how to generate a local certificate with python APi

Reply
L2 Linker

how to generate a local certificate with python APi

I have the following api-python code to generate a local certificate but this not work

 

import pan.xapi
import sys
import getpass

admin = raw_input("AdminFw:")
pwd = getpass.getpass(prompt='Admin Password :',stream=None)
hst = raw_input("Host:")

 

try:
xapi = pan.xapi.PanXapi(tag='pa-3060', api_username=admin, api_password=pwd, hostname=hst)
except pan.xapi.PanXapiError as msg:
print('pan.xapi.PanXapi: , fail authentication, file=sys.stderr')
sys.exit(1)

op = "<request cmd='op'><operations><request><certificate><generate><signed-by>GP-SKY-CA</signed-by><days-till-expiry>90</days-till-expiry><certificate-name>CERTPRUEBA</certificate-name><algorithm><RSA><rsa-nbits>512</rsa-nbits></RSA></algorithm><name>CERTPRUEBA</name></generate></certificate></request></operations></request>"

try:
xapi.op(cmd=op, cmd_xml=True)
except pan.xapi.PanXapiError as msg:
print('error para generar certificado:, msg, file=sys.stderr')
sys.exit(1)

Tags (2)
L3 Networker

Re: how to generate a local certificate with python APi

I'm not sure if your XML for cmd is valid, but if it is it should be this for your op variable:

 

<request><certificate><generate><signed-by>GP-SKY-CA</signed-by><days-till-expiry>90</days-till-expiry><certificate-name>CERTPRUEBA</certificate-name><algorithm><RSA><rsa-nbits>512</rsa-nbits></RSA></algorithm><name>CERTPRUEBA</name></generate></certificate></request>

 

and cmd_xml should be False because you are passing an XML document.

 

make those changes and test again.

L2 Linker

Re: how to generate a local certificate with python APi

I solved this problem, I used the following code

 

#/usr/bin/env python
import os
import sys
import pan.xapi
import getpass
import pan.commit

hst = raw_input("IP del Firewall:") 
admin = raw_input("Administrador del Firewall:")
pwd = getpass.getpass(prompt='Password de Administrador:',stream=None)
a = ':'
b = admin + a + pwd
sgnby = raw_input("Firmado Por:")
days = raw_input("Dias de Validez:")
name = raw_input("Nombre del Certificado:")
cmname = raw_input("Common Name:")
brsa = raw_input("Bits de Certificado RSA:")

os.system ('curl -u '+b+' -k "https://'+hst+'/api/?type=op&cmd=<request><certificate><generate><signed-by>'+sgnby+'</signed-by><days-till-expiry>'+days+'</days-till-expiry><certificate-name>'+name+'</certificate-name><algorithm><RSA><rsa-nbits>'+brsa+'</rsa-nbits></RSA></algorithm><name>'+cmname+'</name></generate></certificate></request>"')


try:
xapi = pan.xapi.PanXapi(tag='pa-3060', api_username=admin, api_password=pwd, hostname=hst)
except pan.xapi.PanXapiError as msg:
print('pan.xapi.PanXapi: , msg, file=sys.stderr')
sys.exit(1)

op = "<request cmd='commit' force='yes'></request>"

try:
xapi.commit(cmd=op)
except pan.xapi.PanXapiError as msg:
print('edit:, msg, file=sys.stderr')
sys.exit(1)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!