Download digital certificates in various formats. The API supports different export formats and provides options for handling private keys and encryption.
- Endpoint:
/api/certificate/download - Method:
POST - Request:
POST /api/certificate/download
Request parameters
| Field | Type | Required | Description |
|---|---|---|---|
id |
int |
Yes | ID used to locate and retrieve the certificate. |
format |
string |
Yes | File format for the certificate. Supported values: pfx, pem, and crt. |
download_key |
string |
No | If true, include the private key within the certificate in the download. For the .crt format, the key comes separately. For .pfx, the key is always included and this field is ignored and for .pem the key is optional. |
password |
string |
Conditional | Password for encrypting the file. Required for pfx. For pem and crt, it's required only if download_key parameter is true. |
Response Formats
PFX Format Response
{
"certificate": "MIID6TCCAtGgAwIBAgIBADA...",
"format": "pfx"
}
PEM Format Response
{
"certificate": "MIID6TCCAtGgAwIBAgIBADA...",
"format": "pem"
}
CRT Format Response
When download_key is false (default):
{
"certificate": "MIID6TCCAtGgAwIBAgIBADA...",
"format": "crt"
}
When download_key is true:
{
"certificate": "MIID6TCCAtGgAwIBAgIBADA...",
"format": "pfx"
"key": "MIID6TCCAtGgAwIBAgIBADA...",
"key_format": "key"
}
Example requests
Basic certificate download (PFX format)
curl -X POST https://[segura_vault_url]/api/certificate/download \
-H "Content-Type: application/json" \
-d '{
"id": "12345",
"format": "pfx",
"password": "securepassword123"
}'
Certificate with private key (CRT format)
curl -X POST https://[segura_vault_url]/api/certificate/download \
-H "Content-Type: application/json" \
-d '{
"id": "12345",
"format": "crt",
"download_key": true,
"password": "keyprotectionpassword"
}'
Security considerations
- Always transmit requests over HTTPS to protect sensitive certificate data and passwords.
- Use strong passwords when encrypting private keys or
.pfxfiles. - Implement proper access control to ensure only authorized users can download certificates.
Error responses
| HTTP Status Code | Description |
|---|---|
| 400 Bad Request | Invalid parameters provided (missing required fields or invalid format). |
| 401 Unauthorized | Access denied to download the certificate. |
| 403 Forbidden | Insufficient permissions to download the requested certificate. |
| 404 Not Found | Certificate with the specified ID was not found. |
| 500 Internal Server Error | Server-side error occurred during certificate processing. |
Notes
- The certificate and key data in the response are Base64-encoded.
- When
download_keyis set totrueand a password is provided, the private key will be encrypted using the provided password. .pfxformat always includes both the certificate and private key in a single file.