Layer7 API Management

 View Only
  • 1.  RESTMAN sample for signing CSR

    Posted Oct 14, 2019 01:00 PM
    Hi All,

    Did anyone has idea /sample for signing the CSR using RESTMAN?

    I can see this, but I was wondering if can get a sample.

    Sign Cert

    Signs a csr pem file with the specified key.
    Request
    PUT 1.0/privateKeys/{id}/signCert
    Path Parameters
    Param Type Description
    id string The ID of the key to sign the certificate with
    Query Parameters
    Param Type Default Since Description
    subjectDN string The subject DN to set on the signed certificate
    expiryAge int 730 The expiry age of the certificate
    signatureHash
    • Automatic
    • SHA1
    • SHA256
    • SHA384
    • SHA512
    Automatic The signature hash to use. Defaults to 'Automatic'
    Body
    The certificate csr to sign
    Element xsd:string
    Content-Type application/xml
    Body
    Content-Type application/x-pem-file


  • 2.  RE: RESTMAN sample for signing CSR
    Best Answer

    Broadcom Employee
    Posted Oct 15, 2019 05:30 PM
      |   view attached
    Hello Pramod-

    I have a sample policy attached (createPrivateKey.xml) to generate and download a private key based on BASIC username/password.  The attached policy will create a CSR based on the authenticated user, sign the CSR using private key "ca_msso", download the resultant  .p12 file and then delete it from the gateway (can be reimported using the authorized users password).   The signing request via RESTMAN to sign the CSR is shown below on line 19.  Please note the user and private key must be present to get this working.

    Restman to signCert

    I have also added a screenshot of the createKeyRequest to address the parameters you mention in the post.

    createKeyRequest


    I hope this helps.   -Aric

    Attachment(s)

    xml
    CreatePrivateKey.xml   25 KB 1 version


  • 3.  RE: RESTMAN sample for signing CSR

    Posted Oct 16, 2019 05:34 PM
    Thanks for the information Aric. But I believe we have to use different signing cert; Rather than signing from the same CSR cert.