1. REST API for Session Border Controller, Enterprise Session Border Controller, and Subscriber-Aware Load Balancer, Release 9.3.0
  2. Tasks
  3. certificates

Import certificate bundle

put

https://{managementIp}/rest/{version}/configuration/certificates/caBundle

This API allows a REST client to import a CA-signed certificates from certificate bundle and create a global-trusted-ca object in configuration. The CA-certificates which will be imported is governed by the value of source attribute.
  • bundleAll: Imports all the certificates from certificate bundle into global-trusted-ca. This is a CPU intensive operation since it involves importing 250+ certificates.
  • bundleCustom: Imports all the certificates of the Organizations given in request body into the global-trusted-ca.
  • X509: Imports the certificate from the requestBody into a certificate-record and add it to the new global-trusted-ca object. Please note for this the certificate-record without a certificate must already be present in the config, and it's name should be provided in the request body

Request

Path Parameters
Query Parameters
Header Parameters
  • The value in the Authorization header must be the string "Bearer {access token}", where {access token} is a valid, unexpired token received in response to a prior /rest/{version}/auth/token request.
Supported Media Types
Request Body - application/xml ()
Root Schema : schema
Match One Schema
Show Source
Nested Schema : CABundle
Type: object
Show Source
Nested Schema : CABundle
Type: object
Show Source
  • Example: -----BEGIN CERTIFICATE----- MIICzTCCAbUCAQAwVTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1BMRMwEQYDVQQH EwpCdXJsaW5ndG9uMRQwEgYDVQQKEwtFbmdpbmVlcmluZzEOMAwGA1UEAxMFdGVz tm7DBKYUNlwHXNNOwv/X54eHXskIxTcpR9aimrKpkPNt4DffotoyU6sVXHfQApAZk -----END CERTIFICATE-----
Back to Top

Response

Supported Media Types

200 Response

OK - Name of newly create global-trusted-ca is returned in response body
Body ()
Root Schema : response
Type: object
Show Source
Nested Schema : data
Type: object
Show Source
Nested Schema : messages
Type: object
Nested Schema : CABundle
Type: object
Show Source

400 Response

The request is malformed in some way or is missing required information and therefore cannot be processed.
Body ()
Root Schema : response
Type: object
Show Source
Nested Schema : data
Type: object
Nested Schema : messages
Type: array
Show Source
Nested Schema : items
Type: object
Show Source

401 Response

Unauthorized - Request lacks valid authentication credentials.
Body ()
Root Schema : response
Type: object
Show Source
Nested Schema : data
Type: object
Nested Schema : messages
Type: array
Show Source
Nested Schema : items
Type: object
Show Source

404 Response

Unsupported version ID in URI or unknown instance is requested in the URL.
Body ()
Root Schema : response
Type: object
Show Source
Nested Schema : data
Type: object
Nested Schema : messages
Type: array
Show Source
Nested Schema : items
Type: object
Show Source

423 Response

The request requires the configuration lock and failed because the client does not currently own the lock. If another client or user currently owns the configuration lock, the error message is "Resource locked by another user". If no client or user owns the configuration lock, the error message is "User does not have the lock".
Body ()
Root Schema : response
Type: object
Show Source
Nested Schema : data
Type: object
Nested Schema : messages
Type: array
Show Source
Nested Schema : items
Type: object
Show Source
Back to Top

Examples

Examples of Accessing the API

See Authenticate for how to acquire a token.

The following example shows how to create a global trusted CA list using curl.

curl -X PUT \
    --header "Accept: application/xml" \
    --header "Authorization: Bearer $TOKEN" \
    "https://${SBCIP}/rest/v1.2/configuration/certificates/caBundle?listName=global_list_core&source=bundleAll"

The following example shows how to create a global trusted CA list using Python.

import requests
headers = { "Accept":"application/xml", "Authorization":"Bearer " + token }
url  = "https://" + sbcip + "/rest/v1.2/configuration/certificates/caBundle?listName=global_list_core&source=bundleAll"
resp = requests.put(url, headers=headers)

Note:

This example creates a global trusted CA list with the name "global_list_core" and imports all the certificates from certBundle into this list.

Example of the Response Body

The following example shows the contents of the response body in XML.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response>
  <data>
    <CABundle>
      <listName>global_list_core</listName>
    </CABundle>
  </data>
  <messages/>
  <links/>
</response>

Example 2 of Accessing API

This example creates a custom bundle from a subset of the available certificates.

curl -X PUT \
    -d@request.xml \
    --header "Accept: application/xml" \
    --header "Authorization: Bearer $TOKEN" \
    "https://${SBCIP}/rest/v1.2/configuration/certificates/caBundle?listName=global_list_core_select&source=bundleCustom"

The following shows an example of the request body.

<?xml version="1.0" encoding="UTF-8"?>
<CABundle>
    <organizationName>LuxTrustSA</organizationName>
    <organizationName>SwissSignAG</organizationName>
    <organizationName>NetLockKft</organizationName>
</CABundle>

The following shows an example response.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response>
  <data>
    <CABundle>
      <listName>global_list_core_select</listName>
    </CABundle>
  </data>
  <messages/>
  <links/>
</response>

Example 3 of Accessing API

This example adds an X.509 certificate to an existing custom bundle.

curl -X PUT \
    -d@request.xml \
    --header "Accept: application/xml" \
    --header "Authorization: Bearer $TOKEN" \
    "https://${SBCIP}/rest/v1.2/configuration/certificates/caBundle?listName=global_list_core_select&source=X509"

The following shows an example of the request body.

<?xml version="1.0" encoding="UTF-8"?>
<CABundle> 
    <certificateRecord>customCert</certificateRecord> 
    <certificate>-----BEGIN CERTIFICATE-----
MIIDyzCCArOgAwIBAgIDA+aUMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
YWwtMDMxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMzAeFw0wODA0MjQyMjAwMDBa
Fw0xODA0MjQyMjAwMDBaMIGLMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
a2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1YWwtMDMxGDAWBgNVBAMMD0Et
VHJ1c3QtUXVhbC0wMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOe
JIgc0s9AA0hqqqWgK72W9XwKn5+rUJDbQc5WgHkqwP2TU3qcW/NZYSSIY6PVGO6b
hHSEnOyMPdrBhnpvNi4m6349yT6t565LdHcoKyQg/youwpVkEPZ+e8O32hF9nqvt
L4wZohydjMwzcHUJB/5e+0CkJYwv/bVRZzqoK0yf1midYJukxWOw7nDNKD9KdOpZ
+XXFAAZuH7BjwSqqE138y9JlGzkxIlrCeSJdGfFLwr7OHIgBdPEmQXcyOcaMUGjP
U4VDig+gj+6OC5KjAEC+wKJZXiyhRLj+HyLTDLrQ6O8p5HI3Sov4FuwiMgcqIyzz
o9fNyqmnT3K/vBGOqBsCAwEAAaM2MDQwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
CgQIRgbfN/LCNxAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBx
CNQmRL6A4mtCtSpQ/V3ojGDznLaSgXI4sm+pPoHywzQkU6FRUsilidO83NsSudup
sFjvwAhmMmLj4fOjWKN3bu7kobtXEWh3Mwj0zVm46l0bCcaszI0Lus3f1pq+q3YA
rX0WS2Rc35g+a21eLHw5FVlCNyA8n8Pcf/VTNrfix6QijHq+cb1Ns2jIuKmJ/3Ew
i8+RbfKFLqVKIn5y3tSuse0M7/xFfS3cJK3teQflrU+y6VJ0SbiMUvq9EuQZw/xR
jRbja2huOZrfKTmlu7GhF8EX43Vq/H2xcjzfwerloxzUnVkbGnQfaSqDVCQY0+7l
4INXvhvi0B+tbDW+jbpf
-----END CERTIFICATE-----
</certificate>
</CABundle>

The following shows an example response.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response>
  <data>
    <CABundle>
      <listName>global_list_core_select</listName>
    </CABundle>
  </data>
  <messages/>
  <links/>
</response>
Back to Top