Creating a key container for SSL-VPN (V2 service/self-signed certificate)

This section explains the procedure for creating a key container for SSL-VPN.

Note:

A container is an aggregate of a CA certificate, a server certificate, a private key, and a DH key. This container will later be used when creating an SSL-VPN connection. When creating this container, it is necessary to specify the following information as fixed values.

  • type: "generic"
  • name: "ca", "server_certificate", "server_key", "dh"
  1. Execute the following commands to perform the necessary configuration. 
    $ CONTAINER_NAME=<Key Container Name (Optional)>
    $ TYPE=generic (Fixed value)
    $ CA_NAME=ca (Fixed value)
    $ CA_URL=<secret_ref of CA Certificate
    $ SV_CERT_NAME=server_certificate (Fixed value)
    $ SV_CERT_URL=<secret_ref of Server Certificate>
    $ SV_KEY_NAME=server_key (Fixed value)
    $ SV_KEY_URL=<secret_ref of Private Key for Server Certificate>
    $ DH_NAME=dh (Fixed value)
    $ DH_URL=<secret_ref of DH Key>
  2. Execute the following API. 
    $ curl -X POST -sS -i $KEYMANAGEMENT/v1/$PROJECT_ID/containers \
-H "X-Auth-Token: $OS_AUTH_TOKEN" -H "Content-Type: application/json" \
-d '{"name":"'$CONTAINER_NAME'", "type": "'$TYPE'",
 "secret_refs":[{"name": "'$CA_NAME'", "secret_ref": "'$CA_URL'"},
 {"name": "'$SV_CERT_NAME'","secret_ref": "'$SV_CERT_URL'"},
 {"name": "'$SV_KEY_NAME'","secret_ref": "'$SV_KEY_URL'"},
 {"name": "'$DH_NAME'", "secret_ref": "'$DH_URL'"}] }'

    A response like the following will be returned.

    HTTP/1.1 201 Created
X-Fcx-Endpoint-Request: EXECUTED_REQ000257862_201
Location: http://keymanagement.<Region Identifier>.cloud.global.fujitsu.com/<Project ID>/containers/<Key Container ID>
Content-Type: application/json;charset=UTF-8
Content-Length: 161
Date: Www, DD MMM yyyy hh:mm:ss GMT
  3. Execute the following API to confirm that the key container has been created. 
    $ curl -X GET -sS $KEYMANAGEMENT/v1/$PROJECT_ID/containers \
-H "X-Auth-Token: $OS_AUTH_TOKEN" -H "Content-Type: application/json" \
| jq .

    If the certificates registered to the container are output as shown below, then creation is complete.

    {
"containers": [
    {
      "type": "generic",
      "container_ref": "https://keymanagement.<Region Identifier>.cloud.global.fujitsu.com/v1/<Project ID>/containers/<Key Container ID>",
      "created": "YYYY-MM-DDThh:mm:ss.SSS",
      "secret_refs": [
        {
          "name": "ca",
          "secret_id": "<CA Certificate ID>"
        },
        {
          "name": "server_certificate",
          "secret_id": "<Server Certificate ID>"
        },
        {
          "name": "server_key",
          "secret_id": "<ID of Private Key for Server Certificate>"
        },
        {
          "name": "dh",
          "secret_id": "<DH Key ID>"
        }
      ],
      "name": "<Key Container Name>",
      "updated": "YYYY-MM-DDThh:mm:ss.SSS",
      "status": "ACTIVE"
    }
  ],
  "total": 1
}
Note: Take a note of the <Key Container ID> that is given at the end of the "container_ref" parameter of the key container, as this value will be used in "Creating an SSL-VPN connection (V2 service/self-signed certificate)".