This endpoint allows users to download digital certificates in various formats. The API supports different export formats and provides options for handling private keys and encryption.
- Endpoint:
/api/certificate/download - Method:
POST - Request:
POST /api/certificate/download
Request parameters
| Field | Type | Required | Description |
|---|---|---|---|
id |
int |
Yes | ID used to locate and retrieve the certificate. |
format |
string |
Yes | File format for the certificate. Supported values: pfx, pem, and crt. |
download_key |
string |
No | If true, include the private key in the download. Only applies to pem and crt formats. For pfx, the key is always included and this field will be ignored. |
password |
string |
Conditional | Password for encrypting the file. Required for pfx. For pem and crt, it's required only if download_key parameter is true. |
Response formats
PFX format response
{
"format": "pfx",
"certificate": "MIID6TCCAtGgAwIBAgIBADA..."
}
PEM format response
{
"format": "pem",
"certificate": "MIID6TCCAtGgAwIBAgIBADA..."
}
CRT format response
When download_key is false (default):
{
"format": "crt",
"certificate": "MIID6TCCAtGgAwIBAgIBADA..."
}
When download_key is true:
{
"format": "crt",
"certificate": "MIID6TCCAtGgAwIBAgIBADA...",
"key": "MIID6TCCAtGgAwIBAgIBADA...",
"key_format": "key"
}
Example requests
Basic certificate download (PFX format)
curl -X POST https://[segura_vault_url]/api/certificate/download \
-H "Content-Type: application/json" \
-d '{
"id": "12345",
"format": "pfx",
"password": "securepassword123"
}'
Certificate with private Key (CRT format)
curl -X POST https://[segura_vault_url]/api/certificate/download \
-H "Content-Type: application/json" \
-d '{
"id": "12345",
"format": "crt",
"download_key": true,
"password": "keyprotectionpassword"
}'
Security considerations
- Always transmit requests over HTTPS to protect sensitive certificate data and passwords.
- Use strong passwords when encrypting private keys or PFX files.
- Implement proper access control to ensure only authorized users can download certificates.
Error responses
| HTTP status | Description |
|---|---|
| 400 Bad Request | Invalid parameters provided (missing required fields or invalid format). |
| 404 Not Found | Certificate with the specified ID was not found. |
| 403 Forbidden | Insufficient permissions to download the requested certificate. |
| 500 Internal Server Error | Server-side error occurred during certificate processing. |
Notes
- The certificate and key data in the response are Base64-encoded.
- When
download_keyis set totrueand a password is provided, the private key will be encrypted using the provided password. - PFX format always includes both the certificate and private key in a single file.