CA Configuration¶
Overview¶
Use the CA Configuration API to save, retrieve, or delete a certificate authority (CA) configuration.
REST Endpoint: /mgmt/cm/adc-core/external-ca/config¶
Requests¶
POST /mgmt/cm/adc-core/external-ca/config¶
Send a POST request to the endpoint to save a CA configuration.
Request Parameters¶
The JSON in the body of the POST request can contain the following parameters.
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | True | Name of the CA server |
| caProvider | string | True | The certificate authority provider. Possible values: “Let’s Encrypt” and “Venafi”. |
| webSdkEndPoint | string | True | URL of the web SDK |
| keyAlgorithm | string | True | Cryptography algorithm. Possible value: “RSA”. This parameter does not apply if the value of caProvider equals “Venafi”. |
| keySize | number | True | Size of the cryptography key. For example: 2048. This parameter does not apply if the value of caProvider equals “Venafi”. |
| terms | boolean | True | Terms of the external CA. This parameter does not apply if the value of caProvider equals “Venafi”. |
| autoRenewalThreshold | number | False | Optional Venafi threshold value |
| autoDeployThreshold | number | False | Optional Venafi threshold value |
| keyPassphrase | string | False | Optional Venafi Key Passphrase for Sync |
| userName | string | True if caProvider equals “Venafi” | Venafi Server User Name |
| password | string | True if caProvider equals “Venafi” | Venafi Server Password |
Query Parameters¶
None
Response¶
The JSON in the POST’s response can include the following parameters.
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| uuid | string | UUID of the configuration |
| name | string | Name of the CA server |
| caProvider | string | The certificate authority provider. Possible values: “Let’s Encrypt” and “Venafi”. |
| webSdkEndPoint | string | URL of the web SDK |
| keyAlgorithm | string | Cryptography algorithm. Possible value: “RSA”. This parameter does not apply if the value of caProvider equals “Venafi”. |
| keySize | number | Size of the cryptography key. For example: 2048. This parameter does not apply if the value of caProvider equals “Venafi”. |
| terms | boolean | Terms of the external CA. This parameter does not apply if the value of caProvider equals “Venafi”. |
| selfLink | string | URL of the configuration |
| autoRenewalThreshold | number | Venafi threshold value |
| autoDeployThreshold | number | Venafi threshold value |
| userName | string | Venafi Server User Name |
| encryptedPassword | string | Encrypted Venafi password |
| keyPassphrase | string | Venafi passphrase |
Permissions¶
| Role | Allow |
|---|---|
| admin | Yes |
| Certificate Editor/Viewer | No |
GET /mgmt/cm/adc-core/external-ca/config¶
To retrieve information for all CA configurations, send a GET request to the collection’s endpoint. To retrieve information for a specific configuration, append the configuration’s uuid.
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| items | object | List of records for CA configurations |
| uuid | string | UUID of the configuration |
| name | string | Name of the server |
| caProvider | string | The certificate authority provider. Possible values: “Let’s Encrypt” and “Venafi”. |
| webSdkEndPoint | string | URL of the web SDK |
| keyAlgorithm | string | Cryptography algorithm. Possible value: “RSA”. This parameter does not apply if the value of caProvider equals “Venafi”. |
| keySize | number | Size of the cryptography key. For example: 2048. This parameter does not apply if the value of caProvider equals “Venafi”. |
| terms | boolean | Terms of the external CA. This parameter does not apply if the value of caProvider equals “Venafi”. |
| selfLink | string | URL of the configuration |
| username | string | The Venafi server’s user name. This can be present if caProvide is “Venafi”. |
| keyPassphrase | string | This can be present if the value of caProvide is “Venafi”. |
| encryptedPassword | string | This can be present if the value of caProvide is “Venafi”. |
| autoDeployThreshold | string | This can be present if the value of caProvide is “Venafi”. |
| autoRenewalThreshold | string | This can be present if the value of caProvide is “Venafi”. |
| selfLink | string | URL of the configuration collection |
Permissions¶
| Role | Allow |
|---|---|
| admin | Yes |
| Certificate Editor/Viewer | Yes |
PATCH /mgmt/cm/adc-core/external-ca/config/{uuid}¶
To change a CA configuration, send a PATCH request to the configuration’s endpoint.
Request Parameters¶
The JSON in the body of the PATCH request can contain the following parameters.
| Name | Type | Required | Description |
|---|---|---|---|
| autoRenewalThreshold | number | False | Optional Venafi threshold value |
| autoDeployThreshold | number | False | Optional Venafi threshold value |
| keyPassphrase | string | False | Optional Venafi Key Passphrase for Sync |
Query Parameters¶
None
Response¶
The JSON in the PATCH’s response can include the following parameters.
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| uuid | string | UUID of the configuration |
| name | string | Name of the CA server |
| caProvider | string | The certificate authority provider. Possible values: “Let’s Encrypt” and “Venafi”. |
| webSdkEndPoint | string | URL of the web SDK |
| keyAlgorithm | string | Cryptography algorithm. Possible value: “RSA”. This parameter does not apply if the value of caProvider equals “Venafi”. |
| keySize | number | Size of the cryptography key. For example: 2048. This parameter does not apply if the value of caProvider equals “Venafi”. |
| terms | boolean | Terms of the external CA. This parameter does not apply if the value of caProvider equals “Venafi”. |
| selfLink | string | URL of the configuration |
| autoRenewalThreshold | number | Venafi threshold value |
| autoDeployThreshold | number | Venafi threshold value |
| userName | string | Venafi Server User Name |
| encryptedPassword | string | Encrypted Venafi password |
| keyPassphrase | string | Venafi passphrase |
Permissions¶
| Role | Allow |
|---|---|
| admin | Yes |
| Certificate Editor/Viewer | No |
DELETE /mgmt/cm/adc-core/external-ca/config/{uuid}¶
To delete a specific CA configuration, send a DELETE request to the endpoint and append the configurations uuid. This will delete the CA configuration, linked policy folders and the markers in the certificate or key state. The body of the DELETE request can be empty.
Request Parameters¶
None
Query Parameters¶
None
Response¶
The JSON in the body of the DELETE response is for the deleted CA configuration.
HTTP/1.1 200 OK
Permissions¶
| Role | Allow |
|---|---|
| admin | Yes |
| Certificate Editor/Viewer | No |
Examples¶
POST to save a CA configuration (Let’s Encrypt)¶
The following example saves a CA configuration when the CA is Let’s Encrypt.
POST https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/config
The JSON in the body of the POST can look similar to the following example.
{
"name": "LE_Staging_Server",
"caProvider": "Let's Encrypt",
"webSdkEndPoint": "https://acme-staging-v02.api.letsencrypt.org/",
"keyAlgorithm": "RSA",
"keySize": 2048,
"terms": true
}
Response¶
HTTP/1.1 200 OK
{
"uuid": "5194e771-18d1-377d-8706-1d3102ebb312",
"name": "LE_Staging_Server",
"caProvider": "Let's Encrypt",
"webSdkEndPoint": "https://acme-staging-v02.api.letsencrypt.org/",
"keyAlgorithm": "RSA",
"keySize": 2048,
"encryptedUserKey": "--- this value has been omitted from the example ---",
"terms": true,
"generation": 1,
"lastUpdateMicros": 1565688383079313,
"kind": "cm:adc-core:external-ca:config:externalcaconfigstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/config/5194e771-18d1-377d-8706-1d3102ebb312"
}
POST to save a CA configuration (Venafi)¶
The following example saves a CA configuration when the CA is Venafi.
POST https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/config
The JSON in the body of the POST can look similar to the following example.
{
"name": "Venafi_18.3_Server",
"autoRenewalThreshold": 7,
"autoDeployThreshold": "00:00",
"keyPassphrase": < Key Passphrase for Sync > ",
"caProvider": "Venafi",
"webSdkEndPoint": "https://101018183.dev.lab.venafi.com/vedsdk",
"userName": "<Venafi Server User Name>",
"password": "<Venafi Server Password>"
}
Response¶
HTTP/1.1 200 OK
{
"uuid": "7d9bf2c4-80b8-3aa0-b868-d34a8ad9b39d",
"name": "Venafi_18.3_Server",
"caProvider": "Venafi",
"webSdkEndPoint": "https://101018183.dev.lab.venafi.com/VEDSDK",
"autoRenewalThreshold": 7,
"autoDeployThreshold": "00:00",
"userName": "<Venafi Server User Name>",
"encryptedPassword": "GJMPBIt+lSTBbvKXsChH0qS9n6YWk4XnlNdvck7JXmU=",
"keyPassphrase": "Hq93MmWNGJfoP4eDYzdzPWlzx1PzGZlIh2SLxIgCmJ89TpKrwD+//3GoAo05b3CC",
"generation": 1,
"lastUpdateMicros": 1595501429130312,
"kind": "cm:adc-core:external-ca:config:externalcaconfigstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/config/7d9bf2c4-80b8-3aa0-b868-d34a8ad9b39d"
}
GET to retrieve all CA configurations¶
The following example retrieves all the CA configurations.
GET https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/config
Response¶
The JSON in the GET’s response can look similar to the following example.
{
"items": [{
"uuid": "5194e771-18d1-377d-8706-1d3102ebb312",
"name": "LE_Staging_Server",
"caProvider": "Let's Encrypt",
"webSdkEndPoint": "https://acme-staging-v02.api.letsencrypt.org/",
"keyAlgorithm": "RSA",
"keySize": 2048,
"encryptedUserKey": "--- this value has been omitted from the example ---",
"terms": true,
"generation": 1,
"lastUpdateMicros": 1565688383079313,
"kind": "cm:adc-core:external-ca:config:externalcaconfigstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/config/5194e771-18d1-377d-8706-1d3102ebb312"
},
{
"kind": "cm:adc-core:external-ca:config:externalcaconfigstate",
"name": "Venafi_18.3_Server",
"uuid": "7d9bf2c4-80b8-3aa0-b868-d34a8ad9b39d",
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/config/7d9bf2c4-80b8-3aa0-b868-d34a8ad9b39d",
"userName": "<Venafi Server User Name>",
"caProvider": "Venafi",
"generation": 1,
"keyPassphrase": "--- this value has been omitted from the example ---",
"webSdkEndPoint": "https://101018183.dev.lab.venafi.com/VEDSDK",
"lastUpdateMicros": 1595501429130312,
"encryptedPassword": "--- this value has been omitted from the example ---",
"autoDeployThreshold": "00:00",
"autoRenewalThreshold": 7
}
],
"generation": 2,
"kind": "cm:adc-core:external-ca:config:externalcaconfigcollectionstate",
"lastUpdateMicros": 1565688383445387,
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/config"
}
PATCH to change a CA configuration¶
The following example changes a CA configuration, specified by the configuration’s uuid. In this example the value of uuid is “7d9bf2c4-80b8-3aa0-b868-d34a8ad9b39d” and the CA is Venafi.
PATCH https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/config/7d9bf2c4-80b8-3aa0-b868-d34a8ad9b39d
The JSON in the body of the POST can look similar to the following example.
{
"autoRenewalThreshold": 7,
"autoDeployThreshold": "00:00",
"keyPassphrase": <Key Passphrase for Sync>
}
Response¶
HTTP/1.1 200 OK
{
"uuid": "7d9bf2c4-80b8-3aa0-b868-d34a8ad9b39d",
"name": "Venafi_18.3_Server",
"caProvider": "Venafi",
"webSdkEndPoint": "https://101018183.dev.lab.venafi.com/VEDSDK",
"autoRenewalThreshold": 7,
"autoDeployThreshold": "00:00",
"userName": "<Venafi Server User Name>",
"encryptedPassword": "GJMPBIt+lSTBbvKXsChH0qS9n6YWk4XnlNdvck7JXmU=",
"keyPassphrase": "ykhL5G6mCeiayYrVmhYyuATqhds5D3h0P1/p48kMqiuvgfChnMWIdWWd9tnNa0Av",
"generation": 2,
"lastUpdateMicros": 1595502426223510,
"kind": "cm:adc-core:external-ca:config:externalcaconfigstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/config/7d9bf2c4-80b8-3aa0-b868-d34a8ad9b39d"
}
DELETE to delete a CA configuration¶
The following example deletes a CA configuration specified by it’s uuid. This can delete the CA configuration, linked policy folders and the markers in the cert/key state. This example deletes the configuration having a value of uuid equal to “bbd7a31c-cdaa-3ec8-b713-9457d74958c2”.
DELETE https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/config/bbd7a31c-cdaa-3ec8-b713-9457d74958c2
Response¶
HTTP/1.1 200 OK
The JSON in the body of the response to the DELETE is for the record being removed.
{
"uuid": "bbd7a31c-cdaa-3ec8-b713-9457d74958c2",
"name": "LE_Staging_Server",
"caProvider": "Let's Encrypt",
"webSdkEndPoint": "https://acme-staging-v02.api.letsencrypt.org/",
"keyAlgorithm": "RSA",
"keySize": 2048,
"encryptedUserKey": "--- this value has been omitted from the example ---",
"terms": true,
"generation": 1,
"lastUpdateMicros": 1565688383079313,
"kind": "cm:adc-core:external-ca:config:externalcaconfigstate",
}