Manually install a custom security certificate through the REST API
Alternatively, you can use the REST API to replace the security certificate. You must have the public certificate chain in PEM format and the private key in PKCS#1 (RSA) PEM format.
About this task
The token, certificate, and key examples in this task are simplified for clarity and space.
Steps
Log in to the
PowerProtect Data Manager REST API as a user with the
Administrator or
Security Administrator role:
Use
curl or a REST API client of your choice.
POST https://{{server}} :{{port}} /api/v2/login
Headers:
Content-Type: application/json
Request Payload:
{
"username": "{{username}} ",
"password": "{{password}} "
}
where:
{{server}} is the FQDN or IP address for the
PowerProtect Data Manager server.
{{port}} is the REST API port, typically 8443.
{{username}} and
{{password}} are the
PowerProtect Data Manager REST API credentials.
The REST API service returns an access token:
200 OK
{
"access_token": "eyJraWQiOiJkMjc5M",
"token_type": "Bearer",
"expires_in": 28800,
"jti": "dadda4ef-c4ad-4153-9bee-82f5ad69c75a",
"scope": "aaa",
"refresh_token": "eyJraWQiOiJkMjc5M"
}
Record the
access_token value.
Replace the security certificate:
Use
curl or a REST API client of your choice.
POST https://{{server}} :{{port}} /api/v2/certificates-replacement
Headers:
Content-Type: application/json
Authorization: Bearer {{access-token}}
{
"privateKey": "{{private-key}} ",
"certificateChain": "{{cert-chain}} "
"password": "{{password}} "
}
Replace
{{private-key}} with a
\n -delimited single-line string that represents the contents of
customkey.pem . For example:
-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEArG7\n7HmzXgmP+7owxddYeId\nuXzfA7hedyuxRSV7Whb\nQQKvO3fQz3ywb6i56Lq\n-----END RSA PRIVATE KEY-----\n
Replace
{{cert-chain}} with a
\n -delimited single-line string that represents the contents of
custom.pem . For example:
-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgI\nUzERMA8GA1UEChMIU2l\nMDkyMjE4MDEzNFoXDTI\nBAoTC1BQRE0gU2VydmV\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nEHD0fXjANBgkqhkiG9w\nd3cuc2lnbi5jb20gYz1\nZ24gUm9vdCBDQTAeFw0\nBgNVBAYTAlVTMREwDwY\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDSTCCAjGgAwIBAgI\nd3cuc2lnbi5jb20gYz1\nZ24gUm9vdCBDQTAeFw0\nBgNVBAsTEXd3dy5zaWd\n-----END CERTIFICATE-----\n
The password is an optional field, used when you supply an encrypted private key.
The REST API service returns a status code:
201 Created
{
"id": "004c443c-3e55-44da-ac1a-59fe65fec13a",
"privateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEArG7\n7HmzXgmP+7owxddYeId\nuXzfA7hedyuxRSV7Whb\nQQKvO3fQz3ywb6i56Lq\n-----END RSA PRIVATE KEY-----\n",
"certificateChain": "-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgI\nUzERMA8GA1UEChMIU2l\nMDkyMjE4MDEzNFoXDTI\nBAoTC1BQRE0gU2VydmV\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nEHD0fXjANBgkqhkiG9w\nd3cuc2lnbi5jb20gYz1\nZ24gUm9vdCBDQTAeFw0\nBgNVBAYTAlVTMREwDwY\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDSTCCAjGgAwIBAgI\nd3cuc2lnbi5jb20gYz1\nZ24gUm9vdCBDQTAeFw0\nBgNVBAsTEXd3dy5zaWd\n-----END CERTIFICATE-----\n"
}
For any existing UI sessions, refresh the page to allow the new certificates to take effect.