Importing of Certificates via Command Line
search cancel

Importing of Certificates via Command Line

book

Article ID: 131443

calendar_today

Updated On:

Products

CA Rapid App Security CA API Gateway

Issue/Introduction

The client has a deployment process that does not allow the use of the policy manager to do deployment to production Is there any way to deploy certificates to the gateway via command line?

Environment

All supported versions of the API Gateway

Resolution

1. Ensure Restman service is published 
https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-1/apis-and-toolkits/rest-management-api.html 

2. Access Restman document 
After you publish the Restman service, you can get the Help documentation from: 
https://<GATEWAY_HOST>:8443/restman/1.0/doc/restDoc.html#1.0/trustedCertificates 

3. Build the payload to create/update a certificate
As per #2, it requires the l7:TrustedCertificate element. Below is an example of the "l7:TrustedCertificate" payload: 

<l7:TrustedCertificate xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management"> 
<l7:Name>CERTIFICATE_NAME</l7:Name> 
<l7:CertificateData> 
<l7:Encoded>BASE64_ENCODED_x509_CERT_DATA</l7:Encoded> 
</l7:CertificateData> 
<l7:Properties> 
<l7:Property key="revocationCheckingEnabled"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustAnchor"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedAsSamlAttestingEntity"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedAsSamlIssuer"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedForSigningClientCerts"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedForSigningServerCerts"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedForSsl"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="verifyHostname"> 
<l7:BooleanValue>false</l7:BooleanValue> 
</l7:Property> 
</l7:Properties> 
</l7:TrustedCertificate> 

4. Run a curl command to call the Restman service with the payload (in this example, it's called cert.xml file): 

curl -X POST -k -H 'Content-Type: application/xml' -u admin:7layer 'https://<GATEWAY_HOST>:8443/restman/1.0/trustedCertificates' -d @cert.xml 

Alternatively, run a GMU command to call the Restman service with the payload (in this example, it's called cert.xml file): 

./GatewayMigrationUtility.sh restman --argFile common.properties --method POST --path '1.0/trustedCertificates' --request cert.xml

 

NOTE: This is an example of how to create a new certificate. To update an existing certificate, please refer the PUT request in the Restman documentation. 

Additional Information

For the Properties portion of the payload, use the following images for reference:

Attachments