Create a Public X.509 Certificate with Component API
Developers can create components using Boomi’s Component API through REST API calls. One of the components you can create with the API is the X.509 Certificate. This API can be helpful when needing to automate cycling of new certificates through automation.
The Component API creates an X.509 certificate in a manner similar to how you create a certificate within the UI. A public certificate must be in a .cer or .der format. If you can create a certificate through the UI, then you can also create that same certificate within the API.
| Certificate type | File extension(s) |
|---|---|
| Public X.509 | .cer or .der |
This article reviews the basic set up required to create a certificate and extends that example to chains of API calls used for automation.
Create a Public X.509 Certificate
To create a public X.509 certificate, you can follow a similar process to that of creating a private X.509 certificate. Yet, it’s different enough to split into its own section. These certificates are often used to define trusted certificates that are not found in Java’s default CA list. These certificates often need to be imported because they are self-signed.
Public Certificate - Building the Payload
A public X.509 certificate looks similar to the example below. The entire data seen below should be base64 encoded and used within the CertificateData element. The certificate used in this example is the current X.509 public certificate on Boomi’s website. Below is a truncated example.
-----BEGIN CERTIFICATE-----
MIID9TCCAt2gAwIBAgIUL/tTrYN/3MX8Gq3JEsP4jKdpP2swDQYJKoZIhvcNAQEL
....
rsYyOPaX84OCyXvbYDYy41XWm1W0WE0ko7S+bQ49juz9qCXEGwRJKyPyfCrniXgy
qdG6fff5UmPb
-----END CERTIFICATE-----The following is a payload that contains the required fields.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<bns:Component xmlns:bns="http://api.platform.boomi.com/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" branchId="QjozMzk123" folderId="RjoyODM3N123" name="Boomi Public Certificate" type="certificate">
<bns:description>Boomi Public Certificate</bns:description>
<bns:object>
<bns:CertificateModel xmlns:bns="http://api.platform.boomi.com/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" MD5Fingerprint="7B:CB:C9:07:6E:E4:99:56:60:E2:84:6C:A2:53:EF:65" SHA1Fingerprint="D7:41:9A:42:AA:31:BC:28:B3:0B:6C:03:B2:F4:BC:C7:4F:9E:D9:97" serialNumber="02:F6:05:DE:1D:00:0F:F0:B1:8F:FF:A3:0D:74:E4:1C" signatureAlgorithm="SHA256withRSA">
<bns:Type>public</bns:Type>
<IssuedTo commonName="*.boomi.com" fullName="CN=*.boomi.com"/>
<Issuer commonName="Amazon RSA 2048 M02" country="US" fullName="CN=Amazon RSA 2048 M02,O=Amazon,C=US" organization="Amazon"/>
<Validity expireDate="2025-10-13T23:59:59.000Z" issueDate="2024-09-13T00:00:00.000Z"/>
<bns:CertificateData>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlHQmpDQ0JPNmdBd0lCQW
dJUXN3Q1FZRFZRUUdFd0pWVXpFUE1BMEdBMVVFQ2hNR1FXMWhlbTl1TVJ3d0dn
...
3Q1FqVEFhS3pwL3dabUJPRys1Tm1UOXVDV2dPZDZxaDFXVmBVNUhDOU9rSzdGO
UVkSS9YQ1FUTitaWjV0cS85YzNTVDhj</bns:CertificateData>
</bns:CertificateModel>
</bns:object>
</bns:Component>Table 1. List of elements used for Public X.509 Certificates.
| Public Certificate Elements | Description | Required |
|---|---|---|
| Component.@branchId | Id of the branch to create the component. Defaults to the user’s default branch. | No |
| Component.@folderId | Id of the folder to create the component. Defaults to the root folder. | No |
| Component.@name | Name of certificate within Boomi | Yes |
| Component.description | Description within Boomi | No |
| Component.object.CertificateModel.@MD5Fingerprint | MD5 Fingerprint of certificate. Useful for identification | No |
| Component.object.CertificateModel.@SHA1Fingerprint | SHA1 Fingerprint of certificate. Useful for identification | No |
| Component.object.CertificateModel.@serialNumber | Serial Number of certificate. Useful for identification | No |
| Component.object.CertificateModel.@signatureAlgorithm | Signature Algorithm of certificate | No |
| Component.object.CertificateModel.Type | public | Yes |
| Component.object.CertificateModel.IssuedTo.@fullName | Sting that includes the CN, O, OU, L, ST, and C of the Issued To | Yes |
| Component.object.CertificateModel.IssuedTo.@country | Issued To Country | No |
| Component.object.CertificateModel.IssuedTo.@organization | Issued To Organization | No |
| Component.object.CertificateModel.IssuedTo.@organizationalUnit | Issued To Organization Unit | No |
| Component.object.CertificateModel.Issuer.@fullName | Sting that includes the CN, O, OU, L, ST, and C of the Issuer | Yes |
| Component.object.CertificateModel.Issuer.@country | Issues Country | No |
| Component.object.CertificateModel.Issuer.@organization | Issuer Organization | No |
| Component.object.CertificateModel.Issuer.@organizationalUnit | Issuer Organizational Unit | No |
| Component.object.CertificateModel.Validity.@expireDate | Expiration Date of the certificate. Datetime Format: yyyy-MM-dd'T'HH:mm:ss.SSS'Z' | No |
| Component.object.CertificateModel.Validity.@issueDate | Issue Date of the certificate. Datetime Format: yyyy-MM-dd'T'HH:mm:ss.SSS'Z' | Yes |
| Component.object.CertificateModel.CertificateData | The full certificate that is base64 encoded | Yes |
NOTE: CertificateData contains a the entire certificate base64 encoded.
The image below is what the certificate looks like within Boomi with the fields populated on the certificate.
Figure 1. A public X.509 certificate created from the Component API.
Public Certificate - Base64 Encode the Certificate
There are multiple ways to base64 encode the certificate, but one possible way is to open the certificate within Notepad++ and use the base64 plugin to encode it.
First open the certificate with Notepad++.
Figure 2. A public X.509 certificate open in Notepad++.
Next, install the MIME Tools plug-in if it is not already installed. Navigate to Plugins -> Plugin Admin… -> Search for MIME -> Select and Install.
After installing MIME Tools, select the entire certificate text and navigate to Plugins -> MIME Tools -> Base64 Encode.
Figure 3. Select Base64 Encode within Notepad++.
Finally, copy and paste the contents into the CertificateData field.
Figure 4. Base64 Encoded Public Certificate to populate the CertificateData field.
Automation Concepts
With a grounding of the basics, the next part of the article reviews the steps involved within automating the creation of a new certificate Component and applying it to the runtime’s Shared Web Server or deploying it to an environment. Accounts commonly create the Public X.509 Certificate to add it to Boomi’s the trust store because the CA is not in Java’s default CA list. This section demonstrates how to create an Public X.509 certificate and deploy the certificate to an environment.
Step 1 - Public X.509 Certificate - Create Component
Make a POST call to the Component API to create a new component.
POST https://api.boomi.com/api/rest/v1/{accoundIt}/Component<!-- Component Create Request -->
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<bns:Component xmlns:bns="http://api.platform.boomi.com/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" branchId="Qjoz123123" folderId="RjoyM3123" name="Boomi Public Certificate" type="certificate">
<bns:description>Boomi Public Certificate</bns:description>
<bns:object>
<bns:CertificateModel xmlns:bns="http://api.platform.boomi.com/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" MD5Fingerprint="7B:CB:C9:07:6E:E4:99:56:60:E2:84:6C:A2:53:EF:65" SHA1Fingerprint="D7:41:9A:42:AA:31:BC:28:B3:0B:6C:03:B2:F4:BC:C7:4F:9E:D9:97" serialNumber="02:F6:05:DE:1D:00:0F:F0:B1:8F:FF:A3:0D:74:E4:1C" signatureAlgorithm="SHA256withRSA">
<bns:Type>public</bns:Type>
<IssuedTo commonName="*.boomi.com" fullName="CN=*.boomi.com"/>
<Issuer commonName="Amazon RSA 2048 M02" country="US" fullName="CN=Amazon RSA 2048 M02,O=Amazon,C=US" organization="Amazon"/>
<Validity expireDate="2025-10-13T23:59:59.000Z" issueDate="2024-09-13T00:00:00.000Z"/>
<bns:CertificateData>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlHQmpDQ0JPNmdBd0lCQW
dJUXN3Q1FZRFZRUUdFd0pWVXpFUE1BMEdBMVVFQ2hNR1FXMWhlbTl1TVJ3d0dn
...
3Q1FqVEFhS3pwL3dabUJPRys1Tm1UOXVDV2dPZDZxaDFXVmBVNUhDOU9rSzdGO
UVkSS9YQ1FUTitaWjV0cS85YzNTVDhj</bns:CertificateData>
</bns:CertificateModel>
</bns:object>
</bns:Component>Component API Response
<!-- Component Create Response -->
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<bns:Component xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:bns="http://api.platform.boomi.com/" folderFullPath="" componentId="6c5b89d8-9184-4285-9e85-66655391233" version="1" name="Boomi Public Certificate" type="certificate" createdDate="2025-02-24T23:42:33Z" createdBy="" modifiedDate="2025-02-24T23:42:33Z" modifiedBy="" deleted="false" currentVersion="true" folderName="#Common" folderId="" branchName="main" branchId="">
<bns:encryptedValues>
<bns:encryptedValue path="//CertificateModel/CertificateData/text()" isSet="true"/>
</bns:encryptedValues>
<bns:description></bns:description>
<bns:object>
<CertificateModel xmlns="">
<Type>public</Type>
<IssuedTo fullName="CN=*.boomi.com"/>
<Issuer fullName="CN=Amazon RSA 2048 M02,O=Amazon,C=US"/>
<Validity issueDate="2024-09-13T00:00:00.000Z"/>
<CertificateData>c93800f3cb53b26bf2bd0bb03db9d73b2865501f31b8d146bf475e1ccdd4b2d0501751775c17662fbefca6e2e8f0bcf1b0f8a531aba01093cafc7bc1dd254306</CertificateData>
</CertificateModel>
</bns:object>
</bns:Component>The response returns the componentId and is used in the next call.
Step 2 - Public X.509 Certificate - Create Packaged Component
Call the Packaged Component API with the new componentId.
POST https://api.boomi.com/api/rest/v1/{accoundId}/PackagedComponent// Package Component Create Request
{
"componentId": "6c5b89d8-9184-4285-9e85-66655391233", // Component Id from last API call
"notes": "X.509 Certificate for deployment"
}// Package Component Create Response
{
"@type": "PackagedComponent",
"packageId": "7cc5f46f-d75d-4916-826e-aa485fe12345",
"packageVersion": "1.0",
"componentId": "6c5b89d8-9184-4285-9e85-66655391233",
"componentVersion": 1,
"componentType": "certificate",
"createdDate": "2025-02-25T03:59:02Z",
"createdBy": "",
"notes": "X.509 Certificate for deployment",
"deleted": false,
"shareable": false,
"fullyPubliclyConsumable": false,
"branchName": "main"
}The API returns packageId and is used in the next API call.
Step 3 - Public X.509 Certificate - Create Deployment
Finally, use the Deployed Package API to deploy the certificate to an environment.
POST https://api.boomi.com/api/rest/v1/{accoundId}/DeployedPackage// Package Component Create Request
{
"environmentId": "e7fc610a-c1ef-4b66-8bb5-a01a1f89123", // Id of environment
"packageId": "7cc5f46f-d75d-4916-826e-aa485fe12345", // Package Id from last API call
"notes": "Package deployment because of expiring certificate."
}// Depolyed Package Response
{
"@type": "DeployedPackage",
"deploymentId": "d0340bcd-066f-4ed3-a096-91e96b062d43",
"version": 4,
"packageId": "f478349c-2974-4795-81ba-e24b0b98975d",
"packageVersion": "6.0",
"environmentId": "e7fc610a-c1ef-4b66-8bb5-a01a1f89123",
"componentId": "7cc5f46f-d75d-4916-826e-aa485fe12345",
"componentVersion": "2.0",
"componentType": "webservice",
"deployedDate": "2025-02-25T03:59:02Z",
"deployedBy": "",
"notes": "Package deployment bacause of expiring certificate.",
"active": true
}Conclusion
Now that you have the tools to create a public X.509 certificate, you are able to automate the creation of certificates without having to manually import a new certificate.
The article was originally posted at Boomi Community.