REST API  15
REST API for Luna Network HSMs
POST /api/lunasa/syslog/remoteHosts/ca

POST /api/lunasa/syslog/remoteHosts/ca

Adds a Certificate Authority(CA) certificate to the truststore.
The resource works in two different ways to add CA:

  • User can provide the certificate content to add ca.
  • User can also provide the name of certificate file that should be already uploaded in user's home directory. The certificate can be uploaded through POST /users/{userid}/files.

Note: • User can have only one CA at a time. • The syslog service needs to be (re)started before a secure connection can be established.

User Privileges

Users with the following role privileges can perform this command:

  • admin
  • operator

Parameters for providing the certificate content

certificate

The PEM-encoded certificate of CA.

Use: Required

JSON Schema: 

   Object
   type: string
   minLength: 8
   maxLength: 8192
   pattern: ^-{5}+BEGIN CERTIFICATE-{5}(?:\\\\s|\\\\r|\\\\n)([A-Za-z0-9+=/\\\\r\\\\n]+)-{5}END CERTIFICATE-{5}([?:\\\\s|\\\\r|\\\\n]*)$

NOTE: The certificate is PEM format with no embedded newlines. Use '\n' instead of the newline character.

Parameters for file that has already been uploaded

file

The name of the CA certificate to be added that is uploaded in the user's home directory.

Use: Required

JSON Schema: 

   Object
   type: string
   minLength: 1
   maxLength: 64
   pattern: [a-zA-Z0-9_. -]

Note: The file name should match the following criteria:

  1. File with .pem extension and contains valid certificate, can be accepted as certificate file
  2. File name should not start with dot character(.) and end with space

Responses

204

CA Cert added successfully.

400

APPLIANCE_INVALID_CERTIFICATE

File is not a valid certificate.

400

APPLIANCE_EXPIRED_CERTIFICATE

An error indicating the provided certificate is currently expired.

400

APPLIANCE_FILENAME_NOT_VALID

we failed to parse the request. Filename not valid.

400

FRAMEWORK_BAD_REQUEST

We failed to parse your request.

404

SERVERPLUGIN_FILEID_DOES_NOT_EXIST

Non-existent file id specified.

500

SYSLOG_FAILED_TO_ADD_CA

An internal error has occured.

Example Request for adding CA by providing certificate content

   POST
   https://1.2.3.4:8443/api/lunasa/syslog/remoteHosts/ca
   {"certificate": "-----BEGIN CERTIFICATE-----\n...<certificate>...\n-----END CERTIFICATE-----"}

Example Request for adding CA by providing file name

   POST
   https://1.2.3.4:8443/api/lunasa/syslog/remoteHosts/ca
   {
      "file": "CA.pem"
   }

Example Response

{}

REST API for Luna Network HSMs VERSION" Reference Guide
007-013322-007 Rev. A Copyright 2023  Thales. All rights reserved.