http://www.redhat.com/docs/manuals/cert-system/pdf/cms601custom.pdf Use GET http://cats.bos.redhat.com:9180/ca/ee/ca/getBySerial?serialNumber=14 (yes, that's a hex serial number). - older stuff - http://www.redhat.com/docs/manuals/cert-system/8.0/cli/html/SSLGet-Usage.html POST http://cats.bos.redhat.com:9180/ca/ee/ca/profileSubmit profileId=caServerCert&cert_request_type=pkcs10&requestor_name=TPS-server.example.com-7889&cert_request=MIIBGTCBxAIBADBfMSgwJgYDVQQKEx8yMDA2MTEwNngxMiBTZmJheSBSZWRoYXQgRG9tYWluMRIwEAYDVQQLEwlyaHBraS10cHMxHzAdBgNVBAMTFndhdGVyLnNmYmF5LnJlZGhhdC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAsMcYjKD2cDJOeKjhuAiyaC0YVh8hUzfcrf7ZJlVyROQx1pQrHiHmBQbcCdQxNzYK7rxWiR62BPDR4dHtQzj8RwIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQAKpuTYGP%2BI1k50tjn6enPV6j%2B2lFFjrYNwlYWBe4qYhm3WoA0tIuplNLpzP0vw6ttIMZkpE8rcfAeMG10doUpp&xmlOutput=true&sessionID=-4771521138734965266&auth_hostname=cats.bos.redhat.com&auth_port=9180 Returns "2Request Deferred - defer request 21" Dig the request ID out of the XML. GET http://cats.bos.redhat.com:9180/ca/ee/ca/checkRequest?requestId=21 You'll get some horrific code with javascript mixed in. snippet: Check header.status (UGH!). "pending";"complete" snippet 2: GET http://cats.bos.redhat.com:9180/ca/ee/ca/displayBySerial?serialNumber=0x14 As of 7.3, all of profileSubmit, checkRequest, and displayBySerial should support XML output of some kind, but it's not until 8.0 that checkRequest gives us the serial number of the issued cert when it tells us that our request succeeded, so if the goal is to avoid scraping Javascript, we have to require 8.0.