Catalog.SSL.Certificates

URI: http://soap.zeus.com/zxtm/1.1/Catalog/SSL/Certificates/

The Catalog.SSL.Certificates interface allows management of SSL Certificates which are used for SSL decryption of services. Using this interface, you can create, delete and rename SSL Certificate objects.

Methods

createSelfSignedCertificate( names, details ) throws InvalidObjectName, ObjectAlreadyExists, InvalidInput, DeploymentError

Create new self-signed certificates.

void createSelfSignedCertificate(

String[] names

Catalog.SSL.Certificates.CertificateDetails[] details

)

createSelfSignedECDSACertificate( names, details ) throws InvalidObjectName, ObjectAlreadyExists, InvalidInput, DeploymentError

Create new self-signed ECDSA certificates.

void createSelfSignedECDSACertificate(

String[] names

Catalog.SSL.Certificates.ECCertificateDetails[] details

)

deleteCertificate( names ) throws InvalidObjectName, ObjectDoesNotExist, InvalidOperation, DeploymentError

Delete the named certificates.

void deleteCertificate(

String[] names

)

deleteCertificateHW( names ) throws InvalidObjectName, ObjectDoesNotExist, InvalidOperation, DeploymentError

Delete the named certificates even if they are stored on secure hardware and could be in use by other clients of the hardware.

void deleteCertificateHW(

String[] names

)

getCertificateInfo( names ) throws ObjectDoesNotExist

Get the information about the named certificates.

Certificate[] getCertificateInfo(

String[] names

)

getCertificateNames()

Get the names of the installed certificates.

String[] getCertificateNames()

getCertificateRequest( names ) throws ObjectDoesNotExist

Get Certificate signing requests for the named certificates.

String[] getCertificateRequest(

String[] names

)

getRawCertificate( names ) throws ObjectDoesNotExist

Get the raw (PEM-encoded) certificates.

String[] getRawCertificate(

String[] names

)

importCertificate( names, keys ) throws InvalidObjectName, ObjectAlreadyExists, InvalidInput

Create a new certificate, importing the certificate and private key.

void importCertificate(

String[] names

CertificateFiles[] keys

)

renameCertificate( names, new_names ) throws InvalidObjectName, ObjectAlreadyExists, ObjectDoesNotExist

Rename the named certificates.

void renameCertificate(

String[] names

String[] new_names

)

setRawCertificate( names, certs ) throws ObjectDoesNotExist

Set the (PEM-encoded) certificate. This should be used after getting a Certificate request signed by a certificate authority.

void setRawCertificate(

String[] names

String[] certs

)

Structures

Catalog.SSL.Certificates.CertificateDetails

This structure contains the information used when generating self-signed test certificates.

struct Catalog.SSL.Certificates.CertificateDetails {

# The subject of the new certificate. The common_name of the subject should

# match the DNS name of the service this certificate is to be used for.

X509Name subject;

# The number of days this certificate should be value for (e.g. 365 for 1

# years validity)

Integer valid_days;

# The size of the generated private key. Use 2048 for normal use, or 3072 for

# more security

Integer key_size;

}

Catalog.SSL.Certificates.ECCertificateDetails

This structure contains the information used when generating self-signed test certificates with ECDSA keys.

struct Catalog.SSL.Certificates.ECCertificateDetails {

# The subject of the new certificate. The common_name of the subject should

# match the DNS name of the service this certificate is to be used for.

X509Name subject;

# The number of days this certificate should be value for (e.g. 365 for 1

# years validity)

Integer valid_days;

# The name of the curve used to generate the private key. Possible values

# include P256, P384 and P521 in order of increasing strength.

String curve;

}

Certificate

This structure contains information (such as the subject and issuer) about a certificate.

struct Certificate {

# The version of the X509 Certificate

Integer version;

# The serial number of the Certificate

String serial;

# The issuer (i.e. who signed it) of the Certificate

X509Name issuer;

# The subject (i.e. who it is for) of the Certificate

X509Name subject;

# The time the certificate is valid from.

Time valid_from;

# The time the certificate is valid to.

Time valid_to;

# The type of key used in the certificate.

String key_type;

# The DSA public key 'y' used in the certificate.

String y;

# The first coordinate of the public key Q for an ECDSA key used in the

# certificate.

String Q_x;

# The second coordinate of the public key Q for an ECDSA key used in the

# certificate.

String Q_y;

# The name of the curve used by the ECDSA key used in the certificate.

String curve;

# The RSA modulus of the certificate.

String modulus;

# The RSA exponent of the certificate.

String exponent;

# Whether the certificate is self-signed (i.e. the issuer is the same as the

# subject)

Boolean self_signed;

}

CertificateFiles

This structure contains a public certificate and private key. It is used when importing certificates into the traffic manager.

struct CertificateFiles {

# The PEM-encoded public certificate (containing the BEGIN CERTIFICATE and

# END CERTIFICATE tags)

String public_cert;

# The PEM-encoded private key (containing the BEGIN RSA PRIVATE KEY and END

# RSA PRIVATE KEY tags)

String private_key;

}

X509Name

This structure contains a representation of an X509 Name object. These are used inside Certificate objects to represent the issuer and subject of the certificate.

struct X509Name {

# The common name (CN). This is usually the name of the site the certificate

# is issued to (e.g. "secure.example.com")

String common_name;

# The two-letter country code.

String country;

# The location (town or city).

String location;

# The state, this is only needed if the country is 'US'.

String state;

# The name of the organization

String organization;

# The unit inside the organization

String unit;

# An email address. This is usually empty.

String email;

}