Update Certificate - Update Certificate
Updates the specified attributes associated with the given certificate.
The UpdateCertificate operation applies the specified update on the given certificate; the only elements updated are the certificate's attributes. This operation requires the certificates/update permission.
PATCH {vaultBaseUrl}/certificates/{certificate-name}/{certificate-version}?api-version=7.0URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
vault
|
path | True |
|
The vault name, for example https://myvault.vault.azure.net. |
|
certificate-name
|
path | True |
|
The name of the certificate in the given key vault. |
|
certificate-version
|
path | True |
|
The version of the certificate. |
|
api-version
|
query | True |
|
Client API version. |
Request Body
| Name | Type | Description |
|---|---|---|
| attributes |
The attributes of the certificate (optional). |
|
| policy |
The management policy for the certificate. |
|
| tags |
|
Application specific metadata in the form of key-value pairs. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
The updated certificate. |
|
| Other Status Codes |
Key Vault error response describing why the operation failed. |
Examples
UpdateCertificate
Sample Request
PATCH {vaultBaseUrl}/certificates/updateCert01/c3d31d7b36c942ad83ef36fc0785a4fc?api-version=7.0{
"attributes": {
"enabled": true,
"nbf": 1430344421,
"exp": 2208988799
},
"tags": {
"department": "KeyVaultTest"
}
}Sample Response
{
"id": "https://testvault1021.vault.azure.net/certificates/updateCert01/c3d31d7b36c942ad83ef36fc0785a4fc",
"kid": "https://testvault1021.vault.azure.net/keys/updateCert01/c3d31d7b36c942ad83ef36fc0785a4fc",
"sid": "https://testvault1021.vault.azure.net/secrets/updateCert01/c3d31d7b36c942ad83ef36fc0785a4fc",
"x5t": "fLi3U52HunIVNXubkEnf8tP6Wbo",
"cer": "MIICODCCAeagAwIBAgIQqHmpBAv+CY9IJFoUhlbziTAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTE1MDQyOTIxNTM0MVoXDTM5MTIzMTIzNTk1OVowFzEVMBMGA1UEAxMMS2V5VmF1bHRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5bVAT73zr4+N4WVv2+SvTunAw08ksS4BrJW/nNliz3S9XuzMBMXvmYzU5HJ8TtEgluBiZZYd5qsMJD+OXHSNbsLdmMhni0jYX09h3XlC2VJw2sGKeYF+xEaavXm337aZZaZyjrFBrrUl51UePaN+kVFXNlBb3N3TYpqa7KokXenJQuR+i9Gv9a77c0UsSsDSryxppYhKK7HvTZCpKrhVtulF5iPMswWe9np3uggfMamyIsK/0L7X9w9B2qN7993RR0A00nOk4H6CnkuwO77dSsD0KJsk6FyAoZBzRXDZh9+d9R76zCL506NcQy/jl0lCiQYwsUX73PG5pxOh02OwKwIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwCQYFKw4DAh0FAANBAGqIjo2geVagzuzaZOe1ClGKhZeiCKfWAxklaGN+qlGUbVS4IN4V1lot3VKnzabasmkEHeNxPwLn1qvSD0cX9CE=",
"attributes": {
"enabled": true,
"nbf": 1430344421,
"exp": 2208988799,
"created": 1482188981,
"updated": 1482188981
},
"tags": {
"department": "KeyVaultTest"
}
}Definitions
| Action |
The action that will be executed. |
|
Action |
The type of the action. |
|
Certificate |
The certificate management attributes. |
|
Certificate |
A certificate bundle consists of a certificate (X509) plus its attributes. |
|
Certificate |
Management policy for a certificate. |
|
Certificate |
The certificate update parameters. |
|
Deletion |
Reflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable' the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval. |
| Error |
The key vault server error. |
|
Issuer |
Parameters for the issuer of the X509 component of a certificate. |
|
Json |
Elliptic curve name. For valid values, see JsonWebKeyCurveName. |
|
Json |
JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. |
|
Key |
Properties of the key pair backing a certificate. |
|
Key |
The key vault error exception. |
|
Lifetime |
Action and its trigger that will be performed by Key Vault over the lifetime of a certificate. |
|
Secret |
Properties of the key backing a certificate. |
|
Subject |
The subject alternate names of a X509 object. |
| Trigger |
A condition to be satisfied for an action to be executed. |
|
X509Certificate |
Properties of the X509 component of a certificate. |
Action
The action that will be executed.
| Name | Type | Description |
|---|---|---|
| action_type |
The type of the action. |
ActionType
The type of the action.
| Name | Type | Description |
|---|---|---|
| AutoRenew |
|
|
| EmailContacts |
|
CertificateAttributes
The certificate management attributes.
| Name | Type | Description |
|---|---|---|
| created |
|
Creation time in UTC. |
| enabled |
|
Determines whether the object is enabled. |
| exp |
|
Expiry date in UTC. |
| nbf |
|
Not before date in UTC. |
| recoveryLevel |
Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval. |
|
| updated |
|
Last updated time in UTC. |
CertificateBundle
A certificate bundle consists of a certificate (X509) plus its attributes.
| Name | Type | Description |
|---|---|---|
| attributes |
The certificate attributes. |
|
| cer |
|
CER contents of x509 certificate. |
| contentType |
|
The content type of the secret. |
| id |
|
The certificate id. |
| kid |
|
The key id. |
| policy |
The management policy. |
|
| sid |
|
The secret id. |
| tags |
|
Application specific metadata in the form of key-value pairs |
| x5t |
|
Thumbprint of the certificate. |
CertificatePolicy
Management policy for a certificate.
| Name | Type | Description |
|---|---|---|
| attributes |
The certificate attributes. |
|
| id |
|
The certificate id. |
| issuer |
Parameters for the issuer of the X509 component of a certificate. |
|
| key_props |
Properties of the key backing a certificate. |
|
| lifetime_actions |
Actions that will be performed by Key Vault over the lifetime of a certificate. |
|
| secret_props |
Properties of the secret backing a certificate. |
|
| x509_props |
Properties of the X509 component of a certificate. |
CertificateUpdateParameters
The certificate update parameters.
| Name | Type | Description |
|---|---|---|
| attributes |
The attributes of the certificate (optional). |
|
| policy |
The management policy for the certificate. |
|
| tags |
|
Application specific metadata in the form of key-value pairs. |
DeletionRecoveryLevel
Reflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable' the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval.
| Name | Type | Description |
|---|---|---|
| Purgeable |
|
|
| Recoverable |
|
|
| Recoverable+ProtectedSubscription |
|
|
| Recoverable+Purgeable |
|
Error
The key vault server error.
| Name | Type | Description |
|---|---|---|
| code |
|
The error code. |
| innererror |
The key vault server error. |
|
| message |
|
The error message. |
IssuerParameters
Parameters for the issuer of the X509 component of a certificate.
| Name | Type | Description |
|---|---|---|
| cert_transparency |
|
Indicates if the certificates generated under this policy should be published to certificate transparency logs. |
| cty |
|
Certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL' |
| name |
|
Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. |
JsonWebKeyCurveName
Elliptic curve name. For valid values, see JsonWebKeyCurveName.
| Name | Type | Description |
|---|---|---|
| P-256 |
|
The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. |
| P-256K |
|
The SECG SECP256K1 elliptic curve. |
| P-384 |
|
The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. |
| P-521 |
|
The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. |
JsonWebKeyType
JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40.
| Name | Type | Description |
|---|---|---|
| EC |
|
Elliptic Curve. |
| EC-HSM |
|
Elliptic Curve with a private key which is not exportable from the HSM. |
| RSA |
|
|
| RSA-HSM |
|
RSA with a private key which is not exportable from the HSM. |
| oct |
|
Octet sequence (used to represent symmetric keys) |
KeyProperties
Properties of the key pair backing a certificate.
| Name | Type | Description |
|---|---|---|
| crv |
Elliptic curve name. For valid values, see JsonWebKeyCurveName. |
|
| exportable |
|
Indicates if the private key can be exported. |
| key_size |
|
The key size in bits. For example: 2048, 3072, or 4096 for RSA. |
| kty |
The type of key pair to be used for the certificate. |
|
| reuse_key |
|
Indicates if the same key pair will be used on certificate renewal. |
KeyVaultError
The key vault error exception.
| Name | Type | Description |
|---|---|---|
| error |
The key vault server error. |
LifetimeAction
Action and its trigger that will be performed by Key Vault over the lifetime of a certificate.
| Name | Type | Description |
|---|---|---|
| action |
The action that will be executed. |
|
| trigger |
The condition that will execute the action. |
SecretProperties
Properties of the key backing a certificate.
| Name | Type | Description |
|---|---|---|
| contentType |
|
The media type (MIME type). |
SubjectAlternativeNames
The subject alternate names of a X509 object.
| Name | Type | Description |
|---|---|---|
| dns_names |
|
Domain names. |
| emails |
|
Email addresses. |
| upns |
|
User principal names. |
Trigger
A condition to be satisfied for an action to be executed.
| Name | Type | Description |
|---|---|---|
| days_before_expiry |
|
Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). |
| lifetime_percentage |
|
Percentage of lifetime at which to trigger. Value should be between 1 and 99. |
X509CertificateProperties
Properties of the X509 component of a certificate.
| Name | Type | Description |
|---|---|---|
| ekus |
|
The enhanced key usage. |
| key_usage |
|
List of key usages. |
| sans |
The subject alternative names. |
|
| subject |
|
The subject name. Should be a valid X509 distinguished Name. |
| validity_months |
|
The duration that the certificate is valid in months. |