TrustStore Content Download

This API will retrieve trust store certificate content from a specified Certificate Authority (CA). It is triggered by the Cert-Orchestrator to dynamically fetch trusted CA certificates needed for trust store creation or updates.

Request Structure

Endpoint: /kube-trust-store-download
Type: POST
Sample URL: https://<IP/HostName/TenantName>:<GWPORT>/avxapi/kube-trust-store-download?gwsource=external

To understand the elements of the sample URL, click here.
Headers:
Content-Type: application/json
Table 1. Input Parameter
Name Description
sessionId

Header

 (Mandatory) A unique identifier assigned to a user's session upon successful authentication. The session ID remains valid until it expires, and it can contain alphanumeric characters.

Type: String

Constraints: The session ID is used when username and password are not provided.

Example: A1B2c3d4E5F6
gwsource

Query

 (Mandatory) Source from which the request is triggered.

Type: String

Example: DataCenterA
payload

Body

 (Mandatory) Input data for request body in application/json format. For payload details, see Payload section.

Payload

Name Description
kubeCACertDownloadRequests

Object

 Details of the CA certificates to be downloaded. See kubeCACertDownloadRequests.
Table 2. kubeCACertDownloadRequests
Name Description
certificateAuthority

String

 The name of the certificate authority. For example: AppViewX.
commonName

String

 (Mandatory) The common name of the certificate. For example: AppViewX Intermediate CA.
category

String

 (Mandatory) The category of the certificate. For example: Intermediate CA.
serialNumbers

String

 A list of valid serial numbers to identify specific certificates. If you use .* instead of specific serial numbers, it means all serial numbers that match the given certificate authority (CA) configuration will be considered.
intermediateChainRequired

boolean

 (Optional) The requirement of the intermediate certificate chain.

Status Codes

Table 3. Status Codes and Description
HTTP Status code appStatusCode Message and Possible remediation
200 OK NA Success
400 Bad Request KUBEPLUS-0017 Mandatory field is missing or invalid values specified - <<field name>>

Possible remediation: Check and ensure that valid value is provided for <<field name>> field in the request.
401 Unauthorized AVX_GW_003 Authentication failed, reason - Invalid Credentials

Possible remediation: Ensure that valid username and password or valid sessionId is provided as the header param.

Sample Request/Response

Use case: Revoke the certificate from AppViewX to end cluster.
Request URL

https://<IP/HostName/TenantName>:<GWPORT>/avxapi/kube-trust-store-download?gwsource=kube

Sample Request
{
    "payload": {
        "kubeCACertDownloadRequests": [
            {
                "certificateAuthority": "AppViewX",
                "commonName": "AppViewX Intermediate CA",
                "category": "Intermediate CA",
                "serialNumbers": ["01"],
                "intermediateChainRequired": false
            }
        ]
    }
}
Sample Response
{
    "response": {
        "trustStoreContent": "-----BEGIN CERTIFICATE-----\nMIIEJDCCAwygAwIBAgIRAN7QoflGw4yH0cdjMZLPhZYwDQYJKoZIh\n-----END CERTIFICATE-----\n",
        "failureReasons": []
    },
    "message": "Successfully retrieved trustStore from AppViewX",
    "appStatusCode": "success",
    "tags": null,
    "headers": null
}

Reference

Understanding the sample URL: This section provides an explanation of each component of the sample URL structure used in API requests. For quick reference, this section is referenced in all the API topics as Reference in this guide.
  • IP/HostName/TenantName: Replace with the actual IP address, hostname, or tenant name based on the specific configuration in AppViewX.
    • IP: A unique identifier assigned to each device connected to a computer network that uses the Internet Protocol for communication

      The IP address will be included in the endpoint URL for an on-prem deployment.

    • HostName: A human-readable label assigned to a device (host) on a network

      The hostname will be included in the endpoint URL for an on-prem deployment.

    • TenantName: An identifier label for a tenant given to indicate which tenant's data the API request will access/modify

      The tenant name will be included in the endpoint URL for a SaaS deployment.

  • GWPORT: AppViewX gateway port

    A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.

    Example: 31443

  • avxapi: Path parameter value (static) that is part of the endpoint's URL
  • Endpoint: Endpoint of the API, for example: execute-hook
  • gwsource: Source or origin of a gateway, for example: external.

What's Next