Adding a certificate

In the REST API, you can add a new certificate by sending the certificate string in plain text format.

You cannot edit configurations of certificates that you added. To update a certificate, delete it and add a new certificate.

Method and URI

To add a certificate, use a POST method and a URI:

POST    https://{hostname|IPv4}/api/security/certificate

Parameters

None.

Data

Data 1: crt

The certificate in a text format. Replace new lines with the escape sequence characters:

\n
  • Example value: -----BEGIN CERTIFICATE-----\nj1w5eFM...+Vrr=\n-----END CERTIFICATE-----

  • Type: String. Required. Available in the web user interface.

Data 2: name

A meaningful name for the certificate.

  • Example value: BlueMachines Cert IBM Spectrum Protect

  • Type: String. Required. Available in the web user interface.

Data 3: type

The type of certificate. Use one of the following system values:

Type

Value

S3 compatible object storage

aws

IBM Spectrum Protect

sp

IBM Cloud Object Storage

cos

  • Type: System string. Required. Available in the web user interface.

Restriction: IBM Spectrum Protect Plus does not support certificate management for the original Amazon S3.

Example: Add a certificate

Assume that you want to add the following certificate text to IBM Spectrum Protect Plus:

  • Certificate value: See the Python snippet.

  • Name: BlueMachines - Cert IBM Spectrum Protect

  • Type: IBM Spectrum Protect

A Python snippet that is similar to the following example can be used to add the certificate:

cert_original = f'''-----BEGIN CERTIFICATE-----
j1w5eFMwPNhJSfl4zAau4GzOUuPyZea2OP5Arvsg00BKbr2dLwZ6EyON1Ux4ab0FMl2PHvD5ERthstuH
XpTKcSb66fI2hmyegTbV3EQCPR+GJJcCbSpBngu2u4onyLlr4V7gkvmVPj9yvgS64Co4BS3kwHCOtVen
...
vfJdE2s4Zc31HvMSKOBy37YTtNADXqEIle+Vrr=
-----END CERTIFICATE-----'''

cert_string = cert_original.replace('\n', '\\n')  # Replace new lines with \n

data = f'''{{
    "cert_value": {cert_string},
    "name": "BlueMachines - Cert IBM Spectrum Protect"
    "type": "sp"
}}'''

requests.post('https://' + spp_ipv4 + '/api/security/certificate',
    headers={...}, data=_data, verify=...)

The request prompts a response that is structured as shown, with the HTTP status of 201 (Created). Every bucket object has the name and ID that are the same string.

{
    "total": 3,
    "buckets": [
        {
            "links": {},
            "id": "bluemachines-sales",
            "name": "bluemachines-sales",
            "protectionConfiguration": null,
            "haslifecycleRules": false,
            "hasBucketArchiveLifecycleRules": false,
            "resourceType": "bucket"
        },
        {...}, {...}
    ]
}
_images/reference_certs_create01.png

Figure 64 The same action can be taken in the IBM Spectrum Protect Plus web user interface: In the Keys and Certificates pane, click the Certificates tab, and click Add Certificats. In the Add New Certificate section, seleft the type from “aws” for S3 compatible object storage, “sp” for IBM Spectrum Protect, and “cos” for IBM Cloud Object Storage. Select Copy and paste from Certificate. Enter the certificate name. Paste the certificate string in a plain text. Unlike the REST API, you can also upload a certificate file at the web user interface.