Certificate Generate Request REST Service
Use the Certificate Generate Request REST Service to create a
PKCS #10
certificate request file. This service creates certificate request file,
such as SKLM_HOME/080419154137–sslcert001.csr. You must manually send the
request to a certificate authority.
When the certificate authority returns a certificate in response to this request, copy the certificate to a file. Use the Certificate Import REST Service to load the response file. You must specify the same alias name that was used with the Certificate Generate Request REST Service to generate the request.
After you generate the certificate request, the certificate activation date and creation date are identical. This certificate is available to the key server and drive.
- Operation
POST
- URL
- https://host:port/SKLM/rest/v1/certificates
By default, Guardium Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager installation, you can modify this default port.
Request
Parameter | Description |
---|---|
host | Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server. |
port | Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests. |
Header name | Value |
---|---|
Content-Type | application/json |
Accept | application/json |
Authorization | SKLMAuth userAuthId=<authIdValue> |
Accept-Language | Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de. |
JSON object with the following specification:
Property name | Description |
---|---|
type | Required. Specify a value such as certreq to create a certificate generate request. |
algorithm | Required. Specify the algorithm with the following
values:
|
alias | Required. Specify a unique name for the certificate. Retain a record of the alias value of the certificate request, for use when you import the returned certificate. |
cn | Required. Specify the common name. |
country | Specify a country as a two-letter country code. |
fileName | Required. Specify the name of the certificate request file, which is created on the IBM Security Guardium Key Lifecycle Manager server, relative to the SKLM_HOME directory. SKLM_HOME is the base directory that contains the IBM Security Guardium Key Lifecycle Manager code and configuration. |
locality | Specify a locality, such as city. |
o | Specify the organization name. For example: o=myCompanyName |
ou | Specify the organizational unit name. For example: ou=marketing |
state | Specify the full name of a state or province. |
usage | Specify the target application usage, such as SSLSERVER , with
the following values:
|
validity | Required. Specify a time interval in days during which the certificate is valid. The interval can range between 1 day and 9000 days. |
Response
Header name | Value and description |
---|---|
Status Code |
|
Content-Type | application/json |
Content-Language | Locale for the response message. |
JSON object with the following specification:
JSON property name | Description |
---|---|
code | Returns the code that is specified by the status property. |
status | Returns the status to indicate whether the creation of certificate generate request was successful. |
JSON object with the following specification.
JSON property name | Description |
---|---|
code | Returns the application error code. |
message | Returns a message that describes the error. |
Examples
- Service request to create certificate generation request
POST https://localhost:port/SKLM/rest/v1/certificates Content-Type: application/json Accept: application/json Authorization: SKLMAuth userAuthId=139aeh34567m {"type":"certreq","alias":"sklmCert","cn":"sklm","ou":"sales","o": "myCompanyName","usage":"3592","country":"US","validity":"999","fileName": "myCertRequest1.crt","algorithm":"ECDSA"}
- Success response
-
Status Code: 200 OK {"code":"0","status":"Succeeded"}
- Service request to create a certificate request with an invalid parameter
-
POST https://localhost:port/SKLM/rest/v1/certificates Content-Type: application/json Accept: application/json Authorization: SKLMAuth userAuthId=139aeh34567m {"type":"certreq","alias":"sklmCert","cn":"sklm","ou":"sales","o": "myCompanyName","usage":"DS8000","country":"US","validity":"999","fileName": "myCertRequest2.crt","algorithm":"DSA"}
- Error response
-
Status Code: 400 Bad Request { "code": "CTGKM0525E", "message": "CTGKM0525E Operation fails because the parameter values are incorrect or missing. Specify valid parameter values, and retry the operation., algorithm=DSA" }