push_insights_trust
This command pushes a trust certificate from Guardium® Insights to Guardium Data Protection S-TAPs.
The certificate must be in PEM format and include the -----BEGIN
CERTIFICATE-----
and -----END CERTIFICATE-----
tags.
The certificate chain that you paste needs to be downloaded (from the browser) from the Guardium Insights cluster that is targeted for S-TAP® migration. The certificate is not stored on the managed unit; but on the S-TAP host (database server).
- If you run this command from a central manager, you must specify the api_target_host parameter to target a managed unit (because central managers don't have S-TAPs). You can also run this command directly from a collector or stand-alone machine.
- When you call this command as a GuardAPI, leave pemData blank, and follow the directions in the CLI to paste the entire certificate.
- You can push certificates only for UNIX S-TAPs.
- You can also add the Guardium Insights certificate from the Guardium Data Protection GUI. For more information, see the Send command under Linux®-UNIX: Configuring S-TAP in the S-TAP Control page.
This API is available in Guardium v11.4 and later.
REST API syntax
PUT
method. Call this API as follows:
PUT https://[Guardium hostname or IP address]:8443/restAPI/push_insights_trust
GuardAPI syntax
push_insights_trust parameter=value
Parameters
Parameter | Value type | Description |
---|---|---|
pemData | String | Required for REST API only. The certificate to send to the S-TAP hosts, in PEM format.
|
stapHost | String | Required. Specify the name of one or more S-TAP hosts, or specify all_unix_active to send the certificate to all active UNIX S-TAP hosts.For valid values, call push_insights_trust from the command line
with --help=true .
|
api_target_host | String |
Specifies the target hosts where the API executes. Valid values:
Note: IP addresses must conform to the IP mode of your network. For dual IP
mode, use the same IP protocol with which the managed unit is registered with the central manager.
For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of
IP mode and can be used with any mode.
|
Examples
The following GuardAPI example runs on a stand-alone machine with a certificate chain that includes two certificates. The pemData parameter is not specified in the command. Follow the directions in the CLI to paste the certificate data in.
vm01.mycompany.com> grdapi push_insights_trust stapHost=9.55.254.111
The response from the CLI is as follows (be sure to paste in the entire certificate):
Please paste your Certificate below in PEM encoded format including tags.
PEM encoded format should include the '-----BEGIN CERTIFICATE-----' and '-----END
CERTIFICATE-----' tags. The Certificate Authority (CA) Root and Intermediate
certificate(s) (if applicable) will also need to be pasted at this time for
validation purposes. Please ensure that all certificates are in PEM format and
include the aforementioned tags. When pasting multiple certificates, please make
sure that each certificate is pasted on a new line in the following order:
-----BEGIN CERTIFICATE-----
(End-Entity certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate certificate(s) - if applicable)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root certificate)
-----END CERTIFICATE-----
Once done pasting your certificate(s), press ENTER followed by CTRL-D to continue.
-----BEGIN CERTIFICATE-----
MIIDbzCCAlegAwIBAgIQX+U115HoAr3cToMpY
...
0lzSjANBgkqhkf+9tfN60rPSFmUp0CDTrew==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDMTCCAhmgAwIBAgIQC0/HN2U7x2OFsn4Df
...
rBXQ+JoCyEQhZK0cIhhTKG1uI7zK0Q=
-----END CERTIFICATE-----
ID=0
Insights data sent to active synchronized S-TAP hosts:
9.55.254.111
ok
The following REST API example includes the pemData parameter.
curl -k --header "Authorization:Bearer hV59gjW71nwY4dAWpNdLi7890" -i -H "Content-Type: application/json" -d '{stapHost:"dev-db01",pemData:"-----BEGIN CERTIFICATE-----\n
MIICyjDDAbICGGKT3Xa83UY2dPfGpXb7CoR4n7tRMA0GCSqGSIb3DQEBCwUAMDMx\n
. . .
tla+CH8jyicLx+J9FQri7K1YSiBXznlug61Hlc0AA1TrZOPvzIsPiPeV+iSalF7w\n
ojuBlgMxSOfbYVn6Rxcye+u7dJbO7TcUSFqtimmx55vmfc3/VwGXJcAqG6Jh7w==\n
-----END CERTIFICATE-----"}' -X PUT https://vm04.mycompany.com:8443/restAPI/push_insights_trust