Certificates
Basic Operations
Basic operations of Add, List, Get, and Remove Trusted Certificates are available. Get, Ingest, Commit, and Renerate SSL/TLS Certificates are also available.
List all Trusted Certificates
Call to /certificate to get all Certificates
View One Trusted Certificate
Call to /certificate/$NAME/details to get a specific Trusted Certificate
Request Object
+ URL /api/v2/certificate/$NAME/details + Method GET + Parameters Certificate name (string, required, URL param) - the name of the Certificate you'd like back + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
Sending this should get you back a valid response, an array with the Certificate you requested
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "certificate": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n" }
Add a new Trusted Certificate
Call to /certificate/add with the name and certificate in the Body to add a Trusted Certificate that your OpenDrives system will trust when performing HTTPS requests.
Request Object
+ URL /api/v2/certificate/add + Method POST + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "name": "myCoolCertificate", "certificate": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n" }
Response Object
Sending this should get you back a valid response, the output of adding the certificate
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body "Updating certificates in /etc/ssl/certs...\n1 added, 0 removed; done.\nRunning hooks in /etc/ca-certificates/update.d...\ndone.\n"
Remove a Trusted Certificate
Call /certificate/remove with the certificate name in the Body to remove the Trusted Certificate from the system
Request Object
+ URL /api/v2/certificate/remove + Method POST + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "name": "myCoolCertificate" }
Response Object
Sending this should get you back a valid response, the output of adding the certificate
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body "Updating certificates in /etc/ssl/certs...\n0 added, 0 removed; done.\nRunning hooks in /etc/ca-certificates/update.d...\ndone.\n"
Retrieve SSL/TLS Certificates
Call to /certificate/retrieve with the requested certificate pieces in the Body to view those SSL/TLS Certificates
Request Object
+ URL /api/v2/certificate/retrieve + Method POST + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Parameters pieces (object, required, Body) - The pieces of the TLS/SSL cert you would like to retrieve. All entries are not required, will only return values set to true pieces.root (boolean, optional, Body) - Set this true to return the root of the TLS Cert + pieces.intermediate (boolean, optional, Body) - Set this to true to return the intermediate of the TLS Cert pieces.server (boolean, optional, Body) - Set this true to return the server of the TLS Cert + pieces.private_key (boolean, optional, Body) - Set this to true to return the private key of the TLS Cert + Body { "pieces":{ "root": true, "intermediate": true, "server": true, "private_key": true } }
Response Object
Sending this should get you back a valid response, an array with each SSL/TLS Certificate piece
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "piece": "root", "output": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n" }, { "piece": "intermediate", "output": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n" }, { "piece": "server", "output": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n" }, { "piece": "private_key", "output": "-----BEGIN RSA PRIVATE KEY-----\nRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHere\n-----END RSA PRIVATE KEY-----\n" } ]
Ingest SSL/TLS Certificates
Call to /certificate/ingest with the SSL/TLS certificate pieces being changed in the Body. Pieces with empty string values will have the specific piece removed from the system. After successful ingestion, the SSL/TLS certificates must be "committed" within 60 seconds, else the previous certificates will be restored.
Request Object
+ URL /api/v2/certificate/ingest + Method POST + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "pieces": { "root": "", "intermediate": "", "server": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n", "private_key": "-----BEGIN RSA PRIVATE KEY-----\nRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHere\n-----END RSA PRIVATE KEY-----\n" } }
Response Object
Sending this should get you back a valid response, an object with the confirmation timeout duration, and an array of resolutions with each SSL/TLS Certificate piece ingested in the system
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "confirmationTimeout": 60, "resolutions": [ { "piece": "root", "output": "/etc/atlas/certs/atlas_root.pem" }, { "piece": "intermediate", "output": "/etc/atlas/certs/atlas_ca.pem" }, { "piece": "server", "output": "/etc/atlas/certs/atlas_cert.pem" }, { "piece": "private_key", "output": "/etc/atlas/certs/atlas_key.pem" } ] }
Commit SSL/TLS Certificates
Call to /certificate/commit to clear the timer and commit changes for the SSL/TLS Certificate pieces just ingested
Regenerate SSL/TLS Certificates
Call to /certificate/regenerate to regenerate a new pair of Leaf Certificate and Leaf Private Key. This will also remove the Root and Intermediate Certificates on the system, if they exist.