Getting 400 response code when calling restman to import private key
search cancel

Getting 400 response code when calling restman to import private key

book

Article ID: 265809

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We are using the restman endpoint to import private key to the gateway trust store. We call it using the following API: 

POST /restman/1.0/privateKeys/00000000000000000000000000000002:myalias/import

and provided the body content based on the <l7:PrivateKeyImportContext> structure: 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:PrivateKeyImportContext xmlns:l7="http://<Example>/2010/04/gateway-management">
    <l7:Pkcs12Data></l7:Pkcs12Data>
    <l7:Alias>myalias</l7:Alias>
    <l7:Password>mypassword</l7:Password>
</l7:PrivateKeyImportContext>

We are getting a 400 response code from the API call, but we can see that the Alias is created in the Private Key Store. 

The response body is:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Error xmlns:l7="http://<Example.com>/2010/04/gateway-management">
    <l7:Type>ResourceAccess</l7:Type>
    <l7:TimeStamp>2023-04-27T17:07:26.254-05:00</l7:TimeStamp>
    <l7:Link rel="self" uri="https://<Example.com>:<port>/restman/1.0/privateKeys/00000000000000000000000000000002:myalias/import"/>
    <l7:Detail>Keystore Software DB does not contain any certificate chain entry with alias myalias</l7:Detail>

Is there some kind of configuration issue?

Environment

All supported versions of the CA API Gateway

Resolution

Per our Restman documentation, to create a new private key, you need to use <PrivateKeyCreationContext> tags.

= CREATE A NEW PRIVATE KEY =
# vi createPK.xml

<l7:PrivateKeyCreationContext xmlns:l7="http://<Example.com>/2010/04/gateway-management">
     <l7:Dn>CN=newKey</l7:Dn>
</l7:PrivateKeyCreationContext>

= IMPORT PRIVATE KEY VIA RESTMAN=
# ./GatewayMigrationUtility.sh restman --argFile common --method POST --path '1.0/privateKeys/00000000000000000000000000000002:newKey' --request createPK.xml --trustHostname --trustCertificate
Warning: TLS hostname verification has been disabled
Warning: TLS server certificate check has been disabled
Status: 201 Created
Keep-Alive: timeout=60
Server: Layer7-API-Gateway
Connection: keep-alive
Content-Length: 1363
Date: Thu, 11 May 2023 14:52:02 GMT
Content-Type: application/xml
Location: https://<Example.com:9443/restman/1.0/privateKeys/00000000000000000000000000000002:newKey
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Item xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Name>newKey</l7:Name>
    <l7:Id>00000000000000000000000000000002:newKey</l7:Id>
    <l7:Type>SSG_KEY_ENTRY</l7:Type>
    <l7:TimeStamp>2023-05-11T07:52:02.034-07:00</l7:TimeStamp>
    <l7:Link rel="self" uri="<Example.com>:9443/restman/1.0/privateKeys/00000000000000000000000000000002:newKey"/>
    <l7:Link rel="template" uri="https://<Example.com>:<port>/restman/1.0/privateKeys/template"/>
    <l7:Link rel="list" uri="https://<Example.com>/restman/1.0/privateKeys"/>
    <l7:Link rel="templatePrivateKeyImport" uri="<Example.com>:<Port>/restman/1.0/privateKeys/template/privatekeyimportcontext"/>
    <l7:Link rel="templatePrivateKeyExport" uri="<Example.com:<port>/restman/1.0/privateKeys/template/privatekeyexportcontext"/>
    <l7:Link rel="templatePrivateKeyCreation" uri="<Example.com>:<port>/restman/1.0/privateKeys/template/privatekeycreationcontext"/>
    <l7:Link rel="generateCSR" uri="https://<Example.com:<port>/restman/1.0/privateKeys/00000000000000000000000000000002:newKey/generateCSR"/>
</l7:Item>

= VERIFY VIA POLICY MANAGER =