Graphman Commands and Documentation to Create, Export, and Import Certificate Bundles from PRIVATE Key Store
search cancel

Graphman Commands and Documentation to Create, Export, and Import Certificate Bundles from PRIVATE Key Store

book

Article ID: 410282

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We would like to request your assistance in providing Graphman commands and detailed documentation related to certificate management for Layer7 API Gateway.

Specifically, we are looking for a clear procedure to: Create a Graphman bundle that includes a specific certificate from Private Key Store

 

 

Environment

Gateway 11.1.x

Resolution

There is no specific documentation for the exact call requested 

Further info on github:

https://github.com/Layer7-Community/graphman-client/wiki/Getting-Started

What it is:

Graphman service can be introspected about it's GraphQL schema. This way, one can get to know about Graphman GraphQL query methods. More precisely,

  • introspection of GraphQL schema using known clients (ex: postman, others)
  • describe command from the graphman client itself
  • (to list all the available methods using client: graphman describe)

Because of which, query methods are not documented in the techdocs comprehensively

Find all in-built queries:

graphman.sh describe

[info] available queries:

.

[info] available mutations:

.

[info] available in-built queries:

.

 

Specific queries for private keys:

graphman.sh describe --query key*

[info] query key*

[info] 3 matches found

         keyByAlias

         keyByGoid

         keys

Review how the object is constructed: 

graphman.sh describe --query keyByAlias

[info] query keyByAlias

query keyByAlias($alias: String!) {

  keyByAlias(alias: $alias) {

    goid

    keystoreId

    alias

    checksum

    keyType

    usageTypes

    subjectDn

    p12

    certChain

  }

}

Export private key

graphman.sh export --gateway <source_gateway> --using keyByAlias --variables.alias "private_key1" --output private_key.json

[info] exporting from <source_gateway> gateway

[info] writing to file private_key.json

{

  "keys": [

    {

      "goid": "00000000000000000000000000000002:private_key1",

      "keystoreId": "00000000000000000000000000000002",

      "alias": "private_key1",

      "checksum": "b940ebc3d02deaf9b10272d67cf2c67df69bf195",

      "keyType": "RSA",

      "subjectDn": "CN=private_key1",

      "p12": "<Private_key-P12>",

      "certChain": [

        "-----BEGIN CERTIFICATE-----<Certificate Chain>-----END CERTIFICATE-----\n"

      ]

    }

  ],

  "properties": {

    "meta": {

      "id": "0e6e7fae-8d89-4ebd-8b62-a13cb277f191",

      "name": "Gateway Graphman Bundle - 2025-09-15T06:46:02.271-07:00",

      "author": "admin",

      "hostname": "<souce_gateway-hostname>",

      "timestamp": "2025-09-15T06:46:02.271-07:00"

    },

    "defaultAction": "NEW_OR_UPDATE"

  }

}

Import private key: (NOTE: [WARN] message can be ignored)

graphman.sh import --gateway <destination_gateway> --using install-bundle --input private_key.json

[info] inspecting keys

[info] inspecting properties

[warn] found unknown entity type: properties

{

  "data": {

    "setKeys": {

      "detailedStatus": [

        {

          "action": "NEW_OR_UPDATE",

          "status": "CREATED",

          "source": [

            {

              "name": "alias",

              "value": "private_key1"

            },

            {

              "name": "keystoreId",

              "value": "00000000000000000000000000000002"

            }

          ],

          "target": [

            {

              "name": "goid",

              "value": "00000000000000000000000000000002:private_key1"

            }

          ]

        }

      ]

    }

  }

}  "data": {}

}

Powered by Wolken Software