Importing of Certificates via Command Line


Article ID: 131443


Updated On:


CA Rapid App Security CA API Gateway


The client has a deployment process that does not allow the use of the policy manager to do deployment to production Is there any way to deploy certificates to the gateway via command line?


Component: APIMBL


1. ensure /restman is published 

2. /restman document 
after you publish /restman, you can get the help document from, 
https://<your gateway>:8443/restman/1.0/doc/restDoc.html#1.0/trustedCertificates 

3. build the payload for create/update a certificate 
as per item 2, it requires l7:TrustedCertificate element, here is an example of "l7:TrustedCertificate", 

<l7:TrustedCertificate xmlns:l7=""> 
<l7:Name>input certificate name</l7:Name> 
<l7:Encoded>base64 encoded X509 cert data</l7:Encoded> 
<l7:Property key="revocationCheckingEnabled"> 
<l7:Property key="trustAnchor"> 
<l7:Property key="trustedAsSamlAttestingEntity"> 
<l7:Property key="trustedAsSamlIssuer"> 
<l7:Property key="trustedForSigningClientCerts"> 
<l7:Property key="trustedForSigningServerCerts"> 
<l7:Property key="trustedForSsl"> 
<l7:Property key="verifyHostname"> 

4. run curl command to call /restman, assume you call it on localhost, and the payload is cert.xml file, 

curl -X POST -k -H 'Content-Type: application/xml' -u admin:7layer 'https://localhost:8443/restman/1.0/trustedCertificates' -d @cert.xml 

this is an example to create new cert, to update existing cert, please refer item 2 the restman document.