Skip to main content

POST – Creating New Certificate

Request

POST https://{{ip}}/redfish/v1/AccountService/Accounts/{ManagerAccountId}/Certificates
POST https://{{ip}}/redfish/v1/Managers/{ManagerId}/NetworkProtocol/HTTPS/Certificates
POST https://{{ip}}/redfish/v1/Systems/{ComputerSystemId}/Boot/Certificates
POST https://{{ip}}/redfish/v1/AccountService/LDAP/Certificates
POST https://{{ip}}/redfish/v1/AccountService/LDAP/Certificates/Oem/Ami/ClientCertificates
Content-Type: application/json
Note
  1. Performing POST operation to https://{{ip}}/redfish/v1/AccountService/LDAP/Certificates will create/upload root CA certificate required for LDAP authentication.

  2. Performing POST operation to https://{{ip}}/redfish/v1/AccountService/LDAP/Certificates/Oem/Ami/ClientCertificates will create/upload root CA certificate required for LDAP authentication. The private key required to upload into BMC will a part of the POST body in this URI.

  3. Please ref https://ubuntu.com/server/docs/service-ldap-with-tls on how to generate LDAP certificate key.

Request Body will be in JSON format. The properties are mentioned in the following table.
Table 1. Certificate Collection POST Request Property

Name

Type

Description

CertificateString(M)

String

This parameter shall contain the string of the certificate, and the format shall follow the requirements specified by the CertificateType property value. If the certificate contains any private keys, they shall be removed from the string in responses. If the service does not know the private key for the certificate and it is needed to use the certificate, the client shall provide the private key as part of the string in the POST request.

Note
  1. Only support PKCS#1 and PKCS#8 (not encrypted) for private key string.

  2. CertificateString should reserve all end-of-line string from certificate file or from private key file, and they should be replaced as \n in request body.

  3. Only certificate or private key in correct CertificateType format will be recognized. The other strings which don t follow CertificateType format will be ignored.

CertificateType(M)

String

The link to the Certificate Resource Collection where the certificate is installed.
Note
Certificate Type property only supports PEM format.

Request example

{
"CertificateString": "------BEGINCERTIFICATE-----
nMIIC2DCCAoICCQDrKFHkCkpC2zANBgkqhkiG9w0BAQsFADCB8jELMAkGA1UEBhMC\nVVMxDzAN
BgNVBAgMBk9yZWdvbjERMA8GA1UEBwwIUG9ydGxhbmQxEDAOBgNVBAoM\nB0NvbnRvc28xDDAKBg
NVBAsMA0FCQzEcMBoGA1UEAwwTbWFuYWdlci5jb250b3Nv\nLm9yZzEgMB4GCSqGSIb3DQEJARYRYW
RtaW5AY29udG9zby5vcmcxGjAYBgNVBCkM\nEXRlc3RDb250YWN0UGVyc29uMRYwFAYDVQQqDA10ZX
N0R2l2ZW5OYW1lMRUwEwYD\nVQQrDAx0ZXN0SW5pdGlhbHMxFDASBgNVBAQMC3Rlc3RTdXJuYW1
lMB4XDTE5MTIx\nOTAyNTg0NVoXDTIwMDExODAyNTg0NVowgfIxCzAJBgNVBAYTAlVTMQ8wDQYD
VQQI\nDAZPcmVnb24xETAPBgNVBAcMCFBvcnRsYW5kMRAwDgYDVQQKDAdDb250b3NvMQww\nCgY
DVQQLDANBQkMxHDAaBgNVBAMME21hbmFnZXIuY29udG9zby5vcmcxIDAeBgkq\nhkiG9w0BCQEWE
WFkbWluQGNvbnRvc28ub3JnMRowGAYDVQQpDBF0ZXN0Q29udGFj\ndFBlcnNvbjEWMBQGA1UEKgwN
dGVzdEdpdmVuTmFtZTEVMBMGA1UEKwwMdGVzdElu\naXRpYWxzMRQwEgYDVQQEDAt0ZXN0U3Vy
bmFtZTBcMA0GCSqGSIb3DQEBAQUAA0sA\nMEgCQQC2vTAZtvPrByReb065z6E/n7Rv8ymt4Goowjet6s0kf
m/WnJumTt0/eJfk\n2j5c+XSg6q1wgmZOZA+NZVL7DFUjAgMBAAEwDQYJKoZIhvcNAQELBQADQQCsYyR
Y\n3RX7fsLQr0M/LgHCHF9ke9mF8KsockAQlZLkXuwSZHe6+0b7p6OeWrdiuil6cpmO\nb32QIGFrKWq8JXD
+\n-----ENDCERTIFICATE-----\n-----BEGINPRIVATEKEY-----
\nMIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAtr0wGbbz6wckXm9O\nuc+hP5+0b/Mpre
BqKMI3rerNJH5v1pybpk7dP3iX5No+XPl0oOqtcIJmTmQPjWVS\n+wxVIwIDAQABAkEAn6j0WcNLolF/KTM/
KYGLdTdoQ1fFVrH4jtwCIeZAjlygCliT\nKcb1AOsO/jxKFaK/ZUUVk5lWomxnZBy641r+AQIhANpX0+K7kUU
m4L7x1VgFfRUh\nal8ns1MneAkbL0z0j+NjAiEA1kFjSAJIki1fkakXtixdiZz9GdRbgLBFM4cZJXtT\n00ECIQCN
kCIdwBTI7BMNWghD4JMfryGjfj8DK/Tkmo6Ja4sbFwIhAKF1FwcNyXh2\nvt06qsa6uiZY6pbLY8UfkJabCUUo
oevBAiAzw38GApvYqlQeSRQcHTMx/LN6a6NY\nJlxeaUXwCcsIuw==\n-----ENDPRIVATEKEY-----\n",
"CertificateType":"PEM"
}
Note
  1. HTTPS Certificate Collection DID NOT support POST operation because Lighttpd only accept one certificate.

  2. Maximum allowed size of CertificateString for all Boot Certificate Instance is 20 KB.

  3. Maximun number of Certificate Instance for ManagerAccount Certificate is 5.

Response

The response status is 201 and the response body is a GET Response with the properties of the newly created Certificate. For Error Responses, please refer to Error Response.