Layer7 API Management

  • Private Community
 View Only

  • 1.  Certification Creation

    Posted Jan 24, 2020 08:14 AM
    Hi All,

    I want to create the certificate using the restman service.

    For Private Key creation the sample payload is given in the documentation but for creating the certificate there is no sample payload is given.

    In documentation they have given like this :
    Body
    The certificate to create
    Element l7:TrustedCertificate
    Content-Type application/xml
     
    I tried with below payload 
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <l7:TrustedCertificateCreationContext xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:TrustedCertificate>
    <l7:Name>Test Upload</l7:Name>
    <l7:CertificateData>
    <l7:IssuerName>cn=test</l7:IssuerName>
    <l7:SerialNumber>123</l7:SerialNumber>
    <l7:SubjectName>cn=test</l7:SubjectName>
    <l7:Encoded>RW5jb2RlZCBEYXRh</l7:Encoded>
    </l7:CertificateData>
    <l7:Properties>
    <l7:Property key="revocationCheckingEnabled">
    <l7:BooleanValue>true</l7:BooleanValue>
    </l7:Property>
    <l7:Property key="trustAnchor">
    <l7:BooleanValue>true</l7:BooleanValue>
    </l7:Property>
    <l7:Property key="trustedAsSamlAttestingEntity">
    <l7:BooleanValue>true</l7:BooleanValue>
    </l7:Property>
    <l7:Property key="trustedAsSamlIssuer">
    <l7:BooleanValue>true</l7:BooleanValue>
    </l7:Property>
    <l7:Property key="trustedForSigningClientCerts">
    <l7:BooleanValue>true</l7:BooleanValue>
    </l7:Property>
    <l7:Property key="trustedForSigningServerCerts">
    <l7:BooleanValue>true</l7:BooleanValue>
    </l7:Property>
    <l7:Property key="trustedForSsl">
    <l7:BooleanValue>true</l7:BooleanValue>
    </l7:Property>
    <l7:Property key="verifyHostname">
    <l7:BooleanValue>true</l7:BooleanValue>
    </l7:Property>
    </l7:Properties>
    <l7:Extension>
    <l7:RevocationCheckingPolicyReference id="123456" resourceUri="http://ns.l7tech.com/2010/04/gateway-management/revocationCheckingPolicies" />
    </l7:Extension>
    </l7:TrustedCertificate>
    </l7:TrustedCertificateCreationContext>

    But it was giving below response :

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <l7:Error xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
        <l7:Type>BadRequest</l7:Type>
        <l7:TimeStamp>2020-01-24T00:49:10.172-06:00</l7:TimeStamp>
        <l7:Link rel="self" uri="https://10.157.246.141:443/restman/1.0/trustedCertificates"/>
        <l7:Detail>HTTP 400 Bad Request. Caused by: cvc-elt.1.a: Cannot find the declaration of element 'l7:TrustedCertificateCreationContext'.</l7:Detail>
    </l7:Error>

    Can you please help with exact Payload.


    ------------------------------
    Thanks & Regards,
    Husain Dalroti
    ------------------------------


  • 2.  RE: Certification Creation
    Best Answer

    Broadcom Employee
    Posted Jan 24, 2020 03:53 PM
    Hi Husain,

    To create a "Trusted Certificate" you only post only the <l7:TrustedCertificate> element to /restman/1.0/trustedCertificates. I know the documentation is a bit confusing around this, but you can always get the template for a resource at the template endpoint, then look at the documentation for the resource to see what element from the template to use:

    Create
    Creates a new certificate
    Request
    POST 1.0/trustedCertificates
    Body
    The certificate to create
    Element l7:TrustedCertificate
    Content-Type application/xml
    Response
    Body
    A reference to the newly created certificate

    The following is an example. Note that the l7:Encoded element is the base64 encoded form of the certificate. This is what comes out of the l7:Encoded element of a GET privateKeys resource, or if you are bringing in a certificate created elsewhere it is the content between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines of a PEM formatted certificate with the line breaks removed (hopefully that made sense).

    POST https://ssg93.l7tech.com:8443/restman/1.0/trustedCertificates

    <l7:TrustedCertificate xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
      <l7:Name>foo</l7:Name>
      <l7:CertificateData>
        <l7:IssuerName>CN=ssg93.l7tech.com</l7:IssuerName>
        <l7:SerialNumber>9017809942347016180</l7:SerialNumber>
        <l7:SubjectName>CN=ssg93.l7tech.com</l7:SubjectName>
        <l7:Encoded>MIIC+jCCAeKgAwIBAgIIfSWyXTmUZ/QwDQYJKoZIhvcNAQEMBQAwGzEZMBcGA1UEAxMQc3NnOTMubDd0ZWNoLmNvbTAeFw0xODA1MTQxMDM4NTlaFw0yODA1MTExMDM4NTlaMBsxGTAXBgNVBAMTEHNzZzkzLmw3dGVjaC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEtNcgbM7jJdqqgLaMMwM7tlVWugMU4GE+bAP8n8mKOtgcbEIYraxMC5gJP0LW0rVrnw7K6zkhV3X/IZN3k9KVDUiVI4/tiFWrzRd35BOWcY92UDMSYU0L9anQG5xJIYUO9aIAMik6NT2/dg772BUQfG746En5Pwuc30w7NPXzYVTjNrujQJn3ejLB3s/KnG6dGrHM3CghO54K583pTKrbYgyV0MMGPQ9LhSZs7UZK09Fr67cp8wp10EF3JeWnEmKZJ7FmKgSlX2RyCT01eVYx+qoskAWqVlUagwm0iCodxJf0LobpzL+r7YmeUf49736Zd4QRQ0PKonGjnk9y1vxZAgMBAAGjQjBAMB0GA1UdDgQWBBTORnGS41rVEivWKMSyfV1hUn5CeDAfBgNVHSMEGDAWgBTORnGS41rVEivWKMSyfV1hUn5CeDANBgkqhkiG9w0BAQwFAAOCAQEAfz5BSaLVtgA59xbp3AFeDin7ryUCC599/1SjuLn3k/kCZdBzoUmqsZhVYIOz8Pm9pOzq+hbicRJq7BqkKTuPIEFoCMl1lc2/bm8DqmFujaHREAV1evQaqkfhLGp+uDfAqWChOgu25ph2Vg2ozr1vEu9wFMudn1WQ0uC8Q7pRbAjzcKMxh0404PgNpvDWo11Z9r0hycQJjBkMAe+tTOnf41aF/Z8KP5m57AhmMbE6EH6xUwsFZNM3WQ7lZWaCZ5Ra6SOLpSXC93J7Nz+Sa47NDuwlCud9G6LO45/h65sqnIU37tVRA4QXnTp7iKpfi/7Y/+AABSze9w6LJH3J1sdhlw==</l7:Encoded>
      </l7:CertificateData>
      <l7:Properties>
        <l7:Property key="revocationCheckingEnabled">
          <l7:BooleanValue>false</l7:BooleanValue>
        </l7:Property>
        <l7:Property key="trustAnchor">
          <l7:BooleanValue>true</l7:BooleanValue>
        </l7:Property>
        <l7:Property key="trustedAsSamlAttestingEntity">
          <l7:BooleanValue>false</l7:BooleanValue>
        </l7:Property>
        <l7:Property key="trustedAsSamlIssuer">
          <l7:BooleanValue>false</l7:BooleanValue>
        </l7:Property>
        <l7:Property key="trustedForSigningClientCerts">
          <l7:BooleanValue>false</l7:BooleanValue>
        </l7:Property>
        <l7:Property key="trustedForSigningServerCerts">
          <l7:BooleanValue>false</l7:BooleanValue>
        </l7:Property>
        <l7:Property key="trustedForSsl">
          <l7:BooleanValue>true</l7:BooleanValue>
        </l7:Property>
        <l7:Property key="verifyHostname">
          <l7:BooleanValue>false</l7:BooleanValue>
        </l7:Property>
      </l7:Properties>
      <l7:Extension>
        <l7:RevocationCheckingPolicyReference id="00000000000000000000000000000001" resourceUri="http://ns.l7tech.com/2010/04/gateway-management/revocationCheckingPolicies"/>
      </l7:Extension>
    </l7:TrustedCertificate>

    The response should be a 201 Created with information about the new certificate:

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <l7:Item xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
      <l7:Name>foo</l7:Name>
      <l7:Id>17711622a8e4a758c2b7d79799b468e9</l7:Id>
      <l7:Type>TRUSTED_CERT</l7:Type>
      <l7:TimeStamp>2020-01-24T12:30:07.513-08:00</l7:TimeStamp>
      <l7:Link rel="self" uri="https://ssg93.l7tech.com:8443/restman/1.0/trustedCertificates/17711622a8e4a758c2b7d79799b468e9"/>
      <l7:Link rel="template" uri="https://ssg93.l7tech.com:8443/restman/1.0/trustedCertificates/template"/>
      <l7:Link rel="list" uri="https://ssg93.l7tech.com:8443/restman/1.0/trustedCertificates"/>
    </l7:Item>

    ------------------------------
    Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)
    ------------------------------

    Original Message


  • 3.  RE: Certification Creation

    Posted Jan 30, 2020 01:03 AM
    Thanks Jay.

    It is working now.
    Original Message