CertImport
This API imports certificate and its private Key, if required.
URL
<http/https>://<host-name>:<Port>/protectappws/services/rest/certImport
Input Parameters
Parameter | Description |
---|---|
username | User name. |
password | Password associated with the user. |
certname | Name of the certificate to import. |
certisdeletable | Sets whether the certificate can be deleted via the API, default is false. |
certisexportable | Sets whether the certificate can be exported via the API, default is false. |
certificate | Certificate to be imported, in PKCS1, PKCS#8, or PKCS#12 format. |
certpassword | Optional, if password provided certificate must be Hex encoded. |
certAlias | Client certificate alias for making SSL connections (optional). |
certPass | Password for the provided certificate alias (optional). |
Sample REST call for cxf
request
{
"Cert_Import": {
"certname": "naanq",
"username": "jcetest",
"password": "asdf1234",
"isdeletable": "true",
"isexportable": "true",
"certificate": "-----BEGIN CERTIFICATE-----MIIDvzCCAqegAwIBAgIDAJ5EMA0GCSqGSIb3DQEBCwUAMIGbMQswCQYDVQQGEwJV
[… sample truncated for brevity …]
OcqQnevrP4rbUC/5W6+gO0m5ZjMDKryAyW4RiNCboGKtVTVcz68J0+75RTvycjWK
ibEI
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAhLItSYS7WHe22H+VOyj5GlAkwcylRsCAl/kbLBUW5adSB5K3
[… sample truncated for brevity …]
mzXC86k6UN7ya29wDFuWwLK+gnwD2THORrdk5U+1B0PywK4JdDOR
-----END RSA PRIVATE KEY-----
}
}
response
{
"CertImportResponse": {
"CertImportResponse": "true"
}
}
Sample SOAP Parameters
<prot:Cert_Import>
<username>cryptouser</username>
<password>qwerty1234</password>
<certname>pkcs1samplevtN</certname>
<certisdeletable>true</certisdeletable>
<certisexportable>true</certisexportable>
<certificate>-----BEGIN CERTIFICATE-----
MIIDvzCCAqegAwIBAgIDAJ5EMA0GCSqGSIb3DQEBCwUAMIGbMQswCQYDVQQGEwJV
[… sample truncated for brevity … ]
OcqQnevrP4rbUC/5W6+gO0m5ZjMDKryAyW4RiNCboGKtVTVcz68J0+75RTvycjWK
ibEI
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAhLItSYS7WHe22H+VOyj5GlAkwcylRsCAl/kbLBUW5adSB5K3
[… sample truncated for brevity … ]
mzXC86k6UN7ya29wDFuWwLK+gnwD2THORrdk5U+1B0PywK4JdDOR
-----END RSA PRIVATE KEY-----
</certificate>
<!--Optional:-->
<certpassword></certpassword>
</prot:Cert_Import>
Output
boolean – indicates import success.
<ns1:Cert_ImportResponse xmlns:ns1="http://dsws.org/protectappws/">true</ns1:Cert_ImportResponse>
Note
To import a PKCS12 certificate using web , you must provide the
certpassword
field in import request. In this case, certificate datatag must be sent in Hex Format. The sample certificates are included as a convenience. You can also use your own certificates, just be sure that your PKCS#12 certificate is encrypted using 3DES, otherwise you will see the error:
“1559: Certificate could not be verified”
. If you need to create your own PKCS#12 certificate using 3DES, you can use openssl, with the following statement as a guide:openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in cert.txt -inkey privateKeyInPKCS1 -out thepkcs12.cert -name someCommonNameForCert