
TinyCert REST API - kolev
https://www.tinycert.org/docs/api
======
elborracho
Not saying it's a good or bad api - but it's not restful

I've had a quick go at redesigning it to be more restful. Not perfect, but
better i think. Would like to hear others opinion.

/sessions [POST|DELETE]: Open|Close a API session

Certificate Authority management

/cas [GET]: Get a list of all CAs in your account

/cas/{caId} [GET]: Get further details on a given CA

/cas/{caId}/cert [GET]: Download the CA's certificate

/cas/{caId} [DELETE]: Delete a given CA

/cas [POST]: Create a new CA

Certificate management

/cas/{caId}/certs [GET]: Get a list of all certificates for a given CA

/cas/{caId}/certs/{certId}/details [GET]: Get further details on a given
certificate

/cas/{caId}/certs/{certId} [GET]: Download the certificate

/cas/{caId}/certs/{certId}/sigreqs [POST]: signing request

/cas/{caId}/certs/{certId}/private-key [GET]: private key for a certificate

/cas/{caId}/certs/{certId} [put]: Re-issue an existing certificate

/cas/{caId}/certs/{certId}/status [put]: Change certificate status

/cas/{caId}/certs [POST]: Create a new certificate

~~~
ExpiredLink
> _but it 's not restful_

Absolutely mandatory comment on each REST API discussion!

~~~
elborracho
Agreed :)

I tried to be constructive at the same time though

------
tokenizerrr
A self hosted and open source version of something like this would be amazing.
I'm not sure I feel comfortable leaving my private key on third party servers,
even for non-production/purely personal usage.

~~~
Spidler
We have one of those, a bit more limited as it only works on a single CA.

Give me a week and poke an email to spider@aanstoot.se and I'll see about
giving preliminary access.

------
dsl
A number of network devices and software applications include a root CA
certificate that allows them to unwrap SSL (for example Charles Proxy). The
problem with that model is once installed, all users of that application
implicitly trust each other. Integrating something like this would allow each
user to have their own root CA.

~~~
shdon
That is actually a very interesting application of the service that I hadn't
even considered.

------
kolev
This is nice for non-production environments - I've been issuing self-signed
certificates, but this is a much more convenient approach and I'm pulling
sleeves up to implement this.

------
_mikz
I see generating new certificate happens on the server so it keeps the private
key. Instead of sending the CSR and keeping the private key on the client.
Sigh.

