Skip to main content
Version: 4.6

Certificate Management

Add Certificate

Adds or updates a certificate in the hdb_certificate system table. If a private_key is provided it will not be stored in hdb_certificate, it will be written to file in <ROOTPATH>/keys/. If a private_key is not passed the operation will search for one that matches the certificate. If one is not found an error will be returned.

Operation is restricted to super_user roles only

  • operation (required) - must always be add_certificate
  • name (required) - a unique name for the certificate
  • certificate (required) - a PEM formatted certificate string
  • is_authority (required) - a boolean indicating if the certificate is a certificate authority
  • hosts (optional) - an array of hostnames that the certificate is valid for
  • private_key (optional) - a PEM formatted private key string

Body

{
	"operation": "add_certificate",
	"name": "my-cert",
	"certificate": "-----BEGIN CERTIFICATE-----ZDFAay... -----END CERTIFICATE-----",
	"is_authority": false,
	"private_key": "-----BEGIN RSA PRIVATE KEY-----Y4dMpw5f... -----END RSA PRIVATE KEY-----"
}

Response: 200

{
	"message": "Successfully added certificate: my-cert"
}

Remove Certificate

Removes a certificate from the hdb_certificate system table and deletes the corresponding private key file.

Operation is restricted to super_user roles only

  • operation (required) - must always be remove_certificate
  • name (required) - the name of the certificate

Body

{
	"operation": "remove_certificate",
	"name": "my-cert"
}

Response: 200

{
	"message": "Successfully removed my-cert"
}

List Certificates

Lists all certificates in the hdb_certificate system table.

Operation is restricted to super_user roles only

  • operation (required) - must always be list_certificates

Body

{
	"operation": "list_certificates"
}

Response: 200

[
	{
		"name": "HarperDB-Certificate-Authority-node1",
		"certificate": "-----BEGIN CERTIFICATE-----\r\nTANBgkqhk... S34==\r\n-----END CERTIFICATE-----\r\n",
		"private_key_name": "privateKey.pem",
		"is_authority": true,
		"details": {
			"issuer": "CN=HarperDB-Certificate-Authority-node1 C=USA ST=Colorado L=Denver O=HarperDB\\, Inc.",
			"subject": "CN=HarperDB-Certificate-Authority-node1 C=USA ST=Colorado L=Denver O=HarperDB\\, Inc.",
			"serial_number": "5235345",
			"valid_from": "Aug 27 15:00:00 2024 GMT",
			"valid_to": "Aug 25 15:00:00 2034 GMT"
		},
		"is_self_signed": true,
		"uses": ["https", "wss"]
	},
	{
		"name": "node1",
		"certificate": "-----BEGIN CERTIFICATE-----\r\ngIEcSR1M... 5bv==\r\n-----END CERTIFICATE-----\r\n",
		"private_key_name": "privateKey.pem",
		"is_authority": false,
		"details": {
			"issuer": "CN=HarperDB-Certificate-Authority-node1 C=USA ST=Colorado L=Denver O=HarperDB\\, Inc.",
			"subject": "CN=node.1 C=USA ST=Colorado L=Denver O=HarperDB\\, Inc.",
			"subject_alt_name": "IP Address:127.0.0.1, DNS:localhost, IP Address:0:0:0:0:0:0:0:1, DNS:node.1",
			"serial_number": "5243646",
			"valid_from": "Aug 27 15:00:00 2024 GMT",
			"valid_to": "Aug 25 15:00:00 2034 GMT"
		},
		"is_self_signed": true,
		"uses": ["https", "wss"]
	}
]