CertImport
This API imports certificate and its private Key, if required.
URL
<http/https>://<host-name>:<Port>/protectappws/services/rest/certImport
Input Parameters
| Parameter | Description |
|---|---|
| username | User name (optional). |
| password | Password associated with the user (optional). |
| certname | Name of the certificate to import. |
| isdeletable | Sets whether the certificate can be deleted via the API, default is false. |
| isexportable | Sets whether the certificate can be exported via the API, default is false. |
| certificate | Certificate to be imported, in PKCS1, PKCS#8, or PKCS#12 format. |
| certpassword | Optional, if password provided certificate must be Hex encoded. |
| certAlias | Client certificate alias for making SSL connections (optional). |
| certPass | Password for the provided certificate alias (optional). |
Sample REST call for cxf
request
{
"Cert_Import": {
"certname": "naanq",
"username": "jcetest",
"password": "asdf1234",
"isdeletable": "true",
"isexportable": "true",
"certificate": "-----BEGIN CERTIFICATE-----MIIDvzCCAqegAwIBAgIDAJ5EMA0GCSqGSIb3DQEBCwUAMIGbMQswCQYDVQQGEwJV
[… sample truncated for brevity …]
OcqQnevrP4rbUC/5W6+gO0m5ZjMDKryAyW4RiNCboGKtVTVcz68J0+75RTvycjWK
ibEI
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAhLItSYS7WHe22H+VOyj5GlAkwcylRsCAl/kbLBUW5adSB5K3
[… sample truncated for brevity …]
mzXC86k6UN7ya29wDFuWwLK+gnwD2THORrdk5U+1B0PywK4JdDOR
-----END RSA PRIVATE KEY-----
}
}
response
{
"CertImportResponse": {
"CertImportResponse": "true"
}
}
Sample SOAP Parameters
<prot:Cert_Import>
<!--Optional:-->
<username>cryptouser</username>
<!--Optional:-->
<password>qwerty1234</password>
<certname>pkcs1samplevtN</certname>
<certisdeletable>true</certisdeletable>
<certisexportable>true</certisexportable>
<certificate>-----BEGIN CERTIFICATE-----
MIIDvzCCAqegAwIBAgIDAJ5EMA0GCSqGSIb3DQEBCwUAMIGbMQswCQYDVQQGEwJV
[… sample truncated for brevity … ]
OcqQnevrP4rbUC/5W6+gO0m5ZjMDKryAyW4RiNCboGKtVTVcz68J0+75RTvycjWK
ibEI
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAhLItSYS7WHe22H+VOyj5GlAkwcylRsCAl/kbLBUW5adSB5K3
[… sample truncated for brevity … ]
mzXC86k6UN7ya29wDFuWwLK+gnwD2THORrdk5U+1B0PywK4JdDOR
-----END RSA PRIVATE KEY-----
</certificate>
<!--Optional:-->
<certpassword></certpassword>
</prot:Cert_Import>
Output
boolean – indicates import success.
<ns1:Cert_ImportResponse xmlns:ns1="http://dsws.org/protectappws/">true</ns1:Cert_ImportResponse>
Note
To import a PKCS12 certificate using web , you must provide the
certpasswordfield in import request. In this case, certificate data<certificate>tag must be sent in Hex Format.The sample certificates are included as a convenience. You can also use your own certificates, just be sure that your PKCS#12 certificate is encrypted using 3DES, otherwise you will see the error:
“1559: Certificate could not be verified”. If you need to create your own PKCS#12 certificate using 3DES, you can use openssl, with the following statement as a guide:openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in cert.txt -inkey privateKeyInPKCS1 -out thepkcs12.cert -name someCommonNameForCert
