Difference between revisions of "Manage Certificate SOAP"

Line 1: Line 1:
Certificate Admin Extension gives ZCS an easy way to install Certificates, either self-signed or commercial, on the ZCS server easily.
+
{{Archive}}{{WIP}}Certificate Admin Extension gives ZCS an easy way to install Certificates, either self-signed or commercial, on the ZCS server easily.
  
 
The soap commands we used in the extension are the following  
 
The soap commands we used in the extension are the following  

Revision as of 18:22, 24 March 2015

Certificate Admin Extension gives ZCS an easy way to install Certificates, either self-signed or commercial, on the ZCS server easily.

The soap commands we used in the extension are the following


urn:zimbraAdmin


  • If target Server id is "--- All Servers ---", the soap call will apply to all the servers. A flag will be set for the zmcertmgr
<GetCertRequest type="staged|all|mta|mailboxd|proxy|ldap" option="self|comm"
	server="server-id">
</GetCertRequest>

<GetCertResponse>
	<cert type="staged|mta|mailboxd|proxy|ldap" server="server-name"> 
		<name>{value}</name>*
	</cert>
</GetCertResponse>

type: (required) 
	  staged - view the staged crt
	  other options are used to view the deployed crt	
option: (optional)
	  it only matters when the type is staged.
server: (required) server id, 
Name: C, ST, L, O, OU, CN, SubjectAltName
Note: now only staged and all is handled. May need to support other options in the future
<GetCSRRequest type="self|comm" server="server-id">
	
</GetCSRRequest>
<GetCSRResponse csr_exists="0|1" isComm="0|1" server="server-name">
	<name>{value}</name>*
</GetCSRResponse>

Name: C, ST, L, O, OU, CN, SubjectAltName
csr_exits: 0 - doesn't exist, 1 - exists
isComm (Currently not working/used): is the commercially signed cert exists 0 - doesn't exist, 1 - exists
<GenCSRRequest new="0|1" type="self|comm" server="server-id" keysize="1024|2048">
  	<name>{value}</name>*
</GenCSRRequest>

<GenCSRResponse server="server-name">
	<name>{value}</name>*
</GenCSRResponse>
Request a CSR:
Subject Attributes: C, ST, L, O, OU, CN,
subject: example /C=US/ST=N_A/L=N_A/O=Zimbra Collaboration Suite/CN=admindev.zimbra.com
new: 1 - force to create a new CSR, the previous one will be overwrited
SubjectAltName: 0|*, it is used to add the Subject Alt Name extension in the certificate, so multiple hosts can be supported
<InstallCertRequest type="self|comm" server="server-id">
  	<subject>
  	    <{name}>{value}</{name}>*
  	</subject>
  	<SubjectAltName>{value}</SubjectAltName>*
  	<validation_days>{value}</validation_days> ?
  	<keysize>{1024|2048}</keysize>?
  	<comm_cert>
  		<cert>
  			<aid>{value}</aid>
  			<filename>{value></filename>
  		</cert>
  		<rootCA>
  			<aid>{value}</aid>
  			<filename>{value></filename>
  		</rootCA>?
  		<intermediateCA>
  			<aid>{value}</aid>
  			<filename>{value></filename>
  		</intermediateCA>*		
	</comm_cert>?
</InstallCertRequest>

<InstallCertResponse server="server-name" />

Ask server to install the certificates
validation_days: required, number of the validation days of the self signed certificate,
keysize: 1024|2048, key length of the self-signed certificate
aid: attachedment ID of the uploaded commercial certificate

Jump to: navigation, search