Example: Associating a leaf certificate with a switch feature using REST APIs
The following example associates the signed certificate
my-cert-name with the HTTPS server switch feature. For complete information about the switch features to which you can associate a leaf certificate, see the
Security Guide.
-
Get the configuration attributes of the
systemresource:Example method and URI:
GET "https://192.0.2.5/rest/v1/system?selector=configuration"Example curl command:
$ curl -k --noproxy 192.0.2.5 -GET \ -b /tmp/primary_auth_cookie \ "https://192.0.2.5/rest/v1/system?selector=configuration"
On successful completion, the switch returns response code 200 and a JSON object containing the configuration attributes.
-
In the portion of the response body defines the certificate name for the HTTPS server, change the value to:
my-cert-nameThe certificate name associated with the HTTPS server is the value assigned to the
https-serverkey, which is under thecertificate_associationkey of thesys_configkey. By default, the certificate name is:local-certThe request body of a PUT request is permitted to include only the mutable configuration attributes. In the 10.03 AOS-CX software release—to which this example applies—all the configuration attributes for the
systemresource are mutable attributes, so you do not need to edit the JSON object to remove the immutable attributes. -
Using a PUT request, update the system resource with the edited JSON data as the request body.
Example method and URI:
PUT "https://192.0.2.5/rest/v1/system"Example request body (Ellipses (…) represent data not shown in the example.):
{ "aaa": { ... }, ... "certificate_association": { "https-server": "my-cert-name", "syslog-client": "local-cert" }, ... }Example curl command (Ellipses (…) represent data not shown in the example.):
$ curl -k --noproxy 192.0.2.5 -X PUT \ -b /tmp/primary_auth_cookie \ --data '{ "aaa": { ... }, ... "certificate_association": { "https-server": "my-cert-name", "syslog-client": "local-cert" }, ... }' "https://192.0.2.5/rest/v1/system"On successful completion, the switch returns response code 200 OK.