Register Certificate REST Service
Use Register Certificate REST Service to register a certificate with a client.
- Operation
POST
- URL
- https://host:port/SKLM/rest/v1/objects/certificate
By default, Guardium® Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM® Security Guardium Key Lifecycle Manager installation, you can modify this default port.
Request
Parameter | Description |
---|---|
host | Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server. |
port | Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests. |
Header name | Value |
---|---|
Content-Type | application/json |
Accept | application/json |
Authorization | SKLMAuth userAuthId=<authIdValue> |
Accept-Language | Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de. |
JSON object with the following specification:
Property name | Description |
---|---|
clientName | Required. Specify the name of the client. |
publicKeyBlock | Required. Specify the following parameters:
|
certificateBlock | Required. Specify the following parameters:
|
prefixName | Required. Specify the prefix that is used to create the alias. |
algorithm | Specify the algorithm that is used in the public key. Default value: RSA Other possible value: DSA |
bitLength | Specify the size of the public key. Default value: 2048 You can specify all other possible values for RSA and DSA algorithms. |
certCryptoUsageMask | Specify the cryptographic usage for which the certificate is to be
used. Default value: Encrypt Other possible values: Decrypt, Encrypt_Decrypt, Sign, Sign_Verify, Verify, Wrap, Unwrap, Wrap_Unwrap |
publicKeyCryptoUsageMask | Specify the cryptographic usage for which the public key is to be
used. Default value: Encrypt Other possible values: Decrypt, Encrypt_Decrypt, Sign, Sign_Verify, Verify, Wrap, Unwrap, Wrap_Unwrap |
Response
Header name | Value and description |
---|---|
Status Code |
|
Content-Type | application/json |
Content-Language | Locale for the response message. |
JSON object with the following specification:
JSON property name | Description |
---|---|
publicKeyId | Returns the unique identifier (UUID) of the newly created public key. |
certificateId | Returns the unique identifier (UUID) of the newly created certificate. |
messageId | Returns the message identifier. |
JSON object with the following specification.
JSON property name | Description |
---|---|
messageId | Returns the message identifier. |
error | Returns a message that describes the error. |
Example
- Register a certificate
-
POST https://localhost:port/SKLM/rest/v1/objects/certificate {"clientName":"client_rest", "publicKeyBlock":{"publickKeyFormat":"X509","publicKeyMaterial": "3082010a0282010100ab7f161c0042496ccd6c6d4dadb919973435357776003acf54b7af1e440afb80b64a8755f8002cfeba6b184540a2d66086d74648346d75b8d71812b205387c0f6583bc4d7dc7ec114f3b176b7957c422e7d03fc6267fa2a6f89b9bee9e60a1d7c2d833e5a5f4bb0b1434f4e795a41100f8aa214900df8b65089f98135b1c67b701675abdbc7d5721aac9d14a7f081fcec80b64e8a0ecc8295353c795328abf70e1b42e7bb8b7f4e8ac8c810cdb66e3d21126eba8da7d0ca34142cb76f91f013da809e9c1b7ae64c54130fbc21d80e9c2cb06c5c8d7cce8946a9ac99b1c2815c3612a29a82d73a1f99374fe30e54951662a6eda29c6fc411335d5dc7426b0f6050203010001"}, "certificateBlock":{"certFormat":"X509","certMaterial": "30820312308201faa003020102020101300d06092a864886f70d0101050500303b310b3009060355040613025553310d300b060355040a130454455354310e300c060355040b13054f41534953310d300b060355040313044b4d4950301e170d3130313130313233353935395a170d3230313130313233353935395a303b310b3009060355040613025553310d300b060355040a130454455354310e300c060355040b13054f41534953310d300b060355040313044b4d495030820122300d06092a864886f70d01010105000382010f003082010a0282010100ab7f161c0042496ccd6c6d4dadb919973435357776003acf54b7af1e440afb80b64a8755f8002cfeba6b184540a2d66086d74648346d75b8d71812b205387c0f6583bc4d7dc7ec114f3b176b7957c422e7d03fc6267fa2a6f89b9bee9e60a1d7c2d833e5a5f4bb0b1434f4e795a41100f8aa214900df8b65089f98135b1c67b701675abdbc7d5721aac9d14a7f081fcec80b64e8a0ecc8295353c795328abf70e1b42e7bb8b7f4e8ac8c810cdb66e3d21126eba8da7d0ca34142cb76f91f013da809e9c1b7ae64c54130fbc21d80e9c2cb06c5c8d7cce8946a9ac99b1c2815c3612a29a82d73a1f99374fe30e54951662a6eda29c6fc411335d5dc7426b0f6050203010001a321301f301d0603551d0e0416041404e57bd2c431b2e816e180a19823fac858273f6b300d06092a864886f70d01010505000382010100a876adbc6c8e0ff017216e195fea76bff61a567c9a13dc50d13fec12a4273c441547cfabcb5d61d991e966319df72c0d41ba826a45112ff26089a2344f4d71cf7c921b4bdfaef1600d1baaa15336057e014b8b496d4fae9e8a6c1da9aeb6cbc960cbf2fae77f587ec4bb282045338845b88dd9aeea53e482a36e734e4f5f03b9d0dfc4cafc6bb34ea9053e52bd609ee01e86d9b09fb51120c19834a997b09ce08d79e81311762f974bb1c8c09186c4d78933e0db38e905084877e147c78af52fae07192ff166d19fa94a11cc11b27ed050f7a27fae13b205a574c4ee00aa8bd65d0d7057c985c839ef336a441ed53a53c6b6b696f1bdeb5f7ea811ebb25a7f86"}, "algorithm":"RSA", "bitLength":"2048", "prefixName":"fds", "certCryptoUsageMask":"Encrypt", "publicKeyCryptoUsageMask":"Encrypt" }
- Success response
-
{ "publicKeyId": "KEY-d374678-56ec9bfb-8709-46eb-8b42-b8f6bfa69ff4", "certificateId": "CERTIFICATE-d374678-9273bd2c-861f-4f5a-834a-7b1085d3a0dd", "messageId": "CTGKM6026I" }
- Error response
-
{ "error": "CTGKM3408E Client with REST name not found.", "messageId": "CTGKM3408E" }