Register Certificate REST Service

Use Register Certificate REST Service to register a certificate with a client.

Operation
POST
URL
https://host:port/SKLM/rest/v1/objects/certificate

By default, Guardium® Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM® Security Guardium Key Lifecycle Manager installation, you can modify this default port.

Request

Request Parameters
Parameter Description
host Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server.
port Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests.
Request Headers
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de.
Request body

JSON object with the following specification:

Property name Description
clientName Required. Specify the name of the client.
publicKeyBlock Required. Specify the following parameters:
publicKeyMaterial
Required. Specify the key material value of the public key in Hex string format. For example, 3082010a0282010100ab7f161c0042496ccd6c6d4dadb919.
publicKeyFormat
Optional. Specify the format value of the public key.

Default value: X509

Other possible value: PKCS1

certificateBlock Required. Specify the following parameters:
certMaterial
Required. Specify the certificate material value in Hex string format. For example, 3082010a0282010100ab7f161c0042496ccd6c6d4dadb919.
certFormat
Optional. Specify the format value of the certificate.

Default value: X509

prefixName Required. Specify the prefix that is used to create the alias.
algorithm Specify the algorithm that is used in the public key.

Default value: RSA

Other possible value: DSA

bitLength Specify the size of the public key.

Default value: 2048

You can specify all other possible values for RSA and DSA algorithms.

certCryptoUsageMask Specify the cryptographic usage for which the certificate is to be used.

Default value: Encrypt

Other possible values: Decrypt, Encrypt_Decrypt, Sign, Sign_Verify, Verify, Wrap, Unwrap, Wrap_Unwrap

publicKeyCryptoUsageMask Specify the cryptographic usage for which the public key is to be used.

Default value: Encrypt

Other possible values: Decrypt, Encrypt_Decrypt, Sign, Sign_Verify, Verify, Wrap, Unwrap, Wrap_Unwrap

Response

Response Headers
Header name Value and description
Status Code
201 Created
The request was successful. The response body contains the requested representation.
400 Bad Request
The authentication information was not provided in the correct format.
401 Unauthorized
The authentication credentials were missing or incorrect.
404 Not Found Error
The processing of the request fails.
500 Internal Server Error
The processing of the request fails because of an unexpected condition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Success response body

JSON object with the following specification:

JSON property name Description
publicKeyId Returns the unique identifier (UUID) of the newly created public key.
certificateId Returns the unique identifier (UUID) of the newly created certificate.
messageId Returns the message identifier.
Error response body

JSON object with the following specification.

JSON property name Description
messageId Returns the message identifier.
error Returns a message that describes the error.

Example

Register a certificate
POST https://localhost:port/SKLM/rest/v1/objects/certificate
{"clientName":"client_rest",
"publicKeyBlock":{"publickKeyFormat":"X509","publicKeyMaterial":
"3082010a0282010100ab7f161c0042496ccd6c6d4dadb919973435357776003acf54b7af1e440afb80b64a8755f8002cfeba6b184540a2d66086d74648346d75b8d71812b205387c0f6583bc4d7dc7ec114f3b176b7957c422e7d03fc6267fa2a6f89b9bee9e60a1d7c2d833e5a5f4bb0b1434f4e795a41100f8aa214900df8b65089f98135b1c67b701675abdbc7d5721aac9d14a7f081fcec80b64e8a0ecc8295353c795328abf70e1b42e7bb8b7f4e8ac8c810cdb66e3d21126eba8da7d0ca34142cb76f91f013da809e9c1b7ae64c54130fbc21d80e9c2cb06c5c8d7cce8946a9ac99b1c2815c3612a29a82d73a1f99374fe30e54951662a6eda29c6fc411335d5dc7426b0f6050203010001"},
"certificateBlock":{"certFormat":"X509","certMaterial":
"30820312308201faa003020102020101300d06092a864886f70d0101050500303b310b3009060355040613025553310d300b060355040a130454455354310e300c060355040b13054f41534953310d300b060355040313044b4d4950301e170d3130313130313233353935395a170d3230313130313233353935395a303b310b3009060355040613025553310d300b060355040a130454455354310e300c060355040b13054f41534953310d300b060355040313044b4d495030820122300d06092a864886f70d01010105000382010f003082010a0282010100ab7f161c0042496ccd6c6d4dadb919973435357776003acf54b7af1e440afb80b64a8755f8002cfeba6b184540a2d66086d74648346d75b8d71812b205387c0f6583bc4d7dc7ec114f3b176b7957c422e7d03fc6267fa2a6f89b9bee9e60a1d7c2d833e5a5f4bb0b1434f4e795a41100f8aa214900df8b65089f98135b1c67b701675abdbc7d5721aac9d14a7f081fcec80b64e8a0ecc8295353c795328abf70e1b42e7bb8b7f4e8ac8c810cdb66e3d21126eba8da7d0ca34142cb76f91f013da809e9c1b7ae64c54130fbc21d80e9c2cb06c5c8d7cce8946a9ac99b1c2815c3612a29a82d73a1f99374fe30e54951662a6eda29c6fc411335d5dc7426b0f6050203010001a321301f301d0603551d0e0416041404e57bd2c431b2e816e180a19823fac858273f6b300d06092a864886f70d01010505000382010100a876adbc6c8e0ff017216e195fea76bff61a567c9a13dc50d13fec12a4273c441547cfabcb5d61d991e966319df72c0d41ba826a45112ff26089a2344f4d71cf7c921b4bdfaef1600d1baaa15336057e014b8b496d4fae9e8a6c1da9aeb6cbc960cbf2fae77f587ec4bb282045338845b88dd9aeea53e482a36e734e4f5f03b9d0dfc4cafc6bb34ea9053e52bd609ee01e86d9b09fb51120c19834a997b09ce08d79e81311762f974bb1c8c09186c4d78933e0db38e905084877e147c78af52fae07192ff166d19fa94a11cc11b27ed050f7a27fae13b205a574c4ee00aa8bd65d0d7057c985c839ef336a441ed53a53c6b6b696f1bdeb5f7ea811ebb25a7f86"},
    "algorithm":"RSA",
    "bitLength":"2048",
    "prefixName":"fds",
    "certCryptoUsageMask":"Encrypt",
    "publicKeyCryptoUsageMask":"Encrypt"
}
Success response
{
    "publicKeyId": "KEY-d374678-56ec9bfb-8709-46eb-8b42-b8f6bfa69ff4",
    "certificateId": "CERTIFICATE-d374678-9273bd2c-861f-4f5a-834a-7b1085d3a0dd",
    "messageId": "CTGKM6026I"
}
Error response
{
    "error": "CTGKM3408E Client with REST name not found.",
    "messageId": "CTGKM3408E"
}