Certificate Import REST Service

Use the Certificate Import REST Service to import a certificate file. You must use the Certificate Export REST Service to export the certificates. You can then import this certificate from the exported file.

Operation
POST
URL
https://host:port/SKLM/rest/v1/certificates/import

By default, Guardium® Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM® Security Guardium Key Lifecycle Manager installation, you can modify this default port.

Request

Request Parameters
Parameter Description
host Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server.
port Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests.
Request Headers
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de.
Request body

JSON object with the following specification:

Property name Description
fileName

Specify the file name to import certificate data.

The imported file is stored in IBM Security Guardium Key Lifecycle Manager in a keystore location relative to the SKLM_HOME directory.

alias

Specify a unique name for the certificate.

usage

Specify the target application usage, such as SSLSERVER.

You can specify the following values:

3592
Specifies the 3592 device group.
DS8000®
Specifies the DS8000 device group.
GPFS
Specifies the IBM Spectrum® Scale (previously known as GPFS) device group.
PEER_TO_PEER
Specifies the PEER_TO_PEER device group.
GENERIC
Specifies a device family that uses the Key Management Interoperability Protocol to interact with IBM Security Guardium Key Lifecycle Manager. The GENERIC device group enables management of KMIP objects.

Do not use the REST interface to add a device to the GENERIC device group, or to change a GENERIC device group attribute.

SSLCLIENT
Client-side certificate that is used in secure communication by using Transport Layer Security protocol to authenticate the client device.
SSLSERVER
Server-side certificate that is used in secure communication by using Transport Layer Security protocol.
SYSLOG
Syslog server-side certificate that is used in secure communication by using Transport Layer Security protocol to authenticate the syslog server.
userdevicegroup
Specifies a user-defined group that is based on a supported device family.
format Specify any of the following formats for file content:
  • base64
  • DER
  • PEM
deviceRole Specify the device role. Specify any of the following values:
  • owner
  • partner
trusted Specify whether the certificate is trusted or not by the server. You can specify the following possible values:
1
It indicates that the certificate must be trusted.
0
It indicates that the certificate is not trusted.
deviceGroup When the usage parameter is set to SSLCLIENT, specify the device group name for which this certificate will be used as the communication certificate.

You can specify the following possible values:

3592
Specifies the 3592 device group.
DS8000
Specifies the DS8000 device group.
GPFS
Specifies the IBM Spectrum Scale (previously known as GPFS) device group.
PEER_TO_PEER
Specifies the PEER_TO_PEER device group.
GENERIC
Specifies a device family that uses the Key Management Interoperability Protocol to interact with IBM Security Guardium Key Lifecycle Manager. The GENERIC device group enables management of KMIP objects.
userdevicegroup
Specifies a user-defined group that is based on a supported device family.

Response

Response Headers
Header name Value and description
Status Code
200 OK
The request was successful. The response body contains the requested representation.
400 Bad Request
The authentication information was not provided in the correct format.
401 Unauthorized
The authentication credentials were missing or incorrect.
404 Not Found Error
The processing of the request fails.
500 Internal Server Error
The processing of the request fails because of an unexpected condition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Success response body

JSON object with the following specification:

JSON property name Description
code Returns a 0 (zero) to indicate the completion of the certificate import task
status Returns the status with an appropriate message to indicate whether the certificate is imported.
Error Response Body

JSON object with the following specification.

JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.

Examples

Service request to import a certificate
POST https://localhost:port/SKLM/rest/v1/certificates/import
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"fileName":"/mycertfilenam.base64","alias":"newsklmCert","format":"base64",
"usage":"3592"}
Success response
 Status Code: 200 OK
{"code":"0","status":"Succeeded"}
Service request with unsupported certificate format
POST https://localhost:port/SKLM/rest/v1/certificates/import
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"fileName":"/mycertfilenam.base64","alias":"newsklmCert","format":"ABC",
"usage":"3592"}
Error response
Status Code: 400 Bad Request
{"code":"CTGKM0521E","message":"CTGKM0521E Unsupported certificate 
format: ABC"}