# LitmusEdgeManager 2.31.x API Documentation/Edge Lifecycle Management/Certificates - LE, LEM, LUNS API Docs ## Get Certificates **GET** `{{LEM_URL}}/api/v1/device-certificates?filter=&issuer=&limit=10&order=EXPIRESAFTER_ASC&projectId={{project_id}}&requestedPage=0` # Get Certificates Returns the paginated catalog of device certificates known to LEM with filters (issuer, free text, sort order). Each entry includes device identity + cert metadata (subject, issuer, validity window). ## Endpoint ```http GET {{LEM_URL}}/api/v1/device-certificates?filter=&issuer=&limit=10&order=EXPIRESAFTER_ASC&projectId={{project_id}}&requestedPage=0 ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json { "pageNum": 0, "pagesCount": 1, "size": 3, "totalSize": 3, "elements": [ { "id": "d344225d-57b1-4b40-9135-3ef26bf5db6b", "companyName": "solutions", "projectId": "462j1mq70mph31wa100t1yuxa", "projectName": "parth", "deviceId": "1a5wiavluwxuhwai5leb1v0hc", "deviceName": "litmus-edge-94c6911b9c77", "deviceFriendlyName": "Litmus Edge (94:c6:91:1b:9c:77)- SJ office sensor", "isOnline": true, "subject": "litmus-edge-94c6911b9c77", "issuer": "litmus-edge-94c6911b9c77", "issuedOn": 1645479540000, "expiresAfter": 1866490740000, "origin": "EDGE", "authority": "UNKNOWN", "online": true }, { "id": "b39eb705-7e97-4542-b571-32e7d038a2cd", "companyName": "solutions", "projectId": "462j1mq70mph31wa100t1yuxa", "projectName": "parth", "deviceId": "3y0vcdju38zvqjrlm5lcpm1l", "deviceName": "litmus-edge-080027b4a1c8", "deviceFriendlyName": "Litmus Edge (08:00:27:b4:a1:c8)", "isOnline": false, "subject": "litmus-edge-080027b4a1c8", "issuer": "litmus-edge-080027b4a1c8", "issuedOn": 1728818700000, "expiresAfter": 1949743500000, "origin": "EDGE", "authority": "UNKNOWN", "online": false }, { "id": "0ff8e8dd-ebbc-4992-a557-68b95b9fccef", "companyName": "solutions", "projectId": "462j1mq70mph31wa100t1yuxa", "projectName": "parth", "deviceId": "vkrih85ka6fn7zcofirk20vs", "deviceName": "litmus-edge-005056b965c2", "deviceFriendlyName": "VM", "isOnline": true, "subject": "litmus-edge-005056b965c2", "issuer": "litmus-edge-005056b965c2", "issuedOn": 1733861400000, "expiresAfter": 1954786200000, "origin": "EDGE", "authority": "UNKNOWN", "online": true } ] } ``` --- ## Issue New Certificate **POST** `{{LEM_URL}}/api/v1/device-certificates/new` # Issue New Certificate Issues a new device certificate from LEM's CA (or another configured authority). The `commonName`, SAN list, DNS list, and TTL drive the cert contents. ## Endpoint ```http POST {{LEM_URL}}/api/v1/device-certificates/new ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json { "commonName": "litmus-edge-005056b965c2", "sansList": ["10.17.3.76"], "dnsList": [], "ttlDays": 2555, "authority": "LOCAL", "id": "f548d8a2-7ea6-4443-bf35-e7cde578e72a", "projectId": "{{project_id}}", "deviceId": "{{edge_device_id}}" } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "commonName": "litmus-edge-005056b965c2", "sansList": [ "10.17.3.76" ], "dnsList": [], "ttlDays": 2555, "authority": "LOCAL", "id": "f548d8a2-7ea6-4443-bf35-e7cde578e72a", "projectId": "{{project_id}}", "deviceId": "{{edge_device_id}}" } ``` ### Response **Status**: 200 OK ```json { "code": "S", "message": null, "messageDetails": null } ``` --- ## Reset to Edge Default **POST** `{{LEM_URL}}/api/v1/device-certificates/reset` # Reset to Edge Default Resets the device's HTTPS certificate to the LE-built-in self-signed cert. Use when a custom cert has expired or broken access. ## Endpoint ```http POST {{LEM_URL}}/api/v1/device-certificates/reset ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json { "projectId": "{{project_id}}", "deviceId": "{{edge_device_id}}" } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "projectId": "{{project_id}}", "deviceId": "{{edge_device_id}}" } ``` ### Response **Status**: 200 OK ```json { "code": "S", "message": null, "messageDetails": null } ``` --- ## Upload Custom Certificate **POST** `{{LEM_URL}}/api/v1/device-certificates/user-defined?deviceId={{device_id}}&projectId={{project_id}}` # Upload Custom Certificate Uploads a custom certificate + private key + CA chain bundle to a device. Three multipart parts: `certificate`, `privateKey`, `caCertificate`. ## Endpoint ```http POST {{LEM_URL}}/api/v1/device-certificates/user-defined?deviceId={{device_id}}&projectId={{project_id}} ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body Multipart `form-data` with three parts: | Form key | Type | Description | |-----------------|------|----------------------------------------------| | `certificate` | file | Leaf certificate (PEM). | | `privateKey` | file | Matching private key (PEM). | | `caCertificate` | file | CA chain (PEM). | ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ---