Trusted Server Certificates parameters

Use these parameters when you create a Trusted Server Certificates policy with the profile API. Apply the profile to the app with app-market/policy.

ParameterDescription
serverCertsList[ ]

An array of X.509 certificate files, as PEM-encoded data or base64-encoded DER format.

blockNetworkResources

iOS only: If validation is taking a long time and your PKIs include any components that attempt to access network resources, such as Certificate Revocation Lists, Authority Info Access, or Online Certificate Status Protocol records, you can set this parameter to avoid fetching network resources. Values:

1: Do not fetch network resources when validating certificates.

0: Do not modify PKI validation process.

Trusted Server Certificates API resources

To manage Trusted Server Certificates profiles, use these resources:

  • profile Use type="trusted_server_certs" to create a Trusted Server Certificates profile. See example below.
  • profile/catalog/{policytype} Use "trusted_server_certs" for "{policytype}". GET returns an array of details for all policy profiles of the specified type.
  • profile/{GUID} Use the profile ID to specify a policy profile. GET returns details for the specified profile, PUT updates the details in the specified profile, and DELETE archives the profile.
  • settings/trusted-server-certs-default-profile (settings/{policytype}-default-profile ):  POST sets one of the Trusted Server Certificates profiles as the default. GET returns the GUID of the current default profile. DELETE archives the current default.

To retrieve details for the policy:

  • app-policy/{GUID} : Use the policy ID to specify a policy. GET returns details for the specified policy.
  • app-policy/code/{code} Use POLICY_CODE_TRUSTED_SERVER_CERTS to specify the policy. GET returns details for the specified policy.

To secure an app with this policy:

Creating a Trusted Server Certificates profile

This example creates a Trusted Server Certificates profile with the  profile API, specifying all options.

Request

curl -k -v -L -b c.txt -c c.txt -X POST https://bc.qwe.com:443/mocana-app-control/rest/profile \
  -F name="TestProfile" \
  -F type="trusted_server_certs" \
  -F desc="Default Profile" \
  -F data-urlencode data="{\"serverCertsList\":[\"$(base64 SomeCertFile.der)\"], \"blockNetworkResources\":\"1\"}"
BASH


Response

{"message": "",
 "profiles": {
   "data": {
     "profile_data": "{\"serverCertsList\":[\"$(base64 SomeCertFile.der)\"], \"blockNetworkResources\":\"1\"}",
     "profile_data_id": "effb2b09-88c7-4a16-8697-5b170cceb946",
     "profile_data_stamp": "2016-08-19 15:28:17.0"
     },
   "profile_desc": "Default Profile",
   "profile_id": "92e920e2-0000-4b54-9021-f0417f386f4f",
   "profile_name": "TestProfile",
   "profile_type": "trusted_server_certs",
   "profile_url": "https://bc.qwe.com:443/mocana-app-control/rest/profile/92e170e2-0000-4b54-9021-f0464f386f4f"
   },
 "status": "OK"
}
JS

On this page

Related topics