Use Certificate Import REST Service to import a certificate file. You
must use the Certificate Export REST Service to export the certificates. You can
then import this certificate from the exported file.
Table 1. Topic change
log
| Date |
Change description |
| 10 Feb 2021 |
Corrected instances of 'TLSServer' to 'SSLServer', and 'TLSClient' to 'SSLClient'. Refreshed
only the English language content. |
| 08 Dec 2020 |
Initial version. |
- Operation
POST- URL
- https://host:port/SKLM/rest/v1/certificates/import
By default,
Guardium® Key Lifecycle Manager server
listens to non-secure port 9080 (HTTP) and secure port
9443
(HTTPS) for communication. During
IBM® Security Guardium Key Lifecycle Manager
installation, you can modify these default ports.
Note: The non-secure port 9080 is not applicable
when IBM Security Guardium Key Lifecycle Manager is deployed in a containerized
environment.
Request Parameters
| Parameter |
Description |
| host |
Specify the IP address or host name of the IBM Security Guardium Key Lifecycle Manager server. |
| port |
Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests. |
Request Headers
| Header name |
Value |
| Content-Type |
application/json |
| Accept |
application/json |
| Authorization |
SKLMAuth userAuthId=<authIdValue> |
| Accept-Language |
Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example: en or
de |
Request body
JSON object with the following specification:
| Property name |
Description |
| alias |
Required. Specify a unique name for the certificate. |
| fileName
|
Required. Specify the file name to import certificate data. The imported file
is stored in IBM Security Guardium Key Lifecycle Manager in a keystore location
relative to the SKLM_HOME directory. |
| usage |
Required. Specify the target application usage, such as
SSLSERVER. You can specify the following values:
- 3592
- Specifies the 3592 device group.
- DS8000®
- Specifies the DS8000 device group.
- GPFS
- Specifies the IBM Spectrum® Scale (previously known as GPFS) device group.
- PEER_TO_PEER
- Specifies the PEER_TO_PEER device group.
- GENERIC
- Specifies a device family that uses the Key Management Interoperability Protocol to interact
with IBM Security Guardium Key Lifecycle Manager. The
GENERIC
device group enables management of KMIP objects. Do not use the REST interface to add a device to
the GENERIC device group, or to change a GENERIC device group
attribute.
- SSLCLIENT
- Client-side certificate that is used in secure communication by using Transport Layer Security
protocol to authenticate the client device.
- SSLSERVER
- Server-side certificate that is used in secure communication by using Transport Layer Security
protocol.
- SYSLOG
- Syslog server-side certificate that is used in secure communication by using Transport Layer
Security protocol to authenticate the syslog server.
- userdevicegroup
- Specifies a user-defined group that is based on a supported device family.
|
| format |
Specify any of the following formats for file content:
- base64
- DER (Distinguished Encoding Rules)
- PEM (Privacy Enhanced Mail)
|
| deviceRole |
Specify the device role for the PEER_TO_PEER device group. Specify any of the
following values: owner, partner. |
Response Headers
| Header name |
Value and description |
| Status Code |
- 200 OK
- The request was successful. The response body contains the requested representation.
- 400® Bad Request
- The authentication information was not provided in the correct format.
- 401 Unauthorized
- The authentication credentials were missing or incorrect.
- 404 Not Found Error
- The processing of the request fails.
- 500 Internal Server Error
- The processing of the request fails because of an unexpected condition on the server.
|
| Content-Type |
application/json |
| Content-Language |
Locale for the response message. |
Success response
body
JSON object with
the following specification:
| JSON property name |
Description |
| code |
Returns a 0 (zero)
to indicate the completion of the certificate import task |
| status |
Returns the status with an appropriate message
to indicate whether the certificate is imported. |
Error Response Body
JSON object with the following specification.
| JSON property name |
Description |
| code |
Returns the application error code. |
| message |
Returns a message that describes the error. |
Examples
- Service request to import a certificate
POST https://localhost:<port>/SKLM/rest/v1/certificates/import
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"fileName":"/mycertfilenam.base64","alias":"newsklmCert","format":"base64",
"usage":"3592"}
- Success response
Status Code: 200 OK
{"code":"0","status":"Succeeded"}
- Error response for an invalid request
POST https://localhost:<port>/SKLM/rest/v1/certificates/import
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"fileName":"/mycertfilenam.base64","alias":"newsklmCert","format":"ABC",
"usage":"3592"}
- Error response
Status Code: 400 Bad Request
{"code":"CTGKM0521E","message":"CTGKM0521E Unsupported certificate
format: ABC"}