Certificate Update REST Service

Use the Certificate Update REST Service to update attributes or usage for a certificate.

For example, you might update the state of the certificate to indicate that its use is compromised. If a certificate is not associated with a device or scheduled for a future rollover, you might also change the usage of the certificate from one endpoint (device group) to a related endpoint (device group) in the same endpoint family. For example, you might change usage from 3592 to a user-defined endpoint (device group), such as my3592.

Note: For PEER_TO_PEER endpoint (device group), use the Bulk Certificate Update REST Service.

Operation: PUT
URL: https://host:port/GKLM/rest/v1/certificates

By default, IBM® Guardium Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Guardium Key Lifecycle Manager installation, you can modify this default port.

Request

Request Parameters

Parameter	Description
host	Specify the IP address or hostname of the IBM Guardium Key Lifecycle Manager server.
port	Specify the port number on which the IBM Guardium Key Lifecycle Manager server listens for requests.

Request Headers

Header name	Value
Content-Type	`application/json`
Accept	`application/json`
Authorization	`SKLMAuth userAuthId=<authIdValue>`
Accept-Language	Any valid locale that is supported by IBM Guardium Key Lifecycle Manager. For example, `en` or `de`.

Request body

JSON object with the following specification:

Property name	Description
uuid	Specify the universal unique identifier of the certificate.
attributes	Specify one or more of the following attribute-value pairs: compromised Specifies whether the use is compromised. The only value is `y` (compromised). You cannot change a compromised key or certificate to an uncompromised state. information informationstring Specifies more information about the use of an object. trusted [y\|n] Specifies whether the use is trusted. Set this value to `y` to mark the key or certificate as trusted. Or, set a value of `n` to mark the key or certificate as not trusted. You cannot set compromised or expired keys or certificates to be trusted.
usage	Specify the target application usage such as SSLSERVER. You can specify the following values: 3592 Specifies the 3592 endpoint (device group). DS8000® Specifies the DS8000 endpoint (device group). GPFS Specifies the IBM Spectrum® Scale (previously known as GPFS) endpoint (device group). GENERIC Specifies an endpoint family that uses the Key Management Interoperability Protocol to interact with IBM Guardium Key Lifecycle Manager. The `GENERIC` endpoint (device group) enables management of KMIP objects. Do not use the REST interface to add a device to the `GENERIC` endpoint (device group), or to change a `GENERIC` endpoint (device group) attribute. SSLCLIENT Client-side certificate that is used in secure communication by using Secure Socket Layer protocol to authenticate the client device. SSLSERVER Server-side certificate that is used in secure communication by using Secure Socket Layer protocol. userendpoint Specifies a user-defined endpoint that is based on a supported endpoint family.
alias	Specify the alias of the certificate.
default.alias1
default.alias2
in_use	Specify whether the certificate is in use.
deviceTypeVersion	Specify the device type version of the certificate.
deviceGroup	Specify the endpoint (device group) of the certificate.

Response

Response Headers

Header name	Value and description
Status Code	200 OK The request was successful. The response body contains the requested representation. 400 Bad Request The authentication information was not provided in the correct format. 401 Unauthorized The authentication credentials were missing or incorrect. 404 Not Found Error The processing of the request fails. 500 Internal Server Error The processing of the request fails because of an unexpected condition on the server.
Content-Type	`application/json`
Content-Language	Locale for the response message.

Success response body

JSON object with the following specification:

JSON property name	Description
code	Returns the code that is specified by the status property.
status	Returns the status message to indicate whether the certificate is updated or not. 0 The status indicates that the certificate update task succeeded. 1 The status indicates that the certificates are not updated.

Error Response Body

JSON object with the following specification.

JSON property name	Description
code	Returns the application error code.
message	Returns a message that describes the error.

Examples

Service request to update a certificate

PUT https://localhost:port/GKLM/rest/v1/certificates
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"uuid":"CERTIFICATE-78d68704-fdde-42df-95da-debef9de9309","attributes":
"trusted y"}

Success response

 Status Code: 200 OK
{"code":"0","status":"CTGKM0508I Updated certificate metadata"}

Service request with incorrect usage

POST https://localhost:port/GKLM/rest/v1/certificates
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"uuid":"CERTIFICATE-78d68704-fdde-42df-95da-debef9de9309","usage":"DS8000"}
"usage":"3592"}

Error response

Status Code: 500 Internal Server Error
{"code":"CTGKM1129E","message":" CTGKM1129E Target and source endpoint family type does not match."}