We are using the restman endpoint to import private key to the gateway trust store. We call it using the following API:
POST /restman/1.0/privateKeys/00000000000000000000000000000002:myalias/import
and provided the body content based on the <l7:PrivateKeyImportContext> structure:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:PrivateKeyImportContext xmlns:l7="http://<Example>/2010/04/gateway-management">
<l7:Pkcs12Data></l7:Pkcs12Data>
<l7:Alias>myalias</l7:Alias>
<l7:Password>mypassword</l7:Password>
</l7:PrivateKeyImportContext>
We are getting a 400 response code from the API call, but we can see that the Alias is created in the Private Key Store.
The response body is:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Error xmlns:l7="http://<Example.com>/2010/04/gateway-management">
<l7:Type>ResourceAccess</l7:Type>
<l7:TimeStamp>2023-04-27T17:07:26.254-05:00</l7:TimeStamp>
<l7:Link rel="self" uri="https://<Example.com>:<port>/restman/1.0/privateKeys/00000000000000000000000000000002:myalias/import"/>
<l7:Detail>Keystore Software DB does not contain any certificate chain entry with alias myalias</l7:Detail>
Is there some kind of configuration issue?
All supported versions of the CA API Gateway
Per our Restman documentation, to create a new private key, you need to use <PrivateKeyCreationContext> tags.
= CREATE A NEW PRIVATE KEY =
# vi createPK.xml
<l7:PrivateKeyCreationContext xmlns:l7="http://<Example.com>/2010/04/gateway-management">
<l7:Dn>CN=newKey</l7:Dn>
</l7:PrivateKeyCreationContext>
= IMPORT PRIVATE KEY VIA RESTMAN=
# ./GatewayMigrationUtility.sh restman --argFile common --method POST --path '1.0/privateKeys/00000000000000000000000000000002:newKey' --request createPK.xml --trustHostname --trustCertificate
Warning: TLS hostname verification has been disabled
Warning: TLS server certificate check has been disabled
Status: 201 Created
Keep-Alive: timeout=60
Server: Layer7-API-Gateway
Connection: keep-alive
Content-Length: 1363
Date: Thu, 11 May 2023 14:52:02 GMT
Content-Type: application/xml
Location: https://<Example.com:9443/restman/1.0/privateKeys/00000000000000000000000000000002:newKey
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Item xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Name>newKey</l7:Name>
<l7:Id>00000000000000000000000000000002:newKey</l7:Id>
<l7:Type>SSG_KEY_ENTRY</l7:Type>
<l7:TimeStamp>2023-05-11T07:52:02.034-07:00</l7:TimeStamp>
<l7:Link rel="self" uri="<Example.com>:9443/restman/1.0/privateKeys/00000000000000000000000000000002:newKey"/>
<l7:Link rel="template" uri="https://<Example.com>:<port>/restman/1.0/privateKeys/template"/>
<l7:Link rel="list" uri="https://<Example.com>/restman/1.0/privateKeys"/>
<l7:Link rel="templatePrivateKeyImport" uri="<Example.com>:<Port>/restman/1.0/privateKeys/template/privatekeyimportcontext"/>
<l7:Link rel="templatePrivateKeyExport" uri="<Example.com:<port>/restman/1.0/privateKeys/template/privatekeyexportcontext"/>
<l7:Link rel="templatePrivateKeyCreation" uri="<Example.com>:<port>/restman/1.0/privateKeys/template/privatekeycreationcontext"/>
<l7:Link rel="generateCSR" uri="https://<Example.com:<port>/restman/1.0/privateKeys/00000000000000000000000000000002:newKey/generateCSR"/>
</l7:Item>
= VERIFY VIA POLICY MANAGER =