Importing of Certificates via Command Line

Article Id: 131443
Status: Published
Updated On: 30-09-2019 07:25
Products:
CA Rapid App Security , CA API Gateway , CA API Gateway
Issue/Introduction:

The client has a deployment process that does not allow the use of the policy manager to do deployment to production Is there any way to deploy certificates to the gateway via command line?

Environment:

Release:
Component: APIMBL

Resolution:

1. ensure /restman is published 
https://docops.ca.com/ca-api-gateway/9-4/en/published-services-and-policies/tasks-manage-menu-publish-services-and-apis/publish-internal-service/#PublishInternalService-GatewayRESTManagementService 

2. /restman document 
after you publish /restman, you can get the help document from, 
https://<your gateway>:8443/restman/1.0/doc/restDoc.html#1.0/trustedCertificates 

3. build the payload for create/update a certificate 
as per item 2, it requires l7:TrustedCertificate element, here is an example of "l7:TrustedCertificate", 

<l7:TrustedCertificate xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management"> 
<l7:Name>input certificate name</l7:Name> 
<l7:CertificateData> 
<l7:Encoded>base64 encoded X509 cert data</l7:Encoded> 
</l7:CertificateData> 
<l7:Properties> 
<l7:Property key="revocationCheckingEnabled"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustAnchor"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedAsSamlAttestingEntity"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedAsSamlIssuer"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedForSigningClientCerts"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedForSigningServerCerts"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="trustedForSsl"> 
<l7:BooleanValue>true</l7:BooleanValue> 
</l7:Property> 
<l7:Property key="verifyHostname"> 
<l7:BooleanValue>false</l7:BooleanValue> 
</l7:Property> 
</l7:Properties> 
</l7:TrustedCertificate> 

4. run curl command to call /restman, assume you call it on localhost, and the payload is cert.xml file, 

curl -X POST -k -H 'Content-Type: application/xml' -u admin:7layer 'https://localhost:8443/restman/1.0/trustedCertificates' -d @cert.xml 

this is an example to create new cert, to update existing cert, please refer item 2 the restman document.