POST /api/topology/services/{groupID}/csr
Description
Generate a private key and CSR (Certificate Sign Request) for an instance.
The CSR may be taken offline so that an external CA can create the signed certificate, or the CSR may be sent back to the Admin Node Manager where the domain private key resides in order to create the signed certificate.
This method is called by a client application (e.g. managedomain), on an Admin Node Manager when a new instance is being created.
Resource URL
https://localhost:8090/api/topology/services/{groupID}/csr
Parameters
groupID | mandatory | The group into which the new service must be placed. |
servicesPort | optional | The business services port. This is required when creating a new API Server instance on disk so that the envSettings.props may be updated appropriately. Defaults to 8080. |
signAlg | optional | The signing algorithm. Defaults to sha1. |
keyPassphrase | optional | Passphrase used to encrypt the instance's private key file that is generated as a result of this method. The private key resides on disk temporarily until the signed certificate is received. This may be milliseconds after it is written to disk, or some considerable time if we are waiting for an external CA to sign the certificate. |
service | mandatory | The new service to be created. This is passed in the request body. The id field is not required in the request body, it is returned from this method. Refer to Javadoc for com.vordel.api.topology.model.Service . |
Response Codes
Response Code | Description |
---|---|
201 | Success. The response body contains the created assigned topology id of the instance and the CSR. |
400 | The response contains an error e.g.:-
|
500 | The response contains an error e.g. a failure occurred when propagating this topology update to other Node Managers. |
Example Request and Response
POST https://localhost:8090/api/topology/services/{groupID}/csr
{
"service": {
"name": "APIGateway1",
"type": "gateway",
"scheme": "https",
"hostID": "host-1",
"managementPort": 8085,
"tags": {
},
"enabled": true
},
"keyPassphrase": ""
}
HTTP 1.1 200 OK
{
"result": [
"-----BEGIN CERTIFICATE REQUEST-----MIIC6TCCAdECA.....-----END CERTIFICATE REQUEST-----",
"instance-1"
]
}