0

I'm using Python to automate the creation of an App Service Cerficate for my Azure application (an AKS cluster). One of the REST calls I need to make is described here:

https://learn.microsoft.com/en-us/rest/api/appservice/appservicecertificateorders/createorupdate

This describes the call that's needed to create an App Service Cerficate Order, the result of which is then passed on to the REST call to create the App Service Certificate.

My problem is I can't figure out from the sparse documentation what is needed in the request body for this REST call. I've build a structure that looks like this:

request_body = {
    "location" : "eastus",
    "properties" : {
        "autoRenew" : true,
        "productType" : "StandardDomainValidatedSsl",
        "distinguishedName": "???",
        "csr": "???"
    }
}

I've been unable to figure out what is needed for these last two fields. The csr field is described as "Last CSR that was created for this order", with CSR referring to a Certificate Signing Request. The way this is worded implies there was a previous CSR but this is a new request and I have nothing previous to fill in here. If I try to leave distguishedName and csr both blank, the call complains. I've tried creating a CSR with openssl and setting the csr field to the value that's created but it doesn't seem to like it. The distinquishedName field I assume is supposed to something like 

"CN=mydomain.com,C=US,ST=California,..."

but it always complains that whatever I provide is invalid.

I've done some searches and can find no examples of what is needed for this REST call. If anyone can point me to some sample code or additional documentation, I'd appreciate it. Thanks.

Peter

Improve this question
5
  • Take a look at this, it shows the AppServiceCertificateOrder property and you can find the csr in it. Commented Jan 20, 2019 at 4:07
  • This link provides the very same minimal information that's in the link I posted above. For the csr field it just says "Last CSR that was created for this order" and for the distinguishedName field the description is just "Certificate distinguished name". It doesn't include any examples beyond this. I know what a CSR looks like and I know what a dintinguished name looks like, but the attempts I make to call this REST operation always fail with complaints about these two fields. Commented Jan 20, 2019 at 20:25
  • Maybe you can try to list through the API to have a learn. Commented Jan 21, 2019 at 3:05
  • Not sure I understand what you mean? Commented Jan 21, 2019 at 6:15
  • You can use the List API to list the existing resources that you want to create and then maybe you would know how to configure it. Commented Jan 21, 2019 at 6:20

2 Answers 2

Reset to default
1

I finally determined that this combination works:

{
    "location": "global",
    "properties": {
        "productType": "StandardDomainValidatedSsl",
        "autoRenew": true,
        "distinguishedName":"CN=mysubdomain.mydomain.com"
    }
}

The csr field as it turns out is not needed; one is returned as a result of making this REST call. And this is just the first step in the certificate creation process. At this point the request is in a pending state and still needs to be validated.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

A CSR look something like:

-----BEGIN CERTIFICATE REQUEST-----
MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
-----END CERTIFICATE REQUEST-----
Improve this answer

1 Comment

I know what a CSR looks like. As I mentioned in my post I created one with openssl and set the csr field to the string generated. The REST call still complained.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.