Page History

...

• API has to be invoked multiple times to upload the certificates and has to be done in order following from root cert, 0 or more intermediate certs followed by server cert and private key.
• Uploading root certificate and the server certificates are mandatory steps.
• Uploading intermediate certificates(s) is optional.
• Self-signed certificates are not supported.
• Reverting back to Realhostip.com or the last certificate is not supported.

...

• Understanding parameters -
  • When API is invoked directly instead if UI make sure the certificates are URL encoded. One way is to use Google chrome - Advanced Rest Client to url encode your certificate (basically it converts the newline into %0A so the certificate becomes 1 line rather than multiple lines ).
  • Make sure the certificates are in PEM format.
  • API invocation has to be in order ie first the root certificate with id=1 then zero or more intermediate certificates with id =2, 3, 4 etc.
  • There is no convention for the name parameter but it would help to name the root certificate as "root", intermediate certificates as "intermediate1", "intermediate2" etc. NOTE - Keep the names always unique.
  • domainsuffix should be same as the global config secstorage.ssl.cert.domain/consoleproxy.url.domain = yourdomain.com and for all the API invocations.

DataBase - 

 'keystore' table stores the certificate.

Schema - 

mysql> desc keystore;
+---------------+---------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+---------------+---------------------+------+-----+---------+----------------+
| id | bigint(20) unsigned | NO | PRI | NULL | auto_increment |
| name | varchar(64) | NO | UNI | NULL | |
| certificate | text | NO | | NULL | |
| key | text | YES | | NULL | |
| domain_suffix | varchar(256) | NO | | NULL | |
| seq | int(11) | YES | | NULL | |
+---------------+---------------------+------+-----+---------+----------------+

...