Push and Bind Certificate to a Server Profile

Before you Begin

Ensure the following before attempting to push and bind certificate to a firewall profile through AppViewX:

Server devices must be configured in AppViewX.
The devices should be in Managed state.
Approval is not required: Enable this mode by setting the ‘Certificate Requests Need Approval?’ flag to false in the Certificate Policy.
Approval is required: If the approval setting in the policy cannot be changed, users can approve specific requests by following the After you are done section.

Request Structure


Endpoint:	/certificate/pushToDevice
Type:	POST
Sample URL:	`https://<IP/HostName/TenantName>:<GWPORT>/avxapi/certificate/pushToDevice?gwsource=external` To understand the elements of the sample URL, click here.
Headers
Content-Type:	application/json

Table 1. Input Parameters
Name	Description
sessionId `Header`	(Mandatory) Session Id received after login. Type: String Constraint: Required if username and password are not provided.
username `Header`	(Mandatory) AppViewX login username. Type: String Constraint: Required if sessionId is not provided.
password `Header`	(Mandatory) AppViewX login password. Type: String Constraint: Required if sessionId is not provided.
Content-Type `Header`	(Mandatory) Specifies the nature of the data in the payload. Type: String Constraint: Value of the parameter should be ‘application/json’
gwkey `Query`	(Mandatory) Tenant Key. This is needed only in case of multi-tenant installations and can disregarded for other types of installations. Type: String
gwsource `Query`	(Mandatory) Source from which the request is triggered. (E.g. external) Type: String
Payload `Body`	Contains all the parameters to be included in the request body for the POST request. Type: Payload

Payload

Table 2. Payload
Name	Description
certificateId	(Mandatory) Resource id of the certificate. Type: String
selectedProfiles	(Mandatory) Server profile id. Type: String Constraint: If the profile connector is specified then certificate is pushed and bound to the profile, but if a default connector is specified then the certificate is only pushed.
certificateDetails	(Mandatory) Certificate details for the Firewall devices. Type: Any of the following type (as per the server device) - Refer the following: Certificate details for IIS Server Certificate details for Microsoft PC Server Certificate details for Microsoft Server Certificate details for Apache Linux Server Certificate details for Tomcat Server Certificate details for Weblogic Server Certificate details for Websphere Server Certificate details for IPlanet Server
pushDetails	(Optional) Other push details.
preValidationScriptPath `pushDetails`	(Optional) Location of the pre push script. Type: String
postValidationScriptPath `pushDetails`	(Optional) Location of the post push script. Type: String
overwrite `pushDetails`	(Optional) Indicates whether the certificate needs to be overwritten if already available. Type: Boolean Constraint: Enabled by default for IIS vendor.
pushAutomatically `pushDetails`	(Optional) Indicates whether the certificate needs to be pushed automatically when renewed. Type: Boolean

Table 3. Certificate details for IIS Server
Name	Description
locationType	(Mandatory) Specifies whether the certificate should be uploaded to the certificate store or the centralized file system. Type: String Constraints: The allowed values are Certificate store or File system.
keyStoreLocation	(Mandatory) When the locationType "Certificate store" is chosen, the keyStoreLocation determines the sub-store under which the certificate should be uploaded. Type: String Constraints: The allowed values are Personal or Web Hosting.
certificateLocation	(Optional) When the locationType "File system" is chosen, the certificateLocation specifies the actual folder location where the PFX file should be placed. Type: String Constraints: It is applicable only if the IIS server is managed with the centralized "file system". If the certificateLocation is left blank, the location specified during IIS server device addition is taken as the location.
certificateFileName	(Mandatory) The "certificate friendly name" under which the certificate should be stored in the Certificate store. In the case of a file system, it is the "certificate file name" with which the certificate should be stored in the file system. Type: String Constraints: The certificate file name should not start and end with special characters except @, #, $, %, ^, &, _, {, }, [, ], \|, :, <, >, (, ), ;, .
bindType	(Optional) Specifies whether the binding type is Update certificate binding only, Create new site binding, or Update site binding (port, hostname, SNI). Type: String Constraints: It is applicable for locationType as "Certificate store". The allowed values are Update certificate only, Update site binding, and Create new site binding.
IsSNIEnabled	(Optional) The Server Name Indication option to be mapped in IIS site binding. Type: Boolean Constraints: It is applicable when bindType is Update site binding or Create new site binding. It is also applicable for IIS versions >= 8.0.
hostName	(Optional) The hostname of the server that has to be updated in the site binding. Type: String Constraints: It is applicable when bindType is Update site binding or Create new site binding.
port	(Optional) The server port number that has to be updated in the site binding. Type: String Constraints: It is applicable when bindType is Update site binding or Create new site binding. This field is mandatory for for bindType Create new site binding. The allowed values are between 1-65535.
pushRootAndIntermediateCertificates	(Mandatory) Determines whether both Root and Intermediate certificate needs to be pushed. Type: Boolean

Table 4. Certificate details for Microsoft PC Server
Name	Description
certificateType	(Mandatory) Certificate type i.e. the format in which the certificate is to be pushed to the server device. Type: String Constraints: The allowed values are PKCS12-.pfx.
certificateFileName	(Mandatory) The "certificate friendly name" under which the certificate should be stored in the Certificate store. Type: String Constraints: The certificate file name should not start and end with special characters except @, #, $, %, ^, &, _, {, }, [, ], \|, :, <, >, (, ), ;, .
pfxPassword	(Mandatory) The temporary password used during a certificate push. Type: String Constraints: The value must be base64 encoded.
pushRootAndIntermediateCertificates	(Mandatory) Determines whether both Root and Intermediate certificate needs to be pushed. Type: Boolean

Table 5. Certificate details for Microsoft Server
Name	Description
certificateType	(Mandatory) Certificate type i.e. the format in which the certificate is to be pushed to the server device. Type: String Constraints: The possible values are PEM-.crt, PEM-.cer, PEM-.pem, DER-.cer, DER-.der, JKS-.jks, PKCS7-.p7b, PKCS7-.p7c, PKCS12-.p12, and PKCS12-.pfx.
pushLocation	(Mandatory) The folder location in which certificate and private key are pushed. Type: String
certificateFileName	(Mandatory) A user-defined file name for pushing the certificate into the Microsoft server. Type: String Constraints: The file name must be suffixed with the certificate format to be pushed e.g.: test.appviewx.com.pfx.
privateKeyFileName	(Mandatory) A user-defined file name for pushing the certificate into the Microsoft server. Type: String Constraints: The file name must be suffixed with the certificate format to be pushed, e.g.: test.appviewx.com.key. It is only applicable for types PEM-.crt, PEM-.cer, PEM-.pem, DER-.cer, DER-.der, PKCS7-.p7b, and PKCS7-.p7c.
pfxPassword	(Optional) The password of pfx/p12 file. Type: String Constraints: The value must be base64 encoded. It is only applicable for types PKCS12-pfx, and PKCS-p12.
aliasName	(Optional) The end entity certificate alias name for the jks file. Type: String Constraints: It is only applicable for JKS-.jkscertificate type.
keyStorePassword	(Optional) The jks file password. Type: String Constraints: The value must be base64 encoded. It is only applicable for types PKCS12-pfx, and PKCS-p12.
privateKeyPassword	(Optional) The private key entry password for the jks file. Type: String Constraints: The value must be base64 encoded. It is only applicable for types PKCS12-pfx, and PKCS-p12.
pushRootAndIntermediateCertificates	(Mandatory) Determines whether both Root and Intermediate certificate needs to be pushed. Type: Boolean Constraints:
rootCertificateFileName	(Mandatory) A user-defined file name for pushing the root certificate into the Microsoft server. Type: String Constraints: The root certificate file name should not begin or end with special characters. The special characters allowed are !, @, #, $, %, ^, &, _, {, }, [, ], \|, :, <, >, (, ), ;, . The root certificate file name should also be different from both the CA file name and the intermediate certificate file name.
intermediateCertificateFileName	(Mandatory) A user-defined file name for pushing the intermediate certificate into the Microsoft server. Type: String Constraints: The intermediate certificate file name should not begin or end with special characters. The special characters allowed are !, @, #, $, %, ^, &, _, {, }, [, ], \|, :, <, >, (, ), ;, . The intermediate certificate file name should also be different from both the certificate file name and the CA file name.

Table 6. Certificate details for Apache (Linux) Server
Name	Description
isManualPush	(Optional) If selected, users can customize the certificate and key push locations. Type: Boolean
certificateType	(Mandatory) Certificate type i.e. the format in which the certificate is to be pushed to the server device. Type: String Constraints: The possible values are PEM-.crt, PEM-.cer, and PEM-.pem.
certificateLocation	(Mandatory) User-defined location (including the directory name and file name) for the certificate to be pushed Type: String Constraints: The certificate file name should not begin or end with special characters except -, ., _. The CA file name should also be different from both the CA file name and the intermediate certificate file name.
keyLocation	(Mandatory) User defined location, including both, the directory and file name, for pushing the keys into the Tomcat Linux server Type: String Constraints: The key file name should not begin or end with special characters except -, ., _. . The private key file name should be same as the certificateFileName.
isRestartRequired	(Optional) Option to restart the service after the push operation. Type: Boolean
pushRootAndIntermediateCertificates	(Mandatory) Determines whether both Root and Intermediate certificate needs to be pushed. Type: Boolean
trustLocation	(Mandatory) A user-defined directory for pushing the root and intermediate certificate into the Apache server. Type: String Constraints: The root certificate file name should not begin or end with special characters. The special characters allowed are !, @, #, $, %, ^, &, _, {, }, [, ], \|, :, <, >, (, ), ;, . The CA file name should also be different from both the certificate file name and the CA file name.
rootCertificateFileName	(Optional) A user-defined file name for pushing the root certificate into the Apache server. Type: String Constraints: Mandatory when “pushRootAndIntermediateCertificates” is true. The root certificate file or bundle name should not begin or end with special characters. The special characters allowed are -, _, .. The root certificate file name should also be different from the certificate and intermediate certificate file name.
intermediateCertificateFileName	(Optional) A user-defined file name for pushing the intermediate certificate into the Apache server. Type: String Constraints: Mandatory when “pushRootAndIntermediateCertificates” is true. The intermediate certificate file or bundle name should not begin or end with special characters. The special characters allowed are -, _, .. The intermediate certificate file name should also be different from the certificate and root certificate file name.
privateKeyInDevice	(Optional) Determines whether users need to push the private key into the device. Type: Boolean

Table 7. Certificate details for Tomcat (Linux) Server
Name	Description
certificateType	(Mandatory) Certificate type i.e. the format in which the certificate is to be pushed to the server device. Type: String Constraints: The possible values are PEM-.crt, PEM-.cer, PEM-.pem, and JKS-.jks.
certificateLocation	(Mandatory) User-defined location (including the directory name and file name) for the certificate to be pushed Type: String Constraints: The certificate file name should not begin or end with special characters except -, ., _. The CA file name should also be different from both the CA file name and the intermediate certificate file name.
keyLocation	(Mandatory) User defined location, including both, the directory and file name, for pushing the keys into the Tomcat Linux server Type: String Constraints: The key file name should not begin or end with special characters except -, ., _. . The private key file name should be same as the certificateFileName.
keyStoreLocation	(Mandatory) A user-defined store location for pushing the keys and certificates into the Tomcat server. Type: String Constraints: It is applicable for certificate type JKS-.jks. Enter the keystore location with the extension as .jks or .keystore.
keyStorePassword	(Mandatory) The .jks file password. Type: String Constraints: It is applicable for certificate type JKS-.jks.
aliasName	(Optional) The end entity certificate alias name for the jks file. Type: String Constraints: It is applicable for certificate type JKS-.jks.
privateKeyInDevice	(Optional) Determines whether the private key needs to be pushed to the device. Type: Boolean Constraints: It is applicable for certificate type JKS-.jks.
privateKeyLocation	(Optional) A user-defined directory for pushing the private keys into the Tomcat server. Type: String Constraints: It is mandatory if “privateKeyInDevice” is true and is applicable only for certificate type JKS-.jks.
pushRootAndIntermediateCertificates	(Optional) Determines whether the root and intermediate certificate needs to be pushed to the device. Type: Boolean Constraints: It is applicable for all certificate types.
rootCertificateFileName	(Optional) A user-defined file name for pushing the root certificate into the Tomcat server. Type: String Constraints: Mandatory when “pushRootAndIntermediateCertificates” is true. The root certificate file or bundle name should not begin or end with special characters except -, _, .. The root certificate file name should also be different from the certificate and intermediate certificate file name.
intermediateCertificateFileName	(Optional) A user-defined file name for pushing the intermediate certificate into the Apache server. Type: String Constraints: Mandatory when “pushRootAndIntermediateCertificates” is true. The intermediate certificate file or bundle name should not begin or end with special characters except -, _, .. The intermediate certificate file name should also be different from the certificate and root certificate file name.
trustStoreLocation	(Optional) A user-defined store location for pushing the CA certificates into the device. Type: String Constraints: Mandatory when “pushRootAndIntermediateCertificates” is true. It is applicable for certificate type JKS-.jks. Provide the truststore location with the extension as .jks or .truststore.
trustStorePassword	(Optional) The .jks file password. Type: String Constraints: It is applicable for certificate type JKS-.jks.

Table 8. Certificate details for Websphere Server
Name	Description
isManualPush	(Optional) If selected, users can customize the certificate and key push locations. Type: Boolean
certificateType	(Mandatory) Certificate type i.e. the format in which the certificate is to be pushed to the server device. Type: String Constraints: The possible values are JKS-.jks, and PKCS12-.p12.
keyStoreLocation	(Mandatory) A user-defined store location for pushing the keys and certificates into the server device. Type: String Constraints: Enter the keystore location with the extension as .jks or .keystore.
keyStorePassword	(Optional) The jks file password. Type: String Constraints: Keystore password must have at least 6 characters.
trustStoreLocation	(Mandatory) A user-defined store location for pushing the CA certificates into the server device. Type: String Constraints: Provide the truststore location with the extension as .jks or .truststore. It is applicable only for certificate type JKS-.jks.
trustStorePassword	(Optional) The .jks file password. Type: String Constraints: Truststore password must have at least 6 characters. It is applicable only for certificate type JKS-.jks.
privateKeyInDevice	(Optional) Determines whether the private key needs to be pushed to the device. Type: Boolean
keyLocation	(Optional) A user-defined key directory name for pushing the keys into the server device. Type: String
aliasName	(Optional) The end entity certificate alias name for the jks file. Type: String Constraints: It is applicable for certificate type JKS-.jks.

Table 9. Certificate details for Weblogic Server
Name	Description
isManualPush	(Optional) If selected, users can customize the certificate and key push locations. Type: Boolean
certificateType	(Mandatory) Certificate type i.e. the format in which the certificate is to be pushed to the server device. Type: String Constraints: The possible values are JKS-.jks.
keyStoreLocation	(Mandatory) A user-defined store location for pushing the keys and certificates into the server device. Type: String Constraints: Enter the keystore location with the extension as .jks or .keystore.
keyStorePassword	(Optional) The jks file password. Type: String Constraints: Keystore password must have at least 6 characters.
trustStoreLocation	(Mandatory) A user-defined store location for pushing the CA certificates into the server device. Type: String Constraints: Provide the truststore location with the extension as .jks or .truststore. It is applicable only for certificate type JKS-.jks.
trustStorePassword	(Optional) The .jks file password. Type: String Constraints: Truststore password must have at least 6 characters.
privateKeyInDevice	(Optional) Determines whether the private key needs to be pushed to the device. Type: Boolean
keyLocation	(Optional) A user-defined key directory name for pushing the keys into the server device. Type: String
aliasName	(Optional) The end entity certificate alias name for the jks file. Type: String Constraints: It is applicable for certificate type JKS-.jks.

Table 10. Certificate details for IPlanet Server
Name	Description
isManualPush	(Optional) If selected, users can customize the certificate and key push locations. Type: Boolean
certificateType	(Mandatory) Certificate type i.e. the format in which the certificate is to be pushed to the server device. Type: String Constraints: The possible values are PKCS12-.pfx.
dbPath	(Mandatory) The database location for pushing the certificates into the server device. Type: String
dbPassword	(Optional) Password required to import certificates to database in server. Type: String
isRestartRequired	(Optional) Option to restart the service after the push operation. Type: Boolean
privateKeyInDevice	(Optional) Determines whether the private key needs to be pushed to the device. Type: Boolean
keyLocation	(Optional) A user-defined key directory name for pushing the keys into the server device. Type: String

Response Structure

Response returns string of type application/json with the following body parameters:

Table 11. Parameters
Name	Description
response	Contains the response attributes.
requestId `response`	Request Id for push action for the application connector. Type: String
connectorId `response`	Application connector Id. Type: String
message	Success message or failure description in case of error. Type: String
appStatusCode	Application specific status code for the response. It is a non-null value for a failure response. Type: String
tags	Additional information in case of failure response.

Status Codes


HTTP Code	appStatusCode	Response Message
202 Accepted	NA	1 connector(s) saved and push operation has been triggered.
401 Unauthorized	AVX_GW_003	Authentication failed, reason - Invalid Credentials. Remediation: Ensure that valid username and password or valid sessionId is provided as header parameters.
400 Bad Request	MANDATORY_FIELD_MISSING	Mandatory field is missing or invalid - <<field name>> Remediation: Ensure that a valid value is provided for the <<field name>> field in the request.
400 Bad Request	INVALID_REQUEST	selectedProfiles parameter is already available in the specified certificate. Remediation: Provide a different value for the selectedProfiles field.
404 Not Found	NO_RECORDS_FOUND	No matching records found - certificate not found. Remediation: Provide a correct value for the field certificateId.
417 Expectation failed	FIELD_VALUE_INVALID	Invalid value - <<field name>> Remediation: Ensure that a valid value is provided for the <<field name>> field in the request.
417 Expectation failed	CERT-APP-0016	Connector with profiles {} already exists. Remediation: A profile connector is already available for the selected certificate. Change the certificateId or delete the existing connector.
500 Internal Server Error	avx-common-011	Error while processing.

Sample Request/Response

Request Payload

{
 "certificateDetails": {
 "certificateType": "PEM-.pem",
 "certificateName": "testfile",
 "pushRootAndIntermediateCertificates": true,
 "rootCertificateFileName": "testrootfile.pem",
 "intermediateCertificateFileName": [
 "testinterfilelevel1.pem"
 ]
 },
 "pushDetails": {
 "preValidationScriptPath": "",
 "postValidationScriptPath": "",
 "overwrite": false,
 "pushAutomatically": false
 },
 "certificateId": "5f5b1fac77534426423bab57",
 "selectedProfiles": [
 "xxx.xxx.xx.xxx:@Template_001:@shared:@IKE Gateway Profile:@TEST"
 ]
 }

Response

{
 "response": [
 {
 "requestId": "3",
 "connectorId": "xxx.xxx.xx.xxx:@Template_001:@shared:@IKE Gateway Profile:@TEST:@389ed6f96387e3002cc6ac0678c07ffe70459abf"
 }
 ],
 "message": "1 connector(s) saved and push operation has been triggered.",
 "appStatusCode": null,
 "tags": {},
 "headers": null
 }

Sample Request/Response for Apache (Linux) Server

Request Payload

 {
 "certificateDetails": {
    "useExistingConfiguration": false,
    "certificateType": "PEM-.crt",
    "certificateLocation": "/home/appviewx/server_03122024.crt",
    "keyLocation": "/tmp/apache/test.key",
    "isRestartRequired": false,
    "pushRootAndIntermediateCertificates": false,
    "privateKeyInDevice": false,
    "privateKeyLocation": "",
    "certificateTags": {},
    "intermediateCertificateFileName": []
  },
 "certificateId": "605dbd66ccb1c49e108e67e6",
 "selectedProfiles": [
 "ApacheLinux:@/etc/apache2:@_default_:@443:@/etc/apache2/sites-available/default-ssl.conf"
 ]
 }

Response

 {
"response":[
 {
 "requestId":"54",
 "connectorId":"ApacheLinux:@/etc/apache2:@_default_:@443:@/etc/apache2/sites-available/default-ssl.conf:@51fb6d24534926ea1d89d32bfe59b25c26d84b5e"
 }
 ],
 "message":"1 connector(s) saved and push operation has been triggered.",
 "appStatusCode":null,
 "tags":{
 },
 "headers":null
 }

Note:

The above sample request and response can be followed for all three certificate types (PEM-.crt, PEM-.cer, PEM-.pem) for the Apache server.
The certificateId in the above request can be found using the search API with parameters such as commonName, serialNumber or other search parameters.
The resourceId present in Search API response is equivalent to the certificateId here.

Sample Request/Response for IPlanet Server

Request Payload

 {
 "certificateDetails": {
 "isManualPush":true,
 "certificateType": "PKCS12-.pfx",
 "dbPath": "/opt/automation/db",
 "dbPassword": "YXBwd==26",
 "isRestartRequired":false,
 "privateKeyInDevice": true,
 "privateKeyLocation":"/opt/automation/keys",
 },
 "certificateId": "605dbd66ccb1c49e108e67e6",
 "selectedProfiles": [
 "iPlanet:@8443:@localhost:@localhost:"
 ]
 }

Response

 {
 "response":[
 {
 "requestId":"60",
 "connectorId":"iPlanet:@8443:@localhost:@localhost:@51fb6d24534926ea1d89d32bfe59b25c26d84b5e"
 }
 ],
 "message":"1 connector(s) saved and push operation has been triggered.",
 "appStatusCode":null,
 "tags":{
 },
 "headers":null
 }

Note:

The above sample request and response can be followed PKCS12 certificate type (PKCS12-.pfx) for the IPlanet server.
The certificateId in the above request can be found using the search API with parameters such as commonName, serialNumber or other search parameters.
The resourceId present in Search API response is equivalent to the certificateId here.

Sample Request/Response for Tomcat (Linux) Server

Request Payload

{
 "certificateDetails": {
    "useExistingConfiguration": false,
    "certificateType": "PEM-.crt",
    "certificateLocation": "/home/appviewx/server_03122024.crt",
    "keyLocation": "/tmp/tomcat/test.key",
    "isRestartRequired": false,
    "pushRootAndIntermediateCertificates": false,
    "privateKeyInDevice": false,
    "privateKeyLocation": "",
    "certificateTags": {},
    "intermediateCertificateFileName": []
  },
 "pushDetails": {
     "preValidationScriptPath": "",
     "postValidationScriptPath": "",
     "overwrite": false,
     "pushAutomatically": false
 },
 "certificateId": "5f5b1fac77534426423bab57",
 "selectedProfiles": [
 "xxx.xxx.xx.xxx:@Template_001:@shared:@IKE Gateway Profile:@TEST"
 ]
 }

Response

 {
"response":[
 {
 "requestId":"57",
 "connectorId":"TomcatLinux:@8443:@localhost:@localhost:@51fb6d24534926ea1d89d32bfe59b25c26d84b5e"
 }
 ],
 "message":"1 connector(s) saved and push operation has been triggered.",
 "appStatusCode":null,
 "tags":{
 },
 "headers":null
 }

Note:

The above sample request and response can be followed for all three certificate types (PEM-.crt, PEM-.cer, PEM-.pem) for the Tomcat server.
The certificateId in the above request can be found using the search API with parameters such as commonName, serialNumber or other search parameters.
The resourceId present in Search API response is equivalent to the certificateId here.

Sample Request/Response for Weblogic Server

Sample Request

 {
 "certificateDetails": {
 "isManualPush":true,
 "certificateType": "JKS-.jks",
 "keyStoreLocation": "/opt/automation/key.jks",
 "keyStorePassword": "YXBwd==26",
 "trustStoreLocation": "/opt/automation/trust.jks",
 "trustStorePassword": "YXBwd==26"
 "privateKeyInDevice": true,
 "privateKeyLocation":"/opt/automation/keys",
 "aliasName": "sampleKeystore"
 },
 "certificateId": "605dbd66ccb1c49e108e67e6",
 "selectedProfiles": [
 "Weblogic:@8443:@localhost:@localhost:"
 ]
 }

Sample Response

 {
"response":[
 {
 "requestId":"58",
 "connectorId":"Weblogic:@8443:@localhost:@localhost:@51fb6d24534926ea1d89d32bfe59b25c26d84b5e"
 }
 ],
 "message":"1 connector(s) saved and push operation has been triggered.",
 "appStatusCode":null,
 "tags":{
 },
 "headers":null
 }

Note:

The above sample request and response can be followed for JKS certificate type (JKS.jks) for the Websphere server.
The certificateId in the above request can be found using the search API with parameters such as commonName, serialNumber or other search parameters.
The resourceId present in Search API response is equivalent to the certificateId here.

Sample Request/Response for Websphere Server

Request Payload

 {
"certificateDetails": {
 "isManualPush":true,
 "certificateType": "JKS-.jks",
 "keyStoreLocation": "/opt/automation/key.jks",
 "keyStorePassword": "YXBwd==26",
 "trustStoreLocation": "/opt/automation/trust.jks",
 "trustStorePassword": "YXBwd==26"
 "privateKeyInDevice": true,
 "privateKeyLocation":"/opt/automation/keys",
 "aliasName": "sampleKeystore"
 },
 "certificateId": "605dbd66ccb1c49e108e67e6",
 "selectedProfiles": [
 "WebsphereLinux:@8443:@localhost:@localhost:"
 ]
 }

Response

 {
"response":[
 {
 "requestId":"58",
 "connectorId":"WebsphereLinux:@8443:@localhost:@localhost:@51fb6d24534926ea1d89d32bfe59b25c26d84b5e"
 }
 ],
 "message":"1 connector(s) saved and push operation has been triggered.",
 "appStatusCode":null,
 "tags":{
 },
 "headers":null
 }

Note:

The above sample request and response can be followed for JKS certificate type (JKS.jks) for the Websphere server.
The certificateId in the above request can be found using the search API with parameters such as commonName, serialNumber or other search parameters.
The resourceId present in Search API response is equivalent to the certificateId here.

Request Payload

 {
 "certificateDetails": {
 "isManualPush":true,
 "certificateType": "PKCS12-.p12",
 "keyStoreLocation": "/opt/automation/key.jks",
 "keyStorePassword": "YXBwd==26",
 "privateKeyInDevice": true,
 "privateKeyLocation":"/opt/automation/keys",
 "aliasName": "sampleKeystore"
 },
 "pushDetails": {
 "preValidationScriptPath": "",
 "postValidationScriptPath": "",
 "pushAutomatically": false
 },
 "certificateId": "605dbd66ccb1c49e108e67e6",
 "selectedProfiles": [
 "WebsphereLinux:@8443:@localhost:@localhost:"
 ]
 }

Response

 {
"response":[
 {
 "requestId":"59",
 "connectorId":"WebsphereLinux:@8443:@localhost:@localhost:@51fb6d24534926ea1d89d32bfe59b25c26d84b5e"
 }
 ],
 "message":"1 connector(s) saved and push operation has been triggered.",
 "appStatusCode":null,
 "tags":{
 },
 "headers":null
 }

Note:

The above sample request and response can be followed for PKCS12 certificate type (PKCS12-.p12) for the Websphere server.
The certificateId in the above request can be found using the search API with parameters such as commonName, serialNumber or other search parameters.
The resourceId present in Search API response is equivalent to the certificateId here.

References

Understanding the sample URL

IP/HostName/TenantName: Replace with the actual IP address, hostname, or tenant name based on the specific configuration in AppViewX.
- IP: A unique identifier assigned to each device connected to a computer network that uses the Internet Protocol for communication
  The IP address will be included in the endpoint URL for an on-prem deployment.
- HostName: A human-readable label assigned to a device (host) on a network
  The hostname will be included in the endpoint URL for an on-prem deployment.
- TenantName: An identifier label for a tenant given to indicate which tenant's data the API request will access/modify
  The tenant name will be included in the endpoint URL for a SaaS deployment.
GWPORT: AppViewX gateway port
A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.
Example: 31443
avxapi: Path parameter value (static) that is part of the endpoint's URL
Endpoint: Endpoint of the API, for example: execute-hook
gwsource: Source or origin of a gateway, for example: external.