Create Certificate REST Service
Use the Create Certificate REST Service to create a certificate and a public and private key pair. The newly created certificate is stored in an existing keystore.
- Operation
POST
- URL
- https://host:port/SKLM/rest/v1/certificates
By default, Guardium Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager installation, you can modify this default port.
Request
Parameter | Description |
---|---|
host | Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server. |
port | Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests. |
Header name | Value |
---|---|
Content-Type | application/json |
Accept | application/json |
Authorization | SKLMAuth userAuthId=<authIdValue> |
Accept-Language | Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de. |
JSON Object with the following specification:
JSON property name | Description |
---|---|
type |
Specify the certificate type. The supported certificate type is
The subject name and issuer name of the certificate are same. |
alias | Specify a unique name for the certificate. The name
is not case-sensitive. For example, if you specify
|
cn |
Specify a common name for the certificate that you want to create. |
usage |
Specify the target application usage with the following values:
|
algorithm |
Specify any of the following cryptographic algorithms that the certificate can use.
|
san |
Specify the subject alternative name (SAN) containing the DNS names and IP addresses secured by this certificate, RFC822 email address, and URI. Each attribute and its value must be in a new line. The syntax for each line is:
Note: Do not use the
* special character. For example, you cannot specify,
DNSName : *.example.com . Instead of using the * character, you can
specify multiple hostnames in separate lines.The following list shows the supported attributes:
For example,
|
ou | Specify the organizational unit name. |
o | Specify the organizational name. |
country | Specify the country name. Indicate the name as a two-letter country code. |
validity |
Specify the days during which the certificate is valid. The interval can
range from |
fileName | Required only when you create a certificate signing request. Specify the file name with extension (.csr) for the certificate signing request file. |
Response
Header name | Value and description |
---|---|
Status Code |
|
Content-Type | application/json |
Content-Language | Locale for the response message. |
JSON object with the following specification:
JSON property name | Description |
---|---|
status | Returns the status to indicate the certificate creation. |
JSON object with the following specification.
JSON property name | Description |
---|---|
code | Returns the application error code. |
message | Returns a message that describes the error. |
Examples
- Service request to create a certificate
POST https://localhost:port/SKLM/rest/v1/certificates Content-Type: application/json Accept : application/json Authorization: SKLMAuth userAuthId=139aeh34567m Accept-Language : en {"type":"selfsigned","alias":"sklmCertificate","cn":"sklm","ou":"sales", "o":"myCompanyName","usage":"3592","country":"US","validity":"999", "algorithm": "RSA" }
- Success response
Status Code : 200 OK Content-Language: en {"Status":"Created a key pair and self-signed certificate: sklmCertificate"}
- Service request to create a certificate with SAN
-
POST https://localhost:port/SKLM/rest/v1/certificates Content-Type: application/json Accept : application/json Authorization: SKLMAuth userAuthId=139aeh34567m Accept-Language : en { "type": "self-signed", "alias": "cert2", "cn": "cert2", "usage": "3592", "algorithm": "RSA", "san": [ "DNSName : example.com", "DNSName : another.domain.com", "IPAddressName : 204.146.30.17", "IPAddressName : 1001:0dc8:0:0:0:ff10:143e:57ab", "URIName : http://example.com", "RFC822Name : someone@example.com" ], "ou": "company unit", "o": "company", "country": "US", "validity": "450" }
- Success response
-
{ "status": "CTGKM0503I Created a key pair and self-signed certificate: cert2 " }
- Incorrect usage example
-
OST https://localhost:port/SKLM/rest/v1/certificates Content-Type: application/json Accept : application/json Authorization: SKLMAuth userAuthId=139aeh34567m Accept-Language : en { "type": "self-signed", "alias": "abc", "cn": "abc", "usage": "3592", "algorithm": "RSA", "validity": "450" }
- Error response
Status Code : 500 Internal Server Error Content-Language: en { "code": "CTGKM0519E", "message": "CTGKM0519E Operation fails because the key alias abc already exists. Specify valid alias, and retry the operation." }