REST API Configuration and Setup Script
The configuration steps described in this section are not necessary if you are executing REST API commands from the Security Controls console machine.
If you are executing REST API commands from a remote machine (a machine that does not contain Security Controls), you must configure a secure, trusted connection by importing the Security Controls console certificate to the remote machine. You can do this manually or you can use a custom PowerShell setup script provided by Ivanti that will automatically perform these steps for you.
Option 1: Manual Configuration Process
- Export the ST Root Authority certificate from the Trusted Root Authority store on the console machine.
- Import the certificate to the Trusted Root Authority on the remote machine.
Option 2: Automatic Configuration Process Using the Setup Script
If you are not certain how to perform the manual configuration process or if you simply don't want to go through the hassle, Ivanti provides a PowerShell script that will automatically perform all the necessary steps for you.
If you choose to use the configuration setup script to prepare the remote machines, the PowerShell execution policy must be set to unrestricted.
CAUTION: We strongly recommend that you DO NOT leave the PowerShell execution policy set to unrestricted after completing this setup, as this leaves your system in a less secure configuration.
- Retrieve the PowerShell script from the console and copy it to the remote machine.
To retrieve the PowerShell script, within Security Controls select Tools > Options > API. Click Save script to file and provide a name for the file (for example, RemoteRestAPIClientSetup.ps1). - On the remote machine, launch Windows PowerShell and run the script.
Be sure to specify Run as Administrator when launching PowerShell.
If after completing the configuration process you are still getting an invalid certificate error, ensure any alias that may exist for the console system is defined using the Console Alias Editor. This includes differentiating between the machine name and the FQDN.