This assumes Kong has been secured with Role Based Access Control (RBAC) and you have created your Kong-Admin-Token. The following curl command can be used to list the endpoints that can be used with the API.
curl --header "Kong-Admin-Token: abc123" --request GET "https://kong.example.com/endpoints"
Something like this should be returned. Notice that the /certificates endpoint can be used.
{
"data": [
"/",
"/acls",
"/acls/{acls}",
"/acls/{acls}/consumer",
"/certificates",
"/certificates/{certificates}",
"/certificates/{certificates}/services",
"/certificates/{certificates}/services/{services}",
"/certificates/{certificates}/snis",
"/certificates/{certificates}/snis/{snis}",
"/certificates/{certificates}/upstreams",
"/certificates/{certificates}/upstreams/{upstreams}"
]
}
The following curl command can be used to list every workspace.
curl --header "Kong-Admin-Token: abc123" --request GET "https://kong.example.com/certificates"
Something like this should be returned.
{
"data": [
{
"cert": "-----BEGIN CERTIFICATE-----\nabc123...==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nxyz2123...==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\ngbf345...=\n-----END CERTIFICATE-----",
"cert_alt": null,
"created_at": 1560792466,
"id": "8e252703-4ef2-40d1-85cd-1262c5cb35f4",
"key": "-----BEGIN RSA PRIVATE KEY-----\nabc123...\n-----END RSA PRIVATE KEY-----",
"key_alt": null,
"snis": [
"internal.example.com",
"external.example.com"
],
"tags": null
}
],
"next": null
}
Or, a specific certificate can be listed by including the ID of the certificate.
curl --header "Kong-Admin-Token: abc123" --request GET "https://kong.example.com/certificates/8e252703-4ef2-40d1-85cd-1262c5cb35f4"
Here is how you would update the certificate object to have a new public certificate and private key using PATCH. With PATCH, only the fields specified will be updated (cert and key in this example). For example, the certificate object should also have the cert_alt, key_alt, snis, and tags fields, and these files will not be impacted with PATCH.
curl --header "Kong-Admin-Token: abc123" --header "Content-Type: application/json" --request PATCH "https://kong.example.com/certificates/8e252703-4ef2-40d1-85cd-1262c5cb35f4" --data '{ "cert": "your public certificates data goes here", "key": "your private key data goes here" }'
Here is how you would update the certificate object to have a new public certificate and private key using PUT. With PUT, if you don't specify a value for each field, the value will be set to null. For example, if you don't specify snis, then snis will be set to null.
curl --header "Kong-Admin-Token: abc123" --header "Content-Type: application/json" --request PATCH "https://kong.example.com/certificates/8e252703-4ef2-40d1-85cd-1262c5cb35f4" --data '{ "cert": "your public certificates data goes here", "key": "your private key data goes here" }'
By default, the public certificate and private key files are formatted with the lines wrapped liked this.
-----BEGIN CERTIFICATE-----
MIIGQDCCBSigAwIBAgITTQAAB8yljYYGZdgB7QABAAAHzDANBgkqhkiG9w0BAQsF
ADBKMRMwEQYKCZImiZPyLGQBGRYDY29tMRswGQYKCZImiZPyLGQBGRYLVGhyaXZl
bnRTdGcxFjAUBgNVBAMTDVRocml2ZW50U3RnQ0EwHhcNMjIwODI0MDU0ODM3WhcN
-----END CERTIFICATE-----
When passing the public certificate and private key data in using the API, the data must be in a single lines with new lines represented by the literal \n character. Here are a couple articles I have that explain how to replace new lines with the literal \n character.
- Bash (Scripting) - new lines \n and carriage returns \r
- Perl (Scripting) - new lines \n and carriage returns \r
-----BEGIN CERTIFICATE-----\nMIIGQDCCBSigAwIBAgITTQAAB8yljYYGZdgB7QABAAAHzDANBgkqhkiG9w0BAQsF\nADBKMRMwEQYKCZImiZPyLGQBGRYDY29tMRswGQYKCZImiZPyLGQBGRYLVGhyaXZl\nbnRTdGcxFjAUBgNVBAMTDVRocml2ZW50U3RnQ0EwHhcNMjIwODI0MDU0ODM3WhcN\n-----END CERTIFICATE-----
Did you find this article helpful?
If so, consider buying me a coffee over at 