List System Certificates REST Service

Use the List System Certificates REST Service to list all the system certificates.

Operation
GET
URL
https://host:port/SKLM/rest/v1/system/certificates

By default, Guardium® Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM® Security Guardium Key Lifecycle Manager installation, you can modify this default port.

Request

Request Parameters
Parameter Description
host Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server.
port Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests.
Request Headers
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de.
Request body

JSON object with the following specification:

JSON property name Description
usageSubtype Specify the certificate type based on the purpose of the certificate. You can specify multiple values in comma-separated format. For example, SERVERGUI_TLS, KEYSERVING_TLS.
Possible values:
  • SERVERGUI_TLS:
  • KEYSERVING_TLS:
  • EKMF_TLS:
  • EKMF_PUBLIC_CERT:
  • OIDC_PUBLIC_CERT:
  • LDAP_PUBLIC_CERT:
  • NOTIFICATION_PUBLIC_CERT:
  • SYSLOG_PUBLIC_CERT:
  • AGENT_PUBLIC_CERT:
offset Specify the page number from which the records are displayed based on the value that you specify for count.
count Specify the number of records to display on the specified page (offset).

Response

Response Headers
Header name Value and description
Status Code
200 OK
The request was successful. The response body contains the requested representation.
400 Bad Request
The authentication information was not provided in the correct format.
401 Unauthorized
The authentication credentials were missing or incorrect.
404 Not Found Error
The processing of the request fails.
500 Internal Server Error
The processing of the request fails because of an unexpected condition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Success response body

JSON object with the following specification:

JSON property name Description
code Returns
Error Response Body

JSON object with the following specification.

JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.

Examples

Service request to list all certificates
PUT https://localhost:port/SKLM/rest/v1/system/certificates
Success response
[
  {
    "row_num": 1,
    "ks_uuid": "CERTIFICATE-a48d698-57462929-d1d0-43d9-9d42-f1dac169d9f9",
    "ks_alias": "default",
    "alias": "default",
    "deviceType": "SSLSERVER",
    "in_use": false,
    "expires": "10/26/2023 04:11:30 AM PDT",
    "status": "1",
    "validity": "366",
    "algorithm": "RSA",
    "cn": "localhost",
    "ou": "gklm42server",
    "org": "ibm",
    "c_alias": null,
    "s_alias": null,
    "co_alias": "us",
    "usageSubtype": "SERVERGUI_TLS",
    "issuerDN": "CN=localhost, OU=gklm42server, O=ibm, C=us",
    "subjectDN": "CN=localhost, OU=gklm42server, O=ibm, C=us",
    "serial_number": "1105016628",
    "activation_date": "10/26/2022 04:11:30 AM PDT",
    "archive_time": "null",
    "compromise_date": "null",
    "creation_date": "10/26/2022 04:12:42 AM PDT",
    "expiration_date": "10/26/2023 04:11:30 AM PDT",
    "destroy_date": "null",
    "description": null,
    "certificate_type": null,
    "certificate_subject_alternate_name": null,
    "cryptographic_algorithm": "RSA",
    "cryptographic_length": "2048",
    "cryptographic_usage_mask": null,
    "operation_policy_name": null,
    "contact_information": null,
    "revocation_reason": null,
    "name": null,
    "cryptographic_params": null,
    "object_group": null,
    "link": null,
    "digest": null,
    "app_specific_info": null,
    "custom_attributes": null,
    "type": "CERTIFICATE",
    "last_changed_date": "10/26/2022 04:12:42 AM PDT",
    "compromise_occurrence_date": null,
    "lease_time": null,
    "digital_signature_algorithm": "SHA256_WITH_RSA_ENCRYPTION",
    "certificate_length": "861",
    "has_private_key": "TRUE"
  },
  {
    "row_num": 2,
    "ks_uuid": "CERTIFICATE-a48d698-b402103a-3513-46d9-9f3e-ce0b44e5b6a6",
    "ks_alias": "tls_cert",
    "alias": "tls_cert",
    "deviceType": "SSLSERVER",
    "in_use": true,
    "expires": "10/25/2025 04:46:33 AM PDT",
    "status": "1",
    "validity": "1096",
    "algorithm": "RSA",
    "cn": "tls_cert",
    "ou": null,
    "org": null,
    "c_alias": null,
    "s_alias": null,
    "co_alias": null,
    "usageSubtype": "KEYSERVING_TLS",
    "issuerDN": "CN=tls_cert",
    "subjectDN": "CN=tls_cert",
    "serial_number": "346128737587700",
    "activation_date": "10/26/2022 04:46:33 AM PDT",
    "archive_time": "null",
    "compromise_date": "null",
    "creation_date": "10/26/2022 04:46:33 AM PDT",
    "expiration_date": "10/25/2025 04:46:33 AM PDT",
    "destroy_date": "null",
    "description": null,
    "certificate_type": "X509",
    "certificate_subject_alternate_name": null,
    "cryptographic_algorithm": "RSA",
    "cryptographic_length": "2048",
    "cryptographic_usage_mask": null,
    "operation_policy_name": null,
    "contact_information": null,
    "revocation_reason": null,
    "name": null,
    "cryptographic_params": null,
    "object_group": null,
    "link": "[[TYPE PUBLIC_KEY] [LINKED_OBJECT_ID KEY-a48d698-4b09bd86-909e-4b92-8de3-767a8e0c2bcc] ]",
    "digest": "[[INDEX 0] [HASH SHA256] [VALUE x81,x92,xd4,x2f,xca,x22,x47,x33,xe2,x57,x37,x5d,xe2,x32,x97,xe4,x8f,x8e,x28,x7a,x67,x96,x0e,x94,xe3,xe7,x62,xf4,xb1,xba,x28,x25] [DIGESTED_KEY_FORMAT RAW]]",
    "app_specific_info": null,
    "custom_attributes": null,
    "type": "CERTIFICATE",
    "last_changed_date": "10/26/2022 04:46:35 AM PDT",
    "compromise_occurrence_date": null,
    "lease_time": null,
    "digital_signature_algorithm": "SHA256_WITH_RSA_ENCRYPTION",
    "certificate_length": "716",
    "has_private_key": "TRUE"
  }
]
Service request to list certificates of a particular subtype
PUT https://localhost:port/SKLM/rest/v1/system/certificates?usageSubtype=SERVERGUI_TLS
Success response
[
  {
    "row_num": 1,
    "ks_uuid": "CERTIFICATE-a48d698-57462929-d1d0-43d9-9d42-f1dac169d9f9",
    "ks_alias": "default",
    "alias": "default",
    "deviceType": "SSLSERVER",
    "in_use": false,
    "expires": "10/26/2023 04:11:30 AM PDT",
    "status": "1",
    "validity": "366",
    "algorithm": "RSA",
    "cn": "localhost",
    "ou": "gklm42server",
    "org": "ibm",
    "c_alias": null,
    "s_alias": null,
    "co_alias": "us",
    "usageSubtype": "SERVERGUI_TLS",
    "issuerDN": "CN=localhost, OU=gklm42server, O=ibm, C=us",
    "subjectDN": "CN=localhost, OU=gklm42server, O=ibm, C=us",
    "serial_number": "1105016628",
    "activation_date": "10/26/2022 04:11:30 AM PDT",
    "archive_time": "null",
    "compromise_date": "null",
    "creation_date": "10/26/2022 04:12:42 AM PDT",
    "expiration_date": "10/26/2023 04:11:30 AM PDT",
    "destroy_date": "null",
    "description": null,
    "certificate_type": null,
    "certificate_subject_alternate_name": null,
    "cryptographic_algorithm": "RSA",
    "cryptographic_length": "2048",
    "cryptographic_usage_mask": null,
    "operation_policy_name": null,
    "contact_information": null,
    "revocation_reason": null,
    "name": null,
    "cryptographic_params": null,
    "object_group": null,
    "link": null,
    "digest": null,
    "app_specific_info": null,
    "custom_attributes": null,
    "type": "CERTIFICATE",
    "last_changed_date": "10/26/2022 04:12:42 AM PDT",
    "compromise_occurrence_date": null,
    "lease_time": null,
    "digital_signature_algorithm": "SHA256_WITH_RSA_ENCRYPTION",
    "certificate_length": "861",
    "has_private_key": "TRUE"
  },
  {
    "row_num": 2,
    "ks_uuid": "CERTIFICATE-a48d698-b402103a-3513-46d9-9f3e-ce0b44e5b6a6",
    "ks_alias": "tls_cert",
    "alias": "tls_cert",
    "deviceType": "SSLSERVER",
    "in_use": true,
    "expires": "10/25/2025 04:46:33 AM PDT",
    "status": "1",
    "validity": "1096",
    "algorithm": "RSA",
    "cn": "tls_cert",
    "ou": null,
    "org": null,
    "c_alias": null,
    "s_alias": null,
    "co_alias": null,
    "usageSubtype": null,
    "issuerDN": "CN=tls_cert",
    "subjectDN": "CN=tls_cert",
    "serial_number": "346128737587700",
    "activation_date": "10/26/2022 04:46:33 AM PDT",
    "archive_time": "null",
    "compromise_date": "null",
    "creation_date": "10/26/2022 04:46:33 AM PDT",
    "expiration_date": "10/25/2025 04:46:33 AM PDT",
    "destroy_date": "null",
    "description": null,
    "certificate_type": "X509",
    "certificate_subject_alternate_name": null,
    "cryptographic_algorithm": "RSA",
    "cryptographic_length": "2048",
    "cryptographic_usage_mask": null,
    "operation_policy_name": null,
    "contact_information": null,
    "revocation_reason": null,
    "name": null,
    "cryptographic_params": null,
    "object_group": null,
    "link": "[[TYPE PUBLIC_KEY] [LINKED_OBJECT_ID KEY-a48d698-4b09bd86-909e-4b92-8de3-767a8e0c2bcc] ]",
    "digest": "[[INDEX 0] [HASH SHA256] [VALUE x81,x92,xd4,x2f,xca,x22,x47,x33,xe2,x57,x37,x5d,xe2,x32,x97,xe4,x8f,x8e,x28,x7a,x67,x96,x0e,x94,xe3,xe7,x62,xf4,xb1,xba,x28,x25] [DIGESTED_KEY_FORMAT RAW]]",
    "app_specific_info": null,
    "custom_attributes": null,
    "type": "CERTIFICATE",
    "last_changed_date": "10/26/2022 04:46:35 AM PDT",
    "compromise_occurrence_date": null,
    "lease_time": null,
    "digital_signature_algorithm": "SHA256_WITH_RSA_ENCRYPTION",
    "certificate_length": "716",
    "has_private_key": "TRUE"
  }
]
Invalid service request
PUT https://localhost:port/SKLM/rest/v1/system/certificates?usageSubtype=SERVER_TLS
Error response
{
  "code": "CTGKM0633E",
  "message": "CTGKM0633E Validation error: usageSubtype is invalid for parameter SERVER_TLS . Specify one of these valid values: SERVERGUI_TLS, KEYSERVING_TLS, EKMF_TLS, DATABASE_TLS, TLS, EKMF_PUBLIC_CERT, OIDC_PUBLIC_CERT, DB_PUBLIC_CERT, LDAP_PUBLIC_CERT, NOTIFICATION_PUBLIC_CERT, SYSLOG_PUBLIC_CERT, AGENT_PUBLIC_CERT "
}