SSLKeyAndCertificate

Description

API


    GET /api/sslkeyandcertificate
    GET /api/sslkeyandcertificate/<key>

CLI


    show sslkeyandcertificate <key>

Examples

To generate a self-signed certificate

 POST /api/sslkeyandcertificate/generatecertificate

{
    "self_signed": true, 
    "name": "mycert", 
    "locality": "Sunnyvale", 
    "country": "US", 
    "key_params": {
        "rsa_params": {
            "key_size": "SSL_KEY_1024_BITS"
        }, 
        "algorithm": "SSL_KEY_ALGORITHM_RSA"
    }, 
    "state": "CA", 
    "common_name": "ACME Company", 
    "organization": "ACME Company"
}
 

To generate a CA-signed certificate use the following sample. This will provide a Certificate Signing Request that you will have to use to get a CA-siged certificate

 POST /api/sslkeyandcertificate/generatecertificate

{
    "name": "mycert2", 
    "locality": "Sunnyvale", 
    "country": "US", 
    "key_params": {
        "rsa_params": {
            "key_size": "SSL_KEY_1024_BITS"
        }, 
        "algorithm": "SSL_KEY_ALGORITHM_RSA"
    }, 
    "state": "CA", 
    "common_name": "ACME Company", 
    "organization": "ACME Company"
}
 

To import a CA-signed certificate

 POST /api/sslkeyandcertificate/sslkeyandcertificate-2e25a322-8b92-423b-a987-c88faba51433/importcertificate

{
    "certificate": "\n-----BEGIN CERTIFICATE-----\nMIICmTCCAgKgAwIBAgIJAKfrg8i8iZZqMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UECgwMQWNtZSBDb21wYW55MR0wGwYD\nVQQDDBRTeXN0ZW0gQWRtaW5pc3RyYXRvcjAeFw0xNTAxMTkwNzEyNThaFw0xNjAx\nMTkwNzEyNThaMFAxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UECgwM\nQWNtZSBDb21wYW55MR0wGwYDVQQDDBRTeXN0ZW0gQWRtaW5pc3RyYXRvcjCBnzAN\nBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtT9psNKi/4oImbB4aIJLjJDPwTIAIrQP\nLoC4R/GHrBCByRYVfoyxFrHJU9WSg9KTqxc6Ph6/zK2hoR+MchQStMP+K5W+4HcR\nSW+1MJdMwRhm+egxH7hYwnrfsaQoo0GBPVb48deBB/yKTLj7trdGqWTD5oyZqr/B\nk+kR0kXGzx8CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl\nblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNhre4joManxHL+F\nDWzYSVblWVdlMB8GA1UdIwQYMBaAFNhre4joManxHL+FDWzYSVblWVdlMA0GCSqG\nSIb3DQEBCwUAA4GBAINlLdqGJW2Enow2ft+FRMZdo2qwOovuF4smNIFoXmSoywhW\n7dyeAkeCyUjZrbqFRNsCf969aUSIE8pARjSnT9P4otOvIMCaIN215F0nzKKZbsIL\nK4pA6A0h5GSd+aqol6P2vAWzLNE+kUbrE/PcZu9pozWp0GdoiAEu+BnqwWrC\n-----END CERTIFICATE-----\n"
}
 

To import both key and certificate, use the following sample.

 POST /api/sslkeyandcertificate/importkeyandcertificate

{
    "certificate": "\n-----BEGIN CERTIFICATE-----\nMIIFcjCCA1oCARswDQYJKoZIhvcNAQELBQAwgZAxCzAJBgNVBAYTAlVTMRMwEQYD\nVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxCzAJBgNVBAoTAkNB\nMREwDwYDVQQLEwhJbnRlcm5hbDERMA8GA1UEAxMIY2EubG9jYWwxJTAjBgkqhkiG\n9w0BCQEWFmRlZmF1bHRlbWFpbEBsb2NhbGhvc3QwHhcNMTYwMTA5MDk1MDU0WhcN\nMjYwMTA2MDk1MDU0WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5p\nYTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExEzARBgNVBAoMCkNvbnRyb2xsZXIxHjAc\nBgNVBAMMFW5vZGUuY29udHJvbGxlci5sb2NhbDCCAiIwDQYJKoZIhvcNAQEBBQAD\nggIPADCCAgoCggIBALXr3f7mtZdOePRaVJYFFqEuOyyoYsVcufDm0BvW1YAluAmj\n9ztwtCvaczwKVcKpyey5hTQhZnsSEW8Sqxoya7UHPDW6VvSTxtSBzj6btTklX8Q+\nlRsvzVFh5NOXH+pecJgTKZ93wn5xpM6RYNCwoT9IWyUN3ATmg4IHvRe46aP9/V9L\nHQ399ZkWPyz/uJFTVPPkMRWqb+U+12BaKWykcesvk7lGjih97n4w3nbtRRe8MsI5\nkhHy3utUJaYzmizKXbXRSSEdL2QwZxdK2cfFnVMBECkuD5vxifSUk4qlxs3QFIy2\nP83Ghk/ZvwsOEzTO12qmx5Fvr6ObJzzwlykQ26Ayc5piRI6EbkAFrQOU1P12/+qi\ntJ9MYhDuobyKX1P5V6HHTjbvwNItkTbcryVLTiJAMaHGsPBkPYWBntsZdkkUQnph\n3xZnK6cIKNS/HMbaVMO/y2EaqkO1agz0bmH1JR0KRDbgxD+AVC5WxCcylJ2UY+N1\nsbvgVMSD+VIbBermlVeNr06ZJKszbc3AuNgsayAFp5uZ3IJZrSjvuMzV8vKiEXGu\nQDSNSJsmTOZD+iPClMszDwH2UPTpjayOeXdHFZNXgE7q29nvqSvErZokef6gGbp5\nsBVLa1zKh0gCR4vryEKsG4wzDmPwMW+MAXWG8j/s3OdE1f48mKm41GkMbhVbAgMB\nAAEwDQYJKoZIhvcNAQELBQADggIBAG/glm9+1Roez6a16yYb13AZb693nngSZUN4\ndBnyphPE+i8vskazOXM2SjmkVcJzIEFNzytLaqXTuJ4psvcZXZg9YoSVQIKzOaun\n73T2SIxnKSJShi5nVR2+AyymG4MjHveKP/cHruHkBPvmP7CQ6wEhlYjWWPRThIUY\n7uZasHhHb0PmyjsKfuIw943c1a0U+EDcSFNqyBmpUGHw5ahDsn4KXKMACB9iPfZ6\nlu23vKFi3EfgNU8jG0Xiy2ND5bBJVPT7I8JjZql+jl26WQyjpudM9izfzcLWNeHL\npMF+k4cF6ze0GClRSyIQAcgzz6788vovSC/X+9ZFJnSJusXGYXKGPHmPk3/5BDC8\ncfg2DQJ9tLMSQJj/2jvb8SHlofGrYmczxUe8MXrA8WDJEbCo3JEWVQDhtkOOna4z\nSXe7TvpgQZaRHdX5bs/vxjL5D0eFkbGNlkGal3uiPNbUuPkhjHpZLUnj/F83Oxwi\nJQMu3tmu9Tjcv74YTJE3Y70AWTRs1oGsFYTrol9li29OM2lt0c55cwAAMrNFcqcN\ng1K7R08kR+WQFt02jLAgPLj9izdPqpFpFqGwoTTCeas2FQzO6GEdCkBWusAdFdHZ\nZd7LJO+IKACyOEodSYr5TtWNFKgV7FlFXOFoew+2uLM04jZ0YsCvE4QCR2sxvb4N\n7qLODuk0\n-----END CERTIFICATE-----\n", 
    "name": "mycert3", 
    "key": "\n-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC1693+5rWXTnj0\nWlSWBRahLjssqGLFXLnw5tAb1tWAJbgJo/c7cLQr2nM8ClXCqcnsuYU0IWZ7EhFv\nEqsaMmu1Bzw1ulb0k8bUgc4+m7U5JV/EPpUbL81RYeTTlx/qXnCYEymfd8J+caTO\nkWDQsKE/SFslDdwE5oOCB70XuOmj/f1fSx0N/fWZFj8s/7iRU1Tz5DEVqm/lPtdg\nWilspHHrL5O5Ro4ofe5+MN527UUXvDLCOZIR8t7rVCWmM5osyl210UkhHS9kMGcX\nStnHxZ1TARApLg+b8Yn0lJOKpcbN0BSMtj/NxoZP2b8LDhM0ztdqpseRb6+jmyc8\n8JcpENugMnOaYkSOhG5ABa0DlNT9dv/qorSfTGIQ7qG8il9T+Vehx04278DSLZE2\n3K8lS04iQDGhxrDwZD2FgZ7bGXZJFEJ6Yd8WZyunCCjUvxzG2lTDv8thGqpDtWoM\n9G5h9SUdCkQ24MQ/gFQuVsQnMpSdlGPjdbG74FTEg/lSGwXq5pVXja9OmSSrM23N\nwLjYLGsgBaebmdyCWa0o77jM1fLyohFxrkA0jUibJkzmQ/ojwpTLMw8B9lD06Y2s\njnl3RxWTV4BO6tvZ76krxK2aJHn+oBm6ebAVS2tcyodIAkeL68hCrBuMMw5j8DFv\njAF1hvI/7NznRNX+PJipuNRpDG4VWwIDAQABAoICAAs+uCswcZsXs6xPBRl82Qg/\nhlLdWbWfZLL6YXTHE81nB3g5FWgsMEbhquvUK7brrdqfIRe21NHYrREzkzX8VeIL\nv3IGwac+lzS9jVUbZNlScRf9UlQq4UMdjPpzRfrDuav8yz7bNT+BoNFP9S8RK/Zw\nb4nb0HTRFuHrvol/2ZlUctv4FaSuxQagdGlAqVT6VK76tPoE3gPKnZ+MEzFu/Mev\n2i7CqLjiB+Lu/GFXi0TLUkvlKR1I6PSc7/LVD7ujCqXZeO6+EhbcUxMCgnGxyma+\nExSojzhxdriSkogodSB1sz97aHg8xEKdUAzL4u4JtxEVnBJmV/IB/ivrJzzXmOu0\nQZSkspH5B58QkzMlNjiUTqT6yOBrIPR/Ro44Rg/ediqvIpfrVJPeAE/NRD04NR+E\nQIPZB/jbHwlasaPQOToCAhZR/Ta1x8C7yr2+pOLSkA3wZVGpxwI98Sivm8zfCQuh\nYtDHCxRgZqquenOpIuEJfbF0Rifqkkl33pP71koAkLrzJ5XPEk59oCRuttf3kQFm\nce51zdP1qTRhnsfx1ioTIZAxmKYms4aAI7MJ1PWyHsM6hSDY58/8boPzPTvQSwD6\n4+QInVmI8iA159Quvehpe5pcI7qKAmXxO7Oy/BYDrdSFTCXOK6mxFffc9zSC9/2Y\nJjhdmhxsvCU8ZQkTT4GZAoIBAQDu2OOFx10+o8LU4QPPnLD92cHQ7koYqVCFUOih\niDoq/yDToHqmvk6/b7GAkp/Etn8fqVKGdpRlktN+EbPUSU7CxLxpIrhVMXSLL05+\nXx3aFA7UMJ2HwKZ6t7f88BkuEybrwULCeWMAmpdLdMolhj02hJs1QslqfypkKHJz\nPhQkQaeKKTNTQaUICZCdXanAqJ0b4kNVBCku2YYs+HzZ65BO9InPjYo7+QCXUcmC\nv2zakHBahWMluT4eHlp24BL2FlDABSQ3X8/WJjmCRJD8vJfEyrZWmW5+myeMDrNu\ndZXr3BqSSrfOgHsaZNfPj8YRrKyJd62mxF8OLhbeZSUzKu5tAoIBAQDC/GtDa0Qh\nOiW3owDx8DUO15dBguRGBkBdfr0bcOgaLTTYzbVWsQsiig6EnclOEzMPV3Q/i1F/\npzCLvEOnL/8bM4f/t3USxQSzezp1Z6+8Ar6fsSGJpMtdPREcXjbnbk8yIwOsTIqB\nbbA/4RSoCaA7kyL4Gb/Ls9qSkuOscJPoo7jeRMQWKveDQTm8FEwo1rxUCu18wPs6\nzfIUpAdl/64Tb5tEtBJQMaMMOCWRhI4kFfbKnL65zQ6OW4RIsISDHyfuMRuhAfBM\nNvoX8PYI1QbXAq/6gxz9aeZGRDJUg1jp4KSFtZYgVo9eMaTCIJO0by9n9QXPNC/4\nGKz7R0vqahXnAoIBAFGxvaC0YCBcwvctP7BzV9Z79N8RoiZtQy1WTztw7PRn70Jz\nUYBW93hjK8NeY2dVRIX/1EpJpNhZMB2e0HN734Se5hLP3VzGXaZ9t8thnURKOAg7\n2KXmLwsqa7QIK5Sm2Fkq8Tqzajl6puUYPUw4bheHo87D2UCj3kwDyaHBSgJcsoF/\nNh70BQ6KtvwcXUOYaKRw77bUhYGQxWP8WjfvapyW58wmDXIV6S3Yu6QM9Z6MaOGN\nXiw5ABYtK6QdYF7roxMKryiBjQUibekwqqbHmuGktFlKgZCsYQp2vMi7T1wtHKmN\nBPGM4I5Wj7pe4tCIzzr1xF+WKy0edpP65I5r0MECggEAG3F7h1mplSOh+16t2197\nmEMvvsC1cEWg+YfFBf+2KzkBnyIUy8bPUmUr9e5fTuXU4evlKKxrJBRb+M7elsFi\nnml6Urt3dtTT/I7zg2K8kTGxsrgziDPxi4X0ypFYGOqlquDSu4VqWR0fGV6MkboJ\nG1lyKok1PW5q7QZPlQ2jQ7MHagEzuAsEGy0q+xXAQl820n1XP5/JvFUQJWeQwwJh\ndcrXh6vwh+j0kdu1Le4CM4ID4jB9h5kc21x2GeT+QZY5AIVY5ihnsdJrEMORXVze\nQZTXP+MESYaGKo2ep9Z0xTYg8dDE+Hg2ZYOHNOtw3oxnl7IcxzUJK1oNvrAiNzQH\nMQKCAQEA5rx/k3DLfJCswcXwmZ8jVioMS2No8iuT9n/61NFFtIYAKIs9CaCzWNUv\nrUrLlyOi/WR1UGhcLS9YB6uurYpHhVVqiTRFwFNw638BUefuPoAwYACgaZkjSXao\nmIu6NfyZpBnW2uuiW10qaP44uphRKMbJpkpsf/eA3wWftkaktywsazGPi5Lstaq7\nxYZOJBF0xMAKjgrLy5Zi+aOSc60nTD3OP+4ocXb+e6lCv9R7MKUlsoMubgpnySmJ\n9/pojkfhl/seMN4cynOG1+rNfwARvzLAAG6QySCSyNhnLN9swVy4P9ABAbUEJQQM\nOHzfkj6M6uSvAtoGadmk48hVzcqRgw==\n-----END PRIVATE KEY-----\n"
}
 

Data

SSLKeyAndCertificate

uuid

Type
string
Category
required
Description

name

Type
string
Category
required
Description

type

Type
enum
Category
optional
Description
Default
SSL_CERTIFICATE_TYPE_VIRTUALSERVICE
Choices
SSL_CERTIFICATE_TYPE_SYSTEM, SSL_CERTIFICATE_TYPE_VIRTUALSERVICE, SSL_CERTIFICATE_TYPE_CA

certificate

Type
SSLCertificate
Category
required
Description

key_params

Type
SSLKeyParams
Category
optional
Description

key

Type
string
Category
optional
Description
Private key

status

Type
enum
Category
optional
Description
Default
SSL_CERTIFICATE_FINISHED
Choices
SSL_CERTIFICATE_FINISHED, SSL_CERTIFICATE_PENDING

ca_certs

Type
CertificateAuthority
Category
repeated
Description
CA certificates in certificate chain

enckey_base64

Type
string
Category
optional
Description
Encrypted private key corresponding to the private key (e.g. those generated by an HSM such as Thales nShield)

enckey_name

Type
string
Category
optional
Description
Name of the encrypted private key (e.g. those generated by an HSM such as Thales nShield)

hardwaresecuritymodulegroup_ref

Type
Reference to HardwareSecurityModuleGroup
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

SSLCertificate

version

Type
string
Category
optional
Description

serial_number

Type
string
Category
optional
Description

self_signed

Type
bool
Category
optional
Description

issuer

Type
SSLCertificateDescription
Category
optional
Description

subject

Type
SSLCertificateDescription
Category
optional
Description

key_params

Type
SSLKeyParams
Category
optional
Description

public_key

Type
string
Category
optional
Description

signature_algorithm

Type
string
Category
optional
Description

signature

Type
string
Category
optional
Description

not_before

Type
string
Category
optional
Description

not_after

Type
string
Category
optional
Description

certificate

Type
string
Category
optional
Description

certificate_signing_request

Type
string
Category
optional
Description

text

Type
string
Category
optional
Description

fingerprint

Type
string
Category
optional
Description

expiry_status

Type
enum
Category
optional
Description
Default
SSL_CERTIFICATE_GOOD
Choices
SSL_CERTIFICATE_EXPIRED, SSL_CERTIFICATE_GOOD, SSL_CERTIFICATE_EXPIRY_WARNING

chain_verified

Type
bool
Category
optional
Description

SSLCertificateDescription

common_name

Type
string
Category
optional
Description

email_address

Type
string
Category
optional
Description

organization_unit

Type
string
Category
optional
Description

organization

Type
string
Category
optional
Description

locality

Type
string
Category
optional
Description

state

Type
string
Category
optional
Description

country

Type
string
Category
optional
Description

distinguished_name

Type
string
Category
optional
Description

SSLKeyParams

algorithm

Type
enum
Category
required
Description
Default
SSL_KEY_ALGORITHM_RSA
Choices
SSL_KEY_ALGORITHM_RSA, SSL_KEY_ALGORITHM_EC

rsa_params

Type
SSLKeyRSAParams
Category
optional
Description

ec_params

Type
SSLKeyECParams
Category
optional
Description

SSLKeyRSAParams

key_size

Type
enum
Category
optional
Description
Default
SSL_KEY_2048_BITS
Choices
SSL_KEY_1024_BITS, SSL_KEY_3072_BITS, SSL_KEY_4096_BITS, SSL_KEY_2048_BITS

exponent

Type
uint32
Category
optional
Description
Default
65537

SSLKeyECParams

curve

Type
enum
Category
optional
Description
Default
SSL_KEY_EC_CURVE_SECP256R1
Choices
SSL_KEY_EC_CURVE_SECP521R1, SSL_KEY_EC_CURVE_SECP256R1, SSL_KEY_EC_CURVE_SECP384R1

CertificateAuthority

name

Type
string
Category
optional
Description

ca_ref

Type
Reference to SSLKeyAndCertificate
Category
optional
Description

Actions

API


    POST /api/sslkeyandcertificate/<key>

CLI


    delete sslkeyandcertificate <key>

References

HardwareSecurityModuleGroup Tenant SSLKeyAndCertificate

Sub Objects