Certificate Import REST Service

Edit online

Use the Certificate Import REST Service to import a certificate file. You must use the Certificate Export REST Service to export the certificates. You can then import this certificate from the exported file.

Operation: POST
URL: https://host:port/GKLM/rest/v1/certificates/import

By default, IBM® Guardium® Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Guardium Key Lifecycle Manager installation, you can modify this default port.

Request

Request Parameters
Parameter	Description
host	Specify the IP address or hostname of the IBM Guardium Key Lifecycle Manager server.
port	Specify the port number on which the IBM Guardium Key Lifecycle Manager server listens for requests.

Request Headers
Header name	Value
Content-Type	`application/json`
Accept	`application/json`
Authorization	`SKLMAuth userAuthId=<authIdValue>`
Accept-Language	Any valid locale that is supported by IBM Guardium Key Lifecycle Manager. For example, `en` or `de`.

Request body
JSON object with the following specification:
Property name	Description
fileName	Specify the file name to import certificate data. The imported file is stored in IBM Guardium Key Lifecycle Manager in a keystore location relative to the `SKLM_HOME` directory.
alias	Specify a unique name for the certificate.
usage	Specify the target application usage, such as `SSLSERVER`. You can specify the following values: 3592 Specifies the 3592 endpoint (device group). DS8000® Specifies the DS8000 endpoint (device group). GPFS Specifies the IBM Spectrum® Scale (previously known as GPFS) endpoint. PEER_TO_PEER Specifies the PEER_TO_PEER endpoint (device group). GENERIC Specifies an endpoint family that uses the Key Management Interoperability Protocol to interact with IBM Guardium Key Lifecycle Manager. The `GENERIC` endpoint (device group) enables management of KMIP objects. Do not use the REST interface to add a device to the `GENERIC` endpoint (device group), or to change a `GENERIC` endpoint (device group) attribute. SSLCLIENT Client-side certificate that is used in secure communication by using Transport Layer Security protocol to authenticate the client device. SSLSERVER Server-side certificate that is used in secure communication by using Transport Layer Security protocol. SYSLOG Syslog server-side certificate that is used in secure communication by using Transport Layer Security protocol to authenticate the syslog server. userendpoint Specifies a user-defined endpoint that is based on a supported endpoint family.
format	Specify any of the following formats for file content: `base64` `DER` `PEM`
deviceRole	Specify the device role. Specify any of the following values: `owner` `partner`
trusted	Specify whether the certificate is trusted or not by the server. You can specify the following possible values: `1` It indicates that the certificate must be trusted. `0` It indicates that the certificate is not trusted.
deviceGroup	When the usage parameter is set to `SSLCLIENT`, specify the endpoint (device group) name for which this certificate will be used as the communication certificate. You can specify the following possible values: 3592 Specifies the 3592 endpoint (device group). DS8000 Specifies the DS8000 endpoint (device group). GPFS Specifies the IBM Spectrum Scale (previously known as GPFS) endpoint. PEER_TO_PEER Specifies the PEER_TO_PEER endpoint (device group). GENERIC Specifies an endpoint family that uses the Key Management Interoperability Protocol to interact with IBM Guardium Key Lifecycle Manager. The `GENERIC` endpoint (device group) enables management of KMIP objects. userendpoint Specifies a user-defined endpoint that is based on a supported endpoint family.

Response

Response Headers
Header name	Value and description
Status Code	200 OK The request was successful. The response body contains the requested representation. 400® Bad Request The authentication information was not provided in the correct format. 401 Unauthorized The authentication credentials were missing or incorrect. 404 Not Found Error The processing of the request fails. 500 Internal Server Error The processing of the request fails because of an unexpected condition on the server.
Content-Type	`application/json`
Content-Language	Locale for the response message.

Success response body
JSON object with the following specification:
JSON property name	Description
code	Returns a `0` (zero) to indicate the completion of the certificate import task
status	Returns the status with an appropriate message to indicate whether the certificate is imported.

Error Response Body
JSON object with the following specification.
JSON property name	Description
code	Returns the application error code.
message	Returns a message that describes the error.

Examples

Service request to import a certificate

POST https://localhost:port/GKLM/rest/v1/certificates/import
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"fileName":"/mycertfilenam.base64","alias":"newsklmCert","format":"base64",
"usage":"3592"}

Success response

 Status Code: 200 OK
{"code":"0","status":"Succeeded"}

Service request with unsupported certificate format

POST https://localhost:port/GKLM/rest/v1/certificates/import
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"fileName":"/mycertfilenam.base64","alias":"newsklmCert","format":"ABC",
"usage":"3592"}

Error response

Status Code: 400 Bad Request
{"code":"CTGKM0521E","message":"CTGKM0521E Unsupported certificate 
format: ABC"}