Bootstrap FreeKB - Broadcom API Gateway - Update Identity Provider certificate using the Gateway Migration Utility
Broadcom API Gateway - Update Identity Provider certificate using the Gateway Migration Utility
Updated:   |  Broadcom API Gateway articles

This assumes you are familiar with the basic usage of the Gateway Migration Utility. Let's say you want to use the Gateway Migration Utility to update an Identity Provider users certificate. First, let's use the Gateway Migration Utility to display the certificate being used by the Identity Provider user.

/path/to/GatewayMigrationUtility.sh restman
-host apig.example.com
-port 8443
-username john.doe
-password f5VPX0yUJPg.m4BrjdgMv84UgktddJD3xA
-method GET
-path '1.0/identityProviders/0000000000000000fffffffffffffffe/users/a51237cc16c31b69edd66bb1e7243219/certificate'

 

Something like this should be returned. In this example, the Identity Provider user is using the foo.example.com certificate.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Item xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
    <l7:Name>CN%3Dfoo.example.com%2COU%3DExample%2CO%3DExample%2CL%3DAppleton%2CST%3DWI%2CC%3DUS Certificate Data</l7:Name>
    <l7:Id>a51237cc16c31b69edd66bb1e7243219</l7:Id>
    <l7:Type>USERCertificateData</l7:Type>
    <l7:TimeStamp>2020-08-29T20:43:37.349-05:00</l7:TimeStamp>
    <l7:Link rel="template" uri="https://api.example.com:8443/restman/1.0/identityProviders/0000000000000000fffffffffffffffe/users/template"/>
    <l7:Link rel="list" uri="https://api.example.com:8443/restman/1.0/identityProviders/0000000000000000fffffffffffffffe/users"/>
    <l7:Resource>
        <l7:CertificateData>
            <l7:IssuerName>CN%3Dwww.example.com%2COU%3DExample%2CO%3A+Example%2CL%3DAppleton%2CST%3DWI%2CC%3DUS</l7:IssuerName>
            <l7:SerialNumber>16213933083534032896</l7:SerialNumber>
            <l7:SubjectName>CN%3Dfoo.example.com%2COU%3DExample%2CO%3DExample%2CL%3DAppleton%2CST%3DWI%2CC%3DUS</l7:SubjectName>
            <l7:Encoded>MIIJIjCCCAqgAwIBAgIJAOEDdjwAAAAAMA0GCSqGSIb3DQEBDQUAMHExC...</l7:Encoded>
        </l7:CertificateData>
    </l7:Resource>
</l7:Item>

 

Let's say you want to update this user to use the bar.example.com certificate. Assuming your have access to the bar.example.com.cer file, on a Linux system, the following command can be used to get the encoded data from the bar.example.com.cer file.

~]$ cat bar.example.com.cer | grep -v "CERTIFICATE" | sed ':label; N; $! b label; s|\n||g'
MIIDPjCCAiYCCQCKS/krZSdRvzANBgkqhkiG9w0BAQ0FADBhMQswCQYDVQQGEwJVUzELMAkGA1UE...

 

Create an XML file that will be used for the import.

touch import.xml

 

Add the following to the XML file.

<l7:CertificateData xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
  <l7:Encoded>MIIDPjCCAiYCCQCKS/krZSdRvzANBgkqhkiG9w0BAQ0FADBhMQswCQYDVQQGEwJVUzELMAkGA1UE...</l7:Encoded>
</l7:CertificateData>

 

Then issue this command. Notice here that "bar.example.com" is used. This will be the alias name that is displayed  at "Manage Private Keys" in the API Gateway GUI.

/path/to/GatewayMigrationUtility.sh restman
-host apig.example.com
-port 8443
-username john.doe
-password f5VPX0yUJPg.m4BrjdgMv84UgktddJD3xA
-method PUT
-path '1.0/identityProviders/0000000000000000fffffffffffffffe/users/a51237cc16c31b69edd66bb1e7243219/certificate'
-request import.xml

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter d473db in the box below so that we can be sure you are a human.