Register SecureTransport

This section describes how to use a dedicated REST API to register SecureTransport with Central Governance.

To perform a registration you require the following SecureTransport data:

  • Hostname and port
  • Username and password
  • CA certificate
Note If the admind is issued by an intermediate CA, you must provide both the intermediate and the root CA, concatenated in the same request body, in the REST API.
Note If SecureTransport is configured with an Internal CA that is a certificate chain, you must concatenate the entire chain of certificates and set it in the admindCACertificate field.

Prerequisites

Before registering SecureTransport, make sure the configuration is correct for transferring files via preferred protocols. This includes services, ports, SSL certificates for services and protocol-specific configuration. Ensure also that SecureTransport and Central Governance are not using the same ports as this will lead to a failed registration.

Additional prerequisites and recommendations are available on the SecureTransport page.

Retrieve the CA certificate

From the SecureTransport UI:

  1. Select Setup > Certificates.
  2. Click the Trusted CAs tab.
  3. Navigate to the page that lists the certificate to export.
  4. Select the CA and then Export.
  5. Edit the certificate before using it in REST APIs:
    • Linux: Replace the separator character \n with \\n
    • Windows: Replace the separator character \r\n with \\n

Register the SecureTransport

Use the register REST API as demonstrated in the following example to perform the SecureTransport registration:

POST /api/v2/st/register

{

"hostname": "lvmstlinux63_12",

"port": 444,

"authUserName": "admin",

"authPassword": "admin",

"admindCACertificate": <ca_value>,

"os": "linux-x86-64",

"version": "5.3.6",

"name": <SecureTransport name in CG>,

"accountHome": "/CentralGovernance",

"uid": 1001,

"guid": 1001

}

Note For Windows, the “accountHome”: would be “C:\\CentralGovernance”.

The response body returns the registration status, which could be:

  • Registered
  • Ready to register
  • Registration failed

Or, retrieve the status using the GET command:

GET /api/v2/products?name=<SecureTransport name in Central Governance>
Tip   For more information on registering SecureTransport, see SecureTransport.

Approve registration

If Central Governance is set to require registration approval, issuing the SecureTransport register REST API puts the SecureTransport in the Ready to register status.

To retrieve a list of SecureTransports waiting for registration approval, enter:

GET /api/v2/products

You can approve registration using the following REST API:

POST /api/v2/st/businessId/approvereg

Update the CA certificate for SecureTransport

You can use a REST API to update the CA certificate on Central Governance if the SecureTransport certificate was regenerated as follows:

  1. Retrieve the new CA certificate from SecureTransport using the Retrieve the CA certificate procedure. If the SecureTransport CA is a chain certificate, concatenate the intermediate and the root CAs to create the new CA to use in the Central Governance REST API.

  2. Update the certificate used in Central Governance for that specific SecureTransport:

PUT /st/businessId/adminca

"<new_ca>"

Note Certificates that you update using REST API must be Base64 encoded.
  1. Retrieve the new CA certificate from SecureTransport using the Retrieve the CA certificate procedure. If the SecureTransport CA is a chain certificate, concatenate the intermediate and the root CAs to create the new CA to use in the Central Governance REST API.
  2. Update the certificate used in Central Governance for that specific SecureTransport:
  3. PUT /st/businessId/adminca

    "<new_ca>"

Troubleshoot

If registration fails due to an incorrect JSON, you may have to manually perform cleanup steps:

  1. On Central Governance remove the SecureTransport from the Product List.
  2. On SecureTransport do the following:
  • Go to Setup > Certificates.
    • Click the Trusted CAs tab.
    • Locate and remove the CA certificates uploaded by Central Governance on SecureTransport (these are prefaced with “cg_”).
  • Go to Accounts > Administrators. Click admin.
    • Disable Password is stored locally (not in external directory).
    • Click Save to apply the changes.

 

Central Governance | Document Directory

Related Links