POST a PEM encoded certificate to this endpoint to get the hostname of that certificate.
This is just a convenience function. You could just parse the certificate yourself using a standard x509 library.
POST a PEM or DER encoded CSR to this endpoint to validate it and to get back the hostname in the CSR.
This is a convenience function in the sense that you could do this locally, but the validation logic is specific to this application.
This endpoint will check that the CSR's subject is correct based on the hash of the public key.
The server will remember your CSR for future use with the /cert/ endpoint, but that's fine. CSRs aren't secret.
POST a PEM encoded ECDSA P-256 private key to this endpoint and you will get back the basename (in the format xxx.xxx.tls.page) that would correspond to it.
This is not exactly secure in the sense that you are sending your private key, and it is not actually needed.
While the private key is not stored on the server, it will be used to generate a CSR which will be stored for use with the /cert/ endpoint.
POST a PEM or DER encoded CSR containing a correctly calculated hostname to this endpoint to get back a PEM encoded certificate complete with its certificate chain.
This is the main endpoint for the application, and with a sufficiently advanced client, this is the only thing that needs to be done on the server.
The server will remember your CSR for future use with the /cert/ endpoint, but that's fine. CSRs aren't secret.
POST a PEM encoded ECDSA P-256 private key to get back a PEM encoded certificate complete with its certificate chain.
This is less secure than the /cert-from-csr endpoint because you are sending your private key, which is not actually needed.
While the private key is not stored on the server, it will be used to generate a CSR which will be stored for use with the /cert/ endpoint.
POST a PEM encoded ECDSA P-256 private key to get back a PEM encoded CSR that would be appropriate for use with other endpoints.
This is a convenience function. The same calculation could be performed locally. This is not exactly secure in the sense that you are sending your private key, and it is not actually needed.
While the private key is not stored on the server, the CSR generated from it will be stored for use with the /cert/ endpoint.
Returns a PEM encoded ECDSA P-256 private key.
This is a convenience function. For better security, generate your own key and CSR locally.
Once the server has saved a copy of the CSR for a given hostname, you can use this endpoint to get an always up-to-date certificate for that private key.