Cryptographic Security Platform 1.3 - PKI Hub 1.4.0 installation and administration [PDF][Releases]

When using the enrollments endpoint to renew a certificate issued by a Sectigo CA, the JSON request must include the properties.renewalSerialNumber setting. For example:

{
 "csr": "MIIC2zCCAcMCAQAwJjEkMCIGA1UEAwwbbWF3aWEudGVzdC5zZWN0aWdvLnJlbmV3LjA2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6xeRXTqPSvmTVCtLi17pvGH2d5zQP2uiU5CR1r7ofGjJVumktr9MUf4DWmAgaaumkmjn0xRMSew4viE99nONP7XfciJLBRKgjBBnwr0fLCCiGRVKLr3PiTQ/N9J60gt8KkVYZ94Z1HmiGtXye6cZHX2ibnqfcW//tN5ewUrzQTfLyIAiw0OqRPkt10M4xFrRtFv2d07bf6rlPS75VCjYdfUaerHf8aOmllFWzmciYaZkGM2/Uds+rel+OeVT8gzBqAqvgxCRXf2On67acXV1x2gStaa+uJmk46EacLtL+b/DHXigoNSqruchMUdHQfqnd8DtVVCjPy2nTBrHmBvl8wIDAQABoHAwbgYJKoZIhvcNAQkOMWEwXzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwJgYDVR0RBB8wHYIbbWF3aWEudGVzdC5zZWN0aWdvLnJlbmV3LjA2MA0GCSqGSIb3DQEBCwUAA4IBAQCdKzAHBavqRIDzVu1VSj0bI/VjgOcF982p6/lPnFKfl+13fxslUN003kG/uuh4Zdxo/OOVMH6VSi+T4I06GuO/7LoMg7oAxqN1FaBjK5VwlNAuro2uS54FGz+2ubYS8F+cTQXffMOuerNgVJXGFKaaHtrcoDynfp9PgyJg+I4zBaPR/5E051Am2t5K+wQHtsO+ThoInnK5iwslE+SUnzCZwGwkf50Uf450/pyjKnUKsjXpdfPSoTrkVEFTniNkM+FzFwjjhECp536EzWlLsX/C3d/QGTndH4c4GN9qFGaybDmWZHHJHabj52/CeORJmkrI0REQi1ROFSGW8Zb66Dz9",
 "renewal": true,
 "properties": {
 "RenewalSerialNumber": "4c56db9f8f07af1e93c66a37e041ef8e"
  },
 "profileId": "profileA-local",
 "requiredFormat": {
 "format": "PEM"
  }
} 

See below for a parameter reference.

Parameter names are case sensitive.

csr

The base64 encoding of a certificate request.

Mandatory: When requesting or enewing a certificate for a client‑generated key pair and CSR.

profileId

The identifier of the certificate profile to use to issue or renew the certificate.

Mandatory: Yes.

properties.renewalSerialNumber

The serial number of the renewed certificate.

Mandatory: Yes.

renewal

true to request the renewal of an existing certificate; false to request a completely new certificate.

Mandatory: No. This optional value defaults to false.

requiredFormat.format

The certificate output format.

Value	Format
pem	Base64‑encoded certificate
der	Binary DER
pkcs12	PKCS #12 containing a certificate and key pair generated by the CA (if supported by the selected profile).

Mandatory: Yes.