Upload and Assign Client Certificate to a Client REST Service

Use the Upload and Assign Client Certificate to a Client REST Service to upload and assign a certificate to a client.

Operation
PUT
URL
https://host:port/SKLM/rest/v1/clients/{clientName}/assignCertificate

By default, Guardium® Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM® Security Guardium Key Lifecycle Manager installation, you can modify this default port.

Request

Request Parameters
Parameter Description
host Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server.
port Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests.
Request Headers
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de.
Path parameters

JSON object with the following specification:

Property name Description
clientName

Specify the name of the client.

Request body

JSON object with the following specification:

Property name Description
fileName Required if the certText parameter is not specified. Select the certificate file that you want to upload from your machine.
certText Required if the fileName parameter is not specified. Enter the certificate text. Ensure that the text includes the START CERTIFICATE and END CERTIFICATE statements.
format Specify the format for the certificate.
You can specify any of the following formats:
  • base64
  • DER
  • PEM

Where, DER stands for Distinguished Encoding Rules and PEM is Privacy Enhanced Mail. The default values is base64.

alias

Specify the alias of the certificate that you want to assign to the client.

Response

Response Headers
Header name Value and description
Status Code
200 OK
The request was successful. The response body contains the requested representation.
400 Bad Request
The authentication information was not provided in the correct format.
401 Unauthorized
The authentication credentials were missing or incorrect.
404 Not Found Error
The processing of the request fails.
500 Internal Server Error
The processing of the request fails because of an unexpected condition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Success response body

JSON object with the following specification:

JSON property name Description
messageId Returns the message identifier.
message Returns the message to indicate the operation is successful.
Error response body

JSON object with the following specification.

JSON property name Description
messageId Returns the message identifier.
error Returns a message that describes the error.

Example

Assign a certificate to a client
PUT https://localhost:port/SKLM/rest/v1/clients/client_rest/assignCertificate
{
"certUseOption":"IMPORT_CERT",
"certAlias":"testcert",
"importPath":"/opt/IBM/WebSphere/Liberty/products/sklm/data/clientsslcert.cer"
}
Success response
{
    "message": "CTGKM3409I Successfully assigned certificate to client.",
    "messageId": "CTGKM3409I"
}
Error response
{
    "messageId": "CTGKM0543E",
    "error": "CTGKM0543E An error occurred importing certificate: /opt/IBM/WebSphere/Liberty/products/sklm/data/clientsslcer.cer (No such file or directory)"
}