I am trying to automate creating private key, generate CSR and update private key certificate chain using REST APIs provided in CA API Gateway v9.3. I am able to create private key and generate CSR, but I can't find payload template to update private key certificate chain. Is there any xml message format I can use to update certificate chain?
I think this will work, test and update as required. Private key updates requires gateway restarts
<l7:PrivateKey alias="YOUR KEY ALIAS" xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management"><l7:CertificateChain><l7:CertificateData><l7:IssuerName>CN=YOUR CN</l7:IssuerName><l7:SerialNumber>CERT SERIAL NUMBER</l7:SerialNumber><l7:SubjectName>CERT SUBJEC TNAME</l7:SubjectName><l7:Encoded>BASE64 ENCODED CERTIFICATE DATA</l7:Encoded></l7:CertificateData></l7:CertificateChain></l7:PrivateKey>
Thank you Anand! It helps.
We are trying to do the same thing, but i still have some questions
When using the policy manager, we can put 3 certificates in the replace certificate chain box at the same time.This is required to get the entire certificate chain updated.
Using the RestMan, can we also do this?
Additionally, can we omit Issuer, Serial and SubjectName fields, are they optional?So basically i am hoping we can only include the l7:Encoded field? I If not we would have to decode the certificate to get these fields from the base64 input, which is a hassle.
Do we have to strip the ---BEGIN CERTIFICATE --- stuff that a pem comes with?And do we have to split it up into three l7:CertificateData/l7:Encoded segments, or can we put all 3 in one encoded element and will the gateway split it up?
----- BEGIN CERTIFICATE ---certificate----- END CERTIFICATE -------- BEGIN CERTIFICATE ---intermediate ca----- END CERTIFICATE ---
----- BEGIN CERTIFICATE ---root ca----- END CERTIFICATE ---