APIPythonOpen-Source Solutions

 View Only
  • 1.  Replacing the HTTPS (HTTP Secure) Certificate

    Posted 01-07-2020 03:40:00 PM
    Does anyone have an example of using the following api call: 
    /resources/json/delphix/service/tls/endEntityCertificate/replace

    There is documentation for the CLI usage but I would like an example where you need to upload more than one CSR using this api call.

    Thanks

    ------------------------------
    Dafna
    ------------------------------


  • 2.  RE: Replacing the HTTPS (HTTP Secure) Certificate

    Posted 01-08-2020 09:05:00 AM
    Hello Dafna,

    Do you mean uploading a signed certificate?

    You can only upload one certificate for HTTPS and one for DSP.

    To figure out what the API call looks like for a corresponding CLI operation, the CLI has a setting that you can enable to display the API call sent to the engine:
    setopt trace=true​
    For example, when you issue a replace command in the CLI, you will see:
    my-delphix-engine service tls endEntityCertificate replace *> commit
    === POST /resources/json/delphix/service/tls/endEntityCertificate/replace ===
    {
        "type": "EndEntityCertificateReplaceChainParameters",
        "endEntity": {
            "type": "EndEntityHttps"
        },
        "chain": {
            "type": "PemCertificateChain",
            "chain": [
                {
                    "type": "PemCertificate",
                    "contents": "<certificate contents here>"
                }
            ]
        }
    }

    The endEntity.type field determines whether you are uploading the HTTPS or DSP certificate.

    All the best,

    ------------------------------
    Raul Santelices
    Staff Engineer
    Delphix
    ------------------------------



  • 3.  RE: Replacing the HTTPS (HTTP Secure) Certificate

    Posted 01-08-2020 09:18:00 AM
    Hi Raul

    Yes I would like to upload a signed certificate. And I've used setopt trace=true.
    My question is for the procedure that I follow, I have 3 CSRs that when I do it manually, I copy and paste them one after another and then replace it like that. So for the api call, how do I upload the three CSRs? Do the three become one chain? And if so do I just put the long string in "contents" field? If not how do I add multiple chain in the api call?

    Thank you!!

    ------------------------------
    Dafna Myers
    Assoc
    JPMorgan Chase
    ------------------------------



  • 4.  RE: Replacing the HTTPS (HTTP Secure) Certificate
    Best Answer

    Posted 01-08-2020 09:37:00 AM
    I see. If the three certificates are a chain, then they can be uploaded via this API. Note that the innermost chain field in the json payload is an array. So, to upload a chain such as "cert 1" / "cert 2" / "cert 3", the API call is:
    === POST /resources/json/delphix/service/tls/endEntityCertificate/replace ===
    {
        "type": "EndEntityCertificateReplaceChainParameters",
        "endEntity": {
            "type": "EndEntityHttps"
        },
        "chain": {
            "type": "PemCertificateChain",
            "chain": [
                {
                    "type": "PemCertificate",
                    "contents": "<cert 1>"
                },
                {
                    "type": "PemCertificate",
                    "contents": "<cert 2>"
                },
                {
                    "type": "PemCertificate",
                    "contents": "<cert 3>"
                }
            ]
        }
    }

    Hope that helps!

    ------------------------------
    Raul Santelices
    Staff Engineer
    Delphix
    ------------------------------



  • 5.  RE: Replacing the HTTPS (HTTP Secure) Certificate

    Posted 01-08-2020 09:44:00 AM
    Thank you!! I think this is exactly what I am looking for.

    Follow up question-does it make a difference if the 3 CSRs are appended next to each other and uploaded as one Certificate or is it required that they each be their own?

    ------------------------------
    Dafna Myers
    Assoc
    JPMorgan Chase
    ------------------------------



  • 6.  RE: Replacing the HTTPS (HTTP Secure) Certificate

    Posted 01-08-2020 10:07:00 AM
    You are welcome!
    Each certificate needs to be in its own element in the array.

    ------------------------------
    Raul Santelices
    Staff Engineer
    Delphix
    ------------------------------