Skip to main content

PUT /cryptoSettings

Use this method to modify the current cryptographic settings on Lenovo XClarity Administrator.

To modify the current cryptographic setting for managed devices, use PUT /nodes/cryptoSettings.

Authentication

Authentication with username and password is required.

Request URL

PUT https://{management_server_IP}/cryptoSettings

Query parameters

None

Request body

AttributesRequired / OptionalTypeDescription
applyToMgmtServerOptionalBooleanIndicates whether to apply the specified settings to the XClarity Administrator management server. This can be one of the following values.
  • true. (default) Applies specified settings to the management server.

  • false. Does not apply settings to the management server.

cipherSuiteOptionalString
Attention
This attribute will be deprecated in a future release.

Minimum cipher suite version to use for server connections. This can be one of the following values.

  • tls1.2. TLS v1.2 or v1.3 cipher suite is required for both servers and clients.

    Specify tls1.2 for the minTlsVersionClient and minTlsVersionServer attributes instead.

  • tls1.2-flexcat. TLS v1.2 compliance with exceptions for deploying operating systems from the XClarity Administrator. Specify tls1.2 for the minTlsVersionClient, minTlsVersionServer, minTlsVersionOsDeploy attributes instead.
minTlsVersionClientOptionalStringMinimum TLS protocol version to use for client connections to other servers (such as the LDAP client). This can be one of the following values.
  • TLS1.2. Enforces TLS v1.2 cryptography protocols.
  • TLS1.3. Enforces TLS v1.3 cryptography protocols.
minTlsVersionOsDeployOptionalStringMinimum TLS protocol version to for the XClarity Administrator operating-system deployment server. This can be one of the following values.
  • TLS1.2. Enforces TLS v1.2 cryptography protocols.
  • TLS1.3. Enforces TLS v1.3 cryptography protocols.
minTlsVersionServerOptionalStringMinimum TLS protocol version to use for server connections (such as the web server). This can be one of the following values.
  • TLS1.2. Enforces TLS v1.2 cryptography protocols.
  • TLS1.3. Enforces TLS v1.3 cryptography protocols.
nistModeOptionalStringCryptographic mode of the Lenovo XClarity Administrator and all managed chassis. This can be one of the following values.
  • nistcomp. NIST compatibility mode.
  • nist800-131a. NIST800-131A strict compatibility mode. When this option is selected, you must also select tls1.2 for the minTlsVersionClient and minTlsVersionServer attributes.
returnJobInfoOptionalBooleanIndicates whether job information is to be returned as a result of changing the cryptographic settings. This can be one of the following values.
  • true. Returns job information in the response body and header if a job is created.
  • false. Does not return job information. This is the default setting.

The following example applies the specified TLS and NIST settings to the management server and all managed devices.

{
"applyToManagedDevices": true,
"applyToMgmtServer": true,
"minTlsVersionClient": "tls1.2",
"minTlsVersionOsDeploy": "tls1.2",
"minTlsVersionServer": "tls1.2",
"nistMode": "nist800-131a",
"returnJobInfo": true
}

Response codes

CodeDescriptionComments
200OKThe request completed successfully.
201CreatedOne or more new resources were successfully created.
400Bad RequestA query parameter or request attribute is missing or not valid, or the operation is not supported. A descriptive error message is returned in the response body.
500Internal Server ErrorAn internal error occurred. A descriptive error message is returned in the response body.

Response body

AttributesTypeDescription
resultStringResults of the request. This can be one of the following values.
  • success. The request completed successfully.
  • failure. The request failed. A descriptive error message was returned.
messagesArray of objectsInformation about one or more messages
 explanationStringAdditional information to clarify the reason for the message
 idStringMessage identifier of a returned message
 recoveryArray of objectsRecovery information
  textStringUser actions that can be taken to recover from the event
  URLStringLink to the help system for more information, if available
 textStringMessage text associated with the message identifier
The following example is returned when "returnJobInfo": true was specified and a job was created and successful.
{
"result": "success",
"messages": [{
"explanation": "",
"id": "FQXHMSE0001I",
"recovery": {
"text": "Information only; no action is required.",
"URL": ""
},
"text": "The request completed successfully."
}]
}
The following example is returned when returnJobInfo="false" was specified and a job was created but failed.
{
"result": "failure",
"messages": [{
"explanation": "The provided minimum SSL/TLS protocol level does not match one
of the expected string values. The requested operation was not
performed.",
"id": "FQXHMSE0501J",
"recovery": {
"text": "Correct the value and try the operation again.",
"URL": ""
},
"text": "The provided minimum SSL/TLS protocol level is not valid."
}]
}