POST PEM through the API - formatting issues

Hello guys,
I’ve been trying to post an SSL certificate to the Trust Store via the Nexus 3 API.
I’ve attempted several ways of formatting the key, but I keep getting back the same error response from the Nexus server:
HTTP code 400
“id” : “PARAMETER arg0”,
“message” : “Invalid PEM formatted certificate”
I’ve tried doing it using Python’s Requests library as well as CURL.
The most baffling thing is that I’ve POSTED back the exact copy of JSON data that I got from the API when requesting a list of valid certificates that I had added manually earlier on.
The PEM formatting returned by the API is formatted in the following way (i’m only including an excerpt of the cert itself):

"pem": "-----BEGIN CERTIFICATE-----\nMIIFhzCCA2+gAwIBAgIQJ8pVv17LRIFN80wvURvhBDANBgkqhkiG9w0BAQsFADAv\nMS0wKwYDVQQDEyRDZXRydGFwb3QgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw/.../
\n-----END CERTIFICATE-----\n"

Here are some of the other formatting options that I’ve tried, but without any success:
a) No newlines, no spaces, the whole PEM cert as one long line
b) Only the base64 encoded string, no “BEGIN CERTIFICATE” and “END CERTIFICATE” line
c) A newline after the “BEGIN CERTIFICATE” line, no newlines in the base64-encoded string, a newline before and after “END CERTIFICATE”
d) newlines with two backslashes instead of one
I’m out of ideas and would appreciate it if you’d help me out. I have a nagging suspicion that the error message might be a red herring and that some other parameter might be causing the failure. I can supply other parameters in the POST request if needed.
Thank you,
Mitja

Hi Mitja,
It’s hard to tell what could be wrong with your requests as different shells can interpret your escaping differently, but here’s an example usage of cURL in ZSH that should work:

curl -X 'POST' -u 'user:pass' https://nexus.local/service/rest/v1/security/ssl/truststore \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d "-----BEGIN CERTIFICATE-----
MIIFhzCCA2+gAwIBAgIQJ8pVv17LRIFN80wvURvhBDANBgkqhkiG9w0BAQsFADAv
MS0wKwYDVQQDEyRDZXRydGFwb3QgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
/.../
-----END CERTIFICATE-----"
1 Like

Hello Dawid,
Thanks a lot, this works perfectly! I’ll use this solution or a variation thereof in my automation script.

Kind regards,
Mitja

1 Like