REST API  17
REST API for Luna Network HSMs
PUT /api/lunasa/ntls/clients/{clientid}

PUT /api/lunasa/ntls/clients/{clientid}

Add/Replace the client certificate of an already registered client with or without certificate. The certificate could be self-signed or CA signed. In the case of a CA-signed certificate, a CA certificate should be added.
The resource works in three different ways to update client's certificate:

  • User can provide the certificate content to update.
  • User can upload and update client's certificate using this single resource.
  • User can upload the certificate through POST /users/{userid}/files and can only provide file name of file uploaded.

User Privileges

Users with the following role privileges can perform this command:

  • admin
  • operator

Header for uploading and updating the client's certificate

Content-Type

application/vnd.safenetinc.lunasa+octet-stream;version=

Header for providing content of certificate to update the client's certificate

Content-Type

application/vnd.safenetinc.lunasa+json;version=

Header for providing file name to update the client's certificate

Content-Type

application/vnd.safenetinc.lunasa+json;version=

Parameters for uploading and updating client's certificate

The request takes in a file.

See File I/O

clientid

Specifies the name of the client.

Use: Required

JSON Schema: 

   Object
   type: string
   minLength: 1
   maxLength: 128
   pattern: ^(?!server$)[a-zA-Z0-9_.:-]*$

Note: Client name can not be "server".

Parameters for providing the certificate content

clientid

Specifies the name of the client.

Use: Required

JSON Schema: 

   Object
   type: string
   minLength: 1
   maxLength: 128
   pattern: ^(?!server$)[a-zA-Z0-9_.:-]*$

Note: Client name can not be "server".

certificate

The PEM-encoded certificate for the client.

Use: Required

JSON Schema: 

   Object
   type: string
   minLength: 8
   maxLength: 8192
   pattern: ^-{5}BEGIN CERTIFICATE-{5}(?:\s|\r|\n)([A-Za-z0-9+=/\r\n]+)-{5}END CERTIFICATE-{5}(\s|\r|\n*)$

NOTE: The certificate is PEM format with no embedded newlines. Use '\n' instead of the newline character.

Parameters for providing file name to update the client's certificate

clientid

Specifies the name of the client.

Use: Required

JSON Schema: 

   Object
   type: string
   minLength: 1
   maxLength: 128
   pattern: ^(?!server$)[a-zA-Z0-9_.:-]*$

Note: Client name can not be "server".

file

The name of the client's certificate to be added that is uploaded in the user's home directory.

Use: Required

JSON Schema: 

   Object
   type: string
   minLength: 1
   maxLength: 64
   pattern: ^([a-zA-Z0-9_-]|[a-zA-Z0-9_.-][a-zA-Z0-9_. -]*[a-zA-Z0-9_.-])$

Note: The file name should match the following criteria:

  1. File with .pem extension and contains valid certificate, can be accepted as certificate file
  2. File name should not start with dot character(.) and end with space

Responses

204

Success

400

FRAMEWORK_BAD_REQUEST

Returned when the input data does not conform to the required validation schema.

400

NTLS_INVALID_CERTIFICATE

If certificate is not valid.

400

APPLIANCE_EXPIRED_CERT

If certificate is currently expired.

400

NTLS_CLIENT_FAILED_TO_UPDATE_CERT

If client certificate update failed.

400

SERVER_REQUEST_NOT_APPROPRIATE

If user has not used octet-stream request for attaching file.

400

NTLS_FILENAME_NOT_VALID

If user has provided restricted certificate filename.

404

SERVERPLUGIN_FILEID_DOESNOT_EXIST

If certificate provided does not exist.

404

NTLS_NO_CLIENT

Specified client does not exist.

422

NTLS_INVALID_CERT_CN

Certificate Common Name contains invalid characters.

500

NTLS_INTERNAL_ERROR

If any unexpected error occurs.

Example Request for uploading and registering client using this resource.

The content type of the request needs to be application/vnd.safenetinc.luna+octet-stream to notify the server that it will be receiving a file. Attach the file with the request.

Header format: 

    headers = {'Content-Type': "application/vnd.safenetinc.lunasa+octet-stream;version="}


  PUT
  https://1.2.3.4:8443/api/lunasa/ntls/clients/testClient
  { }

Example Request for registering client with certificate content.

   PUT
   https://1.2.3.4:8443/api/lunasa/ntls/clients/testClient
   {
      "certificate": "-----BEGIN CERTIFICATE-----\n...<certificate>...\n-----END CERTIFICATE-----"
   }

Example Request for registering client if certificate has already been uploaded.

   PUT
   https://1.2.3.4:8443/api/lunasa/ntls/clients/testClient
   {
      "file": "10.175.76.56.pem"
   }

Example Result

{}

REST API for Luna Network HSMs " Reference Guide
007-013322-007 Rev. A Copyright 2026  Thales. All rights reserved.