Update Certificate Policy
Updates the policy for a certificate.
Set specified members in the certificate policy. Leave others as null.
See Common parameters and headers for headers and parameters that are used by all requests.
In your request:
- Replace
{certificate-name}with the name of the certificate for which you want to update the policy.
Alternate Method: An alternative to using PATCH is to use PUT so, you effect a set / replacement behavior. PATCH will allow you to specify as few as one property in the request such that only that property will be updated. PUT will completely replace the policy. In other words, if you specify all properties with a PATCH method, then it is equivalent to using a PUT method effectively setting all properties of the certificate policy.
For more information, see About keys, secrets, and certificates and Authentication, requests and responses.
PATCH https://{vaultBaseUrl}/certificates/{certificate-name}/policy?api-version={api-version}URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
vaultBaseUrl
|
path | True |
|
The vault name, for example https://myvault.vault.azure.net. |
|
certificate-name
|
path | True |
|
The name of the certificate in the given vault. |
|
api-version
|
query | True |
|
Use the latest service version, 2016-10-01. |
Request Body
| Name | Required | Type | Description |
|---|---|---|---|
| attributes |
The certificate attributes. |
||
| issuer |
Parameters for the issuer of the X509 component of a certificate. |
||
| key_props |
Properties of the key backing a certificate. |
||
| lifetime_actions |
Actions that will be performed by Key Vault over the lifetime of a certificate. |
||
| secret_props |
Properties of the secret backing a certificate. |
||
| x509_props |
Properties of the X509 component of a certificate. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
The certificate policy |
|
| Other Status Codes |
Key Vault error response describing why the operation failed. |
Definitions
| Action |
The action that will be executed. |
| CertificateAttributes |
The certificate attributes. |
| CertificatePolicy | |
| Error |
The key vault server error. |
| IssuerParameters |
Parameters for the issuer of the X509 component of a certificate. |
| KeyProperties |
Properties of the key backing a certificate. |
| KeyVaultError | |
| LifetimeAction |
Action and its trigger that will be performed by Key Vault over the lifetime of a certificate. |
| SecretProperties |
Properties of the secret backing a certificate. |
| SubjectAlternativeNames |
The subject alternative names. |
| Trigger |
The condition that will execute the action. |
| X509CertificateProperties |
Properties of the X509 component of a certificate. |
The action that will be executed.
| Name | Type | Description |
|---|---|---|
| action_type |
|
The type of the action. |
The certificate attributes.
| Name | Type | Description |
|---|---|---|
| created |
|
Creation time in UTC. |
| enabled |
|
Determines whether the object is enabled. |
| exp |
|
Expiry date in UTC. |
| nbf |
|
Not before date in UTC. |
| recoveryLevel |
|
Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval. |
| updated |
|
Last updated time in UTC. |
| Name | Type | Description |
|---|---|---|
| attributes |
The certificate attributes. |
|
| id |
|
The certificate id. |
| issuer |
Parameters for the issuer of the X509 component of a certificate. |
|
| key_props |
Properties of the key backing a certificate. |
|
| lifetime_actions |
Actions that will be performed by Key Vault over the lifetime of a certificate. |
|
| secret_props |
Properties of the secret backing a certificate. |
|
| x509_props |
Properties of the X509 component of a certificate. |
The key vault server error.
| Name | Type | Description |
|---|---|---|
| code |
|
The error code. |
| innererror | ||
| message |
|
The error message. |
Parameters for the issuer of the X509 component of a certificate.
| Name | Type | Description |
|---|---|---|
| cty |
|
Type of certificate to be requested from the issuer provider. |
| name |
|
Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. |
Properties of the key backing a certificate.
| Name | Type | Description |
|---|---|---|
| exportable |
|
Indicates if the private key can be exported. |
| key_size |
|
The key size in bytes. For example; 1024 or 2048. |
| kty |
|
The key type. |
| reuse_key |
|
Indicates if the same key pair will be used on certificate renewal. |
| Name | Type | Description |
|---|---|---|
| error |
The key vault server error. |
Action and its trigger that will be performed by Key Vault over the lifetime of a certificate.
| Name | Type | Description |
|---|---|---|
| action |
The action that will be executed. |
|
| trigger |
The condition that will execute the action. |
Properties of the secret backing a certificate.
| Name | Type | Description |
|---|---|---|
| contentType |
|
The media type (MIME type). |
The subject alternative names.
| Name | Type | Description |
|---|---|---|
| dns_names |
|
Domain names. |
| emails |
|
Email addresses. |
| upns |
|
User principal names. |
The condition that will execute the action.
| Name | Type | Description |
|---|---|---|
| days_before_expiry |
|
Days before expiry. |
| lifetime_percentage |
|
Percentage of lifetime at which to trigger. Value should be between 1 and 99. |
Properties of the X509 component of a certificate.
| Name | Type | Description |
|---|---|---|
| ekus |
|
The enhanced key usage. |
| key_usage |
|
List of key usages. |
| sans |
The subject alternative names. |
|
| subject |
|
The subject name. Should be a valid X509 distinguished Name. |
| validity_months |
|
The duration that the ceritifcate is valid in months. |