CertStore AddCertStore

The AddCertStore method allows a client to define a new certificate store within Keyfactor Command. The structure is as follows:

Table 694: POST /AddCertStore Request Body

Parameter Name

Parameter Value

StoreType

Type of certificate store to be defined. This field is required and allowed values are:

Parameter Name

Parameter Value

0

Java KeystoreClosed A Java KeyStore (JKS) is a file containing security certificates with matching private keys. They are often used by Java-based applications for authentication and encryption.

2

PEMClosed A PEM format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PEM certificates always begin and end with entries like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. PEM certificates can contain a single certificate or a full certifiate chain and may contain a private key. Usually, extensions of .cer and .crt are certificate files with no private key, .key is a separate private key file, and .pem is both a certificate and private key. file

3

F5 SSLClosed TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. Profiles

4

IIS Trusted Root Certificates

5

NetScaler

6

IIS Personal Certificates

7

F5 Web Server

8

IIS Revoked Certificates
100 Amazon Web Services
101 File Transfer Protocol

ClientMachine

Machine where the certificate store resides (or will reside). Required.

StorePath

Path on the client machine where the store should be defined. Required for Java KeystoreClosed A Java KeyStore (JKS) is a file containing security certificates with matching private keys. They are often used by Java-based applications for authentication and encryption., PEM file, F5 SSL Profiles, and NetScaler (categories 0, 2, 3, and 5).

AgentId

Identifier of agent that will service the request. Either AgentId or AgentName must be provided for F5 (categories 3 and 7), IIS (categories 4, 6, and 8), and NetScaler stores (category 5).

AgentName

Machine name of agent that will service the request. Either AgentId or AgentName must be provided for F5 (categories 3 and 7), IIS (categories 4, 6, and 8), and NetScaler stores (category 5).

Container

Certificate store container that should contain the certificate store. This is optional and no certstore container will be assigned if it is not provided. See the Keyfactor Command Reference Guide for information on certificate store containers.

Password

Password used to access the store. Required for Java Keystore and optional for PEM file.

PrivateKeyPath

Path on the client machine where the private keyClosed Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure. should be stored. Supported only for PEM files, and is optional in that case. If no path is provided for a PEM file, the private key will be stored in the same PEM file as the certificate.

Table 695: POST /AddCertStore Response Body

Parameter Name

Parameter Value

Message

Description of the result of the operation, e.g. "The operation completed successfully".

Result

Numerical code for the outcome of the operation, as given in Table 697: POST /AddCertStoreServer Response Body.

Id

GUID of the created store, if successful.

Example Request

POST http://<host>/CMSApi/CertStore/1/AddCertStore HTTP/1.1 

{
	"ClientMachine": "192.168.41.171",
	"StorePath": "/opt/cms-java-agent/config/trust.jks",
	"StoreType": 0,
	"Password": "changeit"
}

Example Response

{
	"Result": 1,
	"Message": "The operation completed successfully.",
	"Id": "b195c1f9-1957-4bdb-a15d-f45159482611"
}