<div dir="ltr"><div dir="ltr">DMTF Redfish latest version 2018.3  added support for the certificate management schemas.<br><br>Reference: <a href="https://www.dmtf.org/sites/default/files/Redfish_2018_Release_3_Overview.pdf">https://www.dmtf.org/sites/default/files/Redfish_2018_Release_3_Overview.pdf</a><br>                   <a href="https://www.dmtf.org/content/redfish-update-adds-support-certificate-management-sensors">https://www.dmtf.org/content/redfish-update-adds-support-certificate-management-sensors</a><br>                  <br><b>Uploading a  pre-generated certificate:</b><br>   - The User navigates to the appropriate certificate collection.<br>         Example: for uploading HTTPS server certificate:<br>                     URI:  /redfish/v1/Managers/{ManagerId}/NetworkProtocol/HTTPS/Certificates<br>   - The user performs a POST on the Certificate with the certificate ( includes Private key) string in the body.<br>        -  POST method should  support business logic to call the right d-bus certificate upload based on the url.<br>       - Creates a new link and this link details are availble as part certificatelocation "GET" method"<br>              Example: /redfish/v1/Managers/{ManagerId}/NetworkProtocol/HTTPS/Certificates/1<br><br><b>Replacing a certificate:</b><br>  - use the action  #CertificateService.ReplaceCertificate{ } in the certificate service by providing link to the certificate that is being to replaced.<br><br><b>Deleting certificate:</b><br> - Not allowed. <br>Note: Not a valid use case for client/server type certificates. This may be required for Authority type certificate , need more investigation on this.<br><br>Looking fro community feedback on the proposed approach related to certificate upload/management.<br><br>Note: Not included CSR based certificate upload/Management.<br><br><b>Certificate Management Schemas information:</b><br><br>Certificate: The Certificate resource describes a certificate used to prove the identify of a component, account, or service<br><br>CertificateService: resource off the Service Root<br>    Contains service level Actions<br>        GenerateCSR: Manage certificate signing requests from a user<br>        ReplaceCertificate: Provide an atomic approach for deleting and adding a certificate<br><br>CertificateCollection:<br>    Perform standard Create operations for managing certificates<br>    Collections added to resources that can have certificates installed to it<br>        The location of the collection will inform the client about the relationship between the <br>        certificate and other resources in the data model<br>        Available URI’s <br>                  /redfish/v1/AccountService/Accounts/{ManagerAccountId}/Certificates/<br>        /redfish/v1/AccountService/ActiveDirectory/Certificates/<br>        /redfish/v1/AccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates/<br>        /redfish/v1/AccountService/LDAP/Certificates/<br>        /redfish/v1/Managers/{ManagerId}/NetworkProtocol/HTTPS/Certificates<br>        /redfish/v1/Managers/{ManagerId}/RemoteAccountService/Accounts/{ManagerAccountId}/Certificates/<br>        /redfish/v1/Managers/{ManagerId}/RemoteAccountService/ActiveDirectory/Certificates/<br>        /redfish/v1/Managers/{ManagerId}/RemoteAccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates/    <br>             /redfish/v1/Managers/{ManagerId}/RemoteAccountService/LDAP/Certificates/<br><br>CertificateLocations:resource contains links to all the certificates so administrators and auditors can easily obtain a complete set<br></div></div>