PUT /cryptoSettings

Use this method to modify the current cryptographic settings.

When the cryptography setting is changed in XClarity Administrator, a job is created to provision the new cryptographic settings to all managed devices. Use the GET /cryptoSettings/jobs/{job_id} method to retrieve the job status and additional job details. If a job was not successfully started, refer to the response code and response body for details.

Authentication

Authentication with user name and password is required.

Request URL

PUT https://{management_server_IP}/cryptoSettings

Query parameters

None

Request body

Attributes Required / Optional Type Description
applyToManagedDevices Optional Boolean Indicates whether to apply the specified settings to all managed devices. This can be one of the following values.
  • true. (default) Applies specified settings to all managed devices that support the cryptography settings or TLS settings.

  • false. Does not apply settings to managed devices.

Note: Either applyToManagedDevices or applyToMgmtServer or both must be set to true. This attribute cannot be set to false if applyToMgmtServer is set to false.
applyToMgmtServer Optional Boolean Indicates whether to apply the specified settings to the XClarity Administrator management server. This can be one of the following values.
  • true. (default) Applies specified settings to the management server.

  • false. Does not apply settings to the management server.

Note: Either applyToManagedDevices or applyToMgmtServer or both must be set to true. This attribute cannot be set to false if applyToManagedDevices is set to false.
cipherSuite Optional String
Attention: This attribute will be deprecated in a future release.

Minimum cipher suite version to use for server connections. This can be one of the following values.

  • tls1.2. TLS v1.2 or v1.3 cipher suite is required for both servers and clients.

    Specify tls1.2 for the minTlsVersionClient and minTlsVersionServer attributes instead.

  • tls1.2-flexcat. TLS v1.2 compliance with exceptions for deploying operating systems from the XClarity Administrator. Specify tls1.2 for the minTlsVersionClient, minTlsVersionServer, minTlsVersionOsDeploy attributes instead.
minTlsVersionClient Optional String Minimum TLS protocol version to use for client connections to other servers (such as the LDAP client). This can be one of the following values.
  • TLSv1.2. Enforces TLS v1.2 or later cryptography protocols on both XClarity Administrator and all managed endpoints used.

minTlsVersionOsDeploy Optional String Minimum TLS protocol version to for the XClarity Administrator operating-system deployment server. This can be one of the following values.
  • TLSv1.2. TLS v1.2 or later can be used.

    Only operating systems with an installation process that supports TLS 1.2 and stronger cryptographic algorithms can be deployed and updated through XClarity Administrator.

minTlsVersionServer Optional String Minimum TLS protocol version to use for server connections (such as the web server). This can be one of the following values.
  • TLSv1.2. Enforces TLS v1.2 or later cryptography protocols on both XClarity Administrator and all managed endpoints used.

nistMode Optional String Cryptographic mode of the Lenovo XClarity Administrator and all managed chassis. This can be one of the following values.
  • nistcomp. NIST compatibility mode.
  • nist800-131a. NIST800-131A strict compatibility mode. When this option is selected, you must also select tls1.2 for the minTlsVersionClient and minTlsVersionServer attributes.
  • nist800-131a-flexcat. NIST800-131A compliance with exceptions for deploying operating systems from the XClarity Administrator.
    Attention: This value will be deprecated in a future release. Select tls1.2 or tls1.3 for the minTlsVersionOsDeploy attributes instead.
returnJobInfo Optional Boolean Indicates whether job information is to be returned as a result of changing the cryptographic settings. This can be one of the following values.
  • true. Returns job information in the response body and header if a job is created.
  • false. Does not return job information. This is the default setting.

The following example applies the specified TLS and NIST settings to the management server and all managed devices.

{
   "applyToManagedDevices": true,
   "applyToMgmtServer": true,
   "minTlsVersionClient": "tls1.2",
   "minTlsVersionOsDeploy": "tls1.2",
   "minTlsVersionServer": "tls1.2",
   "nistMode": "nist800-131a",
   "returnJobInfo": true
}

Response codes

Code Description Comments
200 OK The request completed successfully.
201 Created One or more new resources were successfully created.
400 Bad Request A query parameter or request attribute is missing or not valid, or the operation is not supported. A descriptive error message is returned in the response body.
500 Internal Server Error An internal error occurred. A descriptive error message is returned in the response body.

Response body

Attributes Type Description
result String Results of the request. This can be one of the following values.
  • success. The request completed successfully.
  • failure. The request failed. A descriptive error message was returned.
messages Array of objects Information about one or more messages
  explanation String Additional information to clarify the reason for the message
  id String Message identifier of a returned message
  recovery Array of objects Recovery information
    text String User actions that can be taken to recover from the event
    URL String Link to the help system for more information, if available
  text String Message text associated with the message identifier
The following example is returned when "returnJobInfo": true was specified and a job was created and successful.
{
    "result": "success",
    "messages": [{
        "explanation": "",
        "id": "FQXHMSE0001I",
        "recovery": {
            "text": "Information only; no action is required.",
            "URL": ""
        },
        "text": "The request completed successfully."
    }]
}
The following example is returned when returnJobInfo="false" was specified and a job was created but failed.
{
    "result": "failure",
    "messages": [{
        "explanation": "The provided minimum SSL/TLS protocol level does not match one 
                        of the expected string values. The requested operation was not 
                        performed.",
        "id": "FQXHMSE0501J",
        "recovery": {
            "text": "Correct the value and try the operation again.",
            "URL": ""
        },
        "text": "The provided minimum SSL/TLS protocol level is not valid."
    }]
}