Certificates
Basic Operations
Basic operations of Add, List, Get, and Remove Trusted Certificates are available. Get, Ingest, Commit, and Renerate SSL/TLS Certificates are also available.
List all Trusted Certificates
Call to /certificate to get all Certificates
View One Trusted Certificate
Call to /certificate/$NAME/details to get a specific Trusted Certificate
Request Object
+ URL
/api/v2/certificate/$NAME/details
+ Method
GET
+ Parameters
Certificate name (string, required, URL param) - the name of the Certificate you'd like back
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{}
Response Object
Sending this should get you back a valid response, an array with the Certificate you requested
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"certificate": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n"
}
Add a new Trusted Certificate
Call to /certificate/add with the name and certificate in the Body to add a Trusted Certificate that your OpenDrives system will trust when performing HTTPS requests.
Request Object
+ URL
/api/v2/certificate/add
+ Method
POST
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{
"name": "myCoolCertificate",
"certificate": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n"
}
Response Object
Sending this should get you back a valid response, the output of adding the certificate
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body "Updating certificates in /etc/ssl/certs...\n1 added, 0 removed; done.\nRunning hooks in /etc/ca-certificates/update.d...\ndone.\n"
Remove a Trusted Certificate
Call /certificate/remove with the certificate name in the Body to remove the Trusted Certificate from the system
Request Object
+ URL
/api/v2/certificate/remove
+ Method
POST
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{
"name": "myCoolCertificate"
}
Response Object
Sending this should get you back a valid response, the output of adding the certificate
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body "Updating certificates in /etc/ssl/certs...\n0 added, 0 removed; done.\nRunning hooks in /etc/ca-certificates/update.d...\ndone.\n"
Retrieve SSL/TLS Certificates
Call to /certificate/retrieve with the requested certificate pieces in the Body to view those SSL/TLS Certificates
Request Object
+ URL
/api/v2/certificate/retrieve
+ Method
POST
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Parameters
pieces (object, required, Body) - The pieces of the TLS/SSL cert you would like to retrieve. All entries are not required, will only return values set to true
pieces.root (boolean, optional, Body) - Set this true to return the root of the TLS Cert
+ pieces.intermediate (boolean, optional, Body) - Set this to true to return the intermediate of the TLS Cert
pieces.server (boolean, optional, Body) - Set this true to return the server of the TLS Cert
+ pieces.private_key (boolean, optional, Body) - Set this to true to return the private key of the TLS Cert
+ Body
{
"pieces":{
"root": true,
"intermediate": true,
"server": true,
"private_key": true
}
}
Response Object
Sending this should get you back a valid response, an array with each SSL/TLS Certificate piece
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
[
{
"piece": "root",
"output": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n"
},
{
"piece": "intermediate",
"output": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n"
},
{
"piece": "server",
"output": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n"
},
{
"piece": "private_key",
"output": "-----BEGIN RSA PRIVATE KEY-----\nRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHere\n-----END RSA PRIVATE KEY-----\n"
}
]
Ingest SSL/TLS Certificates
Call to /certificate/ingest with the SSL/TLS certificate pieces being changed in the Body. Pieces with empty string values will have the specific piece removed from the system. After successful ingestion, the SSL/TLS certificates must be "committed" within 60 seconds, else the previous certificates will be restored.
Request Object
+ URL
/api/v2/certificate/ingest
+ Method
POST
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{
"pieces": {
"root": "",
"intermediate": "",
"server": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n",
"private_key": "-----BEGIN RSA PRIVATE KEY-----\nRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHere\n-----END RSA PRIVATE KEY-----\n"
}
}
Response Object
Sending this should get you back a valid response, an object with the confirmation timeout duration, and an array of resolutions with each SSL/TLS Certificate piece ingested in the system
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"confirmationTimeout": 60,
"resolutions": [
{
"piece": "root",
"output": "/etc/atlas/certs/atlas_root.pem"
},
{
"piece": "intermediate",
"output": "/etc/atlas/certs/atlas_ca.pem"
},
{
"piece": "server",
"output": "/etc/atlas/certs/atlas_cert.pem"
},
{
"piece": "private_key",
"output": "/etc/atlas/certs/atlas_key.pem"
}
]
}
Commit SSL/TLS Certificates
Call to /certificate/commit to clear the timer and commit changes for the SSL/TLS Certificate pieces just ingested
Regenerate SSL/TLS Certificates
Call to /certificate/regenerate to regenerate a new pair of Leaf Certificate and Leaf Private Key. This will also remove the Root and Intermediate Certificates on the system, if they exist.