Skip to content

certificate-management.md

Latest commit

 

History

History
250 lines (169 loc) · 6.42 KB

certificate-management.md

File metadata and controls

250 lines (169 loc) · 6.42 KB

Certificate Management

Manage custom TLS certificates for HTTPS upstream verification

List all custom certificates

GET /certificates

Code samples

curl -X GET http://localhost:9090/api/management/v0.9/certificates \
  -u {username}:{password} \
  -H 'Accept: application/json'

Retrieve all custom TLS certificates currently loaded in the certificate store. These certificates are used for verifying HTTPS upstream connections.

Authentication

This operation requires Basic Auth authentication.

Required roles: admin, developer

Example responses

200 Response

{
  "certificates": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "name": "my-custom-ca",
      "subject": "CN=My CA,O=My Organization,C=US",
      "issuer": "CN=My CA,O=My Organization,C=US",
      "notAfter": "2026-11-26 06:07:26",
      "count": 1,
      "message": "Certificate uploaded and SDS updated successfully",
      "status": "success"
    }
  ],
  "totalCount": 3,
  "totalBytes": 221599,
  "status": "success"
}

Responses

Status Meaning Description Schema
200 OK List of certificates CertificateListResponse
500 Internal Server Error Internal server error ErrorResponse

Upload a new certificate

POST /certificates

Code samples

curl -X POST http://localhost:9090/api/management/v0.9/certificates \
  -u {username}:{password} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -d @payload.json

Upload a new TLS certificate (PEM format) to the Gateway. The certificate is loaded dynamically without restarting the Gateway.

Payload

{
  "name": "my-custom-ca",
  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAKL0UG+mRKtjMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n...\n-----END CERTIFICATE-----\n"
}

Authentication

This operation requires Basic Auth authentication.

Required roles: admin, developer

Parameters

Name In Type Required Description
body body CertificateUploadRequest true none

Example responses

201 Response

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "name": "my-custom-ca",
  "subject": "CN=My CA,O=My Organization,C=US",
  "issuer": "CN=My CA,O=My Organization,C=US",
  "notAfter": "2026-11-26 06:07:26",
  "count": 1,
  "message": "Certificate uploaded and SDS updated successfully",
  "status": "success"
}

Responses

Status Meaning Description Schema
201 Created Certificate uploaded successfully CertificateResponse
400 Bad Request Invalid certificate format ErrorResponse
500 Internal Server Error Internal server error ErrorResponse

Delete a certificate

DELETE /certificates/{id}

Code samples

curl -X DELETE http://localhost:9090/api/management/v0.9/certificates/{id} \
  -u {username}:{password} \
  -H 'Accept: application/json'

Delete a certificate from the Gateway. The change is applied dynamically without restarting the Gateway.

Authentication

This operation requires Basic Auth authentication.

Required roles: admin

Parameters

Name In Type Required Description
id path string true ID of the certificate to delete

Example responses

200 Response

{
  "status": "success",
  "message": "Certificate deleted and SDS updated successfully",
  "id": "550e8400-e29b-41d4-a716-446655440000"
}

Responses

Status Meaning Description Schema
200 OK Certificate deleted successfully Inline
404 Not Found Certificate not found ErrorResponse
500 Internal Server Error Internal server error ErrorResponse

Response Schema

Status Code 200

Name Type Required Restrictions Description
» status string false none none
» message string false none none
» id string false none none

Manually reload certificates

POST /certificates/reload

Code samples

curl -X POST http://localhost:9090/api/management/v0.9/certificates/reload \
  -u {username}:{password} \
  -H 'Accept: application/json'

Manually trigger a reload of all certificates from the filesystem into the Gateway.

Authentication

This operation requires Basic Auth authentication.

Required roles: admin

Example responses

200 Response

{
  "status": "success",
  "message": "Certificates reloaded and SDS updated successfully",
  "totalBytes": 221599
}

Responses

Status Meaning Description Schema
200 OK Certificates reloaded successfully Inline
500 Internal Server Error Internal server error ErrorResponse

Response Schema

Status Code 200

Name Type Required Restrictions Description
» status string false none none
» message string false none none
» totalBytes integer false none Total bytes of all loaded certificates