Certificates

This documentation is for the Envoy v3 API.

As of Envoy v1.18 the v2 API has been removed and is no longer supported.

If you are upgrading from v2 API config you may wish to view the v2 API documentation:

admin.v3.Certificates

[admin.v3.Certificates proto]

Proto representation of certificate details. Admin endpoint uses this wrapper for /certs to display certificate information. See /certs for more information.

{
  "certificates": []
}
certificates

(repeated admin.v3.Certificate) List of certificates known to an Envoy.

admin.v3.Certificate

[admin.v3.Certificate proto]

{
  "ca_cert": [],
  "cert_chain": []
}
ca_cert

(repeated admin.v3.CertificateDetails) Details of CA certificate.

cert_chain

(repeated admin.v3.CertificateDetails) Details of Certificate Chain

admin.v3.CertificateDetails

[admin.v3.CertificateDetails proto]

{
  "path": "...",
  "serial_number": "...",
  "subject_alt_names": [],
  "days_until_expiration": "...",
  "valid_from": "{...}",
  "expiration_time": "{...}",
  "ocsp_details": "{...}"
}
path

(string) Path of the certificate.

serial_number

(string) Certificate Serial Number.

subject_alt_names

(repeated admin.v3.SubjectAlternateName) List of Subject Alternate names.

days_until_expiration

(uint64) Minimum of days until expiration of certificate and it’s chain.

valid_from

(Timestamp) Indicates the time from which the certificate is valid.

expiration_time

(Timestamp) Indicates the time at which the certificate expires.

ocsp_details

(admin.v3.CertificateDetails.OcspDetails) Details related to the OCSP response associated with this certificate, if any.

admin.v3.CertificateDetails.OcspDetails

[admin.v3.CertificateDetails.OcspDetails proto]

{
  "valid_from": "{...}",
  "expiration": "{...}"
}
valid_from

(Timestamp) Indicates the time from which the OCSP response is valid.

expiration

(Timestamp) Indicates the time at which the OCSP response expires.

admin.v3.SubjectAlternateName

[admin.v3.SubjectAlternateName proto]

{
  "dns": "...",
  "uri": "...",
  "ip_address": "..."
}
dns

(string) Subject Alternate Name.

Only one of dns, uri, ip_address may be set.

uri

(string) Subject Alternate Name.

Only one of dns, uri, ip_address may be set.

ip_address

(string) Subject Alternate Name.

Only one of dns, uri, ip_address may be set.