Certificate Export REST Service

Use Certificate Export REST Service to export a certificate file.

Operation
PUT
URL
https://<host>:<port>/SKLM/rest/v1/certificates/export
By default, Guardium® Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secure port 9443 (HTTPS) for communication. During IBM® Security Guardium Key Lifecycle Manager installation, you can modify these default ports.
Note: The non-secure port 9080 is not applicable when IBM Security Guardium Key Lifecycle Manager is deployed in a containerized environment.

Request

Request Parameters
Parameter Description
host Specify the IP address or host name of the IBM Security Guardium Key Lifecycle Manager server.
port Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests.
Request Headers
Header name Value
Content-Type application/json
Accept application/json
Authorization SKLMAuth userAuthId=<authIdValue>
Accept-Language Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example: en or de
Request body

JSON object with the following specification:

Property name Description
uuid Specify the Universal Unique Identifier of the certificate.
fileName

Specify the name of the file in which the exported certificate is stored. The file is stored in the SKLM_DATA directory.

You can specify a directory path along with the file name as the value. If you specify the directory path, the file is stored in the path relative to the SKLM_DATA directory.

For example, if you specify the value as export1/exportedCert, then the exported certificate file is stored in the following path:
Windows
C:\Program Files\IBM\WebSphere\AppServer\products\sklm\data\export1\exportedCert
Linux®
/opt/IBM/WebSphere/AppServer/products/sklm/data/export1/exportedCert
format Optional. Specify any of the following formats for file content:
  • base64
  • DER (Distinguished Encoding Rules)

Response

Response Headers
Header name Value and description
Status Code
200 OK
The request was successful. The response body contains the requested representation.
400® Bad Request
The authentication information was not provided in the correct format.
401 Unauthorized
The authentication credentials were missing or incorrect.
404 Not Found Error
The processing of the request fails.
500 Internal Server Error
The processing of the request fails because of an unexpected condition on the server.
Content-Type application/json
Content-Language Locale for the response message.
Success response body

JSON object with the following specification:

JSON property name Description
code Returns a 0 (zero) to indicate the completion of the certificate export task.
status Returns the status with an appropriate message to indicate whether the certificate is exported.
Error Response Body

JSON object with the following specification.

JSON property name Description
code Returns the application error code.
message Returns a message that describes the error.

Examples

Service request to export a certificate
PUT https://localhost:<port>/SKLM/rest/v1/certificates/export
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"uuid":"CERTIFICATE-78d68704-fdde-42df-95da-debef9de930","format":"DER",
"fileName":"/mycertificate.der"}
Success response
Status Code: 200 OK
{"code":"0","status":"Succeeded"}
Error response for an invalid request
PUT https://localhost:<port>/SKLM/rest/v1/certificates/export
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"uuid":"CERTIFICATE-78d68704-fdde-42df-95da-debef9de930","format":"ABC",
"fileName":"/newcertificate.der"}
Error response
Status Code: 400 Bad Request
{"code":"CTGKM0521E","message":"CTGKM0521E Unsupported certificate 
format: ABC"}}
Date Change description
25 Aug 2021 Corrected the description of the fileName property.
08 Dec 2020 Initial version.