Modify an SSL certificate. Certificate-id is a unique id returned in the Location header of the HTTP Response when you added the certificate. It is also returned by the Get Certificate List API. The certificate must use a key length of at least 2048 bits.
Header |
Description |
Required |
Authorization |
Authorization string for the request |
Yes |
Host |
URI for the QUANTIL SDK (i.e., api.quantil.com) |
Yes |
Date |
The date and time of the request. |
Yes |
Accept |
Indicates the accepted format (i.e., application/xml) |
Yes |
Element |
Description |
ssl-certificate |
Container object which describes the SSL certificate to change. It contains one of each of these elements: name, comment, algorithm, ssl-certificate, ssl-key, ssl-certificate-chain. |
name |
a name to represent the certificate |
comment |
An optional comment describing the certificate |
algorithm |
Must be set to des. |
ssl-certificate |
encrypted content of the SSL file. Only the PEM (Privacy Enhanced Mail) format is supported. |
ssl-key |
encrypted content of the key file. Only the PEM format is supported. |
ssl-certificate-chain |
encrypted content of the SSL certificate chain. Only the PEM format is supported. If you received an "intermediate certificate" and a "root certificate" from your CA. You only need to upload the "intermediate certificate" as the chain certificate. This field is optional. |
ssl-key-id |
refers to a CSR request |
Encryption algorithm: md5 of the HTTP header Date value. Use the left 8 bits for the key and right 8 bits as iv for DES encryption of the document. Finally, base64 encode.
PUT /api/ssl/certificate/<certificate-id> HTTP/1.1
Authorization: <authorization string>
Host: api.quantil.com
Date: <date>
Accept: application/xml
Here is the outline of a shell script showing a request using the curl utility.
#!/bin/bash
API_SERVER=https://api.quantil.com
USER=username
API_KEY="apikey"
DATE=`date "+%a, %d %b %Y %H:%M:%S %Z"`
passw=$(echo -n "$DATE" | openssl dgst -sha1 -hmac "$API_KEY" -binary | base64)
cert="-----BEGIN CERTIFICATE-----
The body of the certificate goes here.
-----END CERTIFICATE-----"
private_key=""-----BEGIN PRIVATE KEY-----
The private key goes here
-----END PRIVATE KEY-----
"
chain_cert="-----BEGIN CERTIFICATE-----
The body of the chain cerificate goes here.
-----END CERTIFICATE-----"
# This function is used to encrypt the content that goes into the
# <ssl-certificate>, <ssl-key> and <ssl-certificate-chain> fields.
#
quantil_cert_enc() {
STRING_TO_BE_ENCRYPTED=$1
DATE_STRING=$2
MD5=$(/bin/echo -n ${DATE_STRING} | openssl md5)
MD5=${MD5#*=\ }
#echo md5=$MD5
key=${MD5:0:8}
iv=${MD5:24:8}
key=$(/bin/echo -n "${key}" |od -A n -t x1|sed s/\ //g)
iv=$(/bin/echo -n "${iv}" |od -A n -t x1|sed s/\ //g)
#echo key=${key} iv=${iv}
/bin/echo -n "${STRING_TO_BE_ENCRYPTED}" | openssl des -e -nosalt -K ${key} -iv ${iv} -a
}
CERT_ENC=$(quantil_cert_enc "${cert}" "${DATE}")
KEY_ENC=$(quantil_cert_enc "${private_key}" "${DATE}")
CHAIN_ENC=$(quantil_cert_enc "${chain_cert}" "${DATE}" )
CERTIFICATE_ID=123 # change to your certificate ID
request="curl -i --url '${API_SERVER}/api/ssl/certificate/${CERTIFICATE_ID}'
-X PUT
-u $USER:$passw
-H 'Date: $DATE'
-H 'Accept: application/xml'
-H 'Content-Type: application/xml'
-d '<?xml version = \"1.0\" encoding = \"UTF-8\"?>
<ssl-certificate>
<name>{certificate name}</name>
<comment>{any comment you want}</comment>
<algorithm>des</algorithm>
<ssl-certificate>${CERT_ENC}</ssl-certificate>
<ssl-key>${KEY_ENC}</ssl-key>
</ssl-certificate>'"
eval $request
HTTP / 1.1 200 OK
Date: <date>
Content-Type: application/xml; charset = utf-8
x-cnc-request-id: {id string auto generated by the QUANTIL server}
Element |
Description |
response |
container for additional information from the QUANTIL server. |
message |
a message returned by the QUANTIL server. |
HTTP/1.1 200 OK
Date: Thu, 07 Aug 2014 16:52:59 GMT
Accept-Ranges: bytes
Server: WS-web-server
x-cnc-request-id: 1127554
Content-Type: application/xml;charset=UTF-8
Content-Length: 86
<?xml version="1.0" encoding="UTF-8"?>
<response><message>success</message></response>
Error |
Description |
HTTP status code |
InvalidCertificate |
The certificate you provided is invalid. |
403 |