Automate keystore generation using the PKI Cloud API

Let's generate a PKCS#12 (PFX) keystore using Curl commands!


After creating a free account, generating a CA and an API key, we will go to the Swagger page to test our key.

We're going to be using the /ca endpoint.
Visit:
https://testca.pkicloud.com/apidocs/ui/index.html#!/CaResource/resource_CaResource_getcas_GET



Enter your key in the Authorization field, using "Bearer <key>"



Click 'Try it out!' and see your response.


Curl

curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer eyAidHlwIjogIkpXVCIsICJhbGciOiAiUlMyNTYiIH0.eyAiYXV0aF90aW1lIjogMTQ4MDEwNzEyMSwgImV4cCI6IDE0ODAxMzExMjEsICJzdWIiOiAiamFtZXNtIiwgImF1ZCI6IFsgImNhYXBpIiBdLCAiaXNzIjogInRlc3RjYSIsICJpYXQiOiAxNDgwMTA3MTIxLCAianRpIjogIjEyMzNjMTQyLWFiNmUtNGY0NS05YjRjgfQ.PBzMWZvPKlQ2eniokxWwgnVRBa0oh8A8qRzECuZbmRKytYJ6hUUewIAHs7yHaMPutJNx5SbPo1cBlFF36_BURsvPU' 'https://testca.pkicloud.com/caapi/ca'

Request URL

https://testca.pkicloud.com/caapi/ca

Response Body

[
  {
    "id": 1069394785,
    "name": "CN=James CA, O=James M, C=US"
  }
]

Response Code

200



Now generate a new user for your CA. We'll just use Curl this time.
The user (certificate holder) has the ID 'jamesca_demo2' with (one time) password '1234'.
The certificate type is 'SSL Server'.

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Bearer eyAidHlwIjogIkpXVCIsICJhbGciOiAiUlMyNTYiIH0.eyAiYXV0aF90aW1lIjogMTQ4MDEwNzEyMSwgImV4cCI6IDE0ODAxMzExMjEsICJzdWIiOiAiamFtZXNtIiwgImF1ZCI6IFsgImNhYXBpIiBdLCAiaXNzIjogInRlc3RjYSIsICJpYXQiOiAxNDgwMTA3MTIxLCAianRpIjogIjEyMzNjMTQyLWFiNmUtNGY0NS05YjRjLTM2YThniokxWwgn' -d '{
  "caName": "CN=James CA, O=James M, C=US",
  "endEntityProfileName": "SSL Server",
  "certificateProfileName": "SSL Server",
  "keyRecoverable": true,
  "password": "abcd",
  "subjectDN": "CN=james.example.com,O=JamesM,C=US",
  "tokenType": "P12",
  "username": "jamesca_demo2"
}' 'https://testca.pkicloud.com/caapi/users'


Use the user ID and password to get the keystore, saving the response in jamesca_demo2.p12.

curl -X POST --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/octet-stream' -d 'password=1234&username=jamesca_demo2' 'https://testca.pkicloud.com/caapi/pickup' > jamesca_demo2.p12

Check the contents of your new keystore.

$ keytool -v -list -keystore jamesca_demo2.p12 -storetype PKCS12

$ openssl pkcs12 -in jamesca_demo2.p12



No comments:

Post a Comment