intermediate_certificates¶

The following methods allow for interaction with the ZIA Intermediate certificates API endpoints.

Methods are accessible via zia.intermediate_certificates

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

class IntermediateCertsAPI¶

Bases: APIClient

A Client object for the SSL Inspection resource.

add_ca_certificate(**kwargs)¶

Creates a custom intermediate CA certificate that can be used for SSL inspection.

Parameters:

**kwargs –

name (str): Name of the intermediate CA certificate.
description (str): Description for the intermediate CA certificate.
type (str): Type of the intermediate CA certificate.
Supported values: ZSCALER, CUSTOM_SW, CUSTOM_HSM.
region (str): Location of the HSM resources. Required for custom Interm.
CA certificates with cloud HSM protection.

Supported values: GLOBAL, ASIA, EUROPE, US. - status (str): Whether the certificate is enabled or disabled for SSL inspection. Supported values: ENABLED, DISABLED. - default_certificate (bool): If true, this is the default intermediate certificate. - current_state (str): Current stage of the certificate in the configuration workflow. Supported values: GENERAL_DONE, KEYGEN_DONE, PUBKEY_DONE, ATTESTATION_DONE, ATTESTATION_VERIFY_DONE, CSRGEN_DONE, INTCERT_UPLOAD_DONE, CERTCHAIN_UPLOAD_DONE, CERT_READY.

Returns:

A tuple containing the newly added Rule Label (Box), response, and error.

Return type:

tuple

delete_ca_certificate(cert_id)¶

Deletes the intermediate CA certificate with the specified ID. The default intermediate certificate cannot be deleted.

Parameters:: cert_id (str) – The unique identifier for the intermediate CA certificate.
Returns:: A tuple containing the response object and error (if any).
Return type:: tuple

download_csr(cert_id)¶

Downloads a Certificate Signing Request (CSR) for the specified ID. To perform this operation, a CSR must have already been generated.

Parameters:: cert_id (int) – The unique identifier for the intermediate CA certificate.
Returns:: A tuple containing (intermediate CA certificate instance, Response, error).
Return type:: tuple

download_public_key(cert_id)¶

Downloads the public key in the HSM key pair for the intermediate CA certificate with the specified ID

Parameters:: cert_id (int) – The unique identifier for the intermediate CA certificate.
Returns:: A tuple containing (intermediate CA certificate instance, Response, error).
Return type:: tuple

finalize_cert(cert_id)¶

Finalizes the intermediate CA certificate with the specified ID.

Parameters:: cert_id (int) – The unique identifier for the intermediate CA certificate.
Returns:: A tuple containing (intermediate CA certificate instance, Response, error).
Return type:: tuple

generate_csr(cert_id)¶

Generates a Certificate Signing Request (CSR) for the custom intermediate CA certificate with the specified ID.

Parameters:: cert_id (int) – The unique identifier for the intermediate CA certificate.
Returns:: A tuple containing (intermediate CA certificate instance, Response, error).
Return type:: tuple

generate_key_pair(cert_id)¶

Generates a HSM key pair for the custom intermediate CA certificate with the specified ID.

Parameters:: cert_id (int) – The unique identifier for the intermediate CA certificate.
Returns:: A tuple containing (intermediate CA certificate instance, Response, error).
Return type:: tuple

get_ca_certificate(cert_id)¶

Fetches a specific intermediate CA certificate with the specified ID.

Parameters:: cert_id (int) – The unique identifier for the intermediate CA certificate.
Returns:: A tuple containing (intermediate CA certificate instance, Response, error).
Return type:: tuple

get_ca_certificate_lite(cert_id)¶

Fetches a specific intermediate CA certificate with the specified ID.

Parameters:: cert_id (int) – The unique identifier for the intermediate CA certificate.
Returns:: A tuple containing (intermediate CA certificate instance, Response, error).
Return type:: tuple

get_show_cert(cert_id)¶

Shows information about the signed intermediate CA certificate with the specified ID. This operation is not applicable for the Zscaler root certificate

Parameters:: cert_id (int) – The unique identifier for the intermediate CA certificate.
Returns:: A tuple containing (intermediate CA certificate instance, Response, error).
Return type:: tuple

get_show_csr(cert_id)¶

Shows information about the Certificate Signing Request (CSR) for the specified ID. This operation is not applicable for the Zscaler root certificate

Parameters:: cert_id (int) – The unique identifier for the intermediate CA certificate.
Returns:: A tuple containing (intermediate CA certificate instance, Response, error).
Return type:: tuple

list_ca_certificates(query_params=None)¶: List of intermediate CA certificates added for SSL inspection.

list_ca_certificates_lite(query_params=None)¶: List of intermediate CA certificates added for SSL inspection.

list_ready_to_use(query_params=None)¶: List of intermediate CA certificates that are ready to use for SSL inspection.

update_ca_certificate(cert_id, **kwargs)¶

Updates intermediate CA certificate information for the specified ID.

Parameters:: cert_id (int) – The unique identifier for the intermediate CA certificate.
Returns:: A tuple containing the updated intermediate CA certificate, response, and error.
Return type:: tuple

upload_cert(cert_id, file_input_stream=None, file_path=None)¶

Uploads a custom intermediate CA certificate signed by your Certificate Authority (CA) for SSL inspection.

Parameters:

cert_id (int) – The unique identifier for the intermediate CA certificate.
file_input_stream (str) – The certificate content in PEM format (alternative to file_path).
file_path (str) – Path to the certificate file (alternative to file_input_stream).

Returns:

A tuple containing (intermediate CA certificate instance, Response, error).

Return type:

tuple

upload_cert_chain(cert_id)¶

Uploads the intermediate certificate chain (PEM file).

Parameters:: cert_id (int) – The unique identifier for the intermediate CA certificate.
Returns:: A tuple containing (intermediate CA certificate instance, Response, error).
Return type:: tuple

verify_key_attestation(cert_id)¶

Verifies the attestation for the HSM keys generated for the specified ID.

Parameters:: cert_id (int) – The unique identifier for the intermediate CA certificate.
Returns:: A tuple containing (intermediate CA certificate instance, Response, error).
Return type:: tuple