Stephan,
1) How can I create the text content of <l7:Pkcs12Data> without manually import/export the key first?
Response: Commands to generate a Base64 output of the PKCS12 file
Linux:
base64 <file for PKCS12> > b64output.txt
Windows (Note: take the value between the BEGIN and END Certificate in the output file):
certutil -encode inputFileName encodedOutputFileName
JAVA (Note: that will also build the XML):
String data = new String(BASE64EncoderStream.encode(IOUtils.slurpStream( this.getClass().getResourceAsStream( "testkey.p12" ) )));
String privateKeyImport = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n" +
"<l7:PrivateKeyImportContext xmlns:l7=\"http://ns.l7tech.com/2010/04/gateway-management\">\n" +
" <l7:Pkcs12Data>"+data+"</l7:Pkcs12Data>\n" +
" <l7:Alias>testkey</l7:Alias>\n" +
" <l7:Password></l7:Password>\n" +
"</l7:PrivateKeyImportContext>";
System.out.println(privateKeyImport);
b) URL to import the Private Key (PKCS12)
POST https://<gateway>:8443/restman/1.0/privateKeys/00000000000000000000000000000002:<alias name>/import
Header(s) required:
Content-Type = application/xml and Authorization = Base64 value of user and password
Payload for the private key
<l7:PrivateKeyImportContext xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Pkcs12Data>{base64 of the PKCS12}</l7:Pkcs12Data>
<l7:Password>{Password for the PKCS12}</l7:Password>
</l7:PrivateKeyImportContext>
__________________________________________________________________________________________________
2) Is it possible to import a private-key and at the same time mark it as default SSL key (special purpose)?
I would like to do this in one request.
Response: To update the Private Key with a Special Purpose which can not be done at the time of the import (Note: This will also require a restart of the Gateway to pick up the change):
URL to Update Private Key setting:
PUT https://<gateway>:8443/restman/1.0/privateKeys/00000000000000000000000000000002:{alias name}/specialPurpose?purpose=SSL
Header(s) required:
Authorization = Base64 value of user and password
Sincerely,
Stephen Hughes
Director, CA Support