Upload key pair REST API
Use this REST API to upload an existing key pair for encrypting your backup data. You must specify the valid X509 certificate, a valid PKCS8 private key and a valid password.
If you prefer to have the encryption keys generated for you, use the Generate Key Pair REST API.
You can use optional parameters to modify the response from the REST API call. For more information, see the Related information section.
To use this REST API, you must have all of the following
user roles and permissions:
- Workload resources administration with Manage workload resources (Full permission)
- Cloud group administration with Manage all cloud groups (Full permission)
- Hardware administration with Manage hardware resources (Full permission)
- Security administration with Manage security (Full permission)
Upload the key pair
| Parameter | Description | |
|---|---|---|
| URI | /admin/resources/uploadKeypair | |
| Method | PUT | |
| Returns | 200 | The key pair was uploaded successfully. |
| 400 | Either the private key or certificate does not exist or is not valid, or the password was not specified or is not valid, or the private key and certificate do not match. | |
| 500 | Platform System Manager encountered an internal error while processing the request. | |
Request body
This REST API call uses a multi-part HTTP POST format to pass in the following information:
- File certificate (certificate)
- File private key (privatekey
- String password (privatekeypassphrase)
- String backup location ID (backup_location)
The POST input is similar to the following
example:
CONTENT_TYPE: multipart/form-data; boundary=----------bound@ry_$
BODY: ------------bound@ry_$
Content-Disposition: form-data; name="privatekeypassphrase"
passw0rd
------------bound@ry_$
Content-Disposition: form-data; name="backup_location"
f78c77ae-b98a-4d9f-9cc5-eea5f31da255
------------bound@ry_$
Content-Disposition: form-data; name="privatekey";
filename="/home/ibmadmin/Desktop/cet_key_encryption_backup/backupPrivateKey"
Content-Type: application/octet-stream
-----BEGIN RSA PRIVATE KEY-----
(Private Key information here)
-----END RSA PRIVATE KEY-----
------------bound@ry_$
Content-Disposition: form-data; name="certificate"; filename="/home/ibmadmin/Desktop/cet_key_encryption_backup/backupCertificate"
Content-Type: application/octet-stream
-----BEGIN CERTIFICATE-----
(Certificate information here)
-----END CERTIFICATE-----
------------bound@ry_$--The REST API performs the following general tasks:
- Verifies that the private key and certificate files exist.
- Verifies that a password was specified.
- Verifies that the backup location is not busy before modifying key settings.
- Verifies that the certificate is a valid X509 certificate.
- Verifies that a valid PKCS8 private key is selected and the password is entered correctly.
- Verifies that the private key and certificate match.
- Uploads the key pair and certificate.