Creating and updating a client certificate by using REST Administration APIs

System administrators can copy a client certificate to be used in Eclipse Amlen by using the Eclipse Amlen REST API PUT method. The certificate is copied to /var/lib/amlen-server/userfiles System administrators can then import the client certificate to the truststore of the certificate profile that is referenced in the security profile that is associated with the client certificate by using the Eclipse Amlen REST API POST method. Existing client certificates can also be updated by system administrators by using the Eclipse Amlen REST API POST method.

You can copy a client certificate to be used in Eclipse Amlen by using the Eclipse Amlen REST API PUT, or by using the Amlen WebUI. For more information about using the Amlen WebUI to upload a client certificate, see Configuring client certificates by using the Amlen WebUI.

  1. To create a client certificate, first copy a trusted CA certificate or a client certificate to Eclipse Amlen by using the Eclipse Amlen REST API PUT method with the following Eclipse Amlen file URI:

    http://<admin-endpoint-IP:Port>/ima/v1/file/<filename>

    The certificate is copied to /var/lib/amlen-server/userfiles

  2. To create or update a client certificate, use the Eclipse Amlen REST API POST method with the following Eclipse Amlen configuration URI:

    http://<admin-endpoint-IP:Port>/ima/v1/configuration/

  3. Provide ClientCertificate object configuration data in the payload of the POST method by using the following schema. Content-type is set to application/json. Ensure that capitalization and double quotation marks are used as shown. 
    
{    
  "ClientCertificate": [{"SecurityProfileName": "string", "CertificateName": "string", "Overwrite": true|false },
                        {"SecurityProfileName": "string", "CertificateName": "string", "Overwrite": true|false },
                        {"SecurityProfileName": "string", "CertificateName": "string", "Overwrite": true|false }]
}
    Where:
    CertificateName
    Required.
    Specifies a value for the client certificate.
    The name can be a maximum of 255 alphanumeric characters.
    The name must not have leading or trailing spaces and cannot contain control characters, commas, double quotation marks, backslashes, or equal signs. The first character must not be a number.
    After the profile is created, this name cannot be changed.
    SecurityProfileName
    Required if you are creating a client certificate.
    Specifies the name of the security profile that the client certificate is associated with.
    Overwrite: true|false
    Specifies whether an existing certificate is overwritten if it has the same name.
    The default value is false which means that an existing certificate is not overwritten if it has the same name.

    You can check that the configuration of your client certificate is as expected by using the Eclipse Amlen REST Administration API GET method. For more information about the GET method, see Viewing configuration details of objects that can be named by using REST Administration APIs.

The following example shows the steps required to create a client certificate by using cURL:
  1. Copy the client certificate to /var/lib/amlen-server/userfiles by using the REST API PUT method:
    
curl -X PUT -T imaCA-crt.pem  http://127.0.0.1:9089/ima/v1/file/TestCACertKey.pem
  2. Copy the certificate and key to /var/lib/amlen-server/userfiles to create a CertificateProfile by using the REST API PUT method:
    
curl -X PUT -T certFree.pem  http://127.0.0.1:9089/ima/v1/file/TestCert.pem
curl -X PUT -T keyFree.pem http://127.0.0.1:9089/ima/v1/file/TestKey.pem
  3. Create and import the CertificateProfile by using the REST API POST method: 
    
curl -X POST \
  -H 'Content-Type: application/json'  \
  -d '{
       "CertificateProfile":{
        "TestCertProf":{
         "Certificate": "TestCert.pem",
         "Key": "TestKey.pem"
       }
      }
     }
  ' \
http://127.0.0.1:9089/ima/v1/configuration
  4. Create the SecurityProfile by using the REST API POST method: 
    
curl -X POST 
  -H 'Content-Type: application/json'  \
  -d '{
       "SecurityProfile":{
        "TestSecProf":{
         "CertificateProfile": "TestCertProf",
         "UsePasswordAuthentication": false
       }
      }
     }
  ' \
http://127.0.0.1:9089/ima/v1/configuration
  5. Create the ClientCertificate by using the REST API POST method: 
    
curl -X POST 
  -H 'Content-Type: application/json'  \
  -d '{"ClientCertificate":[{
        "SecurityProfileName":"TestSecProf",
        "CertificateName": "TestCACertKey"
       }]
      }
  ' \
http://127.0.0.1:9089/ima/v1/configuration