/policyengine/v1/tlscert: GET
Gets a CA-certified TLS certificate.
The IBM Spectrum® Discover uses TLS protocol for encrypting the communication in-flight between the IBM Spectrum Discover nodes (the Kafka topics) and the applications. It uses TLS client certificates to securely authenticate the applications. The certificates that are provided by the IBM Spectrum Discover admin upon registration are used by applications to authenticate to the Kafka brokers in IBM Spectrum Discover.
The following table shows which roles can access this REST API endpoint:
Data admin | CollectionAdmin | Data user | Admin | Service user |
---|---|---|---|---|
✓ | X | ✓ | Χ | Χ |
Synopsis of the request URL
curl -k -H "Authorization: Bearer <token>" https://<spectrum_discover_host>/policyengine/v1/
tlscert
Supported request types and response formats
Supported request types:
- GET
- JSON
Examples
The following example shows how to get a CA-certified TLS certificate.
Request:
curl -k -H "Authorization: Bearer <token>" https://<spectrum_discover_host>/policyengine/v1/
tlscert
Response:
-----BEGIN CERTIFICATE-----
Samplej1CAmoCCQDoQCvwi/bLdzANBgkqhkiG9w0BQsFADCBmDELMAkGA1UEBhMCR0IxDjAMBgNV
BAgMBUhBTlRTMRAwDgYDVQQHDAdIdXJzbGV5MQwwCgYDVQQKDANJQk0xGTAXBgNVBAsMEHNwZWN0
cnVtZGlzY292ZXIxGTAXBgNVBAMMEHNwZWN0cnVtZGlzY292ZXIxIzAhBgkqhkiG9w0BCQEWFG1s
YXdyZW5jZUB1ay5pYm0uY29tMB4XDTE4MTAxNTIyNTEzOVoXDTE5MTAxNTIyNTEzOVowbTELMAkG
A1UEBhMCR0IxDjAMBgNVBAgTBUhhbnRzMRAwDgYDVQQHEwdIdXJzbGV5MQwwCgYDVQQKEwNJQk0x
CzAJBgNVBAsTAklEMSEw4wYDVQQDExh0aG9yLnR1Yy5zdGdsYWJzLmlibS5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJFq8t8rk2fZf86TQWTE6R0VhFxmn9daqWyTQGz56zqGnX
UxyF1wnIZQp7EGS3rBgHemV48X7xgxbshNVf1cr0jANvgElB66JOaESJUz1m/s3B728qpYHO4Wom
2ii17hF3VdQhAvd72hd2kpJ3XVtp95yktLJ40Cr6x/4Kgsm8iKIiYYN3LbqqtfNB5CyKV9qNzTGb
ERPeSujS4HjUbaXQ+xeex6PhT6MDHsuSCnT6p6W+WoAw1C+W8eKpDIRiQFBPxzFM1buvJutQ+H8u
5ipXKgi6ki5qYeKr5pdZKI/tHgAhZnuQOAbnGjumqRr1Ddx/0y4Ay5ZPcyRYeZJaUtJXAgMBAAEw
DQYJKoZIhvcNAQELBQADggEBAIo8Su+9I3wnbypy+c9Gee9p0zIv5ksJTC9KmUziVF4dr8J8t5Mx
cA42yB2Q8hL5OyGgIyYm3Kq+tbaq1jUgqdcOzKKxMIKnS5ut6uifoL3oEq4Gx6Qsjo+RLduEAqZC
LrCVM5Nm8i9mY5g4NIK/o3G2Mud5MKeHc/XnMw4ZNzqfsEIkiG1DAgLHVJVokdo4gtoB7pN9bdtA
Qdm7nH/N5vJL7HNTtupcyHQqTIot+WCJ1YqiKqZVnMqqjFm4zMAbzrNzMqIFdSNkJn9IU+6LJn7v
CrOu6Whgkh+37Plc2mnViWRmD2+gsHcPOUhhsJMltB+RghqEjStF4TW4v29E36E=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: kafka_client
localKeyID: 54 69 6D 65 20 31 35 33 39 36 34 33 39 31 31 37 39 31
1.3.18.0.2.28.24: IBM_SDK_JAVA_8_PKCS12
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
SampleIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCJFq8t8rk2fZf8
6TQWTE6R0VhFxmn9daqWyTQGz56zqGnXUxyF1wnIZQp7EGS3rBgHemV48X7xgxbs
hNVf1cr0jANvgElB66JOaESJUz1m/s3B728qpYHO4Wom2ii17hF3VdQhAvd72hd2
kpJ3XVtp95yktLJ40Cr6x/4Kgsm8iKIiYYN3LbqqtfNB5CyKV9qNzTGbERPeSujS
4HjUbaXQ+xeex6PhT6MDHsuSCnT6p6W+WoAw1C+W8eKpDIRiQFBPxzFM1buvJutQ
+H8u5ipXKgi6ki5qYeKr5pdZKI/tHgAhZnuQOAbnGjumqRr1Ddx/0y4Ay5ZPcyRY
eZJaUtJXAgMBAAECggEAGXLSlk8GvuzVuCd6eeE0fLFGF73bkyeywUccl18XcPaE
n2pYUyg2MrM/HNVQPSB/XXQFPkxmamMRcFrAWYgQoxES2jIQZ2JcwP1uK6f+MA6B
F81g76PF0yfZUtkQ0aUeLO8L8Azi8GTuEh7nfa0g+Sz0MUcyEmdicyeJK15YIN1e
3Z0bl6kment4xvcLjPa2iFa1UJZ8gMNT6aS+NBaexjNlDW+NlftplRH6z0iqUObd
MeNvi7kiqOpre/QiPUzJSmmPsDSwCCtob9oAHa9JrfLH19VnBQGqee4T/KPQEiE8
q5M5IV187I2SHj0DEOl7YEwfdaQN2ZQ+gC7yZiuo8QKBgQC8xNvOqpiz4OVuauFK
2FLITKuvCSIEjaeVQAEDlTh6/XIjOl6yQOhkQ5Shq2XUu+U5A7R/HR8EFPjRdS6o
jVcftO16DNzUNVkXE/cSfwdudKKfXunC4O/KLMH7aTp/R8UvuLDYx2rgL7SKnBWL
XL8LK1YguJpjFb1n9Ey4VIGf6wKBgQC56dUi6wkifNfQqr36e6QehV2n9LXYEudS
H1ZOzmdl5UqEWIeEjaeZ+iwxB1qQzysrxuG76GNvDWBKxC6y7/3iDMwe0yJErMe2
y3PPl5mPdbBSc35cFVH0OnMObx0O9rX461eP6wuOdC2JZtgMClhoKl9YaGWl6dTg
ct/TI7IoRQKBgAu50smgsUGjO71DKGGE1Ieas6N41sMfpYRQ6H83er2xFrD3hEBg
Zc8sn4P3aKjxTwjeoQywW2fegaJJPC++L+ZJT+Mf/2uzMKiNVfCxMV38IsnxlGXF
oT+Wzin23Gpho+8V8u5UXOA2NmnRzkjM5xUjiQMZVIXJKO3XMBjXLwInAoGAcRxM
OYdoMlxkbadEGJ6a9prLpYEkFcdCh9tbBm1byUncsXKvWL1aiDsGIfpIZqw0ptjE
xC+aN5mayUJc6y9Kdvq0QdjRE5lPlO5pkpa4rei7kx6DdYDfMMlS8Sg3NMBzbHO6
/WvSxyP2BI/WyFSO/ykwgzhZB72hb8FUXkBsh0UCgYAikQFEAJmgCDPWO1a4Ts3C
pUEH8ZlPDj77aL/otxdr+UiEOBzmWknlb0Nq+KtEHbq3bk0wQ9aC7lnUT+HgJJ2z
th/mxilgYeWF2CH5DvtZRNIDR0ihuMQe4dDcFyA/cGxrGwYUXX+XTnLT8krGZ1Nv
O6I9o1BVn8DVCy1LaI7e0Q==
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
SampleCCA62gAwIBAgIJAIBi92yKX7vIMA0GCSqGSIb3DQEBCwUAMIGYMQswCQYD
VQQGEwJHQjEOMAwGA1UECAwFSEFOVFMxEDAOBgNVBAcMB0h1cnNsZXkxDDAKBgNV
BAoMA0lCTTEZMBcGA1UECwwQc3BlY3RydW1kaXNjb3ZlcjEZMBcGA1UEAwwQc3Bl
Y3RydW1kaXNjb3ZlcjEjMCEGCSqGSIb3DQEJARYUbWxhd3JlbmNlQHVrLmlibS5j
b20wHhcNMTgxMDE1MjI0OTM4WhcNMzgxMDEwMjI0OTM4WjCBmDELMAkGA1UEBhMC
R0IxDjAMBgNVBAgMBUhBTlRTMRAwDgYDVQQHDAdIdXJzbGV5MQwwCgYDVQQKDANJ
Qk0xGTAXBgNVBAsMEHNwZWN0cnVtZGlzY292ZXIxGTAXBgNVBAMMEHNwZWN0cnVt
ZGlzY292ZXIxIzAhBgkqhkiG9w0BCQEWFG1sYXdyZW5jZUB1ay5pYm0uY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPPx8WO7TxpKbmMmOWd5MwPf
4CenKrgpYmeU+gQbgFIINEPMa9jG2lUetxk36rN4GxUlsvJpYaFIDDyG8or2KrZo
Q7yBagYmVbN6dhrKwH8YlBS0sJnockM8w8kGYc6ENT9dNH9/jaaBZXX9dIlgdjQE
oSOuu1CJgu+vGK2cwFqp/LSmtJDKdgM8/aSa8YTyEUg7HNz+fv2m7DkGyjvTkRem
sXzZCXIzFbvN4boJ7QnZgVDjvunYrTCMJiOautIFaYv00mzhPxXf+dzbkffcR4Hu
qZbPGyAbN+ydwt+8QSJfuDaEQAhHkSKVnCxiwMhaAawOE8/DyPRzzZnHk6AV8wID
AQABo4IBDjCCAQowHQYDVR0OBBYEFJz0+e8N+mU+diD3emP9E5/MAwdxMIHNBgNV
HSMEgcUwgcKAFJz0+e8N+mU+diD3emP9E5/MAwdxoYGepIGbMIGYMQswCQYDVQQG
EwJHQjEOMAwGA1UECAwFSEFOVFMxEDAOBgNVBAcMB0h1cnNsZXkxDDAKBgNVBAoM
A0lCTTEZMBcGA1UECwwQc3BlY3RydW1kaXNjb3ZlcjEZMBcGA1UEAwwQc3BlY3Ry
dW1kaXNjb3ZlcjEjMCEGCSqGSIb3DQEJARYUbWxhd3JlbmNlQHVrLmlibS5jb22C
CQCAYvdsil+7yDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
AQsFAAOCAQEAkP3buR6yS5CQ634jisvv+vSTCbYauV8ZNaNoudBBl1QiiWR0SPVn
aR+oPtASZ7Ab3uICdo1/Bf9Wo1LzdTEpnfMmYQOG7C2UNj8TDvFIhCUutkMmO5MB
NDIH7Q/XUqSXqrBq+KkrfEl5MqqPLU8yelEF1L0U7MHLBP3h2fz528hnLBL5rjI+
NbM7yJFIA4nsnVoqUZbWZOGiAqZ0uPCFLC6hyD/DzT2rfHgfiS3Y9sLUdRMhHd8o
j6w8+G8J3B5lhqbAueKcNXS6ZCBIPJtiovZtsaT4AnslpB2GRJoWJQvxJzr1OLCm
KfRlkCJTnbPKfI34HxOE/k/wpOJSample==
-----END CERTIFICATE-----
The response contains the client certificate and the client key,
followed by the root certificate. Based on the response output, the organization of the response is
as
follows:
-----BEGIN CERTIFICATE-----
client certificate
-----END CERTIFICATE-----
Bag Attributes
...
Key Attributes:
...
-----BEGIN PRIVATE KEY-----
client key
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
root certificate
-----END CERTIFICATE-----
These certificates and key are required for the secure communication connection to the Kafka brokers in IBM Spectrum Discover.
Note: Before you connect to the Kafka brokers in IBM Spectrum
Discover, the application must complete the additional settings for the
secure connection.