Creating and updating a certificate profile by using REST Administration APIs

System administrators can copy a server certificate to use in a certificate profile by using the Eclipse Amlen REST API PUT method. System administrators can then create the certificate profile by using the Eclipse Amlen REST API POST method. Existing certificate profiles can also be updated by system administrators by using the Eclipse Amlen REST API POST method.

When you create a certificate profile, you must copy a server certificate to Eclipse Amlen to use in the certificate profile.

You can create or update a certificate profile by using REST Administration APIs, or by using the Amlen WebUI. For more information about using the Amlen WebUI to create or update a certificate profile, see Configuring certificate profiles by using the Amlen WebUI.

For more information about the components that you must specify when you create or update certificate profiles, see Configuring certificate profiles.

  1. To create a certificate profile, first copy the server certificate and key from the local machine to /var/lib/amlen-server/userfiles in Eclipse Amlen by using the Eclipse Amlen REST API PUT method with the following Eclipse Amlen file URI:

    http://<admin-endpoint-IP:Port>/ima/v1/file/<filename>

  2. To create or update a certificate profile, use the Eclipse Amlen REST API POST method.
    1. Use the following Eclipse Amlen configuration URI:

      http://<admin-endpoint-IP:Port>/ima/v1/configuration/

    2. Provide CertificateProfile object configuration data in the payload of the POST method by using the following schema. Content-type is set to application/json. Ensure that capitalization and double quotation marks are used as shown.
      
      {    
        "CertificateProfile": {
          "<NameOfCertificateProfile>": {
            "Certificate": "string",
            "Key": "string",
            "CertFilePassword": "string",
            "KeyFilePassword": "string",
            "Overwrite": true|false
           }
         }
      }
      Where:
      NameOfCertificateProfile
      Required.
      Specifies a name for the certificate profile.
      The name must not have leading or trailing spaces and cannot contain control characters, commas, double quotation marks, backslashes, or equal signs. The first character must not be a number or any of the following special characters:
      ! # $ % & ' ( ) * + - . / : ; < > ? @
      The maximum length of the name is 256 characters.
      After the profile is created, this name cannot be changed.
      Certificate
      Required if you are creating a certificate profile.
      Specifies the name of the server certificate.
      If you update the value of Certificate, ensure that you also update the value of Key.
      Key
      Required if you are creating a certificate profile.
      Specifies the name of the private key.
      If you update the value of Key, ensure that you also update the value of Certificate.
      CertFilePassword
      Specifies the server certificate password, if any.
      KeyFilePassword
      Specifies the private key password, if any.
      Overwrite: true|false
      Specifies whether an existing certificate and key are overwritten if they have the same name.
      The default value is false which means that an existing certificate and key are not overwritten if they have the same name.

      You can check that the configuration of your certificate profile is as expected by using the Eclipse Amlen REST Administration API GET method. For more information about the GET method, see Viewing configuration details of objects that can be named by using REST Administration APIs.

The following example shows the PUT method to copy a certificate certificate.pem and key certificateKey.pem to /var/lib/amlen-server/userfiles in Eclipse Amlen by using cURL:
curl -X PUT -T certificate.pem http://127.0.0.1:9089/ima/v1/file/certificate.pem
curl -X PUT -T certificateKey.pem http://127.0.0.1:9089/ima/v1/file/certificateKey.pem
The following example shows a POST method to create a certificate profile named certProfile by using cURL. The certificate profile sets certificate.pem as the server certificate, and sets certificatekey.pem as the private key:
  
curl -X POST \
   -H 'Content-Type: application/json'  \
   -d  '{ 
           "CertificateProfile": {
            "certProfile": {
             "Certificate": "certificate.pem",
             "Key": "certificateKey.pem"
           }
         }
       }
 '  \
http://127.0.0.1:9089/ima/v1/configuration/
The following shows an example response to the POST method.

{        
  "Version": "v1",
  "Code": "CWLNA6011",
  "Message": "The requested configuration change has completed successfully."
}
After you create the certificate profile, you must create or edit a security profile to use the certificate profile. For more information about configuring a security profile, see Configuring security profiles.