Creating a certificate for provisioning

Problem

You want to create a provisioning certificate for Device objects that are already in Trust Protection Platform. An additional Application object provides provisioning information for the device.

Solution

The Certificates/Request add the devices and specify the provisioning drivers. If Auto Provisioning is enabled, use another Web SDK application object such as Apache application object or F5 LTM Advanced application object. Then associate the Application to the Certificate object. Be sure to assign the driver name to the device.

Time Estimate

About 60 mins

To create a certificate for provisioning

  1. Reuse or create a bearer token that include the scope certificate:manage. The bearer token grants your client access to Trust Protection Platform.

    To get a bearer token, see Getting a token. For each subsequent API call, be sure to include the token in the request header.
  2. In the UI, be sure to have a Policy folder for the certificate and the devices. and your CA Template that holds the credential for getting the certificate.

  3. Call POST Certificates/Request to allow Trust Protection Platform to immediately provision the certificate in four different formats (GSK, JKS, PEM, and PKCS#12) to the same device. For example:

    Copy
    JSON
    POST https://tpp.venafi.example/vedsdk/Certificates/Request
    Authorization:Bearer 4MyGeneratedBearerTknz==
    {
       "PolicyDN":"\\VED\\Policy\\Certificates",
       "ObjectName":"provisioning-by-api.venafi.example",
       "Subject":"provisioning-by-api.venafi.example",
       "SubjectAltNames":[
          {
             "TypeName":"DNS",
             "Name":"jks.venafi.example"
          }
       ],
       "ManagementType":"Provisioning",
       "SetWorkToDo":"true",
       "Devices":[
          {
             "PolicyDN":"\\VED\\Policy\\Endpoints",
             "ObjectName":"LINUX",
             "Host":"192.168.1.100",
             "CredentialDN":"\\VED\\Policy\\Credentials\\root-passw0rd",
             "Applications":[
                {
                   "ObjectName":"JKS",
                   "Class":"JKS",
                   "DriverName":"appjks",
                   "ClassSpecificAttributes":[
                      {
                         "Name":"Certificate Label",
                         "Value":"miami"
                      },
                      {
                         "Name":"Key Store",
                         "Value":"/opt/pki/miami.jks"
                      },
                      {
                         "Name":"Key Store Credential",
                         "Value":"\\VED\\Policy\\Credentials\\passw0rd"
                      },
                      {
                         "Name":"Private Key Password Credential",
                         "Value":"\\VED\\Policy\\Credentials\\passw0rd"
                      },
                      {
                         "Name":"Version",
                         "Value":"Java 1.8"
                      }
                   ]
                }
             ]
          }
       ]
    }            
    Copy
    Powershell
    $body = "{
       `"PolicyDN`":`"`\`\VED`\`\Policy`\`\Certificates`",
       `"ObjectName`":`"provisioning-by-api.venafi.example`",
       `"Subject`":`"provisioning-by-api.venafi.example`",
       `"SubjectAltNames`":[
          {
             `"TypeName`":`"DNS`",
             `"Name`":`"gsk.venafi.example`"
          },
          {
             `"TypeName`":`"DNS`",
             `"Name`":`"jks.venafi.example`"
          },
          {
             `"TypeName`":`"DNS`",
             `"Name`":`"pem.venafi.example`"
          },
          {
             `"TypeName`":`"DNS`",
             `"Name`":`"p12.venafi.example`"
          },
          {
             `"TypeName`":`"IPAddress`",
             `"Name`":`"192.168.1.100`"
          }
       ],
       `"ManagementType`":`"Provisioning`",
       `"SetWorkToDo`":true,
       `"Devices`":[
          {
             `"PolicyDN`":`"`\`\VED`\`\Policy`\`\Endpoints`",
             `"ObjectName`":`"LINUX`",
             `"Host`":`"192.168.1.100`",
             `"CredentialDN`":`"`\`\VED`\`\Policy`\`\Credentials`\`\root-passw0rd`",
             `"Applications`":[
                {
                   `"ObjectName`":`"GSK`",
                   `"Class`":`"GSK`",
                   `"DriverName`":`"appgsk`",
                   `"ClassSpecificAttributes`":[
                      {
                         `"Name`":`"Certificate Label`",
                         `"Value`":`"miami`"
                      },
                      {
                         `"Name`":`"Key Store`",
                         `"Value`":`"/opt/pki/miami.kdb`"
                      },
                      {
                         `"Name`":`"Key Store Credential`",
                         `"Value`":`"`\`\VED`\`\Policy`\`\Credentials`\`\!omepassw0rd`"
                      },
                      {
                         `"Name`":`"Store Type`",
                         `"Value`":`"CMS`"
                      },
                      {
                         `"Name`":`"Version`",
                         `"Value`":`"GSK 8.0`"
                      }
                   ]
                },
                {
                   `"ObjectName`":`"JKS`",
                   `"Class`":`"JKS`",
                   `"DriverName`":`"appjks`",
                   `"ClassSpecificAttributes`":[
                      {
                         `"Name`":`"Certificate Label`",
                         `"Value`":`"miami`"
                      },
                      {
                         `"Name`":`"Key Store`",
                         `"Value`":`"/opt/pki/miami.jks`"
                      },
                      {
                         `"Name`":`"Key Store Credential`",
                         `"Value`":`"`\`\VED`\`\Policy`\`\Credentials`\`\passw0rd`"
                      },
                      {
                         `"Name`":`"Private Key Password Credential`",
                         `"Value`":`"`\`\VED`\`\Policy`\`\Credentials`\`\passw0rd`"
                      },
                      {
                         `"Name`":`"Version`",
                         `"Value`":`"Java 1.8`"
                      }
                   ]
                },
                {
                   `"ObjectName`":`"PEM`",
                   `"Class`":`"PEM`",
                   `"DriverName`":`"apppem`",
                   `"ClassSpecificAttributes`":[
                      {
                         `"Name`":`"Certificate File`",
                         `"Value`":`"/opt/pki/miami.crt`"
                      },
                      {
                         `"Name`":`"Private Key File`",
                         `"Value`":`"/opt/pki/miami.key`"
                      },
                      {
                         `"Name`":`"Certificate Chain File`",
                         `"Value`":`"/opt/pki/miami.chain`"
                      }
                   ]
                },
                {
                   `"ObjectName`":`"P12`",
                   `"Class`":`"PKCS#12`",
                   `"DriverName`":`"apppkcs12`",
                   `"ClassSpecificAttributes`":[
                      {
                         `"Name`":`"Certificate File`",
                         `"Value`":`"/opt/pki/miami.p12`"
                      },
                      {
                         `"Name`":`"Friendly Name`",
                         `"Value`":`"miami`"
                      },
                      {
                         `"Name`":`"Private Key Password Credential`",
                         `"Value`":`"`\`\VED`\`\Policy`\`\Credentials`\`\passw0rd`"
                      }
                   ]
                }
             ]
          }
       ]
    }"


    Write-Output $body
    $result = Invoke-RestMethod  -Headers $headers -Uri $RestRequest -Method Post -Body $body -ContentType 'application/json' 
    $result | ConvertTo-Json
    Write-Output $result 
    Copy
    Python
        # === Certificate/Request for Provision
        url = uri + "/vedsdk/Certificates/Request"
        payload =  {
                "PolicyDN": "\\VED\\Policy\\Certificates",
                "ObjectName": "provisioning-by-api.venafi.example",
                "Subject": "provisioning-by-api.venafi.example",
                "SubjectAltNames": [
                                  {
                                      "TypeName": "DNS",
                                      "Name": "gsk.venafi.example"
                                  },
                                  {
                                      "TypeName": "DNS",
                                      "Name": "jks.venafi.example"
                                  },
                                  {
                                      "TypeName": "DNS",
                                      "Name": "pem.venafi.example"
                                  },
                                  {
                                      "TypeName": "DNS",
                                      "Name": "p12.venafi.example"
                                  },
                                  {
                                      "TypeName": "IPAddress",
                                      "Name": "192.168.1.100"
                                  }
                              ],
        "ManagementType": "Provisioning",
        "SetWorkToDo": False,
        "Devices": [
            {
                "PolicyDN": "\\VED\\Policy\\Endpoints",
                "ObjectName": "LINUX",
                "Host": "192.168.1.100",
                "CredentialDN": "\\VED\\Policy\\Credentials\\root-passw0rd",
                "Applications": [
                    {
                        "ObjectName": "GSK",
                        "Class": "GSK",
                        "DriverName": "appgsk",
                        "ClassSpecificAttributes": [
                            {
                                "Name": "Certificate Label",
                                "Value": "miami"
                            },
                            {
                                "Name": "Key Store",
                                "Value": "/opt/pki/miami.kdb"
                            },
                            {
                                "Name": "Key Store Credential",
                                "Value": "\\VED\\Policy\\Credentials\\!omepassw0rd"
                            },
                            {
                                "Name": "Store Type",
                                "Value": "CMS"
                            },
                            {
                                "Name": "Version",
                                "Value": "GSK 8.0"
                            }
                        ]
                    },
                    {
                        "ObjectName": "JKS",
                        "Class": "JKS",
                        "DriverName": "appjks",
                        "ClassSpecificAttributes": [
                            {
                                "Name": "Certificate Label",
                                "Value": "miami"
                            },
                            {
                                "Name": "Key Store",
                                "Value": "/opt/pki/miami.jks"
                            },
                            {
                                "Name": "Key Store Credential",
                                "Value": "\\VED\\Policy\\Credentials\\passw0rd"
                            },
                            {
                                "Name": "Private Key Password Credential",
                                "Value": "\\VED\\Policy\\Credentials\\passw0rd"
                            },
                            {
                                "Name": "Version",
                                "Value": "Java 1.8"
                            }
                        ]
                    },
                    {
                        "ObjectName": "PEM",
                        "Class": "PEM",
                        "DriverName": "apppem",
                        "ClassSpecificAttributes": [
                            {
                                "Name": "Certificate File",
                                "Value": "/opt/pki/miami.crt"
                            },
                            {
                                "Name": "Private Key File",
                                "Value": "/opt/pki/miami.key"
                            },
                            {
                                "Name": "Certificate Chain File",
                                "Value": "/opt/pki/miami.chain"
                            }
                        ]
                    },
                    {
                        "ObjectName": "P12",
                        "Class": "PKCS#12",
                        "DriverName": "apppkcs12",
                        "ClassSpecificAttributes": [
                            {
                                "Name": "Certificate File",
                                "Value": "/opt/pki/miami.p12"
                            },
                            {
                                "Name": "Friendly Name",
                                "Value": "miami"
                            },
                            {
                                "Name": "Private Key Password Credential",
                                "Value": "\\VED\\Policy\\Credentials\\passw0rd"
                            }
                        ]
                    }
                ]
            }
        ]
        }

        r = requests.post(url, headers=headerswToken, json=payload, verify=False)

        data = r.json()
        for key, value in data.items():
            if key == "Guid":
                CertGuid = value
        #print(r.text)

    gettoken()