RESTful API

Key Manager Plus (KMP) APIs allow other applications to connect, interact and integrate with Key Manager Plus directly. These APIs belong to the REpresentational State Transfer category and allow applications to create, fetch, associate digital keys and add, retrieve or manage users programmatically.

Prerequisites

Generate API Key 

The first step to configure and use KMP APIs is generating the API key from the KMP user interface. Only administrator users can generate the API keys. The API keys serve as the auth token for your access purposes. The API keys are tied to the host in which they are created.

To generate API key: 

  1. Navigate to Settings >> API Key tab and click Generate.
  2. The API key is generated and this key serves as the auth token for your access purposes and you need to provide this key every time you try to access KMP API.
  3. Key Manager Plus provides an option to regenerate the API key in case if the API key in use has been compromised. Log in to your account, navigate to Settings → API Key and click Regenerate and the new API Key is generated.

HTTPS Methods Used

GET

To fetch resources, user accounts, keys, account/resource details

DELETE

To delete an existing key or a certificate

POST

To create new keys, certificates or to discover resources

How to Make Use of the APIs?

Invoking the APIs

The APIs can be via HTTP POST, GET and PUT requests. All parameters in the request should be form-url encoded. For all the APIs you need to pass AUTH token, which is mandatory.

Supported Format

The URL structure for the KMP API would be as below:

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/ <api_name> /AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8


APIs Summary

KMP provides the following APIs: 

  1. To create a new SSH key
  2. To update credentials
  3. To fetch all SSH resources
  4. To fetch all the SSH keys
  5. To fetch a particular SSH key
  6. To export a SSH key
  7. To get SSH key passphrase
  8. To export a SSH Key as a specific Key Type
  9. To get SSH keys for a user
  10. To enumerate all users
  11. To get all SSH users
  12. To fetch all associated users
  13. To get all the key vault keys
  14. To export a key vault key
  15. To delete a key vault key
  16. To add a key vault key
  17. To update a key vault key
  18. To get a certificate
  19. To get a certificate in different file formats
  20. To get all certificates
  21. To get all certificate expiry
  22. To get certificate details
  23. To get certificate keystore
  24. To delete a certificate
  25. To perform resource discovery
  26. To perform resource discovery (for a range of IP addresses)
  27. To discover SSL in bulk from files
  28. To create CSR
  29. To get CSR list
  30. To import CSR
  31. To sign CSR
  32. To create certificate
  33. To import a SSH key
  34. To associate a SSH key
  35. To dissociate a SSH Key
  36. To add a Certificate
  37. To deploy a Certificate
  38. To delete a SSH Key 
  39. To get Certificate Private Key Passphrase
  40. To fetch PGP Keys
  41. To fetch all audit details
  42. To get SSL vulnerabilities count
  43. To Revoke MSCA Certificates
  44. To Fetch Unmanaged Certificates from a Load Balancer or Shared Path
  45. To Import the Unmanaged Certificates Fetched from a Load Balancer or Shared Path

1. To Create a New SSH Key

Description

To create a new SSH key

HTTPS method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

The following data to be passed as input

{"operation":{"Details":{"keyName":"keytest",
"passPhrase":"passPhrase",
"comment":"comment",
"length":"2048",
"keyType":"ssh-rsa"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/createsshkey?INPUT_DATA={"operation":{"Details":{"keyName":"keytest","passPhrase":"passPhrase","comment":"comment","length":"2048","keyType":"ssh-rsa"}}}


Sample Response

{ "name": "CreateSSHKey",
"result": {
"status": "Success",
"message": "New SSH key created successfully" }
}

Note: Following are the key types that can be used to create new SSH keys:

  • ssh-rsa (key length: 1024/2048/4096)
  • ssh-dss (key length: 1024)
  • ed25519 (no specific key length)
  • ecdsa (key length: 256/384/521)


2. To Update Credentials

Description

To update credentials for the discovered resources.

HTTPS method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

The following data to be passed as input

{"operation":{"Details":{"userName":"test3",
"password":"test3",
"resourceName":"172.21.147.80",
"isAdmin":"false"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/applycredentials?INPUT_DATA={"operation":{"Details":{"userName":"test3","password":"test3","resourceName":"172.21.147.80","isAdmin":"false"}}}


Sample Response

{
"name": "ApplyCredentials",
"result": {
"status": "Success",
"message": "Credentials updated successfully"
}
}


3. To Fetch all SSH Resources

Description

To fetch all the SSH resources.

HTTPS method

GET

Header

AUTHTOKEN=1604F2E1-2E31-4886-AA4E-DDBC9D3D189B


Input Data

None


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAllSSHResourceDetails  


Sample Response

{
"result": {
"message": "All SSH Resources fetched successfully.",
"status": "Success"
},
"name": "GetAllSSHResources",
"details": [
{
"Path": "/home",
"Description": "NA",
"ResourceId": 1,
"ResourceName": "pmp-linux.keymanagerplus.com",
"Port": 22,
"CreationTime": "Apr 13, 2023 16:55",
"IPADDRESS": "172.XX.145.XXX",
"LandingServerName": "-"
},


{
"Path": "/home",
"Description": "NA",
"ResourceId": 2,
"ResourceName": "pmp-centos6.keymanagerplus.com",
"Port": 22,
"CreationTime": "Apr 18, 2023 12:13",
"IPADDRESS": "172.YY.YYY.2",
"LandingServerName": "testServer"
}
],
"totalRows": 2
}


4. To Fetch all the SSH Keys

Description

To fetch all the discovered SSH keys

HTTPS method

GET

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

None


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAllSSHKeys


Sample Response

{"name": "GetAllSSHKeys",

"result": {"status": "Success","message": "All SSH Keys fetched successfully"

},"totalRows": 1,"details": [{"KeyName": "testkey","KeyType": "ssh-rsa",

"KeyLength": "2048","FingerPrint": "SHA256:v28/AlRYrpBKjAp4JoTRphLOkFdVb1ummVcyFHSfC5I",

"isPassphraseAvailable": false,"CreatedBy": "mm","CreationTime": "Today"}]}


5. To Fetch a Particular SSH Key

Description

To fetch a particular SSH keys from the discovered keys

HTTPS method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

The name of the operation and key to be passed as input

{"operation":{"Details":{"keyName":"key"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getSSHKey?INPUT_DATA={"operation":{"Details":{"keyName":"key"}}}


Sample Response

{"name": "GetSSHKey",

"result": {"status": "Success","message": "SSH Key testkey fetched successfully"

}, "details": [{"KeyName": "testkey","KeyType": "ssh-rsa","KeyLength": "2048",

"FingerPrint": "SHA256:v28/AlRYrpBKjAp4JoTRphLOkFdVb1ummVcyFHSfC5I",

"isPassphraseAvailable": false,"CreatedBy": "mm","CreationTime": "Today"}]}


6. To Export a SSH Key

Description

To export a particular SSH key

HTTPS METHOD

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

The name of the operation and key to be passed as input

{"operation":{"Details":{"keyName":"key"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/exportSSHKey?INPUT_DATA={"operation":{"Details":{"keyName":"key"}}}


Sample Response

Key file


7. To Get SSH Key Passphrase

Description

To get a passphrase of an SSH key

HTTPS METHOD

GET

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

The name of the operation and key to be passed as input

{"operation":{"Details":{"keyName":"testKey"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getSSHKeyPassphrase?INPUT_DATA={"operation":{"Details":{"keyName":"testKey"}}}


Sample Response

{
"result": {
"message": "Passphrase fetched successfully"
"status": "Success"
},
"name": "GetSSHKeyPassphrase",
"details": {
"passphrase": "passphrase@321"
}
}


8. To Export a SSH Key as a Specific Key Type

Description

To export a particular SSH key as a specific Key Export Type(Public or Private).

HTTPS METHOD

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

  1. {"operation":{"Details":{"keyName":"Key","keyExportType":"public"}}}
  2. {"operation":{"Details":{"keyName":"Key","keyExportType":"private"}}}

 

Note: Specify 'public or 'private' in 'keyExportType' to indicate to fetch public or private key.


Sample Request

  1. https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/exportSSHKey?INPUT_DATA={"operation":{"Details":{"keyName":"Key","keyExportType":"public"}}}
  2. https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/exportSSHKey?INPUT_DATA={"operation":{"Details":{"keyName":"Key","keyExportType":"private"}}}


Sample Response

Key file


9. To Get SSH Keys for a User

Description

To get all the SSH keys associated with a particular user

HTTPS Method

GET

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input data:

The user name and resource name to be passed as input

{"operation":{"Details":{"userName":"test","resourceName":"172.21.147.80"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getSSHkeysforuser?INPUT_DATA={"operation":{"Details":{"userName":"test","resourceName":"172.21.147.80"}}}


Sample Response

{ "name": "GetSSHKeysForUser",

"result": {

"status": "Success","message": "SSH keys for user test of resource pmp-centos6 fetched successfully"

}, "details": "testkey,testkey1"}


10. To Enumerate all Users

Description

To enumerate all users in a particular resource

HTTPS Method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input data:

The user name and resource name to be passed as input

{"operation":{"Details":{"userName":"test","resourceName":"172.21.147.80"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/enumerateusers?INPUT_DATA={"operation":{"Details":{"userName":"test","resourceName":"172.21.147.80"}}}


Sample Response

{
"name": "EnumerateUsers",
"result": {
"status": "Success",
"message": "User enumeration started"
}
}


11. To Get all SSH Users

Description

To get all the discovered SSH users

HTTPS Method

GET

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

None

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAllSSHUsers


Sample Response

{
"name": "GetAllSSHUsers",
"result": {
"status": "Success",
"message": "All SSH Users fetched successfully"
},
"totalRows": 2,
"details": [
{
"UserName": "test",
"ResourceName": "172.21.147.80"
},{
"UserName": test1,
"ResourceName": "172.21.147.80"
}]}


12. To Fetch all Associated Users

Description

To fetch all the users associated with SSH keys

HTTPS Method

GET

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

None

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAllAssociatedUsers


Sample Response

 "result": { "status": "Success","message": "All associated users fetched successfully"

}, "totalRows": 1,"details": [{   "UserName": "test","ResourceName": "pmp-centos6"}]}


13. To Get all the Key Vault Keys

Description

Key Vault: Key Manager Plus provides a repository called Key Vault to securely store your digital keys. To fetch all the keys from the key vault

HTTPS Method

GET

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

None

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAllKeyStoreKeys


Sample Response

{
"name": "getAllKeyStoreKeys",
"result": {
"status": "Success",
"message": "All KeyStore Keys fetched successfully"
},
"totalRows": 1,
"details": [
{
"Description": "test",
"Key Name": "cert.cer",
"Created Time": "Sep 27, 2016 12:27",
"Datacenter": "Central US",
"Instance Name": "test",
"Key Type": "test",
"Created By": "admin",
"Key Store ID": 1,
}]}


14. To Export a Key Vault Key

Description

To export a particular key from the key vault

HTTPS Method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

The key name to be passed as input.

{"operation":{"Details":{"keyName":"cert.cer"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/exportKeyStoreKey?INPUT_DATA={"operation":{"Details":{"keyName":"cert.cer"}}}


Sample Response

Key file


15. To Delete a Key Vault Key

Description

To delete a key from the key vault

HTTPS method

DELETE

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

The key name to be passed as input.

{"operation":{"Details":{"keyName":"cert.cer"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/deleteKeyStoreKey?INPUT_DATA={"operation":{"Details":{"keyName":"cert.cer"}}}


Sample Response

{
"name": "DeleteKeyStoreKey",
"result": {
"status": "Success",
"message": "Key Store keys deleted successfully"
}
}


16. To Add a Key Vault Key

Description

To add a new key to the key vault

HTTPS method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE

Input data

The following data to be passed as input.

{"operation":{"Details":{"keyName":"brin.cer",
"description":"test",
"datacenter":"test",
"passphrase":"test",
"keyType":"test",
"instanceName":"test"}}} -F File=@E:/certs/cert.cer


Sample Request

curl -X POST -k -H "AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE" -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"keyName":"brin.cer","description":"test","datacenter":"test","passphrase":"test","keyType":"test","instanceName":"test"}}} -F File=@E:/certs/cert.cer https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/addKeyStoreKey


Sample Response

{"Status":"Success","Message":"Key added to key store successfully"}


17. To Update a Key Vault Key

Description

To update a particular key vault key

HTTPS Method

POST

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

The following data to be passed as input.

{"operation":{"Details":{"keyName":"brin.cer",
"description":"test",
"datacenter":"test",
"passphrase":"test",
"keyType":"test",
"instanceName":"test"}}} -F File=@E:/certs/cert.cer


Sample Request

curl -X POST -k -H "AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE" -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"keyName":"brin.cer","description":"test","datacenter":"test","passphrase":"test","keyType":"test","instanceName":"test"}}} -F File=@E:/certs/cert3.cer https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/updateKeyStoreKey


Sample Response

{"Status":"Success","Message":"Key Store key updated successfully"}


18. To Get a Certificate

Description

To obtain a certificate from KMP's certificate repository

HTTPS Method

GET

Header 

AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283


Input Data

The operation details and the name of the certificate fetched to be passed as input

{"operation":{"Details":{"common_name":"*.google.com","serial_number":"XXXXXXXXXXXXXX" }}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getCertificate?INPUT_DATA={"operation":{"Details":{"common_name":"*.google.com","serial_number":"XXXXXXXXXXXXXX"}}}


Sample Response

Certificate object

19. To Get a Certificate in Different File Formats

Description 

To obtain a certificate from KMP's certificate repository in different file formats.

HTTPS Method

GET

Header

AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283


Input Data

The operation details and the name of the certificate fetched to be passed as input

{"operation":{"Details":{"common_name":"certificate_common_name","serial_number":"certificate_serial_number,"fileType":"File format"}}}

 

Notes: 

  • The certificates can be exported in the following file formats:  CER, CRT, DER, P7B, PKCS, JKS, PEM, KEY. 
  • Specify the required file format in 'fileType' to export the certificate in that format.


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getCertificate?INPUT_DATA={"operation":{"Details":{"common_name":"examplecert","serial_number":"182e967a976","fileType":"PEM"}}}


Sample Response

Certificate object

20. To Get all Certificates

Description

To obtain all certificates from KMP's certificate repository

HTTPS Method

GET

Header

AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283


Input Data

{"operation":{"Details":{"withExpiryDaysLessThan":"500","withKeyLength":"1024","withSignatureAlgorithm":"SHA1"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAllSSLCertificates?INPUT_DATA={"operation":{"Details":{"withExpiryDaysLessThan":"500"}}}


Sample Response

{ "name": "GetAllSSLCertificates","result": { "status": "Success", "message": "All SSL Certificates fetched successfully"},
"totalRows": 2,"details": [{ "CertID": 1, "DNS Name/FQDN": "paytm.com", "Port": 443,
"Common Name": "*.paytm.com", "Issuer": "GeoTrust Inc.", "FromDate": "Oct 13, 2015", "ExpiryDate": "Aug 27, 2017",
"KeyStrength": "2048","SignatureAlgorithm": "SHA256withRSA","Created By": "admin","Expiry Notification Email": ""},{ "CertID": 302,"DNS Name/FQDN": "204.141.32.155","Port": 443,
"Common Name": "*.zoho.com", "Issuer": "Sectigo Limited", "FromDate": "Jul 2, 2019", "ExpiryDate": "Apr 30, 2021",
"KeyStrength": "2048","SignatureAlgorithm": "SHA256withRSA","Created By": "admin","Expiry Notification Email": ""}]}

Note: Including the Input Data in the API request is optional. In case input data is provided, you can add any one or all of the available filters: withExpiryDaysLessThan,withKeyLength,withSignatureAlgorithm.


21. To Get all Certificate Expiry

Description

To get the expiry dates of all the certificates

HTTPS Method

GET

Header

AUTHTOKEN=1B2BF6FA-8511-47A8-867D-CE7FFE4BFBD0


Input Data

None

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAllSSLCertsExpiryDate


Sample Response

{"name": "GetAllSSLCertificatesExpiryDate","result": {"status": "Success",

"message": "Certificates expiry date fetched successfully"},"totalRows": 2,

"details": [{"Common Name": "*.paytm.com","ExpiryDate": "Aug 27, 2017"},

{"Common Name": "*.zoho.com","ExpiryDate": "Apr 30, 2021"}]}


22. To Get Certificate Details

Description

To get the details of a particular certificate

HTTPS Method

GET

Header

AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283


Input Data

The operation details and the name of the certificate to passed as input

{"operation":{"Details":{"common_name":"*.google.com","serial_number":"xxxxxxxxxxxx"}}}

Note: It is optional to provide the serial number to fetch certificate details.


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getCertificateDetails?INPUT_DATA={"operation": {"Details":{"common_name":"*.google.com","serial_number":"xxxxxxxxxxxx"}}}


Sample Response

{ "name": "GetCertificateDetails",  "result": {   "status": "Success",  "message": "Details of certificate *.zoho.com fetched successfully"

},    "details": [{     "certtype": "Domain",   "certificateTemplate": "N/A",      "endpoint": {  "hostName": "*.zoho.com",    "port": "443",

"expiry_date": "2021-04-30 05:29:59.0",     "from_date": "2019-07-02 05:30:00.0",   "certSignAlg": "SHA256withRSA",

"Sans": "*.zoho.com,zoho.com",     "serial": "8c0b04e91a1796d86d1de5e89c8b3c5c",

"fingerPrint": "aeecb6227dc8adef18a8fb99465739996e2782a8",       "keyalg": "RSA",     "PublicKeyLength": 2048,

"PrivateKey": false,      "isAWS": false},    "isCertInstalledMulipleServers": false, "issuer": {

"cname": "Sectigo RSA Domain Validation Secure Server CA",     "org": "Sectigo Limited",     "orgunit": "-"},

"issuedto": {    "cname": "*.zoho.com",    "org": "-",   "orgunit": "Domain Control Validated"},  "intermediate": {},

"ipaddress": "204.141.32.155",   "CertificateId": "302"}]}


23. To Get Certificate Keystore

Description

To get the key store file of a particular certificate

HTTPS Method

GET

Header

AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283


Input Data

The name of the operation and the common name of the keystore file to be passed as input

{"operation":{"Details":{"common_name":"apitest","serial_number":"XXXXXXXXXXXXXX" }}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getCertificateKeyStore?INPUT_DATA={"operation":{"Details":{"common_name":"apitest","serial_number":"XXXXXXXXXXXXXX"}}}


Sample Response

KeyStore File Object


24. To Delete a Certificate

Description

To delete a certificate from KMP's repository

HTTPS Method

DELETE

Header

AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283


Input Data

The operation name and the common name of the certificate to be passed as input

{"operation": {"Details":{"common_name":"apitest","serial_number":"XXXXXXXXXXXXXX"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/deleteCertificate?INPUT_DATA={"operation": {"Details":{"common_name":"apitest"}}}


Sample Response

{"name":"DeleteCertificate","result":{"status":"Success","message":"Certificate apitest deleted successfully."}}


25. To Perform Resource Discovery

Description

To discover a particular resource for SSL certificates

HTTPS Method

POST

Header

AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283


Input Data

The name/IP address of the host and port number to be passed as input

{"operation":{"Details":{"HOST":"de-ubuntu10-1","TIMEOUT":"300","PORT":"6565"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/sslCertSingleDiscovery?INPUT_DATA={"operation":{"Details":{"HOST":"de-ubuntu10-1","TIMEOUT":"300","PORT":"6565"}}}


Sample Response

{"name": "Get SSL Discovery", "totalRows": 1,"details": {"zoho.com": ["SUCCESS", "SSL Certificate already available, *.zoho.com certificate found at port 443"]}}


26. To Perform Resource Discovery (for a range of IP addresses)

Description

To discover a set of resources for SSL certificates

HTTPS Method

POST

Header

AUTHTOKEN=7EDC4ED5-E684-4413-9848-F0016C114874


Input Data

The start and end IP addresses, port number and time-out to be passed as input

{"operation":{"Details":{"StartIpAddress":"192.168.216.0",
"EndIpAddress":"192.168.216.3",
"TIMEOUT":"3",
"PORT":"443"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/sslCertRangeDiscovery?INPUT_DATA={"operation":{"Details":{"StartIpAddress":"192.168.216.0","EndIpAddress":"192.168.216.3","TIMEOUT":"3","PORT":"443"}}}


Sample Response

{ "name": "Get SSL Discovery","totalRows": 4,"details": {

"192.168.216.1": ["FAILURE","Connection failed,no certificate found at port 443"],

"192.168.216.0": [ "FAILURE","Connection timed out,no certificate found at port 443"],

"192.168.216.2": ["FAILURE", "Connection timed out,no certificate found at port 443"],

"192.168.216.3": ["FAILURE","Connection timed out,no certificate found at port 443"]}}


27. To Discover SSL in Bulk from Files

Description

To perform SSL discovery in bulk from files.

HTTPS Method

POST

Header

AUTHTOKEN=A36ECFEF-7374-4DE2-B1A0-3EE719E3D2C7


Input Data

INPUT_DATA:{"operation":{"Details":{"FileName":"sslDiscInputFile.txt","TIMEOUT":"3","PORT":443}}} File=@C:/path/to/file/sslDiscovery

File Content Format - IP address/Hostname<space>Port (By default the port will be in 443 and is an optional one)
For example:
0.0.0.0 6565
test-username-10 443
192.168.20.20 7272
example.com


Sample Request

curl -X POST -k -H "AUTHTOKEN:A36ECFEF-7374-4DE2-B1A0-3EE719E3D2C7" -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"FileName":"sslDiscoveryInputFile.txt","TIMEOUT":"3","PORT":443}}} -F File=@C:/path/to/file/sslDiscoveryInputFile.txt https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/sslCertFileBasedDiscovery


Sample Response

{
"result": {
"message": "SSL discovery completed successfully",
"status": "Success"
},
"name": "Get SSL Discovery",
"details": {
"10.53.0.209": [
"FAILURE",
"Connection timed out,no certificate found at port 443"
],
"10.53.0.208": [
"FAILURE",
"Connection timed out,no certificate found at port 443"
],
"10.53.0.212": [
"FAILURE",
"Connection timed out,no certificate found at port 443"
]
},
"totalRows": 3
}


28. To Create CSR

Description

To create a certificate signing request

HTTPS Method

POST

Header

AUTHTOKEN=C6506112-6113-42C9-AD3F-4A3AEF9476C9


Input Data

The following data need to be passed as input.

{"operation":{"Details":{"CNAME":"mytestcert",
"ALT_NAMES":"test",
"ORGUNIT":"hhh",
"ORG":"h",
"LOCATION":"hh",
"STATE":"h",
"COUNTRY":"hh",
"PASSWORD":"bbbbbbbb",
"VALIDITY_TYPE":"days",
"VALIDITY":"888",
"ALG":"RSA",
"LEN":"4096",
"SIGALG":"SHA256",
"StoreType":"PKCS12"}}}

Note: Validity type can be days, hours or minutes.


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/createCSR?INPUT_DATA={"operation":{"Details":{"CNAME":"mytestcert","ALT_NAMES":"test","ORGUNIT":
"hhh","ORG":"h","LOCATION":"hh","STATE":"h","COUNTRY":"hh","PASSWORD":"bbbbbbbb",
"VALIDITY_TYPE":"88","VALIDITY":"888","ALG":"RSA","LEN":"4096","SIGALG":"SHA256",
"StoreType":"PKCS12"}}}


Sample Response

{"name":"CreateCertificate","result":{"status":"Success","message":"CSR saved successfully"}}


29. To Get CSR List

Description

To get CSR list

HTTPS Method

GET

Header

AUTHTOKEN=7930AD60-B2F6-4CAA-90E5-779EDF229615


Input Data

None

Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getCSRList


Sample Response

{"name": "GetCSRList",

"result": {

"status": "Success",

"message": "Fetched all CSRs successfully"

},

"totalRows": 1,

"GeneratedList": [

{"CREATED_BY": "admin",

"KEYALGORITHM": "RSA",

"KEYSTORE_TYPE": "JKS",

"isPassword": true,

"CSR_ID": 1,

"CREATED_DATE": "May 15, 2020 19:51",

"LOGIN_ID": 301,

"KEY_STRENGTH": 2048,

"DOMAIN_NAME": "testcsr",

"VALIDITY": "30",

"SIGNATURE_ALGORITHM": "SHA256withRSA"

}]}


30. To Import CSR

Description

To import the list of CSRs available in the request list.

URL

https://<<KMPaddress>>:<PORT>/api/pki/restapi/importCSR

HTTPS Method

POST

Header

AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8


Input Data

INPUT_DATA={"operation":{"Details":{"password":"Test@123","Email":"test@mail.com"}}}

Note: It is optional to provide the Key File. If the Key File is provided, the Password field is mandatory.

Sample Request

curl -X POST -k -H 'AUTHTOKEN:A3164150-4C15-4AA4-918E-F258F38149F8' 'https://Host-Name-of-the-KMP-Server:Port/api/pki/restapi/importCSR' -F 'CSR=@"/home/downloads/test.csr"' -F 'Key=@"/home/downloads/test.keystore"' -F 'INPUT_DATA={"operation":{"Details":{"password":"Test@123","Email":"kmp-server@manageengine.com"}}}'


Sample Response

{
"result": {
"message": "CSR demo.test.com imported successfully.",
"status": "Success"
},
"name": "importCSR"
}


31. To Sign CSR

Description

To sign CSR

HTTPS Method

POST

Header

AUTHTOKEN=7930AD60-B2F6-4CAA-90E5-779EDF229615


Input Data

INPUT_DATA={"operation":{"Details":{"serverName":"kmp-w12r2-1","caName":"kmp-w12r2-1-ca","templateName":"DomainController","CSR_ID":"1"}}}

(or)

INPUT_DATA={"operation":{"Details":{"signType":"signWithRoot","rootCertificateCommonName":"testroot","rootCertificateSerialNumber":"1879376424c","Validity":100,"isIntermediate":"true","CSR_ID":"301"}}}

Note: The 'signType' can be 'MSCA' or 'signWithRoot'. By default the 'signType' will be taken as 'MSCA'.


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/signCSR


Sample Response

{
"result": {
"message": "Certificate csr successfully signed with test.",
"status": "Success"
},
"name": "SignCSR",
"details": [
{
"commonName": "test",
"Certificate_ID": 3301,
"serialNumber": "bd865c93"
}
]
}

32. To Create a Certificate

Description

To create an SSL certificate

HTTPS Method

POST

Header

AUTHTOKEN=C6506112-6113-42C9-AD3F-4A3AEF9476C9


Input Data

The following data to be passed as input.

{"operation":{"Details":{"CNAME":"mytestcert",
"ALT_NAMES":"test",
"ORGUNIT":"hhh",
"ORG":"h",
"LOCATION":"hh",
"STATE":"h",
"COUNTRY":"hh",
"PASSWORD":"bbbbbbbb",
"VALIDITY_TYPE":"days",
"VALIDITY":"888",
"ALG":"RSA",
"LEN":"4096",
"SIGALG":"SHA256",
"StoreType":"PKCS12"}}}

Note: Validity type can be days, hours or minutes.


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/createCertificate?INPUT_DATA={"operation":{"Details":{"CNAME":"mytestcert","ALT_NAMES":"test","ORGUNIT":
"hhh","ORG":"h","LOCATION":"hh","STATE":"h",
"COUNTRY":"hh",
"PASSWORD":"bbbbbbbb","VALIDITY_TYPE":"88",
"VALIDITY":"888","ALG":"RSA","LEN":"4096","SIGALG":"SHA256","StoreType":"PKCS12"}}}


Sample Response

{"name":"CreateCertificate","result":{"status":"Success","message":"Certificate saved successfully"}}


33. To Import a SSH Key

Description

To import a SSH key

HTTPS Method

POST

Header

AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8


Input Data

The following data to be passed as input.

{"operation":{"Details":{"keyName":"testkey","passphrase":"passtrix"}}}


Sample Request

curl -X POST -k -H "AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8" -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"keyName":"testkey","passphrase":"passtrix" }}} -F File=@D:/certs/keys/test1-passtrix/test1_Jul-21-2017-15_56.key

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/addSSHKey


Sample Response

{"name":"addSSHKey","result":{"status":"SUCCESS","message":"Key imported successfully"}}


34. To Associate a SSH Key

Description

To associate a SSH key

HTTPS Method

POST

Header

AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8


Input Data

The following data to be passed as input.

{"operation":{"Details":{"keyName":"testkey","resourceName":"test.csez.zohocorpi
n.com","userName":"test"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/associateKey?INPUT_DATA={"operation":{"Details":{"keyName":"te
stkey","resourceName":"test.csez.zohocorpin.com","userName":"test"}}}


Sample Response

{"name": "associateKey",
"result": {
"status": "Success",
"message": "Key associated successfully "}}


35. To Dissociate a SSH Key

Description

To dissociate a SSH key

HTTPS Method

POST

Header

AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8


Input Data

The following data to be passed as input.

{"operation":{"Details":{"keyName":"testkey","resourceName":"test.csez.zohocorpi
n.com","userName":"test"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/dissociateKey?INPUT_DATA={"operation":{"Details":{"keyName":"te
stkey","resourceName":"test.csez.zohocorpin.com","userName":"test"}}}


Sample Reponse

{"name": "dissociateKey",
"result": {
"status": "SUCCESS",
"message": "Key dissociated successfully."}}


36. To Add a Certificate

Description

To add an SSL certificate to Key Manager Plus certificate repository.

URL

https://<Host-Name-of-KMP-Server OR IP
address>:6565/api/pki/restapi/addCertificate


HTTPS Method

POST

Header

AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8


Input Data

The following data to be passed as input.

input data: {"operation":{"Details":{"fileType":"KEYSTORE","PASSWORD":"PASSWORD"}}}

Note: The fileType specified in the input data can be either CERTFILE or KEYSTORE. For CERTFILE fileType, the PASSWORD field need not be specified.


Sample Request

curl -X POST -k -H "AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8" -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"fileType":"KEYSTORE","PASSWORD":"PASSWORD"}}} -F File=@D:/certs/newcert.keystore https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/addCertificate


Sample Response

{"name": "AddCertificate",
"result":
{{"Status":"Success",
"Message": "Certificate newcert.com added successfully"}}}


37. To Deploy a Certificate

Description

To Deploy SSL Certificate.

HTTPS Method

POST

Header

AUTHTOKEN:75408B31-EC01-4494-BCBC-48DC5F39920F


Input Data

INPUT_DATA={"operation":{"Details":{"common_name":"testcert","serial_number":"xxxxxxxx","serverName":"testmachine"}}}

Note: It is optional to provide the server name. The server name allows you to deploy certificates to that particular server. Without the server name, the certificates are deployed to all the saved servers from the client.


Sample Request

https://127.0.0.1:6565/api/pki/restapi/deployCertificate 


Sample Response

{"result": {
"message": "Certificate deployment is successful.",
"status": "Success"
},
"name": "DeployCertificate",
"totalRows": 1,
"deployStatus": [
{
"server": "testmachine",
"message": "Certificate testcert of format CER and PFX deployed in testmachine successfully.",
"status": "Success"
}]}


38. To Delete a SSH Key

Description

To delete a particular SSH key.

URL

https://< Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/deleteSSHKey


HTTPS Method

DELETE

Header

AUTHTOKEN=A3164150-4C15-4AA4-918E-F258F38149F8


Input Data

The following data to be passed as input.

{"operation":{"Details":{"key_name":"newkey1","withoutDisassociation":"true"}}}


Sample Request

https://< Host-Name-of-KMP-Server OR IP address 
>:6565/api/pki/restapi/deleteSSHKey?INPUT_DATA={"operation":{"Details":{"key_name":"newkey1","withoutDisassociation":"true"}}}


Sample Response

{ "name": "DeleteSSHKey",
"result": { "status": "Success",
"message": "SSH keys newkey1 deleted successfully"}}


39. To Get Certificate Private Key Passphrase

Description

To get the passphrase of a certificate private key

URL

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getCertificatePassphrase


HTTPS Method

GET

Header

AUTHTOKEN=894241B8-C361-4E30-B467-0AF9AAA00011


Input Data

The following data is to be passed as input:

{"operation":{"Details":{"common_name":"mycert","serial_number":"XXXXXXXXXXXXXX"}}}


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getCertificatePassphrase?INPUT_DATA={"operation":{"Details":{"common_name":"mycert","serial_number":"XXXXXXXXXXXXXX"}}}


Sample Response

{
"result": {
"message": "Private key passphrase of certificate mycert is fetched",
"status": "Success"
},
"name": "GetCertificatePassphrase",
"details": {
"Passphrase": "SamplePassphrase"
}
}


40. To Fetch PGP Keys

Description

To fetch PGP Keys

HTTPS Method

GET

Header

AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE


Input Data

The following data is to be passed as input:

  1. {"operation":{"Details":{"User":"test (test) <tes@test.com>","keyExportType":"public"}}}
  2. {"operation":{"Details":{"User":"test (test) <tes@test.com>","keyExportType":"private"}}}

Notes: 

Specify 'public or 'private' in 'keyExportType' to indicate to fetch public or private key.

If you are using special characters in the key "User", kindly escape them using the backslash.


Sample Request

  1. https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getPGPKey?INPUT_DATA={"operation":{"Details":{"User":"test (test) <tes@test.com>","keyExportType":"public"}}}
  2. https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getPGPKey?INPUT_DATA={"operation":{"Details":{"User":"test (test) <tes@test.com>","keyExportType":"private"}}}


Sample Response

Key file


41. To Fetch all Audit Details

Description

To get all the audit details.

HTTPS Method

GET

Header

AUTHTOKEN=068E1EC1-9587-4CA5-A284-02A6200F0032


Input Data

None


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getAuditDetails  


Sample Response

{
"result": {
"message": "All Audit data fetched successfully.",
"status": "Success"
},
"name": "GetAllAudits",
"details": [
{
"OPERATION": "REST API",
"DESCRIPTION": "All Audit data fetched successfully.",
"AUDITID": 902,
"USERNAME": "admin",
"TIME": "Apr 18, 2023 13:25"
}
],
"totalRows": 1
}


42. To Get SSL Vulnerabilities Count

Description

To get the total number of SSL vulnerabilities.

HTTPS Method

GET

Header

AUTHTOKEN=A36ECFEF-7374-4DE2-B1A0-3EE719E3D2C7


Input Data

None


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getSSLVulnerabilityCount

Sample Response

{
"result": {
"message": "SSL vulnerability data fetched successfully.",
"status": "Success"
},
"name": "GetSSLVulnerabilityCount",
"details": {
"SSLVulnerabilityCount": {
"Weak Cipher Suites": 0,
"Poodle SSL": 0,
"Revoked": 0,
"SSLv3 Enabled": 0,
"No TLS1.2": 1,
"Heartbleed": 0
}
}
}


43. To Revoke MSCA Certificate

Description

To revoke a MSCA certificate.

HTTPS Method

POST

Header

AUTHTOKEN=1604F2E1-2E31-4886-AA4E-DDBC9D3D189B


Input Data

None

Sample Request

https:<//Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/revokeMSCACertificate?INPUT_DATA={"operation":{"Details":{"common_name":"test3","serial_number":"12345","revoke_reason":1}}}

Note: Provide the revoke_ reason attribute accordingly as specified below.
0 - Unspecified, 1 - Key compromise, 2 - Certificate Authority compromise, 3 - Affiliation changed, 4 - Superseded, 5 - Cessation of operation, 6 - Certificate hold, 7 - Remove from CRL


Sample Response

Certificate manageengine.com revoked successfully with reason Certificate hold.


44. Fetch Unmanaged Certificates from a Load Balancer or Shared Path

Description

To fetch the discovered and unmanaged certificates of format JKS/PKCS from a load balancer or shared path.

HTTPS Method

GET

Header

AUTHTOKEN=1604F2E1-2E31-4886-AA4E-DDBC9D3D189B


Input Data

{"operation":{"Details":{"type":"loadbalancer"}}}
Note: 'type' can be 'loadbalancer' or 'sharedpath' as required.


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/getUnmanagedCertList?INPUT_DATA={"operation":{"Details":{"type":"loadbalancer"}}}
Note: 'type' can be 'loadbalancer' or 'sharedpath'.


Sample Response

{
"result": {
"message": "Data fetched from the repository",
"status": "Success"
},
"name": "getUnmanagedCertList",
"details": [
{
"Certificate.keystore::2": "ENTER_THE_PASSWORD",
"www.managengine.com.keystore::8": "ENTER_THE_PASSWORD",
"Certificate.jks::1": "ENTER_THE_PASSWORD",
"www.chrometest.com_04_13_9_57_06.pfx::7": "ENTER_THE_PASSWORD",
"success.pfx::5": "ENTER_THE_PASSWORD",
"zs.com_May-17-2021-11_14.pfx::9": "ENTER_THE_PASSWORD",
"secret.keystore::4": "ENTER_THE_PASSWORD",
"test.pfx::6": "ENTER_THE_PASSWORD",
"des.EcSN9OIoOFuCQa8Tg.com.keystore::3": "ENTER_THE_PASSWORD"
}
],
"totalRows": 9
}

Note: Enter the respective certificate's password and save the response as a .txt file in the below format.
{
"Certificate.keystore::2": "Qx@7rF2uPv",
"www.managengine.com.keystore::8": "Y9g#kL4sZ",
"Certificate.jks::1": "H3&bN8wXp",
"www.chrometest.com_04_13_9_57_06.pfx::7": "A1z%vD6fR",
"success.pfx::5": "P7m*C2oLq",
"zs.com_May-17-2021-11_14.pfx::9": "W5@hU9sKt",
"secret.keystore::4": "F4g%B6nYl",
"test.pfx::6": "X8d#jM6oZ",
"des.EcSN9OIoOFuCQa8Tg.com.keystore::3": "V2p!tR7sH"
}


45. To Import the Unmanaged Certificates Fetched from a Load Balancer or Shared Path

Description

To import the unmanaged certificates of format JKS/PKCS fetched from a load balancer or shared path into the Key Manager Plus.

HTTPS Method

GET

Header

AUTHTOKEN=1604F2E1-2E31-4886-AA4E-DDBC9D3D189B


Input Data

The .txt file saved with the fetched data from the API - Fetch Unmanaged Certificates (.keystore/.pfx) from a Load Balancer or Shared Path is to be uploaded here as input data.


Sample Request

https://<Host-Name-of-KMP-Server OR IP address>:6565/api/pki/restapi/discoverUnmanagedCert


Sample Response

{
"Status": "Success",
"Message": "All certificates were imported successfully.",
"ImportedCertificate": [
"Certificate.keystore",
"www.manageengine.com.keystore",
"Certificate.jks",
"www.chrometest.com_04_13_9_57_06.pfx",
"success.pfx",
"zs.com_May-17-2021-11_14.pfx",
"secret.keystore",
"teste.pfx",
"demo.EcSN9OIoOFuCQa8Tg.com.keystore"
]
}

Top