Add SSL Certificate - POST /api/ssl/certificate

Parent Previous Next

POST /api/ssl/certificate                            

Register an SSL certificate with QUANTIL's system.  The certificate must use a key length of at least 2048 bits.


Request Syntax


Request Headers


Header

Description

Required

Authorization

Authorization string for the request

Yes

Host

URI for the QUANTIL SDK (i.e., api.quantil.com)

Yes

Date

The date and time of the request.

Yes

Accept

Indicates the accepted format (i.e., application/xml)

Yes

Request Body Elements


Element

Description

ssl-certificate

Container object which describes the SSL certificate to add. It contains one of each of these elements: <name>, <comment>, <algorithm>, <ssl-certificate>, <ssl-key>, <ssl-certificate-chain>. It can contain an <ssl-key-id> element too.

name

a name to represent the certificate

comment

An optional comment describing the certificate

algorithm

Must be set to des.

ssl-certificate

encrypted content of the SSL file. Only the PEM (Privacy Enhanced Mail) format is supported.

ssl-key

encrypted content of the key file. Only the PEM format is supported.

ssl-certificate-chain

encrypted content of the SSL certificate chain. Only the PEM format is supported.  If you received an "intermediate certificate" and a "root certificate" from your certificate authority, you only need to upload the "intermediate certificate" as the chain certificate.   If there are 2 or more intermediate certificates, put them in order into one text file with the one closest to the root at the bottom of the file and pass the encrypted version of the file here. (Don't upload the root certificate.)  This field is optional.

ssl-key-id

ID which refers to a CSR request. The ssl-key-id is returned when you create a CSR . If you are adding an SSL certificate that you obtained using the CSR file that is generated, then you should specify the ssl-key-id.



Encryption algorithm: md5 of the HTTP header Date value. Use the left 8 bits for the key and right 8 bits as iv for DES encryption of the document. Finally, base64 encode.

Request Syntax:


POST /api/ssl/certificate HTTP/1.1

Authorization: <authorization string>

Host: api.quantil.com

Date: <date>

Accept: application/xml


Here is the outline of a shell script showing a request using the curl utility.


#!/bin/bash


API_SERVER=https://api.quantil.com

USER=username

API_KEY="apikey"


DATE=`date "+%a, %d %b %Y %H:%M:%S %Z"`


passw=$(echo -n "$DATE" | openssl dgst -sha1 -hmac "$API_KEY" -binary | base64)


cert="-----BEGIN CERTIFICATE-----

The body of the certificate goes here.

-----END CERTIFICATE-----"



private_key=""-----BEGIN PRIVATE KEY-----  

The private key goes here

-----END PRIVATE KEY-----

"


chain_cert="-----BEGIN CERTIFICATE-----

The body of the chain cerificate goes here.

-----END CERTIFICATE-----"



# This function is used to encrypt the content that goes into the

# <ssl-certificate>, <ssl-key> and <ssl-certificate-chain> fields.

#

quantil_cert_enc() {

 STRING_TO_BE_ENCRYPTED=$1

 DATE_STRING=$2

 MD5=$(/bin/echo -n ${DATE_STRING} | openssl md5)

 MD5=${MD5#*=\ }

 #echo md5=$MD5

 key=${MD5:0:8}

 iv=${MD5:24:8}

 key=$(/bin/echo -n "${key}" |od -A n -t x1|sed s/\ //g)

 iv=$(/bin/echo -n "${iv}" |od -A n -t x1|sed s/\ //g)

 #echo key=${key} iv=${iv}

 /bin/echo -n "${STRING_TO_BE_ENCRYPTED}" | openssl des -e -nosalt -K ${key} -iv ${iv} -a

}


CERT_ENC=$(quantil_cert_enc "${cert}" "${DATE}")

KEY_ENC=$(quantil_cert_enc "${private_key}" "${DATE}")

CHAIN_ENC=$(quantil_cert_enc "${chain}" "${DATE}" )



request="curl -i --url '${API_SERVER}/api/ssl/certificate'

                       -X POST

                       -u $USER:$passw

                       -H 'Date: $DATE'

                       -H 'Accept: application/xml'

                       -H 'Content-Type: application/xml'

                       -d '<?xml version = \"1.0\" encoding = \"UTF-8\"?>

                       <ssl-certificate>

                       <name>{certificate name}</name>

                       <comment>{any comment you want}</comment>

                       <algorithm>des</algorithm>

                       <ssl-certificate>${CERT_ENC}</ssl-certificate>

                       <ssl-key>${KEY_ENC}</ssl-key>

                               <ssl-certificate-chain>${CHAIN_ENC}</ssl-certificate-chain>

                       </ssl-certificate>'"


eval $request



Response Details:


Response Headers:

HTTP / 1.1 200 OK

Date: <date>

Content-Type: application/xml; charset = utf-8

Location: https://api.quantil.com/api/ssl/certificate/{certificate-id}

x-cnc-request-id: {id string auto generated by the QUANTIL server}



The Location header will have a URL you can use to get the status of the SSL certificate you added.

Response Body Elements

Element

Description

response

container for additional information from the QUANTIL server.

message

a message returned by the QUANTIL server.  



Sample Response:


HTTP/1.1 200 Accepted

Date: Thu, 07 Aug 2014 16:52:59 GMT

Accept-Ranges: bytes

Server: WS-web-server

x-cnc-request-id: 1127554

ContentType: application/xml;charset=UTF-8

Location: https://api.quantil.com/api/ssl/certificate/certificate-id1235

Content-Type: application/xml;charset=UTF-8

Content-Length: 86


<?xml version="1.0" encoding="UTF-8"?>

<response><message>success</message></response>

Error List


Error

Description

HTTP status code

InvalidCertificate

The certificate you provided is invalid.

403