Certificates API Specification

Specification Details

Property Value

Property	Value
Title	Cisco ISE API - Certificates
OpenAPI Version	3.0.3
API Version	1.0.0
Base URL	`{server}:443/api/v1/certs`
Authentication	HTTP Basic (Super Admin)
Endpoints	16

Title

Cisco ISE API - Certificates

OpenAPI Version

3.0.3

API Version

1.0.0

Base URL

{server}:443/api/v1/certs

Authentication

HTTP Basic (Super Admin)

Endpoints

Description

Full PKI lifecycle management for ISE:

Certificate Signing Requests (CSR)
System certificates (Admin, EAP, pxGrid, SAML)
Trusted certificate store
Root CA management
Certificate renewal and binding

Endpoints

Certificate Signing Requests

Endpoint Methods Description

Endpoint	Methods	Description
`/certs/certificate-signing-request`	GET, POST	List/generate CSRs
`/certs/certificate-signing-request/{hostName}/{id}`	GET, DELETE	Get/delete specific CSR
`/certs/certificate-signing-request/export/{hostname}/{id}`	GET	Export CSR in PEM format
`/certs/certificate-signing-request/intermediate-ca`	POST	Generate CSR for intermediate CA

/certs/certificate-signing-request

GET, POST

List/generate CSRs

/certs/certificate-signing-request/{hostName}/{id}

GET, DELETE

Get/delete specific CSR

/certs/certificate-signing-request/export/{hostname}/{id}

GET

Export CSR in PEM format

/certs/certificate-signing-request/intermediate-ca

POST

Generate CSR for intermediate CA

System Certificates

Endpoint Methods Description

Endpoint	Methods	Description
`/certs/system-certificate/{hostName}`	GET	List system certificates on node
`/certs/system-certificate/{hostName}/{id}`	GET, PUT, DELETE	Manage specific system cert
`/certs/system-certificate/import`	POST	Import certificate + key
`/certs/system-certificate/export`	POST	Export certificate
`/certs/system-certificate/generate-selfsigned-certificate`	POST	Generate self-signed cert

/certs/system-certificate/{hostName}

GET

List system certificates on node

/certs/system-certificate/{hostName}/{id}

GET, PUT, DELETE

Manage specific system cert

/certs/system-certificate/import

POST

Import certificate + key

/certs/system-certificate/export

POST

Export certificate

/certs/system-certificate/generate-selfsigned-certificate

POST

Generate self-signed cert

Trusted Certificates

Endpoint Methods Description

Endpoint	Methods	Description
`/certs/trusted-certificate`	GET, POST	List/import trusted certs
`/certs/trusted-certificate/{id}`	GET, PUT, DELETE	Manage specific trusted cert
`/certs/trusted-certificate/export/{id}`	GET	Export trusted cert

/certs/trusted-certificate

GET, POST

List/import trusted certs

/certs/trusted-certificate/{id}

GET, PUT, DELETE

Manage specific trusted cert

/certs/trusted-certificate/export/{id}

GET

Export trusted cert

CA Operations

Endpoint Methods Description

Endpoint	Methods	Description
`/certs/ise-root-ca/regenerate`	POST	Regenerate ISE Root CA
`/certs/renew-certificate`	POST	Renew certificate
`/certs/signed-certificate/bind`	POST	Bind signed cert to CSR

/certs/ise-root-ca/regenerate

POST

Regenerate ISE Root CA

/certs/renew-certificate

POST

Renew certificate

/certs/signed-certificate/bind

POST

Bind signed cert to CSR

Certificate Usages

When importing/configuring certificates, specify usage:

Usage Description

Usage	Description
`Admin`	ISE Admin portal HTTPS
`EAP Authentication`	RADIUS EAP-TLS server cert
`RADIUS DTLS`	RADIUS over DTLS
`pxGrid`	pxGrid controller
`SAML`	SAML IdP/SP signing
`Portal`	Guest/Sponsor portals

Admin

ISE Admin portal HTTPS

EAP Authentication

RADIUS EAP-TLS server cert

RADIUS DTLS

RADIUS over DTLS

pxGrid

pxGrid controller

SAML

SAML IdP/SP signing

Portal

Guest/Sponsor portals

Example: Import Certificate

# Import system certificate
curl -X POST "https://ise:443/api/v1/certs/system-certificate/import" \
  -H "Content-Type: application/json" \
  -d '{
    "admin": true,
    "eap": true,
    "name": "ise-eap-cert",
    "data": "<base64-encoded-pkcs12>",
    "password": "cert-password"
  }'

Example: Generate CSR

curl -X POST "https://ise:443/api/v1/certs/certificate-signing-request" \
  -H "Content-Type: application/json" \
  -d '{
    "commonName": "ise-01.example.com",
    "organization": "Example Corp",
    "keySize": 4096,
    "digestType": "SHA-256"
  }'

Download

Repository: specs/ise/ise-openapi-certificates.json
Size: 173 KB
Lines: 4,036

Certificates API Specification

Specification Details

Description

Endpoints

Certificate Signing Requests

System Certificates

Trusted Certificates

CA Operations

Certificate Usages

Example: Import Certificate

Example: Generate CSR

Download

Related