Update Certificate Policy

Updates the policy for a certificate.

Set specified members in the certificate policy. Leave others as null.

See Common parameters and headers for headers and parameters that are used by all requests.

In your request:

  • Replace {certificate-name} with the name of the certificate for which you want to update the policy.

Alternate Method: An alternative to using PATCH is to use PUT so, you effect a set / replacement behavior. PATCH will allow you to specify as few as one property in the request such that only that property will be updated. PUT will completely replace the policy. In other words, if you specify all properties with a PATCH method, then it is equivalent to using a PUT method effectively setting all properties of the certificate policy.

For more information, see About keys, secrets, and certificates and Authentication, requests and responses.

PATCH https://{vaultBaseUrl}/certificates/{certificate-name}/policy?api-version={api-version}

URI Parameters

Name In Required Type Description
vaultBaseUrl
path True
  • string

The vault name, for example https://myvault.vault.azure.net.

certificate-name
path True
  • string

The name of the certificate in the given vault.

api-version
query True
  • string

Use the latest service version, 2016-10-01.

Request Body

Name Required Type Description
attributes

The certificate attributes.

issuer

Parameters for the issuer of the X509 component of a certificate.

key_props

Properties of the key backing a certificate.

lifetime_actions

Actions that will be performed by Key Vault over the lifetime of a certificate.

secret_props

Properties of the secret backing a certificate.

x509_props

Properties of the X509 component of a certificate.

Responses

Name Type Description
200 OK

The certificate policy

Other Status Codes

Key Vault error response describing why the operation failed.

Definitions

Action

The action that will be executed.

CertificateAttributes

The certificate attributes.

CertificatePolicy
Error

The key vault server error.

IssuerParameters

Parameters for the issuer of the X509 component of a certificate.

KeyProperties

Properties of the key backing a certificate.

KeyVaultError
LifetimeAction

Action and its trigger that will be performed by Key Vault over the lifetime of a certificate.

SecretProperties

Properties of the secret backing a certificate.

SubjectAlternativeNames

The subject alternative names.

Trigger

The condition that will execute the action.

X509CertificateProperties

Properties of the X509 component of a certificate.

The action that will be executed.

Name Type Description
action_type
  • enum:
    • EmailContacts
    • AutoRenew

The type of the action.

The certificate attributes.

Name Type Description
created
  • integer
    unixtime

Creation time in UTC.

enabled
  • boolean

Determines whether the object is enabled.

exp
  • integer
    unixtime

Expiry date in UTC.

nbf
  • integer
    unixtime

Not before date in UTC.

recoveryLevel
  • enum:
    • Purgeable
    • Recoverable+Purgeable
    • Recoverable
    • Recoverable+ProtectedSubscription

Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval.

updated
  • integer
    unixtime

Last updated time in UTC.

Name Type Description
attributes

The certificate attributes.

id
  • string

The certificate id.

issuer

Parameters for the issuer of the X509 component of a certificate.

key_props

Properties of the key backing a certificate.

lifetime_actions

Actions that will be performed by Key Vault over the lifetime of a certificate.

secret_props

Properties of the secret backing a certificate.

x509_props

Properties of the X509 component of a certificate.

The key vault server error.

Name Type Description
code
  • string

The error code.

innererror
message
  • string

The error message.

Parameters for the issuer of the X509 component of a certificate.

Name Type Description
cty
  • string

Type of certificate to be requested from the issuer provider.

name
  • string

Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'.

Properties of the key backing a certificate.

Name Type Description
exportable
  • boolean

Indicates if the private key can be exported.

key_size
  • integer
    int32

The key size in bytes. For example; 1024 or 2048.

kty
  • string

The key type.

reuse_key
  • boolean

Indicates if the same key pair will be used on certificate renewal.

Name Type Description
error

The key vault server error.

Action and its trigger that will be performed by Key Vault over the lifetime of a certificate.

Name Type Description
action

The action that will be executed.

trigger

The condition that will execute the action.

Properties of the secret backing a certificate.

Name Type Description
contentType
  • string

The media type (MIME type).

The subject alternative names.

Name Type Description
dns_names
  • string[]

Domain names.

emails
  • string[]

Email addresses.

upns
  • string[]

User principal names.

The condition that will execute the action.

Name Type Description
days_before_expiry
  • integer
    int32

Days before expiry.

lifetime_percentage
  • integer
    int32

Percentage of lifetime at which to trigger. Value should be between 1 and 99.

Properties of the X509 component of a certificate.

Name Type Description
ekus
  • string[]

The enhanced key usage.

key_usage
  • string[]

List of key usages.

sans

The subject alternative names.

subject
  • string

The subject name. Should be a valid X509 distinguished Name.

validity_months
  • integer
    int32

The duration that the ceritifcate is valid in months.