com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_link3' is unknown.

Client Side Mutual SSL Certificate Management via the Console

Owned by Former user (Deleted)
Last updated: Apr 27, 2016
1 min read

WSO2 EMM supports mutual SSL, where the client verifies that the server can be trusted and the server verifies that the client can be trusted by using digital signatures. The following sections illustrate how to manage the client side mutual SSL certificates.

Adding an SSL certificate

Description

Add a new SSL certificate to the client end database.

Resource Path/
URL/mdm-admin/certificates/
HTTP MethodPOST
Request/Response Formatapplication/json
cURL command
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/certificates/
  • For more information on how to generate the <EMM_API_TOKEN>, see Generating the OAuth 2.0 Access Token.
  • Define the path to the JSON file, which includes the required properties to update the platform configurations the as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
  • By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
  • By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 19097279360bd1d19af9fd836eb46591" -d @'certificate.json' -k -v https://localhost:9443/mdm-admin/certificates/
 Sample output
> POST /mdm-admin/certificates/saveCertificate HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 19097279360bd1d19af9fd836eb46591
> Content-Length: 1978
> Expect: 100-continue
< HTTP/1.1 100 Continue
< HTTP/1.1 201 Created
< Date: Thu, 24 Mar 2016 09:26:41 GMT
< Content-Type: application/json
< Content-Length: 21
< Server: WSO2 Carbon Server
Sample JSON
Definition 
[
  {
    "serial": "12438035315552875930",
    "pem": "MIIFlTCCA32gAwIBAgIJAKycxzhPSvWjMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNVBAYTAnNsMQwwCgYDVQQIDANhc
2QxDDAKBgNVBAcMA2FzZDELMAkGA1UECgwCYXMxCzAJBgNVBAsMAnNhMRQwEgYDVQQDDAsxMC4xMC4xMC4yNDAeFw0xNjAyMTUwNT
U5MDFaFw0xNzAyMTQwNTU5MDFaMFkxCzAJBgNVBAYTAnNsMQwwCgYDVQQIDANhc2QxDDAKBgNVBAcMA2FzZDELMAkGA1UECgwCYXM
xCzAJBgNVBAsMAnNhMRQwEgYDVQQDDAsxMC4xMC4xMC4yNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOAg4JBfnZ1x
/c/ktkuq7Wj8HQIm5CrwwYj+h2GDSDyqUKpyd3NJReNqUnhsL7MYR85tmP0SpBlD4X8KSBOuohVw4/cupmk0AlctINaTLRab0aN7u
x43fTglD2O5ATdtlH+xLHuLMKcREV+ZedrwjiqzbUX/J/5EYNxW3fAh9pk/PB31Jbv0UTv7dTghsiecYQb6ENlP0sID6gAi9Br9oK
Kz/mPQFGafIUXZYEiuc2ugYeNQsnTnteAwIR/0LeedsRTUk4sM/z9EZ/NJ/RALwrZ8SPcA90grWkl3m6+GWYvjbyg4T47m9Vy6YD7
p56QYitaGgooo2Tyj/tc2UrtPfJhmmkjs3dHDrvZLRskU2YXU+89qiuhfGulQG6Jz76Tf26gAX3tvhRACG8rbduSjvkyGJde5ig//
RC+JeUrdm+m3XwEbjFyGzVHaKjxIlQ/JXx1ffvZ+g2NLQUI/g3RbPQESTys0qWP25FYoJSv3i1w6C7akX2DwWUM+KzzCGRVRpNBaD
ai/mkVI0IVcb5X2pfqMygS+SA0pXtl1x/5YFhdQe2uoVvukb1cNcuOpBL6BMsFAd9CVDs21e7wDo74Sf879ve8bZF2M5WAQoKG9cb
YrA8KdX0vInEcYs1VwSuMaTABQSOw+LI+ubmeO9zZ0HrtU9okzQ8JaVeX/NRDP4JYDAgMBAAGjYDBeMB0GA1UdDgQWBBT6TvCK/V/
RfWuOP5boEG500eLe4TAfBgNVHSMEGDAWgBT6TvCK/V/RfWuOP5boEG500eLe4TAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB
hjANBgkqhkiG9w0BAQUFAAOCAgEAdheZlPw+QSN6HbVaXJTE/N272iz02HWz+5wREIHi31fAFCQs3KP/ozOSC6mmlRkJ1ry7SRslC
XVI7CqFJsuc0xR/cLb8Ti3CuzNRHd3N81tLtW8GdEU8wItQTJTkXBPiG2ZM6d7Un1daL1T5VTHONE/n2rQqpCREQvqJnLuCxdyrGG
RHrtM/wOSQ+s2yIFdYOdG6GiuBIz4ML8runEb2cpSxJrILvqOV3GakBwz9OARhrtowztH8WaC93WeMFAJHyzFBcnmjKozpJTKqZ4o
F+5o8o2ENly6+a/PExu7uhU9eDKMzc/rGVKOGF+NqxIiDJbGlCcAsQ9+uo3Xkh2T1rBsM0/COfRHz1jpRJy5YpHCKDyv1rrE7plNX
EtejjHxj2iwu8mzfCwznH0B06ThjEPUHWS0GrTjWWCjaP0R3hIU/s/H8b8KabryRwezFINOWAN8CZNoMtR8b5YzlktFxKbe6E5H3v
39s2xg1fvwwZKwZU3DbSWpwybGaBBUsNgTtT3ZhCm3eXkdESvAmp4+jm+M+nCuiwnJ0Sdv1azjPv4Jvie7ObHv7soN18bsiooYUyk
sw0YRcVDFckHK0tm2vZT+XC57P/c3IeVso1K7S0+Q9GHW/2OMQXHldXVywQB3RZ1dRO3qXLDh26DiJi0d/mJgI+8LooHOmreXTZLf
wWsc="
  }
]

Property

Description

Data
Type 
serial

The unique ID of the certificate.

String
pem

Convert the OpenSSL certificate to the .pem format and base 64 encode the file.

Upload the .pem file and base 64 encode it using a tool, such as the base64encode.in tool.

String

Getting details of an SSL certificate

Description

Get the client side SSL certificate details.

Resource Path/
URL/mdm-admin/certificates/{serialNumber}
HTTP MethodGET
Request/Response Formatapplication/json
cURL command
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/certificates/{serialNumber}
  • For more information on how to generate the <EMM_API_TOKEN>, see Generating the OAuth 2.0 Access Token.
  • By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
  • By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.
  • Provide the serial number of the certificate that you wish to get the details of, as the {serialNumber}.

Example:

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer f4c0c1b2b4ace7040132682139d51f74" -k -v https://localhost:9443/mdm-admin/certificates/124380353155528759302
 Sample output
> GET /mdm-admin/certificates/12438035315552875234 HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 19097279360bd1d19af9fd836eb46591
> 
< HTTP/1.1 200 OK
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Date: Thu, 24 Mar 2016 09:30:53 GMT
< Content-Type: application/json
< Content-Length: 379
< Server: WSO2 Carbon Server
{"serialNumber":"124380353155528759302","tenantId":-1234,"commonName":"10.10.10.24","notAfter":1487051941000,"notBefore":1455515941000,"certificateserial":12438035315552875939,"issuer":"CN\u003d10.10.10.24, OU\u003dsa, O\u003das, L\u003dasd, ST\u003dasd, C\u003dsl","subject":"CN\u003d10.10.10.23, OU\u003dsa, O\u003das, L\u003dfas, ST\u003dasd, C\u003ds4","certificateVersion":3}

In the output the = sign will be given as the encoded value, which is \u003d. You need to replace \u003d with the = sign after getting the certificate details.

Sample JSON output
Definition 
{
  "serialNumber": "124380353155528759302",
  "tenantId": -1234,
  "commonName": "124380353155528759302",
  "notAfter": 1487051941000,
  "notBefore": 1455515941000,
  "certificateserial": 12438035315552875939,
  "issuer": "CN=10.10.10.24, OU=sa, O=as, L=asd, ST=asd, C=sl",
  "subject": "CN=10.10.10.23, OU=sa, O=er, L=fas, ST=asd, C=s4",
  "certificateVersion": 3
}  

Property

Description

serial

It is the unique ID that is used to identify a certificate.

tenantId

The ID of the tenant who adds the certificate.

The default tenant domain of WSO2 EMM is carbon.super who is also represented as -1234. For more information on adding a tenant, see Managing Tenants.

commonNameIn mutual SSL the common name refers to the serial number of the Android device.
notAfterThe expiration date of the certificate that is inherent to the certificate.
notBeforeThe date from when the certificate is valid.

certificateserial

The serial number of the certificate.

issuer

The identity of the authority that signs the SSL certificate. Example: CA certificate or GoDaddy.

subject

The identity of the certificate.

certificateVersion

The version of the certificate.

Getting SSL certificate details in a paginated manner

Description

You will have many certificates used for mutual SSL. In a situation where you wish to view all the certificate details, it is not feasible to show all the details on one page therefore the details are paginated.

Resource Path/paginate
URL/mdm-admin/certificates/paginate?start={start}&length={length}
HTTP MethodGET
Request/Response Formatapplication/json
cURL command
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v "https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/certificates/paginate?start={start}&length={length}"
  • For more information on how to generate the <EMM_API_TOKEN>, see Generating the OAuth 2.0 Access Token.
  • By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
  • By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

  • Provide the starting pagination index as the value for {start}. Example 1

  • Provide how many certificate details you require from the starting pagination index as the value for {length}. For example if you require the device details from the 1st pagination index to the 2nd, you must define 1 as the value for start and 2 as the value for length.

    If you wish to get the device details within a predefined index range, you need to define both the start and length fields.
    Example: https://localhost:9443/mdm-admin/devices?start=1&length=2 There will be situations were you will not have device details in the specified index range. In such situation all the certificate details will be given.

Example:

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer f4c0c1b2b4ace7040132682139d51f74" -k -v "https://localhost:9443/mdm-admin/certificates/paginate?start=1&length=2"
 Sample output
> GET /mdm-admin/certificates/paginate?start=0&length=2 HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 957379f0d94d0c725b2100785b04854c
< HTTP/1.1 200 OK
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Date: Thu, 31 Mar 2016 03:51:29 GMT
< Content-Type: application/json
< Content-Length: 409
< Server: WSO2 Carbon Server
{"recordsTotal":1,"recordsFiltered":0,"draw":0,"data":[{"serialNumber":"12438035315552875234","tenantId":-1234,"notAfter":1487051941000,"notBefore":1455515941000,"certificateserial":12438035315552875939,"issuer":"CN\u003d10.10.10.24, OU\u003dsa, O\u003das, L\u003dasd, ST\u003dasd, C\u003dsl","subject":"CN\u003d10.10.10.24, OU\u003dsa, O\u003das, L\u003dasd, ST\u003dasd, C\u003dsl","certificateVersion":3}]}

In the output the = sign will be given as the encoded value, which is \u003d. You need to replace \u003d with the = sign after getting the certificate details.

Sample JSON output
Definition 
{
  "recordsTotal": 1,
  "recordsFiltered": 0,
  "draw": 0,
  "data": [
    {
      "serialNumber": "12438035315552875234",
      "tenantId": -1234,
      "notAfter": 1487051941000,
      "notBefore": 1455515941000,
      "certificateserial": 12438035315552875939,
      "issuer": "CN=10.10.10.24, OU=sa, O=as, L=asd, ST=asd, C=sl",
      "subject": "CN=10.10.10.23, OU=sr, O=ds, L=tyh, ST=sss, C=s4",
      "certificateVersion": 3
    }
  ]
}

Property

Description

recordsTotalThe total number of records that are given before filtering.

recordsFiltered

The total number of records that are given after filtering.

draw

The draw counter that this object is a response to, from the draw parameter sent as part of the data request.

For more information, see Server Side Data Processing.

dataThe details of the SSL certificate.
serial

The unique ID used to identify a certificate.

tenantId

The ID of the tenant who adds the certificate.

The default tenant domain of WSO2 EMM is  carbon.super who is also represented as -1234. For more information on adding a tenant, see Managing Tenants .

notAfterThe expiration date of the certificate that is inherent to the certificate.
notBeforeThe date from when the certificate is valid.

certificateserial

The serial number of the certificate.

issuer

The identity of the authority that signs the SSL certificate. Example: CA certificate or GoDaddy.

subject

The identity of the certificate.

certificateVersion

The version of the certificate.

Deleting an SSL certificate

Description

Delete an SSL certificate that's on the client end.

Resource Path/{serialNumber}
URL/mdm-admin/certificates/{serialNumber}
HTTP MethodDELETE
Request/Response Formatapplication/json
cURL command
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/certificates/{serialNumber}
  • For more information on how to generate the <EMM_API_TOKEN>, see Generating the OAuth 2.0 Access Token.
  • By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
  • By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.
  • Provide the serial number of the certificate that you wish to delete, as the {serialNumber}.

Example:

curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer 19097279360bd1d19af9fd836eb46591" -k -v https://localhost:9443/mdm-admin/certificates/124380353155528759302
 Sample output
> DELETE /mdm-admin/certificates/124380353155528759302 HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 19097279360bd1d19af9fd836eb46591
< HTTP/1.1 200 OK
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Date: Thu, 24 Mar 2016 09:38:23 GMT
< Content-Type: application/json
< Content-Length: 4
< Server: WSO2 Carbon Server

com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links2' is unknown.