Hi Husain,
To create a "Trusted Certificate" you only post only the <l7:TrustedCertificate> element to /restman/1.0/trustedCertificates. I know the documentation is a bit confusing around this, but you can always get the template for a resource at the template endpoint, then look at the documentation for the resource to see what element from the template to use:
Create
Creates a new certificate
Request
POST 1.0/trustedCertificates
Body
The certificate to create
Element |
l7:TrustedCertificate |
Content-Type |
application/xml |
Response
Body
A reference to the newly created certificate
The following is an example. Note that the l7:Encoded element is the base64 encoded form of the certificate. This is what comes out of the l7:Encoded element of a GET privateKeys resource, or if you are bringing in a certificate created elsewhere it is the content between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines of a PEM formatted certificate with the line breaks removed (hopefully that made sense).
POST
https://ssg93.l7tech.com:8443/restman/1.0/trustedCertificates<l7:TrustedCertificate xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Name>foo</l7:Name>
<l7:CertificateData>
<l7:IssuerName>CN=ssg93.l7tech.com</l7:IssuerName>
<l7:SerialNumber>9017809942347016180</l7:SerialNumber>
<l7:SubjectName>CN=ssg93.l7tech.com</l7:SubjectName>
<l7:Encoded>MIIC+jCCAeKgAwIBAgIIfSWyXTmUZ/QwDQYJKoZIhvcNAQEMBQAwGzEZMBcGA1UEAxMQc3NnOTMubDd0ZWNoLmNvbTAeFw0xODA1MTQxMDM4NTlaFw0yODA1MTExMDM4NTlaMBsxGTAXBgNVBAMTEHNzZzkzLmw3dGVjaC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEtNcgbM7jJdqqgLaMMwM7tlVWugMU4GE+bAP8n8mKOtgcbEIYraxMC5gJP0LW0rVrnw7K6zkhV3X/IZN3k9KVDUiVI4/tiFWrzRd35BOWcY92UDMSYU0L9anQG5xJIYUO9aIAMik6NT2/dg772BUQfG746En5Pwuc30w7NPXzYVTjNrujQJn3ejLB3s/KnG6dGrHM3CghO54K583pTKrbYgyV0MMGPQ9LhSZs7UZK09Fr67cp8wp10EF3JeWnEmKZJ7FmKgSlX2RyCT01eVYx+qoskAWqVlUagwm0iCodxJf0LobpzL+r7YmeUf49736Zd4QRQ0PKonGjnk9y1vxZAgMBAAGjQjBAMB0GA1UdDgQWBBTORnGS41rVEivWKMSyfV1hUn5CeDAfBgNVHSMEGDAWgBTORnGS41rVEivWKMSyfV1hUn5CeDANBgkqhkiG9w0BAQwFAAOCAQEAfz5BSaLVtgA59xbp3AFeDin7ryUCC599/1SjuLn3k/kCZdBzoUmqsZhVYIOz8Pm9pOzq+hbicRJq7BqkKTuPIEFoCMl1lc2/bm8DqmFujaHREAV1evQaqkfhLGp+uDfAqWChOgu25ph2Vg2ozr1vEu9wFMudn1WQ0uC8Q7pRbAjzcKMxh0404PgNpvDWo11Z9r0hycQJjBkMAe+tTOnf41aF/Z8KP5m57AhmMbE6EH6xUwsFZNM3WQ7lZWaCZ5Ra6SOLpSXC93J7Nz+Sa47NDuwlCud9G6LO45/h65sqnIU37tVRA4QXnTp7iKpfi/7Y/+AABSze9w6LJH3J1sdhlw==</l7:Encoded>
</l7:CertificateData>
<l7:Properties>
<l7:Property key="revocationCheckingEnabled">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustAnchor">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedAsSamlAttestingEntity">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedAsSamlIssuer">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSigningClientCerts">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSigningServerCerts">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSsl">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="verifyHostname">
<l7:BooleanValue>false</l7:BooleanValue>
</l7:Property>
</l7:Properties>
<l7:Extension>
<l7:RevocationCheckingPolicyReference id="00000000000000000000000000000001" resourceUri="http://ns.l7tech.com/2010/04/gateway-management/revocationCheckingPolicies"/>
</l7:Extension>
</l7:TrustedCertificate>
The response should be a 201 Created with information about the new certificate:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Item xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Name>foo</l7:Name>
<l7:Id>17711622a8e4a758c2b7d79799b468e9</l7:Id>
<l7:Type>TRUSTED_CERT</l7:Type>
<l7:TimeStamp>2020-01-24T12:30:07.513-08:00</l7:TimeStamp>
<l7:Link rel="self" uri="https://ssg93.l7tech.com:8443/restman/1.0/trustedCertificates/17711622a8e4a758c2b7d79799b468e9"/>
<l7:Link rel="template" uri="https://ssg93.l7tech.com:8443/restman/1.0/trustedCertificates/template"/>
<l7:Link rel="list" uri="https://ssg93.l7tech.com:8443/restman/1.0/trustedCertificates"/>
</l7:Item>
------------------------------
Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)
------------------------------
Original Message:
Sent: 01-24-2020 02:08 AM
From: Husain Dalroti
Subject: Certification Creation
Hi All,
I want to create the certificate using the restman service.
For Private Key creation the sample payload is given in the documentation but for creating the certificate there is no sample payload is given.
In documentation they have given like this :
Body
The certificate to create
Element | l7:TrustedCertificate |
Content-Type | application/xml |
I tried with below payload
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:TrustedCertificateCreationContext xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:TrustedCertificate>
<l7:Name>Test Upload</l7:Name>
<l7:CertificateData>
<l7:IssuerName>cn=test</l7:IssuerName>
<l7:SerialNumber>123</l7:SerialNumber>
<l7:SubjectName>cn=test</l7:SubjectName>
<l7:Encoded>RW5jb2RlZCBEYXRh</l7:Encoded>
</l7:CertificateData>
<l7:Properties>
<l7:Property key="revocationCheckingEnabled">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustAnchor">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedAsSamlAttestingEntity">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedAsSamlIssuer">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSigningClientCerts">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSigningServerCerts">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="trustedForSsl">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
<l7:Property key="verifyHostname">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
</l7:Properties>
<l7:Extension>
<l7:RevocationCheckingPolicyReference id="123456" resourceUri="http://ns.l7tech.com/2010/04/gateway-management/revocationCheckingPolicies" />
</l7:Extension>
</l7:TrustedCertificate>
</l7:TrustedCertificateCreationContext>
But it was giving below response :
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Error xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Type>BadRequest</l7:Type>
<l7:TimeStamp>2020-01-24T00:49:10.172-06:00</l7:TimeStamp>
<l7:Link rel="self" uri="https://10.157.246.141:443/restman/1.0/trustedCertificates"/>
<l7:Detail>HTTP 400 Bad Request. Caused by: cvc-elt.1.a: Cannot find the declaration of element 'l7:TrustedCertificateCreationContext'.</l7:Detail>
</l7:Error>
Can you please help with exact Payload.
------------------------------
Thanks & Regards,
Husain Dalroti
------------------------------