Central Governance 1.1.3 Users Guide Save PDF Selected topic Selected topic and subtopics All content Register SecureTransport This section describes how to use a dedicated REST API to register SecureTransport with Central Governance. To perform a registration you require the following SecureTransport data: Hostname and port Username and password CA certificate Note If the admind is issued by an intermediate CA, you must provide both the intermediate and the root CA, concatenated in the same request body, in the REST API. Note If SecureTransport is configured with an Internal CA that is a certificate chain, you must concatenate the entire chain of certificates and set it in the admindCACertificate field. Prerequisites Before registering SecureTransport, make sure the configuration is correct for transferring files via preferred protocols. This includes services, ports, SSL certificates for services and protocol-specific configuration. Ensure also that SecureTransport and Central Governance are not using the same ports as this will lead to a failed registration. Additional prerequisites and recommendations are available on the SecureTransport page. Retrieve the CA certificate From the SecureTransport UI: Select Setup > Certificates. Click the Trusted CAs tab. Navigate to the page that lists the certificate to export. Select the CA and then Export. Edit the certificate before using it in REST APIs:Linux: Replace the separator character \n with \\nWindows: Replace the separator character \r\n with \\n Register the SecureTransport Use the register REST API as demonstrated in the following example to perform the SecureTransport registration: POST /api/v2/st/register { "hostname": "lvmstlinux63_12", "port": 444, "authUserName": "admin", "authPassword": "admin", "admindCACertificate": <ca_value>, "os": "linux-x86-64", "version": "5.3.6", "name": <SecureTransport name in CG>, "accountHome": "/CentralGovernance", "uid": 1001, "guid": 1001 } Note For Windows, the “accountHome”: would be “C:\\CentralGovernance”. The response body returns the registration status, which could be: Registered Ready to register Registration failed Or, retrieve the status using the GET command: GET /api/v2/products?name=<SecureTransport name in Central Governance> Tip For more information on registering SecureTransport, see SecureTransport. Approve registration If Central Governance is set to require registration approval, issuing the SecureTransport register REST API puts the SecureTransport in the Ready to register status. To retrieve a list of SecureTransports waiting for registration approval, enter: GET /api/v2/products You can approve registration using the following REST API: POST /api/v2/st/businessId/approvereg Update the CA certificate for SecureTransport You can use a REST API to update the CA certificate on Central Governance if the SecureTransport certificate was regenerated as follows: Retrieve the new CA certificate from SecureTransport using the Retrieve the CA certificate procedure. If the SecureTransport CA is a chain certificate, concatenate the intermediate and the root CAs to create the new CA to use in the Central Governance REST API. Update the certificate used in Central Governance for that specific SecureTransport: PUT /st/businessId/adminca "<new_ca>" Note Certificates that you update using REST API must be Base64 encoded. Retrieve the new CA certificate from SecureTransport using the Retrieve the CA certificate procedure. If the SecureTransport CA is a chain certificate, concatenate the intermediate and the root CAs to create the new CA to use in the Central Governance REST API. Update the certificate used in Central Governance for that specific SecureTransport: PUT /st/businessId/adminca "<new_ca>" Troubleshoot If registration fails due to an incorrect JSON, you may have to manually perform cleanup steps: On Central Governance remove the SecureTransport from the Product List. On SecureTransport do the following: Go to Setup > Certificates.Click the Trusted CAs tab. Locate and remove the CA certificates uploaded by Central Governance on SecureTransport (these are prefaced with “cg_”). Go to Accounts > Administrators. Click admin.Disable Password is stored locally (not in external directory).Click Save to apply the changes. Central Governance | Document Directory Related Links
Register SecureTransport This section describes how to use a dedicated REST API to register SecureTransport with Central Governance. To perform a registration you require the following SecureTransport data: Hostname and port Username and password CA certificate Note If the admind is issued by an intermediate CA, you must provide both the intermediate and the root CA, concatenated in the same request body, in the REST API. Note If SecureTransport is configured with an Internal CA that is a certificate chain, you must concatenate the entire chain of certificates and set it in the admindCACertificate field. Prerequisites Before registering SecureTransport, make sure the configuration is correct for transferring files via preferred protocols. This includes services, ports, SSL certificates for services and protocol-specific configuration. Ensure also that SecureTransport and Central Governance are not using the same ports as this will lead to a failed registration. Additional prerequisites and recommendations are available on the SecureTransport page. Retrieve the CA certificate From the SecureTransport UI: Select Setup > Certificates. Click the Trusted CAs tab. Navigate to the page that lists the certificate to export. Select the CA and then Export. Edit the certificate before using it in REST APIs:Linux: Replace the separator character \n with \\nWindows: Replace the separator character \r\n with \\n Register the SecureTransport Use the register REST API as demonstrated in the following example to perform the SecureTransport registration: POST /api/v2/st/register { "hostname": "lvmstlinux63_12", "port": 444, "authUserName": "admin", "authPassword": "admin", "admindCACertificate": <ca_value>, "os": "linux-x86-64", "version": "5.3.6", "name": <SecureTransport name in CG>, "accountHome": "/CentralGovernance", "uid": 1001, "guid": 1001 } Note For Windows, the “accountHome”: would be “C:\\CentralGovernance”. The response body returns the registration status, which could be: Registered Ready to register Registration failed Or, retrieve the status using the GET command: GET /api/v2/products?name=<SecureTransport name in Central Governance> Tip For more information on registering SecureTransport, see SecureTransport. Approve registration If Central Governance is set to require registration approval, issuing the SecureTransport register REST API puts the SecureTransport in the Ready to register status. To retrieve a list of SecureTransports waiting for registration approval, enter: GET /api/v2/products You can approve registration using the following REST API: POST /api/v2/st/businessId/approvereg Update the CA certificate for SecureTransport You can use a REST API to update the CA certificate on Central Governance if the SecureTransport certificate was regenerated as follows: Retrieve the new CA certificate from SecureTransport using the Retrieve the CA certificate procedure. If the SecureTransport CA is a chain certificate, concatenate the intermediate and the root CAs to create the new CA to use in the Central Governance REST API. Update the certificate used in Central Governance for that specific SecureTransport: PUT /st/businessId/adminca "<new_ca>" Note Certificates that you update using REST API must be Base64 encoded. Retrieve the new CA certificate from SecureTransport using the Retrieve the CA certificate procedure. If the SecureTransport CA is a chain certificate, concatenate the intermediate and the root CAs to create the new CA to use in the Central Governance REST API. Update the certificate used in Central Governance for that specific SecureTransport: PUT /st/businessId/adminca "<new_ca>" Troubleshoot If registration fails due to an incorrect JSON, you may have to manually perform cleanup steps: On Central Governance remove the SecureTransport from the Product List. On SecureTransport do the following: Go to Setup > Certificates.Click the Trusted CAs tab. Locate and remove the CA certificates uploaded by Central Governance on SecureTransport (these are prefaced with “cg_”). Go to Accounts > Administrators. Click admin.Disable Password is stored locally (not in external directory).Click Save to apply the changes. Central Governance | Document Directory