Certificate Creation APIs
Action |
Method |
Payload Required |
API |
To create a certificate signing request |
POST |
Yes |
/api/operations/system/certificate/signing-request |
To install a certificate, which will be used by the local portal and REST API |
POST |
Yes |
/api/operations/system/certificate/install-cert |
To switch between self-signed and CA signed certificates |
POST |
Yes |
/api/operations/system/certificate/use-cert |
Example for Signing Request Payload
<signing-request>
<country-code>US</country-code>
<state>California</state>
<locality>San Jose</locality>
<organization>Cisco</organization>
<organization-unit-name>Cisco</organization-unit-name>
<common-name>nfvis.cisco.com</common-name>
</signing-request>
Property |
Type |
Description |
Mandatory/Default Value |
<country-code> |
String |
Two-letter ISO abbreviation for your country. |
No |
<state> |
String |
Name of the state where your organization's head office is located. |
No |
<locality> |
Boolean |
Name of the city where your organization's head office is located. |
No |
<organization> |
Boolean |
Name of the organization |
No |
<organization-unit-name> |
String |
Name of the department or group that will use the certificate. |
No |
<common-name> |
URL |
Fully qualified domain name that you want to secure. |
Yes |
Example for Install Certificate Payload
<install-cert>
<path>file:///data/upload1/servercert.pem</path>
</install-cert>
Property |
Type |
Description |
Mandatory/Default Value |
<install-cert> <path> |
URL |
Full path of the certificate. |
Yes |
Example for Use Certificate Payload
<use-cert>
<cert-type>ca-signed</cert-type>
</use-cert>
The <cert-type> parameter is mandatory in the use certificate payload. You can .
Property |
Type |
Description |
Mandatory/Default Value |
<use-cert> <cert-type> |
string |
The <self-signed> or <ca-signed> certificate type. |
Yes |
Example: POST Signing Request API
curl -k -v -u admin:admin -H Content-Type:application/vnd.yang.data+xml -X
POST -d <signing-request><country-code>US</country-code><state>California</state><locality>San Jose</locality><organization>Cisco</organization>
<organization-unit-name>Cisco</organization-unit-name><common-name>nfvis.cisco.com</common-name></signing-request>
https://209.165.201.1/api/operations/system/certificate/signing-request
* About to connect() to 209.165.201.1 port 443 (#0)
* Trying 209.165.201.1... connected
* Connected to 209.165.201.1 (209.165.201.1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* subject: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
* start date: Apr 04 23:26:13 2016 GMT
* expire date: Apr 02 23:26:13 2026 GMT
* common name: Cisco-Enterprise-NFVIS-Self-Signed-Certificate
* issuer: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
* Server auth using Basic with user 'admin'
> POST /api/operations/system/certificate/signing-request HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 209.165.201.1
> Accept: */*
> Content-Type:application/vnd.yang.data+xml
> Content-Length: 250
>
< HTTP/1.1 200 OK
< Server: nginx/1.6.3
< Date: Wed, 06 Apr 2016 23:29:39 GMT
< Content-Type: application/vnd.yang.operation+xml
< Content-Length: 85
< Connection: keep-alive
< Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
< Vary: Accept-Encoding
< Pragma: no-cache
<
<output xmlns='http://www.cisco.com/nfv'>
<url>/download/nfvis.csr</url>
</output>
* Connection #0 to host 209.165.201.1 left intact
* Closing connection #0
Example: POST Install Certificate API
curl -k -v -u admin:admin -H Content-Type:application/vnd.yang.data+xml -X
POST -d <install-cert><path>file:///data/upload1/servercert.pem</path></install-cert>
https://209.165.201.1/api/operations/system/certificate/install-cert
* About to connect() to 209.165.201.1 port 443 (#0)
* Trying 209.165.201.1... connected
* Connected to 209.165.201.1 (209.165.201.1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* subject: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
* start date: Apr 04 23:26:13 2016 GMT
* expire date: Apr 02 23:26:13 2026 GMT
* common name: Cisco-Enterprise-NFVIS-Self-Signed-Certificate
* issuer: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
* Server auth using Basic with user 'admin'
> POST /api/operations/system/certificate/install-cert HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 209.165.201.1
> Accept: */*
> Content-Type:application/vnd.yang.data+xml
> Content-Length: 81
>
< HTTP/1.1 204 No Content
< Server: nginx/1.6.3
< Date: Wed, 06 Apr 2016 23:19:33 GMT
< Content-Type: text/html
< Content-Length: 0
< Connection: keep-alive
< Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
< Pragma: no-cache
<
* Connection #0 to host 209.165.201.1 left intact
* Closing connection #0
Example: POST Use Certificate API
curl -k -v -u admin:admin -H Content-Type:application/vnd.yang.data+xml -X
POST -d <use-cert><cert-type>ca-signed</cert-type></use-cert>
https://209.165.201.1/api/operations/system/certificate/use-cert
* About to connect() to 209.165.201.1 port 443 (#0)
* Trying 209.165.201.1... connected
* Connected to 209.165.201.1 (209.165.201.1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* subject: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
* start date: Apr 04 23:26:13 2016 GMT
* expire date: Apr 02 23:26:13 2026 GMT
* common name: Cisco-Enterprise-NFVIS-Self-Signed-Certificate
* issuer: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
* Server auth using Basic with user 'admin'
> POST /api/operations/system/certificate/use-cert HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 209.165.201.1
> Accept: */*
> Content-Type:application/vnd.yang.data+xml
> Content-Length: 57
>
< HTTP/1.1 204 No Content
< Server: nginx/1.6.3
< Date: Wed, 06 Apr 2016 23:23:19 GMT
< Content-Type: text/html
< Content-Length: 0
< Connection: keep-alive
< Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
< Pragma: no-cache
<
* Connection #0 to host 209.165.201.1 left intact
* Closing connection #0