|---|
attributes |
The attributes of the certificate (optional). |
|
policy |
The management policy for the certificate. |
|
tags |
|
Application specific metadata in the form of key-value pairs. |
DeletionRecoveryLevel
Reflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable' the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval.
Name | Type | Description |
---|---|---|
Purgeable |
|
|
Recoverable |
|
|
Recoverable+ProtectedSubscription |
|
|
Recoverable+Purgeable |
|
Error
The key vault server error.
Name | Type | Description |
---|---|---|
code |
|
The error code. |
innererror |
The key vault server error. |
|
message |
|
The error message. |
IssuerParameters
Parameters for the issuer of the X509 component of a certificate.
Name | Type | Description |
---|---|---|
cert_transparency |
|
Indicates if the certificates generated under this policy should be published to certificate transparency logs. |
cty |
|
Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' |
name |
|
Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. |
JsonWebKeyCurveName
Elliptic curve name. For valid values, see JsonWebKeyCurveName.
Name | Type | Description |
---|---|---|
P-256 |
|
The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. |
P-256K |
|
The SECG SECP256K1 elliptic curve. |
P-384 |
|
The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. |
P-521 |
|
The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. |
JsonWebKeyType
JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40.
Name | Type | Description |
---|---|---|
EC |
|
Elliptic Curve. |
EC-HSM |
|
Elliptic Curve with a private key which is not exportable from the HSM. |
RSA |
|
|
RSA-HSM |
|
RSA with a private key which is not exportable from the HSM. |
oct |
|
Octet sequence (used to represent symmetric keys) |
KeyProperties
Properties of the key pair backing a certificate.
Name | Type | Description |
---|---|---|
crv |
Elliptic curve name. For valid values, see JsonWebKeyCurveName. |
|
exportable |
|
Indicates if the private key can be exported. |
key_size |
|
The key size in bits. For example: 2048, 3072, or 4096 for RSA. |
kty |
The type of key pair to be used for the certificate. |
|
reuse_key |
|
Indicates if the same key pair will be used on certificate renewal. |
KeyVaultError
The key vault error exception.
Name | Type | Description |
---|---|---|
error |
The key vault server error. |
LifetimeAction
Action and its trigger that will be performed by Key Vault over the lifetime of a certificate.
Name | Type | Description |
---|---|---|
action |
The action that will be executed. |
|
trigger |
The condition that will execute the action. |
SecretProperties
Properties of the key backing a certificate.
Name | Type | Description |
---|---|---|
contentType |
|
The media type (MIME type). |
SubjectAlternativeNames
The subject alternate names of a X509 object.
Name | Type | Description |
---|---|---|
dns_names |
|
Domain names. |
emails |
|
Email addresses. |
upns |
|
User principal names. |
Trigger
A condition to be satisfied for an action to be executed.
Name | Type | Description |
---|---|---|
days_before_expiry |
|
Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). |
lifetime_percentage |
|
Percentage of lifetime at which to trigger. Value should be between 1 and 99. |
X509CertificateProperties
Properties of the X509 component of a certificate.
Name | Type | Description |
---|---|---|
ekus |
|
The enhanced key usage. |
key_usage |
|
List of key usages. |
sans |
The subject alternative names. |
|
subject |
|
The subject name. Should be a valid X509 distinguished Name. |
validity_months |
|
The duration that the certificate is valid in months. |