Create or update a client certificate

Purpose

Creates a trusted client certificate in Eclipse Amlen.

URI

Use the Eclipse Amlen REST API POST method with the following Eclipse Amlen configuration URI:

http://<admin-endpoint-IP:Port>/ima/v1/configuration/

Object configuration data

Provide ClientCertificate object configuration data in the payload of the POST method by using the following schema. Content-type is set to application/json:

{
"ClientCertificate":[{"SecurityProfileName":"string", "CertificateName": "string", "Overwrite": true|false }]
}

CertificateName

Required.

Specifies a value for the client certificate.

The name can be a maximum of 255 alphanumeric characters.

The name must not have leading or trailing spaces and cannot contain control characters, commas, double quotation marks, backslashes, or equal signs. The first character must not be a number.

After the profile is created, this name cannot be changed.

SecurityProfileName

Required if you are creating a client certificate.

Specifies the name of the security profile that the client certificate is associated with.

Overwrite: true|false

Specifies whether an existing certificate is overwritten if it has the same name.

The default value is false which means that an existing certificate is not overwritten if it has the same name.

Usage Notes®

• You must copy the certificate to the server before you can apply it. Copy a file from the local machine to Eclipse Amlen to copy the certificate.
• The certificate must be a pem format certificate.
• You can upload a maximum of 100 trusted client certificates for every security profile.
• Capitalization and double quotation marks must be used as shown.

Related REST Administration APIs

• Creating and updating a client certificate by using REST Administration APIs
• Copy a file from the local machine to Eclipse Amlen
• Create or update a certificate profile
• Create or update a security profile
• Show configuration details of nameable configuration objects
• Delete configuration objects

Example

1. Copy the client certificate by using the REST API PUT method:

   
   curl -X PUT -T imaCA-crt.pem  http://127.0.0.1:9089/ima/v1/file/TestCACertKey.pem

2. Copy the certificate and key to create a CertificateProfile by using the REST API PUT method:

   
   curl -X PUT -T certFree.pem  http://127.0.0.1:9089/ima/v1/file/TestCert.pem
   curl -X PUT -T keyFree.pem http://127.0.0.1:9089/ima/v1/file/TestKey.pem

3. Create the CertificateProfile by using the REST API POST method:

   
   curl -X POST \
     -H 'Content-Type: application/json'  \
     -d '{
          "CertificateProfile":{
           "TestCertProf":{
            "Certificate": "TestCert.pem",
            "Key": "TestKey.pem"
          }
         }
        }
     ' \
   http://127.0.0.1:9089/ima/v1/configuration

4. Create the SecurityProfile by using the REST API POST method:

   
   curl -X POST 
     -H 'Content-Type: application/json'  \
     -d '{
          "SecurityProfile":{
           "TestSecProf":{
            "CertificateProfile": "TestCertProf",
            "UsePasswordAuthentication": false
          }
         }
        }
     ' \
   http://127.0.0.1:9089/ima/v1/configuration

5. Create the ClientCertificate by using the REST API POST method:

   
   curl -X POST 
     -H 'Content-Type: application/json'  \
     -d '{"ClientCertificate":[{
           "SecurityProfileName":"TestSecProf",
           "CertificateName": "TestCACertKey"
          }]
         }
     ' \
   http://127.0.0.1:9089/ima/v1/configuration