Automating certificate import into Panorama (not a template)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Automating certificate import into Panorama (not a template)

L1 Bithead

I have importing a certificate into a template working:

curl -s -i -k -F -F "file=@{{cert_path}}" -X POST "https://panorama/?key={{api_key}}&type=import&category=keypair&certificate-name=letsencrypt_cert&for...

 

I assumed that importing the certificate into Panorama is that same except without the "&target-tpl=CORE-SBO_ECS" piece of the URL, however this does not appear to be that case. The command completes, however there is not certificate imported into Panorama.

curl -s -i -k -F "file=@{{cert_path}}" -X POST "https://panorama/?key={{api_key}}&type=import&category=keypair&certificate-name=letsencrypt_cert&for...

 

Side note: The script I am writing is for use with ansible. There is a PaloAlto ansible module, however it is not idempotent.

** For those like me that didn't know what idempotent means: If the configuration/file/object is already in place then no changes are made and ansible will report the task as OK. Instead, the PaloAlto ansible module always imports the certificate even if it is the same certificate and reports a change is made.

1 accepted solution

Accepted Solutions

L2 Linker

Should be treated same as importing a certificate directly to a firewall. This is the same as simply removing the target-tpl parameter. At least that's how it behaves for me running on 10.1 and 10.2. 

Looking for help? Talk to an expert:
digitalscepter.com

View solution in original post

4 REPLIES 4

L0 Member

Thank you for the suggestion, however it unfortunately does not help in my case. The certificate that I am importing is for the web interface HTTPS. I have a certificate from Lets Encrypt that I am trying to automate the deployment of to Panorama's to handle SSL for Panorama and a couple templates that will push the certificate to our PaltoAlto firewalls for the SSL on their web interfaces as well.

L2 Linker

Should be treated same as importing a certificate directly to a firewall. This is the same as simply removing the target-tpl parameter. At least that's how it behaves for me running on 10.1 and 10.2. 

Looking for help? Talk to an expert:
digitalscepter.com

Thank you. I must have a typo or something some where then.

  • 1 accepted solution
  • 3452 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!