-
Notifications
You must be signed in to change notification settings - Fork 332
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updated rest-api ditamap, Updated Encryption API parent topic to merg…
…e 4 sub-sections into the parent topic
- Loading branch information
1 parent
0e316af
commit 112f070
Showing
2 changed files
with
98 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,104 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd"> | ||
| <topic id="topic_i45_xf2_gw"> | ||
| <title>Encryption On-the-Wire API</title><shortdesc>Couchbase Server APIs for self-signed and X.509 certificates manage encryption | ||
| <title>Encryption On-the-Wire API</title> | ||
| <shortdesc>Couchbase Server APIs for self-signed and X.509 certificates manage encryption | ||
| on-the-wire.</shortdesc> | ||
| <body> | ||
| <p></p> | ||
| <section id="rest_cert_node"> | ||
| <title>Retrieve Node Certificate Info</title> | ||
| <p>Retrieves information about a node certificate.</p> | ||
| <p><b>GET /pools/default/certificate/node/<host:port></b></p> | ||
| <p><b>Description</b></p> | ||
| <p>This command retrieves information about the uploaded node certificate.</p> | ||
| <p><b>Example</b> | ||
| </p> | ||
| <codeblock>$ curl -X GET http://user:password@127.0.0.1:8091/pools/default/certificate/node/127.0.0.1:8091 | ||
| {"subject":"CN=127.0.0.1","expires":"2049-12-31T15:59:59.000Z","pem":" | ||
| -----BEGIN CERTIFICATE-----\nMIIC+DCCAeKgAwIBAgIIFB4b2mfRLHcwCwYJKoZIhvcNAQELMCAxHjAcBgNVBAMT\ | ||
| nFUludGVtZWRpYXRlIEF1dGhvcml0eTAeFw0xMzAxMDEwMDAwMDBaFw00OTEyMzEy\ | ||
| nMzU5NTlaMBQxEjAQBgNVBAMTCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQAD\ | ||
| nggEPADCCAQoCggEBAOO9byay0UjHI4Q1dd4zMgGPc7FkGDaH/5PEj7PdjlnZC6zm\ | ||
| ncsjqAyAq9WzI+LAzzfZXm2Da8MwJZX/MsvEcG15CV8bK075D1G4R7B+E+OIG//Xl\ | ||
| ntKZe7J0YqsW5KwZlDHWkyJ06ylWl/6hvw3YkG7mUOKi5WWuj8NGHP24cImkaon4+\ | ||
| nf8D6t3vEWFQEwb8IMUDgzwdihXdSqdzQ3a9ECKbl2BKeEFbPrzWoIYjWF5dyrZg3\ | ||
| n4/3+SHZ+uZzlG2x6cL2lrs7WUJXseasjkSFuQQzLZPIcJlJxlwXhKvfvucbgT9rG\ | ||
| nwopcjS3SaXnmreKF3jLmQGAPHYb8X1yCTTBQVLcCAwEAAaNGMEQwDgYDVR0PAQH\ | ||
| nBAQDAgCgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDwYDVR0R\ | ||
| nBAgwBocEfwAAATALBgkqhkiG9w0BAQsDggEBAEEWcC8uJ/Zk/4UFYTrQyvds/Kj8\ | ||
| n8/SNWVIcMNLHNsxPGtbrsRa9VFjPlCEB+dPpgIFq08626zRQ2Lb1qRZGWj+YM5gC\ | ||
| nhxaERSURrvr6i8x9jwALkQUxitRkNP6cb+wi4BCn8qjgxxyZ4g+CHEO9pHceljIn\ | ||
| n/bwY+hHTG0a+8hVj/14TGExFrEzNhyeSMmGpdFq3PNT97gRuVvFAz6ZD8qAt+S0j\ | ||
| nT61oShOpwNwhWnkK3OynN2JdVT+G496/xRayDPXG40V/AkJs3udZ6QmoeifkJ8sj\ | ||
| nYgOxdPWLMnAJ7fw6l/XE7XVD/Jld+pJrFa4YqHBkWL+s20OQmuWs8dVgVQ0=\n | ||
| -----END CERTIFICATE-----\n\n"}</codeblock> | ||
| </section> | ||
| <section id="rest_uploads_ca"> | ||
| <title>Upload and Regenerate Certificate</title><p>Uploads a pem-encoded root certificate | ||
| (cluster CA) to the cluster.</p><p><b>POST | ||
| /controller/uploadClusterCA</b></p><p><b>Description</b></p>The uploaded certificate will | ||
| be displayed in the UI and used for XDCR replications and for client certificate stores. | ||
| <p><b>Examples</b> | ||
| </p><codeblock>curl -X POST --data-binary "@/path/root.pem" http://user:password@127.0.0.1:8091/controller/uploadClusterCA </codeblock><codeblock>curl -X POST --data-binary "@./ca.pem" http://Administrator:password@127.0.0.1:8091/controller/uploadClusterCA</codeblock><p><b>Returns</b></p><p>Same | ||
| output as in the <codeph>GET /pools/default/certificate?extended=true</codeph> method.</p> | ||
| <p><b>Setting up per node CA certificate</b></p><p> | ||
| <codeblock>curl -X POST http://Administrator:password@127.0.0.1:8091/node/controller/reloadCertificate</codeblock> | ||
| </p> | ||
| <p><b>Regenerating a self-signed certificate</b></p><p>If you configured Couchbase to use | ||
| X.509 certificates, and you want to go back to the self-signed certificates, you can do this | ||
| by regenerating the self-signed cluster certificate <codeph>test.pem</codeph>.</p><p> | ||
| <codeblock>curl -X POST http://Administrator:password@remoteHost:8091/controller/regenerateCertificate</codeblock> | ||
| </p></section> | ||
| <section id="return_cluster_ca"> | ||
| <title>Return Cluster Certificate</title><p>Returns the current cluster certificate. | ||
| </p><p><b>GET /pools/default/certificate</b></p><p><b>Description</b></p>If you include | ||
| the parameter <codeph>extended=true</codeph>, it returns the extended certificate information: | ||
| <codeblock>{"cert": {"type" : ..., "pem" : ..., "subject" : ..., "expires" : ...}, warnings: []} </codeblock><p><b>Parameters</b></p><ul | ||
| id="ul_jyc_yjk_1y"> | ||
| <li><codeph>type</codeph> - generated or uploaded.</li> | ||
| <li><codeph>pem</codeph> - pem encoded certificate.</li> | ||
| <li><codeph>subject</codeph> - abbreviated certificate subject (*).</li> | ||
| <li><codeph>expires</codeph> - expiration data (*).</li> | ||
| <li><codeph>warnings</codeph> - warnings to be displayed in the UI. </li> | ||
| </ul><p>(*) not available for generated certificates. </p><p><b>Example</b></p><codeblock>$ curl -X GET http://user:password@127.0.0.1:8091/pools/default/ | ||
| certificate?extended=true</codeblock><codeblock>{"cert":{"type":"uploaded","pem":"-----BEGIN CERTIFICATE----- | ||
| \nMIIC6DCCAdKgAwIBAgIIFB4YAjF90MgwCwYJKoZIhvcNAQELMBkxFzAVBgNVBAMT\ | ||
| nDlJvb3QgQXV0aG9yaXR5MB4XDTEzMDEwMTAwMDAwMFoXDTQ5MTIzMTIzNTk1OVow\ | ||
| nGTEXMBUGA1UEAxMOUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB\ | ||
| nDwAwggEKAoIBAQDBum06stdiYQI2HQyjZeg3s0Pz8CziXqSg4GicaeKNloOfASwl\ | ||
| n+8LQDX5Dgb+Mc4ZxXYo9/7eVlsvSiZPZcv9D2pubjR4ZtEDY5t9AlXDiYTHK0zxG\ | ||
| nB34Llnz3gJmkAEAsjy4g+RfwpJS4kGVzFhrzgxOQJIJogZnLduk+mHFjyXI3X+8y\ | ||
| nf4KF8ijrXP8bbfa0kM1tjvcttaK7vTEP+G/mbOEFZErhScXT9eKRlgwsitaH7kI0\ | ||
| nimpqg3YX1znLQ5n+eLzeVR1HhszJrFaaaRHL0esml6jLEcZBBitJSuEuaMLp9ZWB\ | ||
| nA479ZHmN/vZc1SwfMrCE2+TE0ytW3O7eFXjXAgMBAAGjODA2MA4GA1UdDwEB/wQE\ | ||
| nAwIApDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MAsGCSqG\ | ||
| nSIb3DQEBCwOCAQEACReNkvIXhjPO0rWpgdVSqnLrjUb6DJf0n4Uyq6PfukeEfBtF\ | ||
| n59L+xUcoY6NFM5N6qRlGgg0eqTCVmQ6N6lKnnZRH23g3BPLjU2EqAtBHIc5f2JoM\ | ||
| nd1E4UD2v20MlFoeHL0YljGTywlqStoZYc2uYUJnJAVq2D1dWcwP2S7G6caLHMlAl\ | ||
| nQVYIZvjCGuqGckV1EqOTT7uKPH9ulljtYKVIq/aTbINjX0hJsaoN2hOfHVTp2Shq\ | ||
| neLMwgfNdg6zWRyeL/Mi/3jmSjSH61zyHva2xlY8Pl6Zurx/+pF1qN27+P8tCjsDO\ | ||
| nD2hAADXr8WRqC1Sd+xAGcFkvqOOFv/HRxDej3A==\ | ||
| n-----END CERTIFICATE-----\n", | ||
| "subject":"CN=Root Authority","expires":"2049-12-31T15:59:59.000Z"}, | ||
| "warnings":[{"node":"n_0@127.0.0.1","message": | ||
| "Certificate is not signed with cluster CA."}]} </codeblock> | ||
| <p><b>Possible | ||
| warnings:</b></p><codeblock>{"node":"n_0@127.0.0.1","message":"Certificate is not signed with cluster CA."}</codeblock><codeblock>{"node":"n_0@127.0.0.1","message":"Certificate is expired."}</codeblock><codeblock>{"node":"n_0@127.0.0.1","message":"Certificate will expire soon.","expires":"2049-12-31T15:59:59.000Z"}</codeblock></section> | ||
| <section id="rest_reload"><title>Apply Certificate to a Node</title><p>Takes chain.pem and | ||
| pkey.pem and applies to a node.</p><p><b>POST | ||
| /node/controller/reloadCertificate</b></p><p><b>Description</b></p>This command grabs | ||
| <codeph>chain.pem</codeph> and <codeph>pkey.pem</codeph> from the <filepath>data | ||
| folder/inbox/</filepath> directory and applies them to the node.<p><b>Parameters</b></p><ul | ||
| id="ul_yh4_lkk_1y"> | ||
| <li><codeph>chain.pem</codeph> - Contains a chain of pem-encoded certificates starting from | ||
| the node certificate and ending with the last intermediate certificate that precedes the | ||
| cluster certificate.</li> | ||
| <li><codeph>pkey.pem</codeph> - Contains the pem-encoded private key for the node | ||
| certificate.</li> | ||
| </ul><p><b>Example</b></p><codeblock>curl -X POST http://user:password@127.0.0.1:8091/node/controller/reloadCertificate</codeblock><p><b>Returns</b></p><ul | ||
| id="ul_zh4_lkk_1y"> | ||
| <li><codeph>200</codeph> - If it is a success </li> | ||
| <li><codeph>400</codeph> - An error message if it failed.</li> | ||
| </ul></section> | ||
| </body> | ||
| </topic> |