Update System Certificate REST Service

Use the Update System Certificate REST Service to update the usage type of a certificate.

Operation
PUT
URL
https://host:port/SKLM/rest/v1/system/certificates

By default, Guardium Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager installation, you can modify this default port.

Request

Request Parameters
Parameter Description
host Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server.
port Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests.
Request Headers
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de.
Request body

JSON object with the following specification:

JSON property name Description
alias Specify the alias of the certificate that you want to update.
addUsageSubtype Specify the usage type that you want to add to this certificate. You can specify multiple usage types in comma-separated format.
EKMF_PUBLIC_CERT
Use this certificate for secure communication between EKMF Web and IBM Security Guardium Key Lifecycle Manager.
OIDC_PUBLIC_CERT
Use this certificate for secure communication between OIDC server and IBM Security Guardium Key Lifecycle Manager.
LDAP_PUBLIC_CERT
Use this certificate for secure communication between the LDAP server and IBM Security Guardium Key Lifecycle Manager.
NOTIFICATION_PUBLIC_CERT
Use this certificate for secure communication between the notification email server and IBM Security Guardium Key Lifecycle Manager.
SYSLOG_PUBLIC_CERT
Use this certificate for secure communication between the syslog server and IBM Security Guardium Key Lifecycle Manager.
AGENT_PUBLIC_CERT
Use this certificate for secure communication between the agent and IBM Security Guardium Key Lifecycle Manager.
For a public-private key pair certificate (server certificate), specify any of the following certificate usage types:
SERVERGUI_TLS
Use the certificate to access GUI, Swagger UI, REST APIs, and for REST-based key serving.
KEYSERVING_TLS
Use the certificate for key serving over IPP and KMIP.
EKMF_TLS
Use the certificate for establishing secure communication between IBM Security Guardium Key Lifecycle Manager and EKMF Web.
removeUsageSubtype Specify the usage type that you want to add to this certificate. You can specify multiple usage types in comma-separated format.
EKMF_PUBLIC_CERT
Use this certificate for secure communication between EKMF Web and IBM Security Guardium Key Lifecycle Manager.
OIDC_PUBLIC_CERT
Use this certificate for secure communication between OIDC server and IBM Security Guardium Key Lifecycle Manager.
LDAP_PUBLIC_CERT
Use this certificate for secure communication between the LDAP server and IBM Security Guardium Key Lifecycle Manager.
NOTIFICATION_PUBLIC_CERT
Use this certificate for secure communication between the notification email server and IBM Security Guardium Key Lifecycle Manager.
SYSLOG_PUBLIC_CERT
Use this certificate for secure communication between the syslog server and IBM Security Guardium Key Lifecycle Manager.
AGENT_PUBLIC_CERT
Use this certificate for secure communication between the agent and IBM Security Guardium Key Lifecycle Manager.
For a public-private key pair certificate (server certificate), specify any of the following certificate usage types:
SERVERGUI_TLS
Use the certificate to access GUI, Swagger UI, REST APIs, and for REST-based key serving.
KEYSERVING_TLS
Use the certificate for key serving over IPP and KMIP.
EKMF_TLS
Use the certificate for establishing secure communication between IBM Security Guardium Key Lifecycle Manager and EKMF Web.

Response

Response Headers
Header name Value and description
Status Code
200 OK
The request was successful. The response body contains the requested representation.
400 Bad Request
The authentication information was not provided in the correct format.
401 Unauthorized
The authentication credentials were missing or incorrect.
404 Not Found Error
The processing of the request fails.
500 Internal Server Error
The processing of the request fails because of an unexpected condition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Success response body

JSON object with the following specification:

JSON property name Description
code Returns the code that is specified by the status property.
status Returns the status to indicate whether the usage type is updated successfully.
Error Response Body

JSON object with the following specification.

JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.

Examples

Service request to update the usage type of a certificate
PUT https://localhost:port/SKLM/rest/v1/system/certificates
{
  "alias": "server_cert",
  "addUsageSubtype": "EKMF_TLS, SERVERGUI_TLS",
  "removeUsageSubtype": "KEYSERVING_TLS"
}
Success response
{
  "code": "0",
  "status": "Succeeded"
}
Invalid service request where the usage type is incorrect
PUT https://localhost:port/SKLM/rest/v1/system/certificates?usageSubtype=SERVERGUI_TLS
{
  "alias": "server_cert2",
  "addUsageSubtype": "EKMF TLS"
}
Error response
{
  "code": "CTGKM0633E",
  "message": "CTGKM0633E Validation error: usageSubtype is invalid for parameter EKMF TLS . Specify one of these valid values: EKMF_PUBLIC_CERT, OIDC_PUBLIC_CERT, DB_PUBLIC_CERT, LDAP_PUBLIC_CERT, NOTIFICATION_PUBLIC_CERT, SYSLOG_PUBLIC_CERT, AGENT_PUBLIC_CERT, TRUST, SERVERGUI_TLS, KEYSERVING_TLS, EKMF_TLS "
}