API reference — Certificate management
Overview
Certificates are the core resource in Redtrust. This page covers the most relevant methods for managing the certificate lifecycle through the API: assigning users to certificates, updating their properties, changing their status, deleting them, and querying them.
Before you start
Before testing these methods, you need to set up SoapUI.
The <!--Optional:--> comments that appear in SOAP requests are generated automatically and may incorrectly mark required fields as optional.
This documentation explicitly states which fields are required or optional. Always trust this documentation.
Assign a user to a certificate
AddCertificateUser
Creates a certificate-type user in a domain. This user type authenticates against Redtrust using a digital certificate instead of a username and password.
| Name | Type | Required | Description |
|---|---|---|---|
domainId | integer | Yes | ID of the domain where the user is created. Find the value in ListDomains. |
username | string | Yes | Username. Accepts letters (A-Z, a-z), numbers (0-9) and the characters -, _ and . as separators. |
name | string | Yes | Full name of the user. |
email | string | Yes | Email address of the user. Must be a valid email format. |
active | boolean | Yes | Whether the account is active (true) or disabled (false). |
issuerIds | array of integers | No* | IDs of local CA certificates that must appear in the user's certificate chain. Find the values in ListCACertificates using certType=LOCAL_CA_ROOT. |
certDirectiveIds | array of integers | No* | IDs of certificate directives that the user's certificate must comply with. Find the values in ListCertificateDirectives. |
certAttributes | array of CertificateAttributeData | No* | Certificate attributes that the user's certificate must match. Each element includes: id (attribute type, from ListCertificateAttributes), name (attribute name, from ListCertificateAttributes), type (comparison operator: EXISTS, IS_EQUAL, NOT_EXISTS, NOT_EQUALS, CONTAINS), and value (the value to match; not required for EXISTS and NOT_EXISTS). |
(*) You must provide at least one of these three fields. If all three are omitted, the server returns an error.
- Request
- Response
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns:rtad="http://schemas.datacontract.org/2004/07/RTAdminService.Types">
<soap:Header/>
<soap:Body>
<urn:AddCertificateUser>
<urn:domainId>2</urn:domainId>
<urn:username>john.garcia</urn:username>
<urn:name>John García</urn:name>
<urn:email>john.garcia@example.com</urn:email>
<urn:active>true</urn:active>
<urn:issuerIds>
<arr:int>5</arr:int>
</urn:issuerIds>
<urn:certDirectiveIds>
<arr:int>1</arr:int>
</urn:certDirectiveIds>
<urn:certAttributes/>
</urn:AddCertificateUser>
</soap:Body>
</soap:Envelope>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">urn:evolium:redtrust:administration:ws/RTAdminService/AddCertificateUserResponse</a:Action>
</s:Header>
<s:Body>
<AddCertificateUserResponse xmlns="urn:evolium:redtrust:administration:ws">
<Result xmlns:b="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ResultStatus xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">SUCCESS</ResultStatus>
<ErrorCode xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">OK</ErrorCode>
<ResultMessage xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">Operation finalized successfully</ResultMessage>
<ResultData i:type="c:int" xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult" xmlns:c="http://www.w3.org/2001/XMLSchema">42</ResultData>
</Result>
</AddCertificateUserResponse>
</s:Body>
</s:Envelope>
The ResultData field contains the ID of the new certificate user.
EditCertificateUser
Updates an existing certificate-type user in a domain. The array fields (issuerIds, certDirectiveIds, certAttributes) replace the current values entirely — omitting one clears it.
| Name | Type | Required | Description |
|---|---|---|---|
domainId | integer | Yes | ID of the domain where the user exists. Find the value in ListDomains. |
userId | integer | Yes | ID of the certificate user to update. This is the value returned in ResultData by AddCertificateUser. |
name | string | Yes | Full name of the user. |
email | string | Yes | Email address of the user. Must be a valid email format. |
active | boolean | Yes | Whether the account is active (true) or disabled (false). |
issuerIds | array of integers | No* | IDs of local CA certificates that must appear in the user's certificate chain. Find the values in ListCACertificates using certType=LOCAL_CA_ROOT. |
certDirectiveIds | array of integers | No* | IDs of certificate directives that the user's certificate must comply with. Find the values in ListCertificateDirectives. |
certAttributes | array of CertificateAttributeData | No* | Certificate attributes that the user's certificate must match. Same structure as in AddCertificateUser. |
(*) You must provide at least one of these three fields. If all three are omitted, the server returns an error.
- Request
- Response
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
<soap:Header/>
<soap:Body>
<urn:EditCertificateUser>
<urn:domainId>2</urn:domainId>
<urn:userId>42</urn:userId>
<urn:name>John García</urn:name>
<urn:email>john.garcia@example.com</urn:email>
<urn:active>true</urn:active>
<urn:issuerIds>
<arr:int>5</arr:int>
</urn:issuerIds>
<urn:certDirectiveIds>
<arr:int>1</arr:int>
</urn:certDirectiveIds>
<urn:certAttributes/>
</urn:EditCertificateUser>
</soap:Body>
</soap:Envelope>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">urn:evolium:redtrust:administration:ws/RTAdminService/EditCertificateUserResponse</a:Action>
</s:Header>
<s:Body>
<EditCertificateUserResponse xmlns="urn:evolium:redtrust:administration:ws">
<Result xmlns:b="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ResultStatus xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">SUCCESS</ResultStatus>
<ErrorCode xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">OK</ErrorCode>
<ResultMessage xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">Operation finalized successfully</ResultMessage>
<ResultData i:type="c:int" xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult" xmlns:c="http://www.w3.org/2001/XMLSchema">42</ResultData>
</Result>
</EditCertificateUserResponse>
</s:Body>
</s:Envelope>
The ResultData field contains the ID of the updated certificate user.
Update a certificate
EditCertificate
Updates local properties of a certificate. Most fields are write operations — the value you send replaces what is currently stored, so you must send the full desired state in every request, not just the fields you want to change. Exceptions are described in the table below.
| Name | Type | Required | Description |
|---|---|---|---|
certId | integer | Yes | ID of the certificate to update. Find the value in the certificateHandler field returned by ListCertificates. |
alias | string | No | Descriptive name for the certificate visible in the admin console. Sending an empty value clears the existing alias. |
comment | string | No | Free-text comment about the certificate. Sending an empty value clears the existing comment. |
requirePin | boolean | Yes | Whether the certificate requires a PIN to be used. Send false to remove the current PIN. |
pin | string | No | New PIN for the certificate. Send empty or null to keep the current PIN. Only send this parameter when you want to change it. |
requireUsageReason | boolean | Yes | Whether the certificate requires the user to enter a usage reason. |
active | boolean | Yes | Whether the certificate is active (true) or disabled (false). |
ownerUID | string | No | UID of the certificate owner. Send an empty string to remove the current owner. Send null to keep the current owner. |
userPinPolicy | CertificateUserPinPolicy | Yes | User PIN policy: NO_USER_PIN, ASK_USER_PIN, FORCE_ASK_USER_PIN. |
- Request
- Response
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws">
<soap:Header/>
<soap:Body>
<urn:EditCertificate>
<urn:certId>14</urn:certId>
<urn:alias>Signature certificate - Accounting</urn:alias>
<urn:comment>Renewed March 2026</urn:comment>
<urn:requirePin>false</urn:requirePin>
<urn:pin></urn:pin>
<urn:requireUsageReason>false</urn:requireUsageReason>
<urn:active>true</urn:active>
<urn:ownerUID></urn:ownerUID>
<urn:userPinPolicy>NO_USER_PIN</urn:userPinPolicy>
</urn:EditCertificate>
</soap:Body>
</soap:Envelope>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">urn:evolium:redtrust:administration:ws/RTAdminService/EditCertificateResponse</a:Action>
</s:Header>
<s:Body>
<EditCertificateResponse xmlns="urn:evolium:redtrust:administration:ws">
<Result xmlns:b="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ResultStatus xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">SUCCESS</ResultStatus>
<ErrorCode xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">OK</ErrorCode>
<ResultMessage xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">Operation finalized successfully</ResultMessage>
</Result>
</EditCertificateResponse>
</s:Body>
</s:Envelope>
Reset certificate PIN
ResetPin
Resets the PIN of a certificate and sends an email to the owner so they can choose a new one. Requires SMTP to be configured on the server.
| Name | Type | Required | Description |
|---|---|---|---|
certId | integer | Yes | ID of the certificate. Find the value in the certificateHandler field returned by ListCertificates. |
email | string | Yes | Email address of the certificate owner. The PIN reset notification is sent to this address. |
- Request
- Response
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws">
<soap:Header/>
<soap:Body>
<urn:ResetPin>
<urn:certId>14</urn:certId>
<urn:email>john.garcia@example.com</urn:email>
</urn:ResetPin>
</soap:Body>
</soap:Envelope>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">urn:evolium:redtrust:administration:ws/RTAdminService/ResetPinResponse</a:Action>
</s:Header>
<s:Body>
<ResetPinResponse xmlns="urn:evolium:redtrust:administration:ws">
<Result xmlns:b="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ResultStatus xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">SUCCESS</ResultStatus>
<ErrorCode xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">OK</ErrorCode>
<ResultMessage xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">Operation finalized successfully</ResultMessage>
</Result>
</ResetPinResponse>
</s:Body>
</s:Envelope>
Enable or disable certificates
ChangeCertificatesStatus
Changes the active or inactive status of one or more certificates at once.
| Name | Type | Required | Description |
|---|---|---|---|
certIds | array of integers | Yes | IDs of the certificates to update. Find the values in the certificateHandler field returned by ListCertificates. You can send multiple IDs as shown in the example. |
status | boolean | Yes | Status to apply: active (true) or inactive (false). |
- Request
- Response
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
<soap:Header/>
<soap:Body>
<urn:ChangeCertificatesStatus>
<urn:certIds>
<!--Zero or more repetitions:-->
<arr:int>243</arr:int>
<arr:int>244</arr:int>
</urn:certIds>
<urn:status>true</urn:status>
</urn:ChangeCertificatesStatus>
</soap:Body>
</soap:Envelope>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">urn:evolium:redtrust:administration:ws/RTAdminService/ChangeCertificatesStatusResponse</a:Action>
</s:Header>
<s:Body>
<ChangeCertificatesStatusResponse xmlns="urn:evolium:redtrust:administration:ws">
<Result xmlns:b="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ResultStatus xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">SUCCESS</ResultStatus>
<ErrorCode xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">OK</ErrorCode>
<ResultMessage xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">Operation finalized successfully</ResultMessage>
</Result>
</ChangeCertificatesStatusResponse>
</s:Body>
</s:Envelope>
Delete certificates
DeleteCertificate
Permanently deletes one or more certificates from the system.
| Name | Type | Required | Description |
|---|---|---|---|
certIds | array of integers | Yes | IDs of the certificates to delete. Find the values in the certificateHandler field returned by ListCertificates. You can send multiple IDs as shown in the example. |
certType | CertificateType | Yes | Type of the certificates to delete. All IDs in certIds must belong to the same type. Values: CA_ROOT, PRIVATE, PUBLIC_KEY_EMAIL, LOCAL_CA_ROOT, PRELOADED. |
- Request
- Response
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
<soap:Header/>
<soap:Body>
<urn:DeleteCertificate>
<urn:certIds>
<!--Zero or more repetitions:-->
<arr:int>14</arr:int>
<arr:int>15</arr:int>
</urn:certIds>
<urn:certType>PRIVATE</urn:certType>
</urn:DeleteCertificate>
</soap:Body>
</soap:Envelope>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">urn:evolium:redtrust:administration:ws/RTAdminService/DeleteCertificateResponse</a:Action>
</s:Header>
<s:Body>
<DeleteCertificateResponse xmlns="urn:evolium:redtrust:administration:ws">
<Result xmlns:b="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ResultStatus xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">SUCCESS</ResultStatus>
<ErrorCode xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">OK</ErrorCode>
<ResultMessage xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">Operation finalized successfully</ResultMessage>
</Result>
</DeleteCertificateResponse>
</s:Body>
</s:Envelope>
Retrieve certificate information
ListCertificates
Returns a paginated list of certificates with their main data.
| Name | Type | Required | Description |
|---|---|---|---|
viewType | CertificatesViewType | Yes | Filters certificates by status. Values: ViewAll, ViewExpired, ViewNotExpired, ViewWithOwner, ViewWithoutOwner, ViewActive, ViewInactive, ViewAssignable, ViewNoAssignable, ViewRenewal. |
filter | string | Yes | Text that results must contain. If empty, returns all. |
numBlock | integer | Yes | Block number to return. Starts at 0. |
orderColumn | OrderCertificatesColumn | Yes | Column used to sort results: ORDER_BY_NAME, ORDER_BY_ACTIVE, ORDER_BY_EXPIRATION_DATE, ORDER_BY_TOTAL_USES, ORDER_BY_DATETIME_LAST_USAGE. |
orderType | OrderType | Yes | Sort direction: ORDER_ASCENDING or ORDER_DESCENDING. |
Results are returned in blocks of 1000 items. Use numBlock (starting at 0) to paginate through results. Divide TotalItems from the response by 1000 and round up to get the total number of blocks.
- Request
- Response
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws">
<soap:Header/>
<soap:Body>
<urn:ListCertificates>
<urn:viewType>ViewAll</urn:viewType>
<urn:filter></urn:filter>
<urn:numBlock>0</urn:numBlock>
<urn:orderColumn>ORDER_BY_EXPIRATION_DATE</urn:orderColumn>
<urn:orderType>ORDER_DESCENDING</urn:orderType>
</urn:ListCertificates>
</soap:Body>
</soap:Envelope>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">urn:evolium:redtrust:administration:ws/RTAdminService/ListCertificatesResponse</a:Action>
</s:Header>
<s:Body>
<ListCertificatesResponse xmlns="urn:evolium:redtrust:administration:ws">
<Result xmlns:b="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ResultStatus xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">SUCCESS</ResultStatus>
<ErrorCode xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">OK</ErrorCode>
<ResultMessage xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">The operation has been successfully completed.</ResultMessage>
<ResultData i:type="b:ArrayOfCertificateView" xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">
<b:CertificateView>
<b:active>true</b:active>
<b:certificateHandler>14</b:certificateHandler>
<b:creation>2024-01-15T10:30:00</b:creation>
<b:expiration>2027-01-15T10:30:00</b:expiration>
<b:expired>false</b:expired>
<b:externalId i:nil="true"/>
<b:groupId>0</b:groupId>
<b:groupName i:nil="true"/>
<b:installedLocalMachine>false</b:installedLocalMachine>
<b:issuer>CN=Redtrust CA, O=Example Corp, C=ES</b:issuer>
<b:last_usage i:nil="true"/>
<b:name>Signature certificate - Accounting</b:name>
<b:needPin>false</b:needPin>
<b:subject>CN=Ana García, OU=Accounting, O=Example Corp, C=ES</b:subject>
<b:times_used>0</b:times_used>
</b:CertificateView>
</ResultData>
<TotalItems xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">1</TotalItems>
</Result>
</ListCertificatesResponse>
</s:Body>
</s:Envelope>
See the full field reference for CertificateView in Response objects.
GetCertificateData
Returns detailed data for a specific certificate.
| Name | Type | Required | Description |
|---|---|---|---|
certId | integer | Yes | ID of the certificate. Find the value in the certificateHandler field returned by ListCertificates. |
certType | CertificateType | Yes | Type of the certificate. Values: CA_ROOT, PRIVATE, PUBLIC_KEY_EMAIL, LOCAL_CA_ROOT, PRELOADED. |
- Request
- Response
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws">
<soap:Header/>
<soap:Body>
<urn:GetCertificateData>
<urn:certId>14</urn:certId>
<urn:certType>PRIVATE</urn:certType>
</urn:GetCertificateData>
</soap:Body>
</soap:Envelope>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">urn:evolium:redtrust:administration:ws/RTAdminService/GetCertificateDataResponse</a:Action>
</s:Header>
<s:Body>
<GetCertificateDataResponse xmlns="urn:evolium:redtrust:administration:ws">
<Result xmlns:b="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ResultStatus xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">SUCCESS</ResultStatus>
<ErrorCode xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">OK</ErrorCode>
<ResultMessage xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">The operation has been successfully completed.</ResultMessage>
<ResultData i:type="b:CertificateDetail" xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">
<b:active>true</b:active>
<b:alias>my-certificate</b:alias>
<b:archived>false</b:archived>
<b:assignable>true</b:assignable>
<b:certificateHandler>14</b:certificateHandler>
<b:certificateSN>73F83A2E501A560F65EF0FAAAB588B9F</b:certificateSN>
<b:comment/>
<b:datetimeLastUsage>2026-01-15T10:30:00</b:datetimeLastUsage>
<b:expired>false</b:expired>
<b:extensions>[{"friendlyName":"Key Usage","OID":"2.5.29.15","value":"Digital Signature, Non-Repudiation"}]</b:extensions>
<b:friendlyName/>
<b:groups xmlns:c="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
<c:string>cert_group1</c:string>
</b:groups>
<b:issuer>CN=Example CA, O=Example Corp, C=ES</b:issuer>
<b:issuerDnsFromAlternativeName/>
<b:issuerDnsName>Example CA</b:issuerDnsName>
<b:issuerEmailName/>
<b:issuerSimpleName>Example CA</b:issuerSimpleName>
<b:issuerUpnName/>
<b:issuerUrlName/>
<b:keyValue>RSA (2048 Bits)</b:keyValue>
<b:needPin>false</b:needPin>
<b:notEnabledYet>false</b:notEnabledYet>
<b:owner i:nil="true"/>
<b:ownerId>0</b:ownerId>
<b:ownerName i:nil="true"/>
<b:ownerUID i:nil="true"/>
<b:policies xmlns:c="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
<c:string>total.access</c:string>
</b:policies>
<b:signatureAlg>sha256RSA</b:signatureAlg>
<b:subject>CN=John Doe, O=Example Corp, C=ES</b:subject>
<b:subjectDnsFromAlternativeName/>
<b:subjectDnsName>John Doe</b:subjectDnsName>
<b:subjectEmailName/>
<b:subjectSimpleName>John Doe</b:subjectSimpleName>
<b:subjectUpnName/>
<b:subjectUrlName/>
<b:thumbprint>5F5162563AFF01EB353D346C8B786AAA2A0CFB09</b:thumbprint>
<b:timesUsed>5</b:timesUsed>
<b:usageReason>false</b:usageReason>
<b:userPinPolicy>NO_USER_PIN</b:userPinPolicy>
<b:user_groups xmlns:c="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
<c:string>UserGroup_example@example.com</c:string>
</b:user_groups>
<b:users xmlns:c="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
<c:string>user@example.com</c:string>
</b:users>
<b:validFrom>2024-01-15T10:30:00</b:validFrom>
<b:validUntil>2028-01-15T10:30:00</b:validUntil>
<b:version>3</b:version>
</ResultData>
</Result>
</GetCertificateDataResponse>
</s:Body>
</s:Envelope>
See the full field reference for CertificateDetail in Response objects.
ListCACertificates
Returns the list of CA certificates of a given type. Use this method to obtain valid IDs for the issuerIds parameter in AddCertificateUser.
| Name | Type | Required | Description |
|---|---|---|---|
certType | CertificateType | Yes | Type of CA certificates to list. Valid values: CA_ROOT, LOCAL_CA_ROOT, PUBLIC_KEY_EMAIL. |
filter | string | No | Text that results must contain. If empty, returns all. |
- Request
- Response
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws">
<soap:Header/>
<soap:Body>
<urn:ListCACertificates>
<urn:certType>LOCAL_CA_ROOT</urn:certType>
<urn:filter></urn:filter>
</urn:ListCACertificates>
</soap:Body>
</soap:Envelope>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">urn:evolium:redtrust:administration:ws/RTAdminService/ListCACertificatesResponse</a:Action>
</s:Header>
<s:Body>
<ListCACertificatesResponse xmlns="urn:evolium:redtrust:administration:ws">
<Result xmlns:b="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ResultStatus xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">SUCCESS</ResultStatus>
<ErrorCode xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">OK</ErrorCode>
<ResultMessage xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">The operation has been successfully completed.</ResultMessage>
<ResultData i:type="b:ArrayOfCACertificateView" xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">
<b:CACertificateView>
<b:creationDate>2026-03-23T15:22:40+00:00</b:creationDate>
<b:expirationDate>2027-03-23T15:22:40+00:00</b:expirationDate>
<b:expired>false</b:expired>
<b:id>1026</b:id>
<b:installed>false</b:installed>
<b:issuer>CN=Example CA, O=Example Corp, C=US</b:issuer>
<b:subject>CN=Example CA, O=Example Corp, C=US</b:subject>
<b:thumbprint>3B553FD58DFF957AF6B5CB73D9E398EFD44BF246</b:thumbprint>
</b:CACertificateView>
</ResultData>
<TotalItems xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">1</TotalItems>
</Result>
</ListCACertificatesResponse>
</s:Body>
</s:Envelope>
The id field of each result is the value to pass in issuerIds when calling AddCertificateUser. See the full field reference for CACertificateView in Response objects.
ListCertificateAttributes
Returns the list of certificate attribute types available in the system. Use this method to obtain valid id values for the certAttributes parameter in AddCertificateUser.
| Name | Type | Required | Description |
|---|---|---|---|
filter | string | No | Text that results must contain. If empty or omitted, returns all attributes. |
- Request
- Response
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws">
<soap:Header/>
<soap:Body>
<urn:ListCertificateAttributes>
<urn:filter></urn:filter>
</urn:ListCertificateAttributes>
</soap:Body>
</soap:Envelope>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">urn:evolium:redtrust:administration:ws/RTAdminService/ListCertificateAttributesResponse</a:Action>
</s:Header>
<s:Body>
<ListCertificateAttributesResponse xmlns="urn:evolium:redtrust:administration:ws">
<Result xmlns:b="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ResultStatus xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">SUCCESS</ResultStatus>
<ErrorCode xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">OK</ErrorCode>
<ResultMessage xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">The operation has been successfully completed.</ResultMessage>
<ResultData i:type="b:ArrayOfCertificateAttribute" xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">
<b:CertificateAttribute>
<b:id>1</b:id>
<b:name>Friendly Name</b:name>
</b:CertificateAttribute>
<b:CertificateAttribute>
<b:id>2</b:id>
<b:name>Issuer Simple Name</b:name>
</b:CertificateAttribute>
<b:CertificateAttribute>
<b:id>3</b:id>
<b:name>Issuer Dns From Alternative Name</b:name>
</b:CertificateAttribute>
</ResultData>
<TotalItems xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">30</TotalItems>
</Result>
</ListCertificateAttributesResponse>
</s:Body>
</s:Envelope>
The response includes 30 attribute types. The id field of each result is the value to pass in certAttributes[].id when calling AddCertificateUser. See the full field reference for CertificateAttribute in Response objects.
Certificate directives
AddCertificateDirective
Creates a new certificate directive. Use this method to add directives that can then be assigned to certificate users via the certDirectiveIds parameter in AddCertificateUser.
| Name | Type | Required | Description |
|---|---|---|---|
directive | string | Yes | Name of the directive to create. |
- Request
- Response
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws">
<soap:Header/>
<soap:Body>
<urn:AddCertificateDirective>
<urn:directive>Example directive</urn:directive>
</urn:AddCertificateDirective>
</soap:Body>
</soap:Envelope>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">urn:evolium:redtrust:administration:ws/RTAdminService/AddCertificateDirectiveResponse</a:Action>
</s:Header>
<s:Body>
<AddCertificateDirectiveResponse xmlns="urn:evolium:redtrust:administration:ws">
<Result xmlns:b="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ResultStatus xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">SUCCESS</ResultStatus>
<ErrorCode xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">OK</ErrorCode>
<ResultMessage xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">The operation has been successfully completed.</ResultMessage>
<ResultData i:type="c:int" xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult" xmlns:c="http://www.w3.org/2001/XMLSchema">1</ResultData>
</Result>
</AddCertificateDirectiveResponse>
</s:Body>
</s:Envelope>
The ResultData field contains the ID of the new directive.
ListCertificateDirectives
Returns the list of certificate directives configured in the system. Use this method to obtain valid IDs for the certDirectiveIds parameter in AddCertificateUser.
| Name | Type | Required | Description |
|---|---|---|---|
filter | string | No | Text that results must contain. If empty or omitted, returns all directives. |
- Request
- Response
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:evolium:redtrust:administration:ws">
<soap:Header/>
<soap:Body>
<urn:ListCertificateDirectives>
<urn:filter></urn:filter>
</urn:ListCertificateDirectives>
</soap:Body>
</soap:Envelope>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">urn:evolium:redtrust:administration:ws/RTAdminService/ListCertificateDirectivesResponse</a:Action>
</s:Header>
<s:Body>
<ListCertificateDirectivesResponse xmlns="urn:evolium:redtrust:administration:ws">
<Result xmlns:b="http://schemas.datacontract.org/2004/07/RTAdminService.Types" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ResultStatus xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">SUCCESS</ResultStatus>
<ErrorCode xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">OK</ErrorCode>
<ResultMessage xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">The operation has been successfully completed.</ResultMessage>
<ResultData i:type="b:ArrayOfCertificateDirective" xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">
<b:CertificateDirective>
<b:id>1</b:id>
<b:value>Example directive</b:value>
</b:CertificateDirective>
</ResultData>
<TotalItems xmlns="http://schemas.datacontract.org/2004/07/RTService.ModelsResult">1</TotalItems>
</Result>
</ListCertificateDirectivesResponse>
</s:Body>
</s:Envelope>
The id field of each result is the value to pass in certDirectiveIds when calling AddCertificateUser. See the full field reference for CertificateDirective in Response objects.