Certificates

Basic Operations

Basic operations of Add, List, Get, and Remove Trusted Certificates are available. Get, Ingest, Commit, and Renerate SSL/TLS Certificates are also available.

List all Trusted Certificates

Call to /certificate to get all Certificates

Request Object

+ URL
  /api/v2/certificate

+ Method
  GET

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {}

Response Object

Sending this should get you back a valid response, an array with each Trusted Certificate name in the system

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  [
    "Atlas_1a2345bc.crt",
    "Atlas_6789012d.crt"
  ]

View One Trusted Certificate

Call to /certificate/$NAME/details to get a specific Trusted Certificate

Request Object

+ URL
  /api/v2/certificate/$NAME/details

+ Method
  GET

+ Parameters
  Certificate name (string, required, URL param) - the name of the Certificate you'd like back

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {}

Response Object

Sending this should get you back a valid response, an array with the Certificate you requested

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  {
    "certificate": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n"
  }

Add a new Trusted Certificate

Call to /certificate/add with the name and certificate in the Body to add a Trusted Certificate that your OpenDrives system will trust when performing HTTPS requests.

Request Object

+ URL
  /api/v2/certificate/add

+ Method
  POST

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {
    "name": "myCoolCertificate",
    "certificate": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n"
  }

Response Object

Sending this should get you back a valid response, the output of adding the certificate

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  "Updating certificates in /etc/ssl/certs...\n1 added, 0 removed; done.\nRunning hooks in /etc/ca-certificates/update.d...\ndone.\n"

Remove a Trusted Certificate

Call /certificate/remove with the certificate name in the Body to remove the Trusted Certificate from the system

Request Object

+ URL
  /api/v2/certificate/remove

+ Method
  POST

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {
    "name": "myCoolCertificate"
  }

Response Object

Sending this should get you back a valid response, the output of adding the certificate

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  "Updating certificates in /etc/ssl/certs...\n0 added, 0 removed; done.\nRunning hooks in /etc/ca-certificates/update.d...\ndone.\n"

Retrieve SSL/TLS Certificates

Call to /certificate/retrieve with the requested certificate pieces in the Body to view those SSL/TLS Certificates

Request Object

+ URL
  /api/v2/certificate/retrieve

+ Method
  POST

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {
    "pieces":{
      "root": true,
      "intermediate": true,
      "leaf": true,
      "leaf_key": true
      }
}

Response Object

Sending this should get you back a valid response, an array with each SSL/TLS Certificate piece

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  [
    {
        "piece": "root",
        "output": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n"
    },
    {
        "piece": "intermediate",
        "output": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n"
    },
    {
        "piece": "leaf",
        "output": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n"
    },
    {
        "piece": "leaf_key",
        "output": "-----BEGIN RSA PRIVATE KEY-----\nRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHere\n-----END RSA PRIVATE KEY-----\n"
    }
]

Ingest SSL/TLS Certificates

Call to /certificate/ingest with the SSL/TLS certificate pieces being changed in the Body. Pieces with empty string values will have the specific piece removed from the system. After successful ingestion, the SSL/TLS certificates must be "committed" within 60 seconds, else the previous certificates will be restored.

Request Object

+ URL
  /api/v2/certificate/ingest

+ Method
  POST

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {
    "pieces": {
        "root": "",
        "intermediate": "",
        "leaf": "-----BEGIN CERTIFICATE-----\r\ncertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHerecertificateInfoHere\r\n-----END CERTIFICATE-----\r\n",
        "leaf_key": "-----BEGIN RSA PRIVATE KEY-----\nRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHereRSAPrivateKeyHere\n-----END RSA PRIVATE KEY-----\n"
    }
  }

Response Object

Sending this should get you back a valid response, an object with the confirmation timeout duration, and an array of resolutions with each SSL/TLS Certificate piece ingested in the system

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  {
    "confirmationTimeout": 60,
    "resolutions": [
        {
            "piece": "root",
            "output": "/etc/atlas/certs/atlas_root.pem"
        },
        {
            "piece": "intermediate",
            "output": "/etc/atlas/certs/atlas_ca.pem"
        },
        {
            "piece": "leaf",
            "output": "/etc/atlas/certs/atlas_cert.pem"
        },
        {
            "piece": "leaf_key",
            "output": "/etc/atlas/certs/atlas_key.pem"
        }
    ]
}

Commit SSL/TLS Certificates

Call to /certificate/commit to clear the timer and commit changes for the SSL/TLS Certificate pieces just ingested

Request Object

+ URL
  /api/v2/certificate/commit

+ Method
  POST

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {}

Response Object

Sending this should get you back a valid response, an empty object

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8

+ Body
  {}

Regenerate SSL/TLS Certificates

Call to /certificate/regenerate to regenerate a new pair of Leaf Certificate and Leaf Private Key. This will also remove the Root and Intermediate Certificates on the system, if they exist.

Request Object

+ URL
  /api/v2/certificate/regenerate

+ Method
  POST

+ Headers
  Content-Type: application/json
  token: ThisIsNotARealTokenGenerateYourOwnToken

+ Body
  {}

Response Object

Sending this should get you back a valid response. Note that the application modules Atlas, Lodestar, and Ranger must be restarted.

+ Headers
  X-Powered-By: OpenDrives
  Access-Control-Allow-Origin: *
  Content-Type: application/json; charset=utf-8