Creating a certificate for provisioning
Problem
You want to create a provisioning certificate for Device objects that are already in Trust Protection Platform. An additional Application object provides provisioning information for the device.
Solution
The Certificates/Request add the devices and specify the provisioning drivers. If Auto Provisioning is enabled, use another Web SDK application object such as Apache application object or F5 LTM Advanced application object. Then associate the Application to the Certificate object. Be sure to assign the driver name to the device.
Time Estimate
About 60 mins
To create a certificate for provisioning
-
Reuse or create a bearer token that include the scope certificate:manage.The bear token grants your client access to Trust Protection Platform.
To get a bearer token, see Getting a token. For each subsequent API call, be sure to include the token in the request header. -
In the UI, be sure to have a Policy folder for the certificate and the devices. and your CA Template that holds the credential for getting the certificate.
-
Call POST Certificates/Request to allow Trust Protection Platform to immediately provision the certificate in four different formats (GSK, JKS, PEM, and PKCS#12) to the same device. For example:
CopyJSONPOST https://tpp.venafi.example/vedsdk/Certificates/Request
Authorization:Bearer 4MyGeneratedBearerTknz==
{
"PolicyDN":"\\VED\\Policy\\Certificates",
"ObjectName":"provisioning-by-api.venafi.example",
"Subject":"provisioning-by-api.venafi.example",
"SubjectAltNames":[
{
"TypeName":"DNS",
"Name":"jks.venafi.example"
}
],
"ManagementType":"Provisioning",
"SetWorkToDo":"true",
"Devices":[
{
"PolicyDN":"\\VED\\Policy\\Endpoints",
"ObjectName":"LINUX",
"Host":"192.168.1.100",
"CredentialDN":"\\VED\\Policy\\Credentials\\root-passw0rd",
"Applications":[
{
"ObjectName":"JKS",
"Class":"JKS",
"DriverName":"appjks",
"ClassSpecificAttributes":[
{
"Name":"Certificate Label",
"Value":"miami"
},
{
"Name":"Key Store",
"Value":"/opt/pki/miami.jks"
},
{
"Name":"Key Store Credential",
"Value":"\\VED\\Policy\\Credentials\\passw0rd"
},
{
"Name":"Private Key Password Credential",
"Value":"\\VED\\Policy\\Credentials\\passw0rd"
},
{
"Name":"Version",
"Value":"Java 1.8"
}
]
}
]
}
]
}CopyPowershell$body = "{
`"PolicyDN`":`"`\`\VED`\`\Policy`\`\Certificates`",
`"ObjectName`":`"provisioning-by-api.venafi.example`",
`"Subject`":`"provisioning-by-api.venafi.example`",
`"SubjectAltNames`":[
{
`"TypeName`":`"DNS`",
`"Name`":`"gsk.venafi.example`"
},
{
`"TypeName`":`"DNS`",
`"Name`":`"jks.venafi.example`"
},
{
`"TypeName`":`"DNS`",
`"Name`":`"pem.venafi.example`"
},
{
`"TypeName`":`"DNS`",
`"Name`":`"p12.venafi.example`"
},
{
`"TypeName`":`"IPAddress`",
`"Name`":`"192.168.1.100`"
}
],
`"ManagementType`":`"Provisioning`",
`"SetWorkToDo`":true,
`"Devices`":[
{
`"PolicyDN`":`"`\`\VED`\`\Policy`\`\Endpoints`",
`"ObjectName`":`"LINUX`",
`"Host`":`"192.168.1.100`",
`"CredentialDN`":`"`\`\VED`\`\Policy`\`\Credentials`\`\root-passw0rd`",
`"Applications`":[
{
`"ObjectName`":`"GSK`",
`"Class`":`"GSK`",
`"DriverName`":`"appgsk`",
`"ClassSpecificAttributes`":[
{
`"Name`":`"Certificate Label`",
`"Value`":`"miami`"
},
{
`"Name`":`"Key Store`",
`"Value`":`"/opt/pki/miami.kdb`"
},
{
`"Name`":`"Key Store Credential`",
`"Value`":`"`\`\VED`\`\Policy`\`\Credentials`\`\!omepassw0rd`"
},
{
`"Name`":`"Store Type`",
`"Value`":`"CMS`"
},
{
`"Name`":`"Version`",
`"Value`":`"GSK 8.0`"
}
]
},
{
`"ObjectName`":`"JKS`",
`"Class`":`"JKS`",
`"DriverName`":`"appjks`",
`"ClassSpecificAttributes`":[
{
`"Name`":`"Certificate Label`",
`"Value`":`"miami`"
},
{
`"Name`":`"Key Store`",
`"Value`":`"/opt/pki/miami.jks`"
},
{
`"Name`":`"Key Store Credential`",
`"Value`":`"`\`\VED`\`\Policy`\`\Credentials`\`\passw0rd`"
},
{
`"Name`":`"Private Key Password Credential`",
`"Value`":`"`\`\VED`\`\Policy`\`\Credentials`\`\passw0rd`"
},
{
`"Name`":`"Version`",
`"Value`":`"Java 1.8`"
}
]
},
{
`"ObjectName`":`"PEM`",
`"Class`":`"PEM`",
`"DriverName`":`"apppem`",
`"ClassSpecificAttributes`":[
{
`"Name`":`"Certificate File`",
`"Value`":`"/opt/pki/miami.crt`"
},
{
`"Name`":`"Private Key File`",
`"Value`":`"/opt/pki/miami.key`"
},
{
`"Name`":`"Certificate Chain File`",
`"Value`":`"/opt/pki/miami.chain`"
}
]
},
{
`"ObjectName`":`"P12`",
`"Class`":`"PKCS#12`",
`"DriverName`":`"apppkcs12`",
`"ClassSpecificAttributes`":[
{
`"Name`":`"Certificate File`",
`"Value`":`"/opt/pki/miami.p12`"
},
{
`"Name`":`"Friendly Name`",
`"Value`":`"miami`"
},
{
`"Name`":`"Private Key Password Credential`",
`"Value`":`"`\`\VED`\`\Policy`\`\Credentials`\`\passw0rd`"
}
]
}
]
}
]
}"
Write-Output $body
$result = Invoke-RestMethod -Headers $headers -Uri $RestRequest -Method Post -Body $body -ContentType 'application/json'
$result | ConvertTo-Json
Write-Output $resultCopyPython# === Certificate/Request for Provision
url = uri + "/vedsdk/Certificates/Request"
payload = {
"PolicyDN": "\\VED\\Policy\\Certificates",
"ObjectName": "provisioning-by-api.venafi.example",
"Subject": "provisioning-by-api.venafi.example",
"SubjectAltNames": [
{
"TypeName": "DNS",
"Name": "gsk.venafi.example"
},
{
"TypeName": "DNS",
"Name": "jks.venafi.example"
},
{
"TypeName": "DNS",
"Name": "pem.venafi.example"
},
{
"TypeName": "DNS",
"Name": "p12.venafi.example"
},
{
"TypeName": "IPAddress",
"Name": "192.168.1.100"
}
],
"ManagementType": "Provisioning",
"SetWorkToDo": False,
"Devices": [
{
"PolicyDN": "\\VED\\Policy\\Endpoints",
"ObjectName": "LINUX",
"Host": "192.168.1.100",
"CredentialDN": "\\VED\\Policy\\Credentials\\root-passw0rd",
"Applications": [
{
"ObjectName": "GSK",
"Class": "GSK",
"DriverName": "appgsk",
"ClassSpecificAttributes": [
{
"Name": "Certificate Label",
"Value": "miami"
},
{
"Name": "Key Store",
"Value": "/opt/pki/miami.kdb"
},
{
"Name": "Key Store Credential",
"Value": "\\VED\\Policy\\Credentials\\!omepassw0rd"
},
{
"Name": "Store Type",
"Value": "CMS"
},
{
"Name": "Version",
"Value": "GSK 8.0"
}
]
},
{
"ObjectName": "JKS",
"Class": "JKS",
"DriverName": "appjks",
"ClassSpecificAttributes": [
{
"Name": "Certificate Label",
"Value": "miami"
},
{
"Name": "Key Store",
"Value": "/opt/pki/miami.jks"
},
{
"Name": "Key Store Credential",
"Value": "\\VED\\Policy\\Credentials\\passw0rd"
},
{
"Name": "Private Key Password Credential",
"Value": "\\VED\\Policy\\Credentials\\passw0rd"
},
{
"Name": "Version",
"Value": "Java 1.8"
}
]
},
{
"ObjectName": "PEM",
"Class": "PEM",
"DriverName": "apppem",
"ClassSpecificAttributes": [
{
"Name": "Certificate File",
"Value": "/opt/pki/miami.crt"
},
{
"Name": "Private Key File",
"Value": "/opt/pki/miami.key"
},
{
"Name": "Certificate Chain File",
"Value": "/opt/pki/miami.chain"
}
]
},
{
"ObjectName": "P12",
"Class": "PKCS#12",
"DriverName": "apppkcs12",
"ClassSpecificAttributes": [
{
"Name": "Certificate File",
"Value": "/opt/pki/miami.p12"
},
{
"Name": "Friendly Name",
"Value": "miami"
},
{
"Name": "Private Key Password Credential",
"Value": "\\VED\\Policy\\Credentials\\passw0rd"
}
]
}
]
}
]
}
r = requests.post(url, headers=headerswToken, json=payload, verify=False)
data = r.json()
for key, value in data.items():
if key == "Guid":
CertGuid = value
#print(r.text)
gettoken()