certificates

Summary

Resource	Operation	Description
Certificates	PUT /api/app/v1/sys/cert/(cert_type)/url_add	Add user certificate
	PUT /api/app/v1/sys/cert/ca_add	Add ca certificate
	GET /api/app/v1/sys/cert/ca_list	List ca certificates
	DELETE /api/app/v1/sys/cert/ca_remove	Remove ca certificate
	PUT /api/app/v1/sys/cert/user_add	Add user certificate
	GET /api/app/v1/sys/cert/user_list	List certificates
	DELETE /api/app/v1/sys/cert/user_remove	Remove user certificate

Details

PUT /api/app/v1/sys/cert/(cert_type)/url_add

Add user certificate (stored on filestore) to the appliance. The user must exist on the system before adding the certificate.

New in version 1.0.

Parameters:

• username (required) – Username of single user to view the certificates of.

• name (required) – Name of the certificate as it is on the filestore.

• url (required) – URL to retrieve cert file from

• new_name (optional) – Name to save the certificate as on the appliance. If omitted it will use the name parameter.

Note

Duplicate certificate names are not permitted.

Response Headers:

• Content-Type – application/json

Status Codes:

• 200 OK – Success - certificate successfully added

• 400 Bad Request – Bad Request - unsupported parameters

• 401 Unauthorized – Access Denied

• 404 Not Found – Not Found - certificate, or user not found

• 409 Conflict – Conflict - certificate already exists

• 500 Internal Server Error – Server Error - certificate was not successfully added

Accepted Authorization:

super-admin

Example 1 - Request: Add a new certificate to the appliance:

PUT /api/app/v1/sys/cert/ca/url_add?url=ftp://ftpk:Firewall1@10.206.6.196/ca.cert.pem&name=ca_cert HTTP/1.1
Accept: text/html

Example 1 - Response: Add a new certificate to the appliance:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "Status": "Success"
}

Example 2 - Request: Attempt to add a certificate not located on the filestore:

PUT /api/app/v1/sys/cert/ca/url_add?url=ftp://ftpk:Firewall1@10.206.6.16/c.cert.pem&name=ca_cert HTTP/1.1
Accept: text/html

Example 2 - Response: Attempt to add a certificate not located on the URL:

HTTP/1.1 404 NOT FOUND
Content-Type: application/json

{
  "Reason": "Certificate c.cert.pem was not found or unable to be retrieved from filestore ftp://10.206.6.196/././c.cert.pem.",
  "Status": "Failure"
}

Example 3 - Request: Attempt to add a duplicate cert:

PUT /api/app/v1/sys/cert/ca/url_add?url=ftp://ftpk:Firewall1@10.206.6.196/ca.cert.pem&name=ca_cert HTTP/1.1
Accept: text/html

Example 3 - Response: Attempt to add a duplicate cert:

HTTP/1.1 409 CONFLICT
Content-Type: application/json

{
  "Reason": "Certificate already exists with name ca.cert.pem.",
  "Status": "Failure"
}

PUT /api/app/v1/sys/cert/ca_add

Add ca certificate (stored on filestore) to the appliance.

New in version 1.0.

Parameters:

• name (required) – Name of the certificate as it is on the filestore.

• alias (required) – Alias for the filestore.

• new_name (optional) – Name to save the certificate as on the appliance. If omitted it will use the name parameter.

Note

Duplicate certificate names are not permitted.

Response Headers:

• Content-Type – application/json

Status Codes:

• 200 OK – Success - certificate successfully added

• 400 Bad Request – Bad Request - unsupported parameters

• 401 Unauthorized – Access Denied

• 404 Not Found – Not Found - filestore, certificate, or user not found

• 409 Conflict – Conflict - certificate already exists

• 500 Internal Server Error – Server Error - certificate was not successfully added

Accepted Authorization:

super-admin

Example 1 - Request: Add a new certificate to the appliance:

PUT /api/app/v1/sys/cert/ca_add?alias=myfilestore&name=cert.crt&new_name=new.crt HTTP/1.1
Accept: text/html

Example 1 - Response: Add a new certificate to the appliance:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "Status": "Success"
}

Example 2 - Request: Attempt to add a certificate not located on the filestore:

PUT /api/app/v1/sys/cert/ca_add?alias=myfilestore&name=missing.crt HTTP/1.1
Accept: text/html

Example 2 - Response: Attempt to add a certificate not located on the filestore:

HTTP/1.1 404 NOT FOUND
Content-Type: application/json

{
  "Reason": "Certificate missing.crt was not found or unable to be retrieved from filestore myfilestore.",
  "Status": "Failure"
}

Example 3 - Request: Attempt to add a duplicate cert:

PUT /api/app/v1/sys/cert/ca_add?alias=myfilestore&name=dupe.crt HTTP/1.1
Accept: text/html

Example 3 - Response: Attempt to add a duplicate cert:

HTTP/1.1 409 CONFLICT
Content-Type: application/json

{
  "Reason": "Certificate already exists with name dupe.crt.",
  "Status": "Failure"
}

GET /api/app/v1/sys/cert/ca_list

List all root and intermediate certificates.

New in version 1.0.

Response Headers:

• Content-Type – application/json

Status Codes:

• 200 OK – Success - list of certificates

• 400 Bad Request – Bad Request - unsupported parameter

• 401 Unauthorized – Access Denied

Accepted Authorization:

super-admin

Example 1 - Request: View all ca certificates:

GET /api/app/v1/sys/cert/ca_list HTTP/1.1
Accept: text/html

Example 1 - Response: View all ca certificates:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "certificates": [
    {
      "cert_fingerprint": "DC:9D:EA:72:3F:BA:E5:99:14:1E:74:DC:8E:B9:FD:9B:81:E1:8A:FA",
      "cert_name": "cert1.crt",
    },
    {
      "cert_fingerprint": "08:5A:CF:0F:7E:31:C7:60:82:78:06:3A:7F:D2:26:36:57:F2:5F:C8",
      "cert_name": "cert2.crt",
    }
  ]
}

DELETE /api/app/v1/sys/cert/ca_remove

Remove ca certificate.

New in version 1.0.

Parameters:

• name (required) – Name of the certificate to remove.

Response Headers:

• Content-Type – application/json

Status Codes:

• 200 OK – Success - certificate was successfully removed

• 400 Bad Request – Bad Request - unsupported parameter

• 401 Unauthorized – Access Denied

• 404 Not Found – Not Found - certificate was not found

• 500 Internal Server Error – Server Error - certificate removal failed

Accepted Authorization:

super-admin

Example 1 - Request: Remove a ca certificate:

DELETE /api/app/v1/sys/cert/ca_remove?name=cert.crt HTTP/1.1
Accept: text/html

Example 1 - Response: Remove a ca certificate:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "Status": "Success"
}

Example 2 - Request: Attempt to remove a non-existent certificate:

DELETE /api/app/v1/sys/cert/ca_remove?name=fake.crt HTTP/1.1
Accept: text/html

Example 2 - Response: Attempt to remove a non-existent certificate:

HTTP/1.1 404 NOT FOUND
Content-Type: application/json

{
  "Reason": "Certificate does not exist.",
  "Status": "Failure"
}

PUT /api/app/v1/sys/cert/user_add

Add user certificate (stored on filestore) to the appliance. The user must exist on the system before adding the certificate.

New in version 1.0.

Parameters:

• username (required) – Username of single user to view the certificates of.

• name (required) – Name of the certificate as it is on the filestore.

• alias (required) – Alias for the filestore.

• new_name (optional) – Name to save the certificate as on the appliance. If omitted it will use the name parameter.

Note

Duplicate certificate names are not permitted.

Response Headers:

• Content-Type – application/json

Status Codes:

• 200 OK – Success - certificate successfully added

• 400 Bad Request – Bad Request - unsupported parameters

• 401 Unauthorized – Access Denied

• 404 Not Found – Not Found - filestore, certificate, or user not found

• 409 Conflict – Conflict - certificate already exists

• 500 Internal Server Error – Server Error - certificate was not successfully added

Accepted Authorization:

super-admin

Example 1 - Request: Add a new certificate to the appliance:

PUT /api/app/v1/sys/cert/user_add?alias=myfilestore&name=cert.crt&username=hhill&new_name=new.crt HTTP/1.1
Accept: text/html

Example 1 - Response: Add a new certificate to the appliance:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "Status": "Success"
}

Example 2 - Request: Attempt to add a certificate not located on the filestore:

PUT /api/app/v1/sys/cert/user_add?alias=myfilestore&name=missing.crt&username=hhill HTTP/1.1
Accept: text/html

Example 2 - Response: Attempt to add a certificate not located on the filestore:

HTTP/1.1 404 NOT FOUND
Content-Type: application/json

{
  "Reason": "Certificate missing.crt was not found or unable to be retrieved from filestore myfilestore.",
  "Status": "Failure"
}

Example 3 - Request: Attempt to add a duplicate cert:

PUT /api/app/v1/sys/cert/user_add?alias=myfilestore&name=dupe.crt&username=hhill HTTP/1.1
Accept: text/html

Example 3 - Response: Attempt to add a duplicate cert:

HTTP/1.1 409 CONFLICT
Content-Type: application/json

{
  "Reason": "Certificate already exists with name dupe.crt.",
  "Status": "Failure"
}

GET /api/app/v1/sys/cert/user_list

List all certificates or a specific user’s certificates.

New in version 1.0.

Parameters:

• username (optional) – Username of single user to view the certificates of.

Response Headers:

• Content-Type – application/json

Status Codes:

• 200 OK – Success - list of certificates

• 400 Bad Request – Bad Request - unsupported parameter

• 401 Unauthorized – Access Denied

Accepted Authorization:

super-admin

Example 1 - Request: View all certificates:

GET /api/app/v1/sys/cert/user_list HTTP/1.1
Accept: text/html

Example 1 - Response: View all certificates:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "certificates": [
    {
      "cert_fingerprint": "DC:9D:EA:72:3F:BA:E5:99:14:1E:74:DC:8E:B9:FD:9B:81:E1:8A:FA",
      "cert_name": "ale.crt",
      "user_name": "ale"
    },
    {
      "cert_fingerprint": "08:5A:CF:0F:7E:31:C7:60:82:78:06:3A:7F:D2:26:36:57:F2:5F:C8",
      "cert_name": "mason.crt",
      "user_name": "megger"
    }
  ]
}

Example 2 - Request: View a single user’s certificates:

GET /api/app/v1/sys/cert/user_list?username=megger HTTP/1.1
Accept: text/html

Example 2 - Response: View a single user’s certificates:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "certificates": [
    {
      "cert_fingerprint": "08:5A:CF:0F:7E:31:C7:60:82:78:06:3A:7F:D2:26:36:57:F2:5F:C8",
      "cert_name": "mason.crt",
      "user_name": "megger"
    }
  ]
}

DELETE /api/app/v1/sys/cert/user_remove

Remove user certificate.

New in version 1.0.

Parameters:

• name (required) – Name of the certificate to remove.

Response Headers:

• Content-Type – application/json

Status Codes:

• 200 OK – Success - certificate was successfully removed

• 400 Bad Request – Bad Request - unsupported parameter

• 401 Unauthorized – Access Denied

• 404 Not Found – Not Found - certificate was not found

• 500 Internal Server Error – Server Error - certificate removal failed

Accepted Authorization:

super-admin

Example 1 - Request: Remove a user certificate:

DELETE /api/app/v1/sys/cert/user_remove?name=cert.crt HTTP/1.1
Accept: text/html

Example 1 - Response: Remove a user certificate:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "Status": "Success"
}

Example 2 - Request: Attempt to remove a non-existent certificate:

DELETE /api/app/v1/sys/cert/user_remove?name=fake.crt HTTP/1.1
Accept: text/html

Example 2 - Response: Attempt to remove a non-existent certificate:

HTTP/1.1 404 NOT FOUND
Content-Type: application/json

{
  "Reason": "Certificate does not exist.",
  "Status": "Failure"
}