SSH Create CA
The API will create CA based on the given request.
Before you begin
- Proper values given in the request.
Request Structure
| Endpoint: | /ssh/ca/create |
| Type: | POST |
| Sample URL: | https://<IP/HostName/TenantName>:<GWPORT>/avxapi/ssh/ca/create?gwsource=externalTo understand the elements of the sample URL, click here. |
| Headers: | |
| Content-Type: | application/json |
| Name | Description |
|---|---|
| sessionId
|
(Mandatory) Session ID received after
login. Type: String Constraints: Required if username and password are not provided. |
| username
|
(Mandatory) AppViewX login username Type: String Constraints: Required if sessionId is not provided. |
| password
|
(Mandatory) AppViewX login password Type: String Constraints: Required if sessionId is not provided. |
| Content-Type
|
(Mandatory) Specifies the nature of the data in the
payload Type: String Constraints: The value of the param should be ‘application/json’. |
| gwsource
|
(Mandatory) Source from which the request is
triggered. (E.g. external) Type: String |
| Payload
|
(Mandatory) Contains all the parameters to be sent
in the request body for the post request Type: Payload |
Payload
| Name | Description |
|---|---|
| name | (Mandatory) Name of the CA Type: String |
| validityValue | (Mandatory) Validity of the
certificate Type: String |
| validityUnit | (Mandatory) Validity unit of the
certificate Type: String |
| caType | (Mandatory) Type of the CA Type: String |
| privateKeyStore | (Mandatory) Specifies where the private key will be
stored. Possible values:
Type: String |
| hsmDeviceName | If the privateKeyStore is HSM, then specify the HSM device name. For example: Fotranix, Entrust |
| comment | (Optional) Comments Type: String |
| bitLength | (Mandatory) Bit length for CA Type: String |
| algorithm | (Mandatory) Algorithm for CA Type: String |
Response Structure
200 OK returns string of type application/json with the following body params.
| Name | Description |
|---|---|
| response | Contains the response attributes for the CAs
Type: response |
| message | Success message of the action or failure description
in case of error. Will be non-null for failure
response Type: String |
| appStatusCode | Application-specific status code for the response.
Will be non-null for failure response Type: String |
| tags | More info in case of failure response |
| Name | Description |
|---|---|
| id | ID of the CA Type: String |
| name | Name of the CA Type: String |
| caType | CA Type of the CA Type: String |
| comment | Comment Type: String |
| renewEnabled | Renewal enabled for CA Type: String |
| publicKey | Public key of the CA Type: String |
| keyRevocationListStatus | KRL status of the CA Type: String |
| algorithm | Algorithm of the CA Type: String |
| bitLength | Bit length of the CA Type: String |
| validityValue | Validity of the certificate Type: String |
| validityUnit | Validity unit of the CA Type: String |
| expiryDate | Expiry date of the CA Type: String |
Status Codes
| HTTP Status code | appStatusCode | Message and Possible remediation |
|---|---|---|
| 200 OK | NA | Success |
| 401 Unauthorized | AVX_GW_003 | Authentication failed, reason - Invalid
Credentials Possible remediation: Ensure that valid username and password or valid sessionId is provided as the header param. |
| 400 Bad Request | ERR-SSH_NB-262 | Invalid Key Algorithm or BitLength Possible remediation: Make sure to provide proper key type and bit length |
| ERR-SSH_NB-212 | CA name already exists Possible remediation: Please make sure to provide different CA name |
|
| ERR-SSH_NB-273 | Certificate validity end cannot be past date Possible remediation: Make sure to give the certificate validity in future |
|
| ERR-SSH-NB-323 | Invalid CA Key Storage Location. Possible remediation: Please make sure to provide the available HSM setting name |
|
| 500 Internal Server Error | ERR-SSH-NB-466 | Exception while HSM CA Key Generation. Possible remediation: Recheck the HSM connectivity or Provide a valid CA details |
Sample Request/Response
To create CA using create_CA API.
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/ssh/ca/create?gwsource=external{
"name": "test-ssh.user.ca",
"validityValue": "12",
"validityUnit": "months",
"caType": "user",
"privateKeyStore": "APPVIEWX",
"comment": "This is a sample env user CA",
"bitLength": "256",
"algorithm": "ECDSA"
}
{
"response": {
"id": "664fc8ea0eea9f4a4438d1f0",
"name": "dev-ssh.user.ca",
"validityValue": 12,
"validityUnit": "months",
"caType": "User",
"comment": "This is a sample env user CA",
"renewEnabled": false,
"publicKey": "dummy key",
"cryptKeyForPublicKey": "dummy key",
"keyRevocationListStatus": "Not created",
"algorithm": "ECDSA",
"bitLength": 256,
"status": "Active",
"expiryDate": 1748044799000
},
"message": "Success",
"appStatusCode": "SSH-NB-200",
"tags": {},
"headers": null
}
Reference
- IP/HostName/TenantName: Replace with the actual IP address, hostname,
or tenant name based on the specific configuration in AppViewX.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
The IP address will be included in the endpoint URL for an on-prem deployment.
- HostName: A human-readable label assigned to a device (host)
on a network
The hostname will be included in the endpoint URL for an on-prem deployment.
- TenantName: An identifier label for a tenant given to
indicate which tenant's data the API request will
access/modify
The tenant name will be included in the endpoint URL for a SaaS deployment.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
- GWPORT: AppViewX gateway port A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.Note: GWPORT is not required for SaaS setups.
Example: 31443
- avxapi: Path parameter value (static) that is part of the endpoint's URL
- Endpoint: Endpoint of the API, for example: /ssh/host/create
- gwsource: Source or origin of a gateway, for example: external.
