Certificate
Fivetran requires you to validate TLS certificates and SSH host fingerprints before connecting to sources and destinations that use self-signed certificates, certificates from private Certificate Authority (CA), or SSH tunnels. The certificate resource represents such a credential associated with a connection or destination.
For an overview of how certificate and fingerprint validation works, see our Validated Certificates & Keys documentation.
Two types of credentials can be approved:
- Certificates — TLS certificates for connections and destinations that use self-signed certificates or private CA certificates.
- Fingerprints — SSH host key fingerprints for connections and destinations that use SSH tunneling.
Once approved, a credential is associated with the connection or destination and persists until explicitly revoked. The certificate resource goes through three stages: approval, persistence, and revocation.
Resource attributes
The following attributes describe the certificate and fingerprint credentials associated with a connection or destination.
Certificate attributes
| Field name | Type | Description |
|---|---|---|
id | string, read-only | Unique identifier of the certificate. Base64URL-encoded hash. |
name | string, read-only | Certificate name. |
hash | string | Hash of the certificate. Also used as the unique identifier in path parameters. |
type | string, read-only | Type of the certificate. Example: TLS. |
sha1 | string, read-only | SHA1 fingerprint of the certificate. |
sha256 | string, read-only | SHA256 fingerprint of the certificate. |
public_key | string, read-only | Decoded public key of the certificate. |
validated_by | string, read-only | Unique identifier of the user who approved the certificate. |
validated_date | string, read-only | Date and time the certificate was approved, in ISO 8601 format. |
Fingerprint attributes
| Field name | Type | Description |
|---|---|---|
id | string, read-only | Unique identifier of the fingerprint. Base64URL-encoded hash. |
hash | string | Hash of the fingerprint. Also used as the unique identifier in path parameters. |
public_key | string | SSH public key. |
validated_by | string, read-only | Unique identifier of the user who approved the fingerprint. |
validated_date | string, read-only | Date and time the fingerprint was approved, in ISO 8601 format. |
Supported operations
| Category | Endpoints | Description |
|---|---|---|
| Approve | POST /v1/connections/{connectionId}/certificatesPOST /v1/destinations/{destinationId}/certificatesPOST /v1/connections/{connectionId}/fingerprintsPOST /v1/destinations/{destinationId}/fingerprints | Approve a TLS certificate or SSH fingerprint for a connection or destination. |
| List | GET /v1/connections/{connectionId}/certificatesGET /v1/destinations/{destinationId}/certificatesGET /v1/connections/{connectionId}/fingerprintsGET /v1/destinations/{destinationId}/fingerprints | List all certificates or fingerprints approved for a connection or destination. |
| Retrieve | GET /v1/connections/{connectionId}/certificates/{hash}GET /v1/destinations/{destinationId}/certificates/{hash}GET /v1/connections/{connectionId}/fingerprints/{hash}GET /v1/destinations/{destinationId}/fingerprints/{hash} | Retrieve details of a certificate or fingerprint approved for a connection or destination. |
| Revoke | DELETE /v1/connections/{connectionId}/certificates/{hash}DELETE /v1/destinations/{destinationId}/certificates/{hash}DELETE /v1/connections/{connectionId}/fingerprints/{hash}DELETE /v1/destinations/{destinationId}/fingerprints/{hash} | Revoke a certificate or fingerprint from a connection or destination. |