Creating and updating a trusted certificate by using REST Administration APIs

System administrators can copy a trusted certificate to be used in Eclipse Amlen to Eclipse Amlen by using the Eclipse Amlen REST API PUT method. System administrators can then import the trusted certificate to the truststore that is referenced in the Security Profile by using the Eclipse Amlen REST API POST method. Existing trusted certificate's security profiles can also be updated by system administrators by using the Eclipse Amlen REST API POST method.

You can upload a trusted certificate by using the Eclipse Amlen REST API PUT, or by using the Amlen WebUI. For more information about using the Amlen WebUI to upload a trusted certificate, see Configuring trusted certificates by using the Amlen WebUI.

  1. To create a trusted certificate's security profile, first upload a trusted CA certificate to Eclipse Amlen by using the Eclipse Amlen REST API PUT method with the following Eclipse Amlen file URI:

    http://<admin-endpoint-IP:Port>/ima/v1/file/<filename>

    The certificate is copied to /var/lib/amlen-server/userfiles

  2. To create or update a trusted certificate's security profile, use the Eclipse Amlen REST API POST method with the following Eclipse Amlen configuration URI:

    http://<admin-endpoint-IP:Port>/ima/v1/configuration/

  3. Provide TrustedCertificate object configuration data in the payload of the POST method by using the following schema. Content-type is set to application/json. Ensure that capitalization and double quotation marks are used as shown. 
    
{ "TrustedCertificate": [{"SecurityProfileName": "string", "TrustedCertificate":"string", "Overwrite": true|false }]
}
    Where:
    TrustedCertificate
    Required.
    Specifies a value for the trusted certificate.
    The name can be a maximum of 255 alphanumeric characters.
    The name must not have leading or trailing spaces and cannot contain control characters, commas, double quotation marks, backslashes, or equal signs. The first character must not be a number.
    After the profile is created, this name cannot be changed.
    SecurityProfileName
    Required if you are creating a trusted certificate.
    Specifies the name of the security profile that the trusted certificate is associated with.
    Overwrite: true|false
    Specifies whether an existing certificate is overwritten if it has the same name.
    The default value is false which means that an existing certificate is not overwritten if it has the same name.

    You can check that the configuration of your trusted certificate's security profile is as expected by using the Eclipse Amlen REST Administration API GET method. For more information about the GET method, see Viewing configuration details of objects that can be named by using REST Administration APIs.

The following example shows the steps required to create a trusted certificate by using cURL:
  1. Copy the certificate to /var/lib/amlen-server/userfiles by using the REST API PUT method:
    
curl -X PUT -T imaCA-crt.pem http://127.0.0.1:9089/ima/v1/file/TestCACertKey.pem
  2. Copy the certificate and key to /var/lib/amlen-server/userfiles to create a CertificateProfile by using the REST API PUT method:
    
curl -X PUT -T certFree.pem  http://127.0.0.1:9089/ima/v1/file/TestCert.pem
curl -X PUT -T keyFree.pem http://127.0.0.1:9089/ima/v1/file/TestKey.pem
  3. Create the CertificateProfile by using the REST API POST method: 
    
curl -X POST \
  -H 'Content-Type: application/json'  \
  -d '{
       "CertificateProfile":{
        "TestCertProf":{
         "Certificate": "TestCert.pem",
         "Key": "TestKey.pem"
       }
      }
     }
  ' \
http://127.0.0.1:9089/ima/v1/configuration
  4. Create the SecurityProfile by using the REST API POST method: 
    
curl -X POST 
  -H 'Content-Type: application/json'  \
  -d '{
       "SecurityProfile":{
        "TestSecProf":{
         "CertificateProfile": "TestCertProf",
         "UsePasswordAuthentication": false
       }
      }
     }
  ' \
http://127.0.0.1:9089/ima/v1/configuration
  5. Create the TrustedCertificate by using the REST API POST method: 
    
curl -X POST 
  -H 'Content-Type: application/json'  \
  -d '{"TrustedCertificate":[{
        "SecurityProfileName":"TestSecProf",
        "TrustedCertificate": "TestCACertKey"
       }]
      }
  ' \
http://127.0.0.1:9089/ima/v1/configuration
The following shows an example response to the POST method.

{        
  "Version": "v1",
  "Code": "CWLNA6011",
  "Message": "The requested configuration change has completed successfully."
}