Importing of Certificates via Command Line
Article ID: 131443
Updated On:
Products
CA Rapid App Security
CA API Gateway
Issue/Introduction
The client has a deployment process that does not allow the use of the policy manager to do deployment to production Is there any way to deploy certificates to the gateway via command line?
Environment
Release:
Component: APIMBL
Component: APIMBL
Resolution
1. ensure /restman is published
https://docops.ca.com/ca-api-gateway/9-4/en/published-services-and-policies/tasks-manage-menu-publish-services-and-apis/publish-internal-service/#PublishInternalService-GatewayRESTManagementService
2. /restman document
after you publish /restman, you can get the help document from,
https://<your gateway>:8443/restman/1.0/doc/restDoc.html#1.0/trustedCertificates
3. build the payload for create/update a certificate
as per item 2, it requires l7:TrustedCertificate element, here is an example of "l7:TrustedCertificate",
<l7:TrustedCertificate xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Name>input certificate name</l7:Name>
<l7:CertificateData>
<l7:Encoded>base64 encoded X509 cert data</l7:Encoded>
</l7:CertificateData>
<l7:Properties>
<l7:Property key="revocationCheckingEnabled">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustAnchor">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedAsSamlAttestingEntity">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedAsSamlIssuer">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSigningClientCerts">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSigningServerCerts">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSsl">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="verifyHostname">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
</l7:Properties>
</l7:TrustedCertificate>
4. run curl command to call /restman, assume you call it on localhost, and the payload is cert.xml file,
curl -X POST -k -H 'Content-Type: application/xml' -u admin:7layer 'https://localhost:8443/restman/1.0/trustedCertificates' -d @cert.xml
this is an example to create new cert, to update existing cert, please refer item 2 the restman document.
https://docops.ca.com/ca-api-gateway/9-4/en/published-services-and-policies/tasks-manage-menu-publish-services-and-apis/publish-internal-service/#PublishInternalService-GatewayRESTManagementService
2. /restman document
after you publish /restman, you can get the help document from,
https://<your gateway>:8443/restman/1.0/doc/restDoc.html#1.0/trustedCertificates
3. build the payload for create/update a certificate
as per item 2, it requires l7:TrustedCertificate element, here is an example of "l7:TrustedCertificate",
<l7:TrustedCertificate xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Name>input certificate name</l7:Name>
<l7:CertificateData>
<l7:Encoded>base64 encoded X509 cert data</l7:Encoded>
</l7:CertificateData>
<l7:Properties>
<l7:Property key="revocationCheckingEnabled">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustAnchor">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedAsSamlAttestingEntity">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedAsSamlIssuer">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSigningClientCerts">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSigningServerCerts">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSsl">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="verifyHostname">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
</l7:Properties>
</l7:TrustedCertificate>
4. run curl command to call /restman, assume you call it on localhost, and the payload is cert.xml file,
curl -X POST -k -H 'Content-Type: application/xml' -u admin:7layer 'https://localhost:8443/restman/1.0/trustedCertificates' -d @cert.xml
this is an example to create new cert, to update existing cert, please refer item 2 the restman document.
Feedback
Powered by
