Find End Entity from given Certificate (via API)

[uedvt359]

Hi all,

I'm trying to find the end entity associated with a certificate using any of the available APIs. I believe the best way to do this would be searching for the certificate's fingerprint and get the associated end entity from there (this is also what RA web does with /ra/viewcert.xhtml?fp=...); but there doesn't seem to be an API for that. Here's what I tried already:

• ejbcaWS (SOAP)'s getCertificate(certSNinHex, issuerDN): can uniquely identify certs, but doesn't return any refernce to the end entity (only the cert itself)
• ejbcaWS (SOAP)'s findUser(matchwith, matchtype, matchvalue): can't search by fingerprint, serial+issuer, etc. The best I could think of is searching by DN, but we have multiple endentities with the same DN in some instances, so this doesn't fully solve the problem.
• REST's /v2/certificate/search: lets me search by serial number (but not specify that it is a serial). gives username, which i can then plug into a seperate request using the SOAP API, because the REST equivalent is enterprise only.

Again, my favourite thing would be to say "here's a fingerprint, give me the endentity details for it". Is this possible?