Gérer les CA
Vous pouvez gérer les Autorités de certification (CA) dans le but de les utiliser comme critères pour vos règles d’accès API. Pour en savoir plus, voir À propos des règles d’accès API.
Pour renforcer davantage la sécurité de votre compte, nous recommandons de diversifier vos facteurs d’authentification. Par défaut, les certificats et les identifiants servent de facteur de connaissance. Les certificats peuvent servir de facteur de possession lorsqu’ils sont stockés sur des dispositifs physiques tels que des cartes à puce. |
Gérer les CA avec OSC CLI
Créer une CA
À ce jour, cette section est disponible en anglais uniquement. |
The CreateCa command creates a Client Certificate Authority (CA).
For more information, see About API Access Rules.
$ osc-cli api CreateCa --profile "default" \
--CaPem="$(cat ca-certificate.pem)" \
--Description "CA example"
$ osc-cli api CreateCa --profile "default" --authentication-method "password" --login "$OSC_EMAIL" --password "$OSC_PASSWORD" \
--CaPem="$(cat ca-certificate.pem)" \
--Description "CA example"
This command contains the following attributes that you need to specify:
-
CaPem
: The CA in PEM format.
With OSC CLI, use the following syntax to make sure your CA file is correctly parsed:--CaPem="$(cat FILENAME)"
. -
Description
: (optional) The description of the CA. -
DryRun
: (optional) If true, checks whether you have the required permissions to perform the action.
The CreateCa command returns the following elements:
-
Ca
: Information about the Client Certificate Authority (CA).-
CaFingerprint
: The fingerprint of the CA. -
CaId
: The ID of the CA. -
Description
: The description of the CA.
-
-
ResponseContext
: Information about the context of the response.-
RequestId
: The ID of the request.
-
{
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
},
"Ca": {
"Description": "CA example",
"CaId": "ca-fedcba0987654321fedcba0987654321",
"CaFingerprint": "1234567890abcdef1234567890abcdef12345678"
}
}
Obtenir des informations sur vos CA
À ce jour, cette section est disponible en anglais uniquement. |
The ReadCas command gets information about one or more of your Client Certificate Authorities (CAs).
$ osc-cli api ReadCas --profile "default" \
--Filters '{
"CaIds": ["ca-fedcba0987654321fedcba0987654321"]
}'
$ osc-cli api ReadCas --profile "default" --authentication-method "password" --login "$OSC_EMAIL" --password "$OSC_PASSWORD" \
--Filters '{
"CaIds": ["ca-fedcba0987654321fedcba0987654321"]
}'
This command contains the following attributes that you need to specify:
-
DryRun
: (optional) If true, checks whether you have the required permissions to perform the action. -
Filters
: (optional) One or more filters.-
CaFingerprints
: (optional) The fingerprints of the CAs. -
CaIds
: (optional) The IDs of the CAs. -
Descriptions
: (optional) The descriptions of the CAs.
-
The ReadCas command returns the following elements:
-
Cas
: Information about one or more CAs.-
CaFingerprint
: The fingerprint of the CA. -
CaId
: The ID of the CA. -
Description
: The description of the CA.
-
-
ResponseContext
: Information about the context of the response.-
RequestId
: The ID of the request.
-
{
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
},
"Cas": [
{
"Description": "CA example",
"CaId": "ca-fedcba0987654321fedcba0987654321",
"CaFingerprint": "1234567890abcdef1234567890abcdef12345678"
}
]
}
Modifier une CA
À ce jour, cette section est disponible en anglais uniquement. |
The UpdateCa command modifies the specified attribute of a Client Certificate Authority (CA).
$ osc-cli api UpdateCa --profile "default" \
--CaId "ca-fedcba0987654321fedcba0987654321" \
--Description "New description"
$ osc-cli api UpdateCa --profile "default" --authentication-method "password" --login "$OSC_EMAIL" --password "$OSC_PASSWORD" \
--CaId "ca-fedcba0987654321fedcba0987654321" \
--Description "New description"
This command contains the following attributes that you need to specify:
-
CaId
: The ID of the CA. -
Description
: (optional) The description of the CA. -
DryRun
: (optional) If true, checks whether you have the required permissions to perform the action.
The UpdateCa command returns the following elements:
-
Ca
: Information about the Client Certificate Authority (CA).-
CaFingerprint
: The fingerprint of the CA. -
CaId
: The ID of the CA. -
Description
: The description of the CA.
-
-
ResponseContext
: Information about the context of the response.-
RequestId
: The ID of the request.
-
{
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
},
"Ca": {
"Description": "New description",
"CaId": "ca-fedcba0987654321fedcba0987654321",
"CaFingerprint": "1234567890abcdef1234567890abcdef12345678"
}
}
Supprimer une CA
À ce jour, cette section est disponible en anglais uniquement. |
The DeleteCa command deletes a specified Client Certificate Authority (CA).
$ osc-cli api DeleteCa --profile "default" \
--CaId "ca-fedcba0987654321fedcba0987654321"
$ osc-cli api DeleteCa --profile "default" --authentication-method "password" --login "$OSC_EMAIL" --password "$OSC_PASSWORD" \
--CaId "ca-fedcba0987654321fedcba0987654321"
This command contains the following attributes that you need to specify:
-
CaId
: The ID of the CA you want to delete. -
DryRun
: (optional) If true, checks whether you have the required permissions to perform the action.
The DeleteCa command returns the following elements:
-
ResponseContext
: Information about the context of the response.-
RequestId
: The ID of the request.
-
{
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
}
}
Page connexe
Méthodes API correspondantes