FreeKB - Broadcom API Gateway Private Key Templates using the Gateway Migration Utility (GMU)
Broadcom API Gateway - Private Key Templates using the Gateway Migration Utility (GMU)

This assumes you are familiar with the basic usage of the Gateway Migration Utility. Let's say you want to create, import or export a private key. The following command can be used to display the private key templates.

/path/to/GatewayMigrationUtility.sh restman
-host apig.example.com
-port 8443
-username john.doe
-password f5VPX0yUJPg.m4BrjdgMv84UgktddJD3xA
-method GET
-path '1.0/privateKeys/template'

 

Or the -argFile option can be used, to reduce the number of options that are used on the command line.

/path/to/GatewayMigrationUtility.sh restman
-argFile example.properties
-method GET
-path '1.0/privateKeys/template'

 

Something like this should be returned. Notice here there are there templates.

  • <l7:Link rel="templatePrivateKeyImport" uri="https://apig.example.com:8443/restman/1.0/privateKeys/template/privatekeyimportcontext"/>
  • <l7:Link rel="templatePrivateKeyExport" uri="https://apig.example.com:8443/restman/1.0/privateKeys/template/privatekeyexportcontext"/>
  • <l7:Link rel="templatePrivateKeyCreation" uri="https://apig.example.com:8443/restman/1.0/privateKeys/template/privatekeycreationcontext"/>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Item xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Name>SSG_KEY_ENTRY Template</l7:Name>
    <l7:Type>SSG_KEY_ENTRY</l7:Type>
    <l7:TimeStamp>2021-05-24T20:44:47.437-05:00</l7:TimeStamp>
    <l7:Link rel="self" uri="https://dbwsvmz010.thrivent.com:8443/restman/1.0/privateKeys/template"/>
    <l7:Link rel="list" uri="https://apig.example.com:8443/restman/1.0/privateKeys"/>
    <l7:Link rel="templatePrivateKeyImport" uri="https://apig.example.com:8443/restman/1.0/privateKeys/template/privatekeyimportcontext"/>
    <l7:Link rel="templatePrivateKeyExport" uri="https://apig.example.com:8443/restman/1.0/privateKeys/template/privatekeyexportcontext"/>
    <l7:Link rel="templatePrivateKeyCreation" uri="https://apig.example.com:8443/restman/1.0/privateKeys/template/privatekeycreationcontext"/>
    <l7:Resource>
        <l7:PrivateKey alias="TemplateAlias" keystoreId="TemplateKeystoreID">
            <l7:CertificateChain>
                <l7:CertificateData>
                    <l7:IssuerName>CN=issuerName</l7:IssuerName>
                    <l7:SerialNumber>123</l7:SerialNumber>
                    <l7:SubjectName>CN=subjectName</l7:SubjectName>
                    <l7:Encoded>ZW5jb2RlZA==</l7:Encoded>
                </l7:CertificateData>
            </l7:CertificateChain>
            <l7:Properties>
                <l7:Property key="keyAlgorithm">
                    <l7:StringValue>RSA</l7:StringValue>
                </l7:Property>
            </l7:Properties>
        </l7:PrivateKey>
    </l7:Resource>
</l7:Item>

 

Let's say you want to import a private key. The follow command can be used to get the template for an import.

/path/to/GatewayMigrationUtility.sh restman
-argFile example.properties
-method GET
-path '1.0/privateKeys/template/privatekeyimportcontext'

 

Something like this should be returned, whcih shows the XML that would be used when importing a private key.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Item xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Name>PrivateKeyImportContext Template</l7:Name>
    <l7:Type>PrivateKeyImportContext</l7:Type>
    <l7:TimeStamp>2021-05-24T20:49:23.844-05:00</l7:TimeStamp>
    <l7:Link rel="self" uri="https://apig.example.com:8443/restman/1.0/privateKeys/template/privatekeyimportcontext"/>
    <l7:Resource>
        <l7:PrivateKeyImportContext>
            <l7:Pkcs12Data>a2V5RGF0YQ==</l7:Pkcs12Data>
            <l7:Alias>keyAlias</l7:Alias>
            <l7:Password>password</l7:Password>
        </l7:PrivateKeyImportContext>
    </l7:Resource>
</l7:Item>

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter f29d8 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |