Modify SSL Certificate - PUT /api/ssl/certificate/{certificate-id}

Parent Previous Next

PUT /api/ssl/certificate/{certificate-id}                          

Modify an SSL certificate.  Certificate-id is a unique id returned in the Location header of the HTTP Response when you added the certificate. It is also returned by the Get Certificate List API. The certificate must use a key length of at least 2048 bits.

Request Syntax


Request Headers


Header

Description

Required

Authorization

Authorization string for the request

Yes

Host

URI for the QUANTIL SDK (i.e., api.quantil.com)

Yes

Date

The date and time of the request.

Yes

Accept

Indicates the accepted format (i.e., application/xml)

Yes

Request Body Elements


Element

Description

ssl-certificate

Container object which describes the SSL certificate to change. It contains one of each of these elements: name, comment, algorithm, ssl-certificate, ssl-key, ssl-certificate-chain.

name

a name to represent the certificate

comment

An optional comment describing the certificate

algorithm

Must be set to des.

ssl-certificate

encrypted content of the SSL file. Only the PEM (Privacy Enhanced Mail) format is supported.

ssl-key

encrypted content of the key file.  Only the PEM format is supported.

ssl-certificate-chain

encrypted content of the SSL certificate chain. Only the PEM format is supported. If you received an "intermediate certificate" and a "root certificate" from your CA. You only need to upload the "intermediate certificate" as the chain certificate. This field is optional.

ssl-key-id

refers to a CSR request



Encryption algorithm: md5 of the HTTP header Date value. Use the left 8 bits for the key and right 8 bits as iv for DES encryption of the document. Finally, base64 encode.

Request Syntax:


PUT /api/ssl/certificate/<certificate-id> HTTP/1.1

Authorization: <authorization string>

Host: api.quantil.com

Date: <date>

Accept: application/xml


Here is the outline of a shell script showing a request using the curl utility.

#!/bin/bash


API_SERVER=https://api.quantil.com

USER=username

API_KEY="apikey"


DATE=`date "+%a, %d %b %Y %H:%M:%S %Z"`


passw=$(echo -n "$DATE" | openssl dgst -sha1 -hmac "$API_KEY" -binary | base64)


cert="-----BEGIN CERTIFICATE-----

The body of the certificate goes here.

-----END CERTIFICATE-----"



private_key=""-----BEGIN PRIVATE KEY-----  

The private key goes here

-----END PRIVATE KEY-----

"


chain_cert="-----BEGIN CERTIFICATE-----

The body of the chain cerificate goes here.

-----END CERTIFICATE-----"



# This function is used to encrypt the content that goes into the

# <ssl-certificate>, <ssl-key> and <ssl-certificate-chain> fields.

#

quantil_cert_enc() {

 STRING_TO_BE_ENCRYPTED=$1

 DATE_STRING=$2

 MD5=$(/bin/echo -n ${DATE_STRING} | openssl md5)

 MD5=${MD5#*=\ }

 #echo md5=$MD5

 key=${MD5:0:8}

 iv=${MD5:24:8}

 key=$(/bin/echo -n "${key}" |od -A n -t x1|sed s/\ //g)

 iv=$(/bin/echo -n "${iv}" |od -A n -t x1|sed s/\ //g)

 #echo key=${key} iv=${iv}

 /bin/echo -n "${STRING_TO_BE_ENCRYPTED}" | openssl des -e -nosalt -K ${key} -iv ${iv} -a

}


CERT_ENC=$(quantil_cert_enc "${cert}" "${DATE}")

KEY_ENC=$(quantil_cert_enc "${private_key}" "${DATE}")

CHAIN_ENC=$(quantil_cert_enc "${chain_cert}" "${DATE}" )


CERTIFICATE_ID=123   # change to your certificate ID


request="curl -i --url '${API_SERVER}/api/ssl/certificate/${CERTIFICATE_ID}'

                       -X PUT

                       -u $USER:$passw

                       -H 'Date: $DATE'

                       -H 'Accept: application/xml'

                       -H 'Content-Type: application/xml'

                       -d '<?xml version = \"1.0\" encoding = \"UTF-8\"?>

                       <ssl-certificate>

                       <name>{certificate name}</name>

                       <comment>{any comment you want}</comment>

                       <algorithm>des</algorithm>

                       <ssl-certificate>${CERT_ENC}</ssl-certificate>

                       <ssl-key>${KEY_ENC}</ssl-key>

                       </ssl-certificate>'"


eval $request


Response Details:


Response Headers:

HTTP / 1.1 200 OK

Date: <date>

Content-Type: application/xml; charset = utf-8

x-cnc-request-id: {id string auto generated by the QUANTIL server}



Response Body Elements

Element

Description

response

container for additional information from the QUANTIL server.

message

a message returned by the QUANTIL server.  



Sample Response:


HTTP/1.1 200 OK

Date: Thu, 07 Aug 2014 16:52:59 GMT

Accept-Ranges: bytes

Server: WS-web-server

x-cnc-request-id: 1127554

Content-Type: application/xml;charset=UTF-8

Content-Length: 86


<?xml version="1.0" encoding="UTF-8"?>

<response><message>success</message></response>

Error List


Error

Description

HTTP status code

InvalidCertificate

The certificate you provided is invalid.

403