Trusted Server Certificates (API)
Trusted Server Certificates parameters
Use these parameters when you create a Trusted Server Certificates policy with the profile API. Apply the profile to the app with app-market/policy.
| Parameter | Description |
|---|---|
| serverCertsList[ ] | An array of X.509 certificate files, as PEM-encoded data or base64-encoded DER format. |
| blockNetworkResources | iOS only: If validation is taking a long time and your PKIs include any components that attempt to access network resources, such as Certificate Revocation Lists, Authority Info Access, or Online Certificate Status Protocol records, you can set this parameter to avoid fetching network resources. Values: 1: Do not fetch network resources when validating certificates. 0: Do not modify PKI validation process. |
Trusted Server Certificates API resources
To manage Trusted Server Certificates profiles, use these resources:
- profile : Use type="trusted_server_certs" to create a Trusted Server Certificates profile. See example below.
- profile/catalog/{policytype} : Use "trusted_server_certs" for "{policytype}". GET returns an array of details for all policy profiles of the specified type.
- profile/{GUID} : Use the profile ID to specify a policy profile. GET returns details for the specified profile, PUT updates the details in the specified profile, and DELETE archives the profile.
- settings/trusted-server-certs-default-profile (settings/{policytype}-default-profile ): POST sets one of the Trusted Server Certificates profiles as the default. GET returns the GUID of the current default profile. DELETE archives the current default.
To retrieve details for the policy:
- app-policy/{GUID} : Use the policy ID to specify a policy. GET returns details for the specified policy.
- app-policy/code/{code} : Use POLICY_CODE_TRUSTED_SERVER_CERTS to specify the policy. GET returns details for the specified policy.
To secure an app with this policy:
- app-market/policy : Use the policy GUID to apply the policy to an app.
Creating a Trusted Server Certificates profile
This example creates a Trusted Server Certificates profile with the profile API, specifying all options.
Request
curl -k -v -L -b c.txt -c c.txt -X POST https://bc.qwe.com:443/mocana-app-control/rest/profile \
-F name="TestProfile" \
-F type="trusted_server_certs" \
-F desc="Default Profile" \
-F data-urlencode data="{\"serverCertsList\":[\"$(base64 SomeCertFile.der)\"], \"blockNetworkResources\":\"1\"}"Response
{"message": "",
"profiles": {
"data": {
"profile_data": "{\"serverCertsList\":[\"$(base64 SomeCertFile.der)\"], \"blockNetworkResources\":\"1\"}",
"profile_data_id": "effb2b09-88c7-4a16-8697-5b170cceb946",
"profile_data_stamp": "2016-08-19 15:28:17.0"
},
"profile_desc": "Default Profile",
"profile_id": "92e920e2-0000-4b54-9021-f0417f386f4f",
"profile_name": "TestProfile",
"profile_type": "trusted_server_certs",
"profile_url": "https://bc.qwe.com:443/mocana-app-control/rest/profile/92e170e2-0000-4b54-9021-f0464f386f4f"
},
"status": "OK"
}