• State Not Answered
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 820 views
  • Users 0 members are here
Options
Related

Help with inbox certificate generation and assignment to the SSL web interface (REST API)

icar planells

My client requires the inbox certificate generation to prevent private key eavesdropping.

I managed to:

1. Create a custom trust store

2. generate the CSR

3. sign the CSR by the client's CA

4. Import the signed CSR in the trust store

but I can't assign the freshly generated CertChain to the SSL web interface.

it is rejecting the JSON I am uploading:

{
  "error": {
    "details": {
        "missing_paths": [
            "ca",
            "server",
            "tsa" 
         ],
    "message": "Some paths were missing from the given configuration subtree",
    "type": "IncompleteConfigurationSubtreeError"
      }

As I understand it, I need to call the following API endpoint:

curl -X PUT --cookie cookies https://<IP-address-of-SPS>/api/configuration/management/certificates --data @data.json

With the following JSON:

{
  "body": {
    "ca": {
      "selection": "identity",
      "x509_identity": {
        "key": "5555555-4444-333-22-1111111111"
      }
    },
    "server": {
      "key": "ID-of-New_CertChain"
    },
    "tsa": {
      "key": "1111-2222-333-44-555555555555"
    }
  },
  "key": "certificates"
}
(I extracted the CertChain ID with the following API endpoint call:
curl -X GET --cookie cookies https://<IP-address-of-SPS>/api/configuration/x509/)


Parents
  • 0

    Hi,

    When I check my test SPS appliance and download the certificates data from https://<IP-address-of-SPS>/api/configuration/management/certificates the results look like this in case the href is what is missing in your case?

    {
    "body": {
        "ca": {
            "selection": "identity",
            "x509_identity": {
                "key": "5555555-4444-333-22-1111111111",
                "meta": {
                    "href": "/api/configuration/x509/5555555-4444-333-22-1111111111"
                }
            }
        },
        "server": {
            "key": "6666-7777-888-99-00000000000",
            "meta": {
                "href": "/api/configuration/x509/6666-7777-888-99-00000000000"
            }
        },
        "tsa": {
            "key": "1111-2222-333-44-555555555555",
            "meta": {
                "href": "/api/configuration/x509/1111-2222-333-44-555555555555"
            }
        }
    },
    "key": "certificates",
    "meta": {
        "first": "/api/configuration/management/accounting",
        "href": "/api/configuration/management/certificates",
        "last": "/api/configuration/management/web_gateway_authentication",
        "next": "/api/configuration/management/check_random_generator",
        "parent": "/api/configuration/management",
        "previous": "/api/configuration/management/accounting",
        "remaining_seconds": 7200,
        "transaction": "/api/transaction"
    }
}

Reply
  • 0

    Hi,

    When I check my test SPS appliance and download the certificates data from https://<IP-address-of-SPS>/api/configuration/management/certificates the results look like this in case the href is what is missing in your case?

    {
    "body": {
        "ca": {
            "selection": "identity",
            "x509_identity": {
                "key": "5555555-4444-333-22-1111111111",
                "meta": {
                    "href": "/api/configuration/x509/5555555-4444-333-22-1111111111"
                }
            }
        },
        "server": {
            "key": "6666-7777-888-99-00000000000",
            "meta": {
                "href": "/api/configuration/x509/6666-7777-888-99-00000000000"
            }
        },
        "tsa": {
            "key": "1111-2222-333-44-555555555555",
            "meta": {
                "href": "/api/configuration/x509/1111-2222-333-44-555555555555"
            }
        }
    },
    "key": "certificates",
    "meta": {
        "first": "/api/configuration/management/accounting",
        "href": "/api/configuration/management/certificates",
        "last": "/api/configuration/management/web_gateway_authentication",
        "next": "/api/configuration/management/check_random_generator",
        "parent": "/api/configuration/management",
        "previous": "/api/configuration/management/accounting",
        "remaining_seconds": 7200,
        "transaction": "/api/transaction"
    }
}

Children
  • 0 in reply to Tawfiq.Ahmad

    If I download the JSON (GET) and try to change the the ID under Server it rejects the PUT operation with the said error:

    Some paths were missing from the given configuration subtree

    What is the structure of the JSON that I have to PUT in the https://<IP-address-of-SPS>/api/configuration/management/certificates endpoint to change the SSL certificate for the new CertChain i just created?