Automate keystore generation using the PKI Cloud API

Let's generate a PKCS#12 (PFX) keystore using Curl commands!

After creating a free account, generating a CA and an API key, we will go to the Swagger page to test our key.

We're going to be using the /ca endpoint.

Enter your key in the Authorization field, using "Bearer <key>"

Click 'Try it out!' and see your response.


curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer eyAidHlwIjogIkpXVCIsICJhbGciOiAiUlMyNTYiIH0.eyAiYXV0aF90aW1lIjogMTQ4MDEwNzEyMSwgImV4cCI6IDE0ODAxMzExMjEsICJzdWIiOiAiamFtZXNtIiwgImF1ZCI6IFsgImNhYXBpIiBdLCAiaXNzIjogInRlc3RjYSIsICJpYXQiOiAxNDgwMTA3MTIxLCAianRpIjogIjEyMzNjMTQyLWFiNmUtNGY0NS05YjRjgfQ.PBzMWZvPKlQ2eniokxWwgnVRBa0oh8A8qRzECuZbmRKytYJ6hUUewIAHs7yHaMPutJNx5SbPo1cBlFF36_BURsvPU' ''

Request URL

Response Body

    "id": 1069394785,
    "name": "CN=James CA, O=James M, C=US"

Response Code


Now generate a new user for your CA. We'll just use Curl this time.
The user (certificate holder) has the ID 'jamesca_demo2' with (one time) password '1234'.
The certificate type is 'SSL Server'.

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Bearer eyAidHlwIjogIkpXVCIsICJhbGciOiAiUlMyNTYiIH0.eyAiYXV0aF90aW1lIjogMTQ4MDEwNzEyMSwgImV4cCI6IDE0ODAxMzExMjEsICJzdWIiOiAiamFtZXNtIiwgImF1ZCI6IFsgImNhYXBpIiBdLCAiaXNzIjogInRlc3RjYSIsICJpYXQiOiAxNDgwMTA3MTIxLCAianRpIjogIjEyMzNjMTQyLWFiNmUtNGY0NS05YjRjLTM2YThniokxWwgn' -d '{
  "caName": "CN=James CA, O=James M, C=US",
  "endEntityProfileName": "SSL Server",
  "certificateProfileName": "SSL Server",
  "keyRecoverable": true,
  "password": "abcd",
  "subjectDN": ",O=JamesM,C=US",
  "tokenType": "P12",
  "username": "jamesca_demo2"
}' ''

Use the user ID and password to get the keystore, saving the response in jamesca_demo2.p12.

curl -X POST --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/octet-stream' -d 'password=1234&username=jamesca_demo2' '' > jamesca_demo2.p12

Check the contents of your new keystore.

$ keytool -v -list -keystore jamesca_demo2.p12 -storetype PKCS12

$ openssl pkcs12 -in jamesca_demo2.p12

No comments:

Post a Comment