Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Stateless APIs

CertImport

search

Please Note:

CertImport

This API imports certificate and its private Key, if required.

URL

<http/https>://<host-name>:<Port>/protectappws/services/rest/certImport

Input Parameters

ParameterDescription
usernameUser name (optional).
passwordPassword associated with the user (optional).
certnameName of the certificate to import.
isdeletableSets whether the certificate can be deleted via the API, default is false.
isexportableSets whether the certificate can be exported via the API, default is false.
certificateCertificate to be imported, in PKCS1, PKCS#8, or PKCS#12 format.
certpasswordOptional, if password provided certificate must be Hex encoded.
certAliasClient certificate alias for making SSL connections (optional).
certPassPassword for the provided certificate alias (optional).

Sample REST call for cxf

request

    {
        "Cert_Import": {
            "certname": "naanq",
            "username": "jcetest",
            "password": "asdf1234",
            "isdeletable": "true",
            "isexportable": "true",
            "certificate": "-----BEGIN CERTIFICATE-----MIIDvzCCAqegAwIBAgIDAJ5EMA0GCSqGSIb3DQEBCwUAMIGbMQswCQYDVQQGEwJV
        [… sample truncated for brevity …]
        OcqQnevrP4rbUC/5W6+gO0m5ZjMDKryAyW4RiNCboGKtVTVcz68J0+75RTvycjWK
        ibEI
        -----END CERTIFICATE-----
        -----BEGIN RSA PRIVATE KEY-----
        MIIEowIBAAKCAQEAhLItSYS7WHe22H+VOyj5GlAkwcylRsCAl/kbLBUW5adSB5K3
        [… sample truncated for brevity …]
        mzXC86k6UN7ya29wDFuWwLK+gnwD2THORrdk5U+1B0PywK4JdDOR
        -----END RSA PRIVATE KEY-----
        }
    }

response

    {
        "CertImportResponse": {
            "CertImportResponse": "true"
        }
    }

Sample SOAP Parameters

<prot:Cert_Import>
<!--Optional:-->
    <username>cryptouser</username>
    <!--Optional:-->       
    <password>qwerty1234</password>        
    <certname>pkcs1samplevtN</certname>
    <certisdeletable>true</certisdeletable>
    <certisexportable>true</certisexportable>
    <certificate>-----BEGIN CERTIFICATE-----
    MIIDvzCCAqegAwIBAgIDAJ5EMA0GCSqGSIb3DQEBCwUAMIGbMQswCQYDVQQGEwJV
    [… sample truncated for brevity … ]
    OcqQnevrP4rbUC/5W6+gO0m5ZjMDKryAyW4RiNCboGKtVTVcz68J0+75RTvycjWK
    ibEI
    -----END CERTIFICATE-----
    -----BEGIN RSA PRIVATE KEY-----
    MIIEowIBAAKCAQEAhLItSYS7WHe22H+VOyj5GlAkwcylRsCAl/kbLBUW5adSB5K3
    [… sample truncated for brevity … ]
    mzXC86k6UN7ya29wDFuWwLK+gnwD2THORrdk5U+1B0PywK4JdDOR
    -----END RSA PRIVATE KEY-----
    </certificate>
    <!--Optional:-->
    <certpassword></certpassword>
</prot:Cert_Import>

Output

boolean – indicates import success.

<ns1:Cert_ImportResponse xmlns:ns1="http://dsws.org/protectappws/">true</ns1:Cert_ImportResponse>

Note

  • To import a PKCS12 certificate using web , you must provide the certpassword field in import request. In this case, certificate data tag must be sent in Hex Format.

  • The sample certificates are included as a convenience. You can also use your own certificates, just be sure that your PKCS#12 certificate is encrypted using 3DES, otherwise you will see the error: “1559: Certificate could not be verified”. If you need to create your own PKCS#12 certificate using 3DES, you can use openssl, with the following statement as a guide:
    openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in cert.txt -inkey privateKeyInPKCS1 -out thepkcs12.cert -name someCommonNameForCert

On this page