Top

RESTful API

Key Manager Plus (KMP) APIs allow other applications to connect, interact and integrate with Key Manager Plus directly. These APIs belong to the REpresentational State Transfer category and allow applications to create, fetch, associate digital keys and add, retrieve or manage users programmatically.

Pre-requisites

Generate API key

The first step to configure and use KMP APIs is generating the API key from the KMP user interface. Only administrator users can generate the API keys. The API keys serve as the auth token for your access purposes. The API keys are tied to the host in which they are created.

To generate API key

  1. Navigate to Settings → API Key tab and click Generate
  2. The API key is generated and this key serves as the auth token for your access purposes and you need to provide this key every time you try to access KMP API
  3. Key Manager Plus provides an option to regenerate the API key in case if the API key in use has been compromised. Log in to your account, navigate to Settings → API Key and click Regenerate and the new API Key is generated.

APIs Summary

KMP provides the following APIs:

  1. To create a new SSH key
  2. To update credentials
  3. To fetch all the SSH keys
  4. To fetch a particular SSH key
  5. To export an SSH key
  6. To GET SSH keys for a user
  7. To enumerate all users
  8. To GET all SSH users
  9. To fetch all associated users
  10. To GET all the keystore keys
  11. To export a keystore key
  12. To delete a keystore key
  13. To add a keystore key
  14. To update a keystore key
  15. To GET a certificate
  16. To GET all certificates
  17. To GET all certificate expiry
  18. To GET certificate details
  19. To GET certificate keystore
  20. To delete a certificate
  21. To perform resource discovery
  22. To perform resource discovery (for a range of IP addresses)
  23. To create CSR
  24. To GET CSR list
  25. To Sign CSR
  26. To create certificate
  27. To import an SSH key
  28. To associate an SSH key
  29. To dissociate an SSH key
  30. Add a certificate
  31. Delete an SSH key
  32. To get certificate private key passphrase

HTTPS Methods Used

GET

To fetch resources, user accounts, keys, account/resource details

DELETE

To delete an existing key or a certificate

POST

To create new keys, certificates or to discover resources

How to Make Use of the APIs?

Invoking the APIs

The APIs can be via HTTP POST, GET and PUT requests. All parameters in the request should be form-url encoded. For all the APIs you need to pass AUTH token, which is mandatory.

Supported Format

The URL structure for the KMP API would be as below:

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/ <api_name> /AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8

1. To Create a New SSH Key

Description

To create a new SSH key

HTTPS method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input Data

The following data to be passed as input

{"operation":{"Details":{"keyName":"keytest",
"passPhrase":"passPhrase",
"comment":"comment",
"length":"2048",
"keyType":"ssh-rsa"}}}

Sample request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/createsshkey?INPUT_DATA={"operation":{"Details":{"keyName":"keytest","passPhrase":"passPhrase","comment":"comment","length":"2048","keyType":"ssh-rsa"}}}

Sample response:

{ "name": "CreateSSHKey",
"result": {
"status": "Success",
"message": "New SSH key created successfully" }
}

Note:

Following are the key types that can be used to create new SSH keys:

  • ssh-rsa (key length: 1024/2048/4096)
  • ssh-dss (key length: 1024)
  • ed25519 (no specific key length)
  • ecdsa (key length: 256/384/521)

2. To Update Credentials

Description

To update credentials for the discovered resources.

HTTPS method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input Data

The following data to be passed as input

{"operation":{"Details":{"userName":"test3",
"password":"test3",
"resourceName":"172.21.147.80",
"isAdmin":"false"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/applycredentials?INPUT_DATA={"operation":{"Details":{"userName":"test3","password":"test3","resourceName":"172.21.147.80","isAdmin":"false"}}}

Sample Response

{
"name": "ApplyCredentials",
"result": {
"status": "Success",
"message": "Credentials updated successfully"
}
}

3. To Fetch all the SSH Keys

Description

To fetch all the discovered SSH keys

HTTPS method

GET

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input Data

None

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAllSSHKeys

Sample Response

{"name": "GetAllSSHKeys",

"result": {"status": "Success","message": "All SSH Keys fetched successfully"

},"totalRows": 1,"details": [{"KeyName": "testkey","KeyType": "ssh-rsa",

"KeyLength": "2048","FingerPrint": "SHA256:v28/AlRYrpBKjAp4JoTRphLOkFdVb1ummVcyFHSfC5I",

"isPassphraseAvailable": false,"CreatedBy": "mm","CreationTime": "Today"}]}

4. To Fetch a Particular SSH Key

Description

To fetch a particular SSH keys from the discovered keys

HTTPS method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input Data

The name of the operation and key to be passed as input

{"operation":{"Details":{"keyName":"key"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getSSHKey?INPUT_DATA={"operation":{"Details":{"keyName":"key"}}}

Sample Response

{"name": "GetSSHKey",

"result": {"status": "Success","message": "SSH Key testkey fetched successfully"

}, "details": [{"KeyName": "testkey","KeyType": "ssh-rsa","KeyLength": "2048",

"FingerPrint": "SHA256:v28/AlRYrpBKjAp4JoTRphLOkFdVb1ummVcyFHSfC5I",

"isPassphraseAvailable": false,"CreatedBy": "mm","CreationTime": "Today"}]}

5. To Export an SSH Key

Description

To export a particular SSH key

HTTPS METHOD

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input Data

The name of the operation and key to be passed as input

{"operation":{"Details":{"keyName":"key"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/exportSSHKey?INPUT_DATA={"operation":{"Details":{"keyName":"key"}}}

Sample response:

Key file

6. To GET SSH keys for a user

Description

To get all the SSH keys associated with a particular user

HTTPS Method

GET

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input data:

The user name and resource name to be passed as input

{"operation":{"Details":{"userName":"test","resourceName":"172.21.147.80"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getSSHkeysforuser?INPUT_DATA={"operation":{"Details":{"userName":"test","resourceName":"172.21.147.80"}}}

Sample Response

{ "name": "GetSSHKeysForUser",

"result": {

"status": "Success","message": "SSH keys for user test of resource pmp-centos6 fetched successfully"

}, "details": "testkey,testkey1"}

7. To Enumerate all Users

Description

To enumerate all users in a particular resource

HTTPS Method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input data:

The user name and resource name to be passed as input

{"operation":{"Details":{"userName":"test","resourceName":"172.21.147.80"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/enumerateusers?INPUT_DATA={"operation":{"Details":{"userName":"test","resourceName":"172.21.147.80"}}}

Sample Response

{
"name": "EnumerateUsers",
"result": {
"status": "Success",
"message": "User enumeration started"
}
}

8. To GET all SSH Users

Description

To get all the discovered SSH users

HTTPS Method

GET

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input Data

None

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAllSSHUsers

Sample Response

{
"name": "GetAllSSHUsers",
"result": {
"status": "Success",
"message": "All SSH Users fetched successfully"
},
"totalRows": 2,
"details": [
{
"UserName": "test",
"ResourceName": "172.21.147.80"
},{
"UserName": test1,
"ResourceName": "172.21.147.80"
}]}

9. To Fetch all Associated Users

Description

To fetch all the users associated with SSH keys

HTTPS Method

GET

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input Data

None

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAllAssociatedUsers

Sample Response

 "result": { "status": "Success","message": "All associated users fetched successfully"

}, "totalRows": 1,"details": [{   "UserName": "test","ResourceName": "pmp-centos6"}]}

10. To GET all the Keystore Keys

Description

Keystore:Key Manager Plus provides a repository called keystore to securely store your digital keys. To fetch all the keys from keystore

HTTPS Method

GET

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input Data

None

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAllKeyStoreKeys

Sample Response

{
"name": "getAllKeyStoreKeys",
"result": {
"status": "Success",
"message": "All KeyStore Keys fetched successfully"
},
"totalRows": 1,
"details": [
{
"Description": "test",
"Key Name": "cert.cer",
"Created Time": "Sep 27, 2016 12:27",
"Datacenter": "Central US",
"Instance Name": "test",
"Key Type": "test",
"Created By": "admin"
}]}

11. To Export a Keystore Key

Description

To export a particular key from the keystore

HTTPS Method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input Data

The key name to be passed as input.

{"operation":{"Details":{"keyName":"cert.cer"}}}

Sample request:

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/exportKeyStoreKey?INPUT_DATA={"operation":{"Details":{"keyName":"cert.cer"}}}

Sample Response

Key file

12. To Delete a Keystore Key

Description

To delete a key from the keystore

HTTPS method

DELETE

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input Data

The key name to be passed as input.

{"operation":{"Details":{"keyName":"cert.cer"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/deleteKeyStoreKey?INPUT_DATA={"operation":{"Details":{"keyName":"cert.cer"}}}

Sample Response

{
"name": "DeleteKeyStoreKey",
"result": {
"status": "Success",
"message": "Key Store keys deleted successfully"
}
}

13. To Add a Keystore Key

Description

To add a new key to the keystore

HTTPS method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input data

The following data to be passed as input.

{"operation":{"Details":{"keyName":"brin.cer",
"description":"test",
"datacenter":"test",
"passphrase":"test",
"keyType":"test",
"instanceName":"test"}}} -F File=@E:/certs/cert.cer

Sample Request

curl -X POST -k -H "AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE" -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"keyName":"brin.cer","description":"test","datacenter":"test","passphrase":"test","keyType":"test","instanceName":"test"}}} -F File=@E:/certs/cert.cer https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/addKeyStoreKey

Sample Response

{"Status":"Success","Message":"Key added to key store successfully"}

14. To Update a Keystore Key

Description

To update a particular keystore key

HTTPS Method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input Data

The following data to be passed as input.

{"operation":{"Details":{"keyName":"brin.cer",
"description":"test",
"datacenter":"test",
"passphrase":"test",
"keyType":"test",
"instanceName":"test"}}} -F File=@E:/certs/cert.cer

Sample Request

curl -X POST -k -H "AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE" -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"keyName":"brin.cer","description":"test","datacenter":"test","passphrase":"test","keyType":"test","instanceName":"test"}}} -F File=@E:/certs/cert3.cer https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/updateKeyStoreKey

Sample Response

{"Status":"Success","Message":"Key Store key updated successfully"}

15. To GET a Certificate

Description

To obtain a certificate from KMP's certificate repository

HTTPS Method

GET

Header

AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283

Input Data

The operation details and the name of the certificate fetched to be passed as input

{"operation":{"Details":{"common_name":"*.google.com","serial_number":"XXXXXXXXXXXXXX" }}}

Note:It is optional to provide the serial number to fetch certificate details.

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getCertificate?INPUT_DATA={"operation":{"Details":{"common_name":"*.google.com","serial_number":"XXXXXXXXXXXXXX"}}}

Sample Response

Certificate object

16. To GET all Certificates

Description

To obtain all certificates from KMP's certificate repository

HTTPS Method

GET

Header

AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283

Input Data

INPUT_DATA={"operation":{"Details":{"withExpiryDaysLessThan":"500","withKeyLength":"1024","withSignatureAlgorithm":"SHA1"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAllSSLCertificates?INPUT_DATA={"operation":{"Details":{"withExpiryDaysLessThan":"500"}}}

Sample Response

{ "name": "GetAllSSLCertificates","result": { "status": "Success", "message": "All SSL Certificates fetched successfully"},

"totalRows": 2,"details": [{  "CertID": 1, "DNS Name/FQDN": "paytm.com",    "Port": 443,

"Common Name": "*.paytm.com",  "Issuer": "GeoTrust Inc.", "FromDate": "Oct 13, 2015", "ExpiryDate": "Aug 27, 2017",

"KeyStrength": "2048","SignatureAlgorithm": "SHA256withRSA"},{ "CertID": 302,"DNS Name/FQDN": "204.141.32.155","Port": 443,

"Common Name": "*.zoho.com", "Issuer": "Sectigo Limited", "FromDate": "Jul 2, 2019", "ExpiryDate": "Apr 30, 2021",

"KeyStrength": "2048","SignatureAlgorithm": "SHA256withRSA"}]}

Note: Including the Input Data in the API request is optional. In case input data is provided, you can add any one or all of the available filters: withExpiryDaysLessThan,withKeyLength,withSignatureAlgorithm.

17. To GET all Certificate Expiry

Description

To get the expiry dates of all the certificates

HTTPS Method

GET

Header

AUTHTOKEN=1B2BF6FA-8511-47A8-867D-CE7FFE4BFBD0

Input Data

None

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAllSSLCertsExpiryDate

Sample Response

{"name": "GetAllSSLCertificatesExpiryDate","result": {"status": "Success",

"message": "Certificates expiry date fetched successfully"},"totalRows": 2,

"details": [{"Common Name": "*.paytm.com","ExpiryDate": "Aug 27, 2017"},

{"Common Name": "*.zoho.com","ExpiryDate": "Apr 30, 2021"}]}

18. To GET Certificate Details

Description

To get the details of a particular certificate

HTTPS Method

GET

Header

AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283

Input Data

The operation details and the name of the certificate to passed as input

{"operation": {"Details":{"common_name":"*.google.com"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getCertificateDetails?INPUT_DATA={"operation": {"Details":{"common_name":"*.google.com"}}}

Sample Response

{ "name": "GetCertificateDetails",  "result": {   "status": "Success",  "message": "Details of certificate *.zoho.com fetched successfully"

},    "details": [{     "certtype": "Domain",   "certificateTemplate": "N/A",      "endpoint": {  "hostName": "*.zoho.com",    "port": "443",

"expiry_date": "2021-04-30 05:29:59.0",     "from_date": "2019-07-02 05:30:00.0",   "certSignAlg": "SHA256withRSA",

"Sans": "*.zoho.com,zoho.com",     "serial": "8c0b04e91a1796d86d1de5e89c8b3c5c",

"fingerPrint": "aeecb6227dc8adef18a8fb99465739996e2782a8",       "keyalg": "RSA",     "PublicKeyLength": 2048,

"PrivateKey": false,      "isAWS": false},    "isCertInstalledMulipleServers": false, "issuer": {

"cname": "Sectigo RSA Domain Validation Secure Server CA",     "org": "Sectigo Limited",     "orgunit": "-"},

"issuedto": {    "cname": "*.zoho.com",    "org": "-",   "orgunit": "Domain Control Validated"},  "intermediate": {},

"ipaddress": "204.141.32.155",   "CertificateId": "302"}]}

19. To GET Certificate Keystore

Description

To get the key store file of a particular certificate

HTTPS Method

GET

Header

AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283

Input Data

The name of the operation and the common name of the keystore file to be passed as input

{"operation":{"Details":{"common_name":"apitest","serial_number":"XXXXXXXXXXXXXX" }}}

Note:It is optional to provide the serial number to fetch the keystore file.

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getCertificateKeyStore?INPUT_DATA={"operation":{"Details":{"common_name":"apitest","serial_number":"XXXXXXXXXXXXXX"}}}

Sample Response

KeyStore File Object

20. To Delete a Certificate

Description

To delete a certificate from KMP's repository

HTTPS Method

DELETE

Header

AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283

Input Data

The operation name and the common name of the certificate to be passed as input

{"operation": {"Details":{"common_name":"apitest","serial_number":"XXXXXXXXXXXXXX"}}}

Note: It is optional to provide the serial number to fetch the keystore file.

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/deleteCertificate?INPUT_DATA={"operation": {"Details":{"common_name":"apitest"}}}

Sample Response

{"name":"DeleteCertificate","result":{"status":"Success","message":"Certificate apitest deleted successfully."}}

21. To Perform Resource Discovery

Description

To discover a particular resource for SSL certificates

HTTPS Method

POST

Header

AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283

Input Data

The name/IP address of the host and port number to be passed as input

{"operation":{"Details":{"HOST":"de-ubuntu10-1","TIMEOUT":"300","PORT":"6565"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/sslCertSingleDiscovery?INPUT_DATA={"operation":{"Details":{"HOST":"de-ubuntu10-1","TIMEOUT":"300","PORT":"6565"}}}

Sample Response

{"name": "Get SSL Discovery", "totalRows": 1,"details": {"zoho.com": ["SUCCESS", "SSL Certificate already available, *.zoho.com certificate found at port 443"]}}

22. To Perform Resource Discovery (for a range of IP addresses)

Description

To discover a set of resources for SSL certificates

HTTPS Method

POST

Header

AUTHTOKEN=7EDC4ED5-E684-4413-9848-F0016C114874

Input Data

The start and end IP addresses, port number and time-out to be passed as input

{"operation":{"Details":{"StartIpAddress":"192.168.216.0",
"EndIpAddress":"192.168.216.3",
"TIMEOUT":"3",
"PORT":"443"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/sslCertRangeDiscovery?INPUT_DATA={"operation":{"Details":{"StartIpAddress":"192.168.216.0","EndIpAddress":"192.168.216.3","TIMEOUT":"3","PORT":"443"}}}

Sample Response

{ "name": "Get SSL Discovery","totalRows": 4,"details": {

"192.168.216.1": ["FAILURE","Connection failed,no certificate found at port 443"],

"192.168.216.0": [ "FAILURE","Connection timed out,no certificate found at port 443"],

"192.168.216.2": ["FAILURE", "Connection timed out,no certificate found at port 443"],

"192.168.216.3": ["FAILURE","Connection timed out,no certificate found at port 443"]}}

23. To Create CSR

Description

To create a certificate signing request

HTTPS Method

POST

Header

AUTHTOKEN=C6506112-6113-42C9-AD3F-4A3AEF9476C9

Input Data

The following data need to be passed as input.

{"operation":{"Details":{"CNAME":"mytestcert",
"ALT_NAMES":"test",
"ORGUNIT":"hhh",
"ORG":"h",
"LOCATION":"hh",
"STATE":"h",
"COUNTRY":"hh",
"PASSWORD":"bbbbbbbb",
"VALIDITY_TYPE":"days",
"VALIDITY":"888",
"ALG":"RSA",
"LEN":"4096",
"SIGALG":"SHA256",
"StoreType":"PKCS12"}}}

Note: Validity type can be days, hours or minutes.

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/createCSR?INPUT_DATA={"operation":{"Details":{"CNAME":"mytestcert","ALT_NAMES":"test","ORGUNIT":
"hhh","ORG":"h","LOCATION":"hh","STATE":"h","COUNTRY":"hh","PASSWORD":"bbbbbbbb",
"VALIDITY_TYPE":"88","VALIDITY":"888","ALG":"RSA","LEN":"4096","SIGALG":"SHA256",
"StoreType":"PKCS12"}}}

Sample Response

{"name":"CreateCertificate","result":{"status":"Success","message":"CSR saved successfully"}}

24. To GET CSR list

Description

To get CSR list

HTTPS Method

GET

Header

AUTHTOKEN=7930AD60-B2F6-4CAA-90E5-779EDF229615

Input Data

None

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getCSRList

Sample Response

{"name": "GetCSRList",

"result": {

"status": "Success",

"message": "Fetched all CSRs successfully"

},

"totalRows": 1,

"GeneratedList": [

{"CREATED_BY": "admin",

"KEYALGORITHM": "RSA",

"KEYSTORE_TYPE": "JKS",

"isPassword": true,

"CSR_ID": 1,

"CREATED_DATE": "May 15, 2020 19:51",

"LOGIN_ID": 301,

"KEY_STRENGTH": 2048,

"DOMAIN_NAME": "testcsr",

"VALIDITY": "30",

"SIGNATURE_ALGORITHM": "SHA256withRSA"

}]}

25. To Sign CSR

Description

To sign CSR

HTTPS Method

POST

Header

AUTHTOKEN=7930AD60-B2F6-4CAA-90E5-779EDF229615

Input Data

INPUT_DATA={"operation":{"Details":{"serverName":"kmp-w12r2-1","caName":"kmp-w12r2-1-ca","templateName":"DomainController","CSR_ID":"1"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/signCSR

Sample Response

{ "name": "SignCSR", "result": { "status": "Success", "message": "Successfully testdomain.com certificate signed" }}

26. To Create Certificate

Description

To create an SSL certificate

HTTPS Method

POST

Header

AUTHTOKEN=C6506112-6113-42C9-AD3F-4A3AEF9476C9

Input Data

The following data to be passed as input.

{"operation":{"Details":{"CNAME":"mytestcert",
"ALT_NAMES":"test",
"ORGUNIT":"hhh",
"ORG":"h",
"LOCATION":"hh",
"STATE":"h",
"COUNTRY":"hh",
"PASSWORD":"bbbbbbbb",
"VALIDITY_TYPE":"days",
"VALIDITY":"888",
"ALG":"RSA",
"LEN":"4096",
"SIGALG":"SHA256",
"StoreType":"PKCS12"}}}

Note: Validity type can be days, hours or minutes.

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/createCertificate?INPUT_DATA={"operation":{"Details":{"CNAME":"mytestcert","ALT_NAMES":"test","ORGUNIT":
"hhh","ORG":"h","LOCATION":"hh","STATE":"h",
"COUNTRY":"hh",
"PASSWORD":"bbbbbbbb","VALIDITY_TYPE":"88",
"VALIDITY":"888","ALG":"RSA","LEN":"4096","SIGALG":"SHA256","StoreType":"PKCS12"}}}

Sample Response

{"name":"CreateCertificate","result":{"status":"Success","message":"Certificate saved successfully"}}

27. To Import an SSH Key

Description

To import an SSH key

HTTPS Method

POST

Header

AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8

Input Data

The following data to be passed as input.

{"operation":{"Details":{"keyName":"testkey","passphrase":"passtrix"}}}

Sample Request

curl -X POST -k -H "AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8" -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"keyName":"testkey","passphrase":"passtrix" }}} -F File=@D:/certs/keys/test1-passtrix/test1_Jul-21-2017-15_56.key

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/addSSHKey

Sample Response

{"name":"addSSHKey","result":{"status":"SUCCESS","message":"Key imported
successfully"}}

28. To Associate an SSH Key

Description

To associate an SSH key

HTTPS Method

POST

Header

AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8

Input Data

The following data to be passed as input.

{"operation":{"Details":{"keyName":"testkey","resourceName":"test.csez.zohocorpi
n.com","userName":"test"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/associateKey?INPUT_DATA={"operation":{"Details":{"keyName":"te
stkey","resourceName":"test.csez.zohocorpin.com","userName":"test"}}}

Sample Response

{
"name": "associateKey",
"result": {
"status": "Success",
"message": "Key associated successfully "
}
}

29. To Dissociate an SSH Key

Description

To dissociate an SSH key

HTTPS Method

POST

Header

AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8

Input Data

The following data to be passed as input.

{"operation":{"Details":{"keyName":"testkey","resourceName":"test.csez.zohocorpi
n.com","userName":"test"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/dissociateKey?INPUT_DATA={"operation":{"Details":{"keyName":"te
stkey","resourceName":"test.csez.zohocorpin.com","userName":"test"}}}

Sample Reponse

{
"name": "dissociateKey",
"result": {
"status": "SUCCESS",
"message": "Key dissociated successfully."
}
}

30. Add a Certificate

Description

To add an SSL certificate to Key Manager Plus certificate repository.

URL

https://<Host-Name-of-KMP-Server OR IP
address>:6565/api/pki/restapi/addCertificate

HTTPS Method

POST

Header

AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8

Input Data

The following data to be passed as input.

input data: {"operation":{"Details":{"fileType":"KEYSTORE","PASSWORD":"PASSWORD"}}}

 

Note: The fileType specified in the input data can be either CERTFILE or KEYSTORE. For CERTFILE fileType, the PASSWORD field need not be specified.

Sample Request

curl -X POST -k -H "AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8" -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"fileType":"KEYSTORE","PASSWORD":"PASSWORD"}}} -F File=@D:/certs/newcert.keystore https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/addCertificate

Sample Response

{ "name": "AddCertificate",
"result":
{{"Status":"Success",
"Message": "Certificate newcert.com added successfully"} } }

31. Delete an SSH Key

Description

To delete a particular SSH key.

URL

https://< Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/deleteSSHKey

HTTPS Method

DELETE

Header

AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8

Input Data

The following data to be passed as input.

{"operation":{"Details":{"key_name":"newkey1","withoutDisassociation":"true"}}}

Sample Request

https://< Host-Name-of-KMP-Server OR IP address 
>:6565/api/pki/restapi/deleteSSHKey?INPUT_DATA={"operation":{"Details":{"key_name":"newkey1","withoutDisassociation":"true"}}}

Sample Response

{ "name": "DeleteSSHKey",
"result": { "status": "Success",
"message": "SSH keys newkey1 deleted successfully"}}

32. To Get Certificate Private Key Passphrase

Description

To view the passphrase of a certificate private key

URL

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getCertificatePassphrase

HTTPS Method

GET

Header

AUTHTOKEN=894241B8-C361-4E30-B467-0AF9AAA00011

Input Data

The following data is to be passed as input:

{"operation":{"Details":{"common_name":"mycert","serial_number":"XXXXXXXXXXXXXX"}}}

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getCertificatePassphrase?INPUT_DATA={"operation":{"Details":{"common_name":"mycert","serial_number":"XXXXXXXXXXXXXX"}}}

Sample Response

"name": "GetCertificatePassphrase", "result": { "status": "Success", "message": "Private key passphrase of certificate mycert is 123456789" } }