VTYPE_CERTIFICATE_VALIDVTYPE_CERTIFICATE_EXPIREDVTYPE_CERTIFICATE_WILL_EXPIREVTYPE_CERTIFICATE_INVALIDMANAGEMENT_MODE_DEFAULTMANAGEMENT_MODE_WEBSERVERMANAGEMENT_MODE_EMMANAGEMENT_MODE_IQUERYMANAGEMENT_MODE_IQUERY_BIG3DMANAGEMENT_MODE_APACHESTYPE_NORMALSTYPE_FIPSSTYPE_PASSWORDSTYPE_NETHSMCTYPE_CA_SIGNED_YESCTYPE_CA_SIGNED_NOCTYPE_CA_SIGNED_UNKNOWNKTYPE_RSA_PRIVATEKTYPE_RSA_PUBLICKTYPE_DSA_PRIVATEKTYPE_DSA_PUBLIC
Checks to see if the device supports FIPS security.
Gets the list of all installed keys and their information.
Generates the specified keys.
Imports/installs the specified keys from the given PEM-formatted data.
Imports/installs the specified keys from the given files.
Exports the specified keys to PEM-formatted data.
Exports the specified keys to the given files.
Deletes/uninstalls the specified keys.
Converts the specified keys to FIPS-enabled keys.
Gets the list of all installed certificates and their information. If there's
a certificate bundle, only the first certificate in the bundle is returned, and
and is_bundle flag will be set to true for the correponding bundle file name.
Gets the list of all certificates bundled in the certificate files as
specified by the file_names. Each file_name will contain multiple certficates.
Note: only call this method when the results of get_certificate_list indicate
that there are multiple certificates bundled in a particular file.
Gets the list of all certificate subject alternative names in the certificate file objects
as specified by the file_names. This method is for non-bundled certificates. For certificate
bundles, use get_certificate_subject_alternative_name_bundle.
Gets the list of all certificate subject alternative names bundled in the certificate files as
specified by the file_names. Each file_name will contain multiple certficate subject alternative
names.
Note: only call this method when the results of get_certificate_list indicate
that there are multiple certificates bundled in a particular file.
Adds certificates identified by "pem_data" to the certificate bundles, which are presumed
to exist already. Each of the original certificate bundle can theoretically be a normal
certificate, i.e. a certificate bundle of one. After the add operation, the bundles will
contain more than one certificate.
Adds certificates identified by "certificate_files" to the certificate bundles, which are
presumed to exist already. Each of the original certificate bundle can theoretically be a
normal certificate, i.e. a certificate bundle of one. After the add operation, the bundles
will contain more than one certificate.
Deletes certificates, identified by their subject's X509 data, from the certificate bundles.
If the last certificate has been deleted from the bundle, the certificate file will
automatically be deleted.
Deletes certificates identified by serial number and issuer's X509 data from certificate
bundles.
If the last certificate has been deleted from the bundle, the certificate file will
automatically be deleted.
Generates the specified certificates. This assumes that each of the associated keys,
having the same identification as each certificate, has already been created.
Imports/installs the specified certificates from the given PEM-formatted data.
Imports/installs the specified certificates from the given files.
Exports the specified certificates to PEM-formatted data.
Exports the specified certificates to the given files.
Deletes/uninstalls the specified certificates.
Gets the validity of the specified certificates.
Binds/associates the specified keys and certificates.
Gets the list of all CSRs and their information.
Generates the specified certificate signing requests. This assumes that each of the
associated keys, having the same identification as each certificate request, has
already been created.
Imports/installs the specified certificate requests from the given PEM-formatted data.
Imports/installs the specified certificate requests from the given files.
Exports the specified certificate requests to PEM-formatted data.
Exports the specified certificate requests to the given files.
Deletes the specified CSRs.
Imports/installs the specified pkcs12 (Public Key
Cryptography Standard #12) information from the given
files. This includes keys and certificates, and each file
is optionally password-encrypted.
Exports all currently installed keys and certificates into the specified archive file.
The archive file is a .tgz file that will contain all keys and certificates.
Imports/installs all keys and certificates from the specified archive file.
The archive file should be a .tgz file that contains all keys and certificates.
Exports all currently installed keys and certificates into the returned archive stream.
The returned archive stream is basically the contents of a .tgz file that contains
all keys and certificates.
Imports/installs all keys and certificates from the incoming archive stream.
The archive stream should be the contents of a .tgz file that contains all
keys and certificates.
Exports the specified keys and certificates into the specified archive file.
The archive file is a .tgz file that will contain only the specified keys and
certificates that have been exported.
Imports/installs the specified keys and certificates from the specified archive file.
The archive file should be a .tgz file that may contain more keys and certificates
than what will be imported/installed.
Exports the specified keys and certificates into the returned archive stream.
The returned archive stream is basically the contents of a .tgz file that contains
the exported keys and certificates.
Imports/installs the specified keys and certificates from the incoming archive stream.
The archive stream should be the contents of a .tgz file that may contain more keys
and certificates than what will be imported/installed.
Gets a list of valid key sizes for specified key types.
The valid key sizes are bit-lengths of keys that are
supported by the system. For example, 1024 and 2048 mean
128-byte and 256-byte RSA key sizes. These sizes are used
when generating or importing a key.
Gets the version information for this interface.
Checks to see if the device supports FIPS security.
Gets the list of all installed keys and their information.
Generates the specified keys.
Imports/installs the specified keys from the given PEM-formatted data.
Imports/installs the specified keys from the given files.
Exports the specified keys to PEM-formatted data.
Exports the specified keys to the given files.
Deletes/uninstalls the specified keys.
Converts the specified keys to FIPS-enabled keys.
Gets the list of all installed certificates and their information. If there's
a certificate bundle, only the first certificate in the bundle is returned, and
and is_bundle flag will be set to true for the correponding bundle file name.
Gets the list of all certificates bundled in the certificate files as
specified by the file_names. Each file_name will contain multiple certficates.
Note: only call this method when the results of get_certificate_list indicate
that there are multiple certificates bundled in a particular file.
Gets the list of all certificate subject alternative names in the certificate file objects
as specified by the file_names. This method is for non-bundled certificates. For certificate
bundles, use get_certificate_subject_alternative_name_bundle.
Gets the list of all certificate subject alternative names bundled in the certificate files as
specified by the file_names. Each file_name will contain multiple certficate subject alternative
names.
Note: only call this method when the results of get_certificate_list indicate
that there are multiple certificates bundled in a particular file.
Adds certificates identified by "pem_data" to the certificate bundles, which are presumed
to exist already. Each of the original certificate bundle can theoretically be a normal
certificate, i.e. a certificate bundle of one. After the add operation, the bundles will
contain more than one certificate.
Adds certificates identified by "certificate_files" to the certificate bundles, which are
presumed to exist already. Each of the original certificate bundle can theoretically be a
normal certificate, i.e. a certificate bundle of one. After the add operation, the bundles
will contain more than one certificate.
Deletes certificates, identified by their subject's X509 data, from the certificate bundles.
If the last certificate has been deleted from the bundle, the certificate file will
automatically be deleted.
Deletes certificates identified by serial number and issuer's X509 data from certificate
bundles.
If the last certificate has been deleted from the bundle, the certificate file will
automatically be deleted.
Generates the specified certificates. This assumes that each of the associated keys,
having the same identification as each certificate, has already been created.
Imports/installs the specified certificates from the given PEM-formatted data.
Imports/installs the specified certificates from the given files.
Exports the specified certificates to PEM-formatted data.
Exports the specified certificates to the given files.
Deletes/uninstalls the specified certificates.
Gets the validity of the specified certificates.
Binds/associates the specified keys and certificates.
Gets the list of all CSRs and their information.
Generates the specified certificate signing requests. This assumes that each of the
associated keys, having the same identification as each certificate request, has
already been created.
Imports/installs the specified certificate requests from the given PEM-formatted data.
Imports/installs the specified certificate requests from the given files.
Exports the specified certificate requests to PEM-formatted data.
Exports the specified certificate requests to the given files.
Deletes the specified CSRs.
Imports/installs the specified pkcs12 (Public Key
Cryptography Standard #12) information from the given
files. This includes keys and certificates, and each file
is optionally password-encrypted.
Exports all currently installed keys and certificates into the specified archive file.
The archive file is a .tgz file that will contain all keys and certificates.
Imports/installs all keys and certificates from the specified archive file.
The archive file should be a .tgz file that contains all keys and certificates.
Exports all currently installed keys and certificates into the returned archive stream.
The returned archive stream is basically the contents of a .tgz file that contains
all keys and certificates.
Imports/installs all keys and certificates from the incoming archive stream.
The archive stream should be the contents of a .tgz file that contains all
keys and certificates.
Exports the specified keys and certificates into the specified archive file.
The archive file is a .tgz file that will contain only the specified keys and
certificates that have been exported.
Imports/installs the specified keys and certificates from the specified archive file.
The archive file should be a .tgz file that may contain more keys and certificates
than what will be imported/installed.
Exports the specified keys and certificates into the returned archive stream.
The returned archive stream is basically the contents of a .tgz file that contains
the exported keys and certificates.
Imports/installs the specified keys and certificates from the incoming archive stream.
The archive stream should be the contents of a .tgz file that may contain more keys
and certificates than what will be imported/installed.
Gets a list of valid key sizes for specified key types.
The valid key sizes are bit-lengths of keys that are
supported by the system. For example, 1024 and 2048 mean
128-byte and 256-byte RSA key sizes. These sizes are used
when generating or importing a key.
Gets the version information for this interface.
The KeyCertificate interface exposes methods that enable you to manage keys, certificates,
and certificate requests. All methods in this interface are atomic operations, such that
each operation involves creating a session context with the key/certificate management
library, performing the required action, and cleaning up and/or destroying the session
context when completed. Therefore, all operations are stateless.
Note that all operations on keys, certificates, and certificate requests are performed in
the directory location containing keys, certs, csr's... as structured for Apache, which is
currently /config/ssl. For archiving operations, you have the option of exporting
or importing archives to/from other locations. If the location is not specified, the default
location of /config/ssl will be used.
This interface does not support transactions.