Push Certificates to GCP Load Balancer Service (via Classic Certificates)

This API will push certificates and their corresponding private keys to Google Cloud Platform (GCP) devices with the load balancer service.

Before You Begin

Before attempting to push a certificate to a GCP device with the load balancer service through AppViewX, ensure the following:
  • GCP devices with the load balancer service should be added in AppViewX.
  • The devices should be in Managed state.

Request Structure

Endpoint: /certificate/pushToDevice
Type: POST
Sample URL: 
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/certificate/pushToDevice?gwsource=external

To understand the elements of the sample URL, click here.
Headers
Content-Type: application/json
Table 1. Request Parameters
Name Description
sessionId

Header

 (Mandatory) Session ID received after login

Type: String

Constraints: Required if username and password are not provided.
username

Header

 AppViewX login username

Type: String

Constraints: Required if sessionId is not provided.
password

Header

 AppViewX login password

Type: String

Constraints: Required if sessionId is not provided.
Content-Type

Header

 Specifies the nature of the data in the payload

Type: String
gwsource

Query

 Source from which the request is triggered. (E.g. external)

Type: String
Payload

Body

 Contains all the parameters to be sent in the request body for the post request

Type: Payload

Payload

Table 2. Payload
Name Description
generalInformation (Mandatory) General details related to the push operation

Type: generalInformation
certificateID (Mandatory) Unique identifier of the certificate to be pushed
certificateDetails

(Mandatory) Details of the certificate to be pushed

Type: certificateDetails
pushDetails

(Mandatory) Details for certificate management after the push operation

Type: pushDetails
selectedProfiles (Mandatory) Actual profile details of services to which where we are trying to push/bind the certificate

Type: String
Table 3. generalInformation
Name Description
category (Mandatory) Device type of the target system to which the certificate will be pushed

Type: String

Possible value(s): Cloud
vendor (Mandatory) Cloud device vendor

Type: String

Possible value(s): Azure
profileFilterSelection (Mandatory) Service type to which the certificate will be pushed

Type: String

Possible value(s): LB
name Name given to the connector that will be created to push the certificate to the cloud device

Type: String
profileType (Mandatory) Type/category of the profile being used to determine how the certificate is managed after it is pushed

Type: String

Possible value(s): push and bind, push only
description Additional details related to the certificate being pushed, the connector for pushing the certificate.

Type: String
Table 4. certificateDetails
Name Description
certificateLocation (Mandatory) Certificate upload location

Type: String

Possible value(s):
  • Classic Certificates (Upload your certificate and private key directly to the load balancer's configuration.)
  • Certificate Manager (Reference certificates managed by Certificate Manager in your load balancer configuration.)
certificateName (Mandatory) Name of the certificate being pushed

Type: String
isNewCertificate (Optional) Specify if the certificate being pushed is a new certificate or an existing certificate that is being replaced

Type: Boolean

Possible value(s): true, false
certificateDescription (Optional) Additional details related to the certificate being pushed

Type: String
profileFilterSelection Specific profile type where the certificate will be applied

Type: String

Possible value(s): LB
certificateTags

(Optional) Key-value pair attributes to add additional details about the certificate

Type: String
Table 5. pushDetails
Name Description
scriptLocation (Mandatory) Select the location of the script file.

Script files are commonly used to perform certain tasks required to be completed before and/or after a certificate is pushed to the target system.

Type: String

Possible Values: appviewx and device
preValidationScriptPath (Mandatory if scriptLocation is device) Location of the script that will be executed before the certificate is pushed to the target system

Type: String
postValidationScriptPath (Mandatory if scriptLocation is device) Location of the script that will be executed before the certificate is pushed to the target system

Type: String
pushAutomatically Automatically push certificate to the target system, after it is renewed/reissued

Type: Boolean

Possible value(s):
  • 1: Yes
  • 0: No

Response Structure

Table 6. Response Structure
Name Description
response Contains the response attributes for the push request

Type: response
message Success message of the action or failure description in case of error

Type: String
appStatusCode Application specific status code for the response. Will be non-null for failure response.

Type: String
tags More info in case of failure response
Table 7. Response
Name Description
requestId Request ID for push action for the application connector

Type: String
connectorId ID of the application connector for pushing the certificate

Type: String

Status Codes

Table 8. Status Codes
HTTP Status code appStatusCode Message and Possible Remediation
202 Accepted NA 1 connector(s) saved and push operation has been triggered.
401 Unauthorized AVX_GW_003 Authentication failed, reason - Invalid Credentials

Possible remediation: Ensure that valid username and password or valid sessionId is provided as the header param.
400 Bad Request MANDATORY_FIELD_MISSING Mandatory field is missing or invalid - <<field name>>

Possible remediation: Check and ensure that valid value is provided for <<field name>> field in the request.
404 Not Found NO_RECORDS_FOUND No matching records found - certificate not found.

Possible remediation: Please provide correct value for the field certificateId.
400 Bad Request INVALID_REQUEST selectedProfiles are already available in the specified certificate.

Possible remediation: Please provide a different value for the field selectedProfiles.
417 Expectation failed CERT-APP-0016 Connector with profiles {} already exists.

Possible remediation: Profile connector already exists for the selected certificate. Please change the certificateId or delete the existing connector.
500 Internal Server Error avx-common-011 Error while processing

Sample Request/Response

Sample Request
{
  "generalInformation": {
    "category": "cloud",
    "vendor": "GCP",
    "profileFilterSelection": ":LB",
    "name": "GCP connector3",
    "description": "",
    "profileType": "Push and Bind Profiles"
  },
  "certificateDetails": {
    "certificateLocation": "Classic Certificates",
    "isNewCertificate": true,
    "certificateName": "feb10lb-cc",
    "certificateDescription": "",
    "profileFilterSelection": "Load Balancer",
    "certificateTags": {
      
    }
  },
  "pushDetails": {
    "scriptLocation": "appviewx",
    "preValidationScriptPath": "",
    "postValidationScriptPath": "",
    "pushAutomatically": false
  },
  "certificateId": "67a9f5ce2ff94729fda605ac",
  "selectedProfiles": [
    "GCP.Single.All:pm-project-lab-1-391708:global:nw-lb:Network:nw-lb-target-proxy:targetSslProxy:LB"
  ]
}
Sample Response
{
    "response": [
        {
            "requestId": "367",
            "connectorId": "GCP.Single.All:pm-project-lab-1-391708:global:nw-lb:Network:nw-lb-target-proxy:targetSslProxy:LB:@026e4051353bb9f88e0289d9d6ecb2e3d115b835"
        }
    ],
    "message": "1 connector(s) saved and push opertaion has been triggered.",
    "appStatusCode": null,
    "tags": {},
    "headers": null
}

References

Understanding the sample URL
  • IP/HostName/TenantName: Replace with the actual IP address, hostname, or tenant name based on the specific configuration in AppViewX.
    • IP: A unique identifier assigned to each device connected to a computer network that uses the Internet Protocol for communication

      The IP address will be included in the endpoint URL for an on-prem deployment.

    • HostName: A human-readable label assigned to a device (host) on a network

      The hostname will be included in the endpoint URL for an on-prem deployment.

    • TenantName: An identifier label for a tenant given to indicate which tenant's data the API request will access/modify

      The tenant name will be included in the endpoint URL for a SaaS deployment.

  • GWPORT: AppViewX gateway port

    A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.

    Example: 31443

  • avxapi: Path parameter value (static) that is part of the endpoint's URL
  • Endpoint: Endpoint of the API, for example: execute-hook
  • gwsource: Source or origin of a gateway, for example: external.