Register an SSL certificate with QUANTIL's system. The certificate must use a key length of at least 2048 bits.
Header |
Description |
Required |
Authorization |
Authorization string for the request |
Yes |
Host |
URI for the QUANTIL SDK (i.e., api.quantil.com) |
Yes |
Date |
The date and time of the request. |
Yes |
Accept |
Indicates the accepted format (i.e., application/xml) |
Yes |
Element |
Description |
ssl-certificate |
Container object which describes the SSL certificate to add. It contains one of each of these elements: <name>, <comment>, <algorithm>, <ssl-certificate>, <ssl-key>, <ssl-certificate-chain>. It can contain an <ssl-key-id> element too. |
name |
a name to represent the certificate |
comment |
An optional comment describing the certificate |
algorithm |
Must be set to des. |
ssl-certificate |
encrypted content of the SSL file. Only the PEM (Privacy Enhanced Mail) format is supported. |
ssl-key |
encrypted content of the key file. Only the PEM format is supported. |
ssl-certificate-chain |
encrypted content of the SSL certificate chain. Only the PEM format is supported. If you received an "intermediate certificate" and a "root certificate" from your certificate authority, you only need to upload the "intermediate certificate" as the chain certificate. If there are 2 or more intermediate certificates, put them in order into one text file with the one closest to the root at the bottom of the file and pass the encrypted version of the file here. (Don't upload the root certificate.) This field is optional. |
ssl-key-id |
ID which refers to a CSR request. The ssl-key-id is returned when you create a CSR . If you are adding an SSL certificate that you obtained using the CSR file that is generated, then you should specify the ssl-key-id. |
Encryption algorithm: md5 of the HTTP header Date value. Use the left 8 bits for the key and right 8 bits as iv for DES encryption of the document. Finally, base64 encode.
POST /api/ssl/certificate HTTP/1.1
Authorization: <authorization string>
Host: api.quantil.com
Date: <date>
Accept: application/xml
Here is the outline of a shell script showing a request using the curl utility.
#!/bin/bash
API_SERVER=https://api.quantil.com
USER=username
API_KEY="apikey"
DATE=`date "+%a, %d %b %Y %H:%M:%S %Z"`
passw=$(echo -n "$DATE" | openssl dgst -sha1 -hmac "$API_KEY" -binary | base64)
cert="-----BEGIN CERTIFICATE-----
The body of the certificate goes here.
-----END CERTIFICATE-----"
private_key=""-----BEGIN PRIVATE KEY-----
The private key goes here
-----END PRIVATE KEY-----
"
chain_cert="-----BEGIN CERTIFICATE-----
The body of the chain cerificate goes here.
-----END CERTIFICATE-----"
# This function is used to encrypt the content that goes into the
# <ssl-certificate>, <ssl-key> and <ssl-certificate-chain> fields.
#
quantil_cert_enc() {
STRING_TO_BE_ENCRYPTED=$1
DATE_STRING=$2
MD5=$(/bin/echo -n ${DATE_STRING} | openssl md5)
MD5=${MD5#*=\ }
#echo md5=$MD5
key=${MD5:0:8}
iv=${MD5:24:8}
key=$(/bin/echo -n "${key}" |od -A n -t x1|sed s/\ //g)
iv=$(/bin/echo -n "${iv}" |od -A n -t x1|sed s/\ //g)
#echo key=${key} iv=${iv}
/bin/echo -n "${STRING_TO_BE_ENCRYPTED}" | openssl des -e -nosalt -K ${key} -iv ${iv} -a
}
CERT_ENC=$(quantil_cert_enc "${cert}" "${DATE}")
KEY_ENC=$(quantil_cert_enc "${private_key}" "${DATE}")
CHAIN_ENC=$(quantil_cert_enc "${chain}" "${DATE}" )
request="curl -i --url '${API_SERVER}/api/ssl/certificate'
-X POST
-u $USER:$passw
-H 'Date: $DATE'
-H 'Accept: application/xml'
-H 'Content-Type: application/xml'
-d '<?xml version = \"1.0\" encoding = \"UTF-8\"?>
<ssl-certificate>
<name>{certificate name}</name>
<comment>{any comment you want}</comment>
<algorithm>des</algorithm>
<ssl-certificate>${CERT_ENC}</ssl-certificate>
<ssl-key>${KEY_ENC}</ssl-key>
<ssl-certificate-chain>${CHAIN_ENC}</ssl-certificate-chain>
</ssl-certificate>'"
eval $request
HTTP / 1.1 200 OK
Date: <date>
Content-Type: application/xml; charset = utf-8
Location: https://api.quantil.com/api/ssl/certificate/{certificate-id}
x-cnc-request-id: {id string auto generated by the QUANTIL server}
The Location header will have a URL you can use to get the status of the SSL certificate you added.
Element |
Description |
response |
container for additional information from the QUANTIL server. |
message |
a message returned by the QUANTIL server. |
HTTP/1.1 200 Accepted
Date: Thu, 07 Aug 2014 16:52:59 GMT
Accept-Ranges: bytes
Server: WS-web-server
x-cnc-request-id: 1127554
ContentType: application/xml;charset=UTF-8
Location: https://api.quantil.com/api/ssl/certificate/certificate-id1235
Content-Type: application/xml;charset=UTF-8
Content-Length: 86
<?xml version="1.0" encoding="UTF-8"?>
<response><message>success</message></response>
Error |
Description |
HTTP status code |
InvalidCertificate |
The certificate you provided is invalid. |
403 |