Graphman Commands and Documentation to Create, Export, and Import Certificate Bundles from TRUSTED Store
search cancel

Graphman Commands and Documentation to Create, Export, and Import Certificate Bundles from TRUSTED Store

book

Article ID: 410266

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We would like to request your assistance in providing Graphman commands and detailed documentation related to certificate management for Layer7 API Gateway.

Specifically, we are looking for a clear procedure to: Create a Graphman bundle that includes a specific certificate from Trusted Key Store

Environment

Gateway 11.1.X

Resolution

There is no specific documentation for the exact call requested 

Further info on github:

https://github.com/Layer7-Community/graphman-client/wiki/Getting-Started

What it is:

Graphman service can be introspected about it's GraphQL schema. This way, one can get to know about Graphman GraphQL query methods. More precisely,

  • introspection of GraphQL schema using known clients (ex: postman, others)
  • describe command from the graphman client itself
  • (to list all the available methods using client: graphman describe)

To find all in-built queries use describe:

# graphman.sh describe

[info] available queries:

         all-w

         all

         encass

         folder

         internal-services

         policy

         service

         sysinfo

.

[info] available mutations:

.

[info] available in-built queries:

.

         trustedCertByGoid

         trustedCertByThumbprint

         trustedCerts

         trustedCertsByDn

Procedure to Export certificate by SubjectDN: 

Exported bundle certificate using subjectDN:

graphman export --gateway <gateway_source>  --using trustedCertsByDn --variables.subjectDn  "CN=<gateway_ssl_hostname_subjectDN>" --output cert-output-file.json

[info] exporting from <source_gateway> gateway
[info] sanitizing trustedCertsByDn to trustedCerts
{
  "trustedCerts": [
    {
      "goid": "<GOID>",
      "name": "<alias_name>",
      "subjectDn": CN=<gateway_ssl_hostname_subjectDN>,
      "thumbprintSha1": "<thumpprint>",
      "checksum": "<checksum>",
      "verifyHostname": false,
      "trustAnchor": true,
      "trustedFor": [],
      "revocationCheckPolicyType": "USE_DEFAULT",
      "notBefore": "2025-07-14T08:41:22-07:00",
      "notAfter": "2029-07-20T08:41:22-07:00",
      "certBase64": "<Base64 Value>"
    }
  ],
  "properties": {
    "meta": {
      "id": "90fe28fd-31cb-499b-b649-2e46d0791e10",
      "name": "Gateway Graphman Bundle - 2025-09-15T06:18:17.535-07:00",
      "author": "admin",
      "hostname": "<gateway_source_hostname>",
      "timestamp": "2025-09-15T06:18:17.535-07:00"
    },
    "defaultAction": "NEW_OR_UPDATE"
  }
}

Procedure to Import: Example of creating bundle of a specific certitifcate: (NOTE: [WARN] message can be ignored)

# graphman.sh import --gateway <destination_gateway> --using install-bundle --input cert-output-file.json
[info] inspecting trustedCerts
[info] inspecting properties
[warn] found unknown entity type: properties
{
  "data": {
    "setTrustedCerts": {
      "detailedStatus": [
        {
          "action": "NEW_OR_UPDATE",
          "status": "CREATED",
          "source": [
            {
              "name": "thumbprintSha1",
              "value": "vbynJc2sVtMdz6FmUN6vdCBeFAo="
            }
          ],
          "target": [
            {
              "name": "goid",
              "value": "03967c2ced5a4de04add32c116b29ffe"
            }
          ]
        }
      ]
    }
  }
}

 

 

Powered by Wolken Software