Help with inbox certificate generation and assignment to the SSL web interface (REST API)

icar planells 7 months ago

My client requires the inbox certificate generation to prevent private key eavesdropping.

I managed to:

1. Create a custom trust store

2. generate the CSR

3. sign the CSR by the client's CA

4. Import the signed CSR in the trust store

but I can't assign the freshly generated CertChain to the SSL web interface.

it is rejecting the JSON I am uploading:

{
  "error": {
    "details": {
        "missing_paths": [
            "ca",
            "server",
            "tsa" 
         ],
    "message": "Some paths were missing from the given configuration subtree",
    "type": "IncompleteConfigurationSubtreeError"
      }

As I understand it, I need to call the following API endpoint:

curl -X PUT --cookie cookies https://<IP-address-of-SPS>/api/configuration/management/certificates --data @data.json

With the following JSON:

{
  "body": {
    "ca": {
      "selection": "identity",
      "x509_identity": {
        "key": "5555555-4444-333-22-1111111111"
      }
    },
    "server": {
      "key": "ID-of-New_CertChain"
    },
    "tsa": {
      "key": "1111-2222-333-44-555555555555"
    }
  },
  "key": "certificates"
}
(I extracted the CertChain ID with the following API endpoint call:

curl -X GET --cookie cookies https://<IP-address-of-SPS>/api/configuration/x509/)

Parents

0 Tawfiq.Ahmad 7 months ago

Hi,

When I check my test SPS appliance and download the certificates data from https://<IP-address-of-SPS>/api/configuration/management/certificates the results look like this in case the href is what is missing in your case?

{
    "body": {
        "ca": {
            "selection": "identity",
            "x509_identity": {
                "key": "5555555-4444-333-22-1111111111",
                "meta": {
                    "href": "/api/configuration/x509/5555555-4444-333-22-1111111111"
                }
            }
        },
        "server": {
            "key": "6666-7777-888-99-00000000000",
            "meta": {
                "href": "/api/configuration/x509/6666-7777-888-99-00000000000"
            }
        },
        "tsa": {
            "key": "1111-2222-333-44-555555555555",
            "meta": {
                "href": "/api/configuration/x509/1111-2222-333-44-555555555555"
            }
        }
    },
    "key": "certificates",
    "meta": {
        "first": "/api/configuration/management/accounting",
        "href": "/api/configuration/management/certificates",
        "last": "/api/configuration/management/web_gateway_authentication",
        "next": "/api/configuration/management/check_random_generator",
        "parent": "/api/configuration/management",
        "previous": "/api/configuration/management/accounting",
        "remaining_seconds": 7200,
        "transaction": "/api/transaction"
    }
}

0 icar planells 7 months ago in reply to Tawfiq.Ahmad

If I download the JSON (GET) and try to change the the ID under Server it rejects the PUT operation with the said error:

Some paths were missing from the given configuration subtree

What is the structure of the JSON that I have to PUT in the https://<IP-address-of-SPS>/api/configuration/management/certificates endpoint to change the SSL certificate for the new CertChain i just created?

Reply

0 icar planells 7 months ago in reply to Tawfiq.Ahmad

If I download the JSON (GET) and try to change the the ID under Server it rejects the PUT operation with the said error:

Some paths were missing from the given configuration subtree

What is the structure of the JSON that I have to PUT in the https://<IP-address-of-SPS>/api/configuration/management/certificates endpoint to change the SSL certificate for the new CertChain i just created?

Children

No Data