My client requires the inbox certificate generation to prevent private key eavesdropping.
I managed to:
1. Create a custom trust store
2. generate the CSR
3. sign the CSR by the client's CA
4. Import the signed CSR in the trust store
but I can't assign the freshly generated CertChain to the SSL web interface.
it is rejecting the JSON I am uploading:
{ "error": { "details": { "missing_paths": [
"ca",
"server",
"tsa"
], "message": "Some paths were missing from the given configuration subtree", "type": "IncompleteConfigurationSubtreeError" }
As I understand it, I need to call the following API endpoint:
curl -X PUT --cookie cookies https://<IP-address-of-SPS>/api/configuration/management/certificates --data @data.json
With the following JSON:
{ "body": { "ca": { "selection": "identity", "x509_identity": { "key": "5555555-4444-333-22-1111111111" } }, "server": { "key": "ID-of-New_CertChain" }, "tsa": { "key": "1111-2222-333-44-555555555555" } }, "key": "certificates" }
(I extracted the CertChain ID with the following API endpoint call:
curl -X GET --cookie cookies https://<IP-address-of-SPS>/api/configuration/x509/)