...
Method | Endpoint | Parameter | Returned values | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Name | Is required? | Transfer method | Description | Name | Always returned? | Transfer method | Description | ||||
GET | /v1/certificate/{caName} | CA name | Yes | Path parameter | Name of Certificate Authority which should sign sent CSR. Must match CertService's CMPv2 servers configuration. | Error message | No, only if error occurred on server side | Body (JSON) | Verbose information what wrong happened on server side. | ||
Base64 encoded CSR (Certificate Signing Request) | Yes | Header | Certificate Signing Request for given component | Certificate chain | YesNo, only in success case. | Body (JSON) | Base64 encoded | ||||
Base64 encoded CSR (Certificate Signing Request)private key | Yes | Header | Certificate Signing Request for given componentPrivate key. Needed to create proof of possession (PoP) | Trusted certificates | YesNo, only in success case. | Body (JSON) | Base64 encoded | Base64 encoded private key | Yes | Header | Private key. Needed to create proof of possession (PoP). Order doesn't matter. |
Return HTTP codes:
HTTP code | Description |
---|---|
200 (OK) | Everything is ok. Certificate chain and trusted certificates returned |
400 (Bad Request) | Incorrect/missing CSR and/or private key |
401 (Unauthorized) | Missing client certificate or presented certificate is not trusted |
404 (Not found) | Invalid CA name in REST API call or wrong endpoint called |
500 (Internal Server Error) | In case of exception on server side. |
...
Input value | Input type | Description | Usage |
---|---|---|---|
CsrModel | Object | POJO which transfers sent CSR, plain fields extracted from CSR (like Common Name, Country, etc) | |
CsrModel:: csr | org.bouncycastle.pkcs.PKCS10CertificationRequest | Certificate Signing Request received via REST API | |
CsrModel:: subjectDN | org.bouncycastle.asn1.x500.X500Name | SubjectDN retrieved from sent CSR | |
CsrModel:: privateKey | Either org.bouncycastle.util.io.pem.PemObject or java.security.PrivateKey | Private key received via REST API | |
CsrModel:: publicKey | Either org.bouncycastle.util.io.pem.PemObject or java.security.PublicKey | Public key retrieved from sent CSR | |
CsrModel:: | |||
CMPv2ServerDetails | Object | POJO which transfers CMPv2 server properties | |
CMPv2ServerDetails:: CA name | String | CA name as configured in CMPv2 server properties | |
CMPv2ServerDetails:: URL | URL or String | URL to CMPv2 server as configured in CMPv2 server details | |
CMPv2ServerDetails:: IssuerDN | org.bouncycastle.asn1.x500.X500Name | Issuer DN as configured in CMPv2 server details | |
CMPv2ServerDetails:: CA mode | ENUM | CA mode as configured in CMPv2 server details | |
CMPv2ServerDetails:: IAK | String | IAK as configured in CMPv2 server details | |
CMPv2ServerDetails:: RV | String | RV as configured in CMPv2 server details | |
CA name | String | CA name received via REST API |
...
Run CertService as docker via following command: TBA
Code Block |
---|
docker run -it -p 8080:8080/tcp $CONTAINER_IMAGE --name cert-service $IMAGE_NAME |
Kubernetes
For Kubernetes helm chart is provided. Just fill in all overwrite needed values and deploy helm chart using following command: TBA
...