POST /api/topology/services/{groupID}/csr

Description

Generate a private key and CSR (Certificate Sign Request) for an instance.


The CSR may be taken offline so that an external CA can create the signed certificate, or the CSR may be sent back to the Admin Node Manager where the domain private key resides in order to create the signed certificate.


This method is called by a client application (e.g. managedomain), on an Admin Node Manager when a new instance is being created.

Resource URL

https://localhost:8090/api/topology/services/{groupID}/csr

Parameters

groupID mandatory The group into which the new service must be placed.
servicesPort optional The business services port. This is required when creating a new API Server instance on disk so that the envSettings.props may be updated appropriately. Defaults to 8080.
signAlg optional The signing algorithm. Defaults to sha1.
keyPassphrase optional Passphrase used to encrypt the instance's private key file that is generated as a result of this method. The private key resides on disk temporarily until the signed certificate is received. This may be milliseconds after it is written to disk, or some considerable time if we are waiting for an external CA to sign the certificate.
service mandatory The new service to be created. This is passed in the request body. The id field is not required in the request body, it is returned from this method. Refer to Javadoc for com.vordel.api.topology.model.Service.

Response Codes

Response Code Description
201 Success. The response body contains the created assigned topology id of the instance and the CSR.
400 The response contains an error e.g.:-
  • An attempt was made to create a service that already exists.
  • An attempt is made to create a service on an unregistered host.
  • An attempt is made to create a service in a group that does not exist.
  • An attempt is made to create a service with invalid data.
  • An attempt is made to add a service that uses the same management port as another service on the same host.
  • An attempt is made to add a service that has a services port that is the same as a management port of another service on the same host.
  • An attempt is made to add a service where the management and services ports are the same.
  • An attempt is made to add a service of a type that differs to other processes in the group.
  • An attempt is made to add a service where the service name is invalid, illegal characters include '/', '`', '?', '*', '', '<', '>', '|', '"', ':'.
500 The response contains an error e.g. a failure occurred when propagating this topology update to other Node Managers.

Example Request and Response

POST https://localhost:8090/api/topology/services/{groupID}/csr

{
  "service": {
    "name": "APIGateway1",
    "type": "gateway",
    "scheme": "https",
    "hostID": "host-1",
    "managementPort": 8085,
    "tags": {

    },
    "enabled": true
  },
  "keyPassphrase": ""
}

HTTP 1.1 200 OK

{
   "result": [
      "-----BEGIN CERTIFICATE REQUEST-----MIIC6TCCAdECA.....-----END CERTIFICATE REQUEST-----",
      "instance-1"
   ]
}