Importing of Certificates via Command Line

book

Article ID: 131443

calendar_today

Updated On:

Products

CA Rapid App Security CA API Gateway

Issue/Introduction

The client has a deployment process that does not allow the use of the policy manager to do deployment to production Is there any way to deploy certificates to the gateway via command line?

Environment

Release:
Component: APIMBL

Resolution

1. ensure /restman is published 
https://docops.ca.com/ca-api-gateway/9-4/en/published-services-and-policies/tasks-manage-menu-publish-services-and-apis/publish-internal-service/#PublishInternalService-GatewayRESTManagementService 

2. /restman document 
after you publish /restman, you can get the help document from, 
https://<your gateway>:8443/restman/1.0/doc/restDoc.html#1.0/trustedCertificates 

3. build the payload for create/update a certificate 
as per item 2, it requires l7:TrustedCertificate element, here is an example of "l7:TrustedCertificate", 

<l7:TrustedCertificate xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management"> 
<l7:Name>input certificate name</l7:Name> 
<l7:CertificateData> 
<l7:Encoded>base64 encoded X509 cert data</l7:Encoded> 
</l7:CertificateData> 
<l7:Properties> 
<l7:Property key="revocationCheckingEnabled"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustAnchor"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedAsSamlAttestingEntity"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedAsSamlIssuer"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedForSigningClientCerts"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedForSigningServerCerts"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedForSsl"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="verifyHostname"> 
<l7:BooleanValue>false</l7:BooleanValue> 
</l7:Property> 
</l7:Properties> 
</l7:TrustedCertificate> 

4. run curl command to call /restman, assume you call it on localhost, and the payload is cert.xml file, 

curl -X POST -k -H 'Content-Type: application/xml' -u admin:7layer 'https://localhost:8443/restman/1.0/trustedCertificates' -d @cert.xml 

this is an example to create new cert, to update existing cert, please refer item 2 the restman document.