05-13-2022 10:36 AM
I have importing a certificate into a template working:
curl -s -i -k -F -F "file=@{{cert_path}}" -X POST "https://panorama/?key={{api_key}}&type=import&category=keypair&certificate-name=letsencrypt_cert&for...
I assumed that importing the certificate into Panorama is that same except without the "&target-tpl=CORE-SBO_ECS" piece of the URL, however this does not appear to be that case. The command completes, however there is not certificate imported into Panorama.
curl -s -i -k -F "file=@{{cert_path}}" -X POST "https://panorama/?key={{api_key}}&type=import&category=keypair&certificate-name=letsencrypt_cert&for...
Side note: The script I am writing is for use with ansible. There is a PaloAlto ansible module, however it is not idempotent.
** For those like me that didn't know what idempotent means: If the configuration/file/object is already in place then no changes are made and ansible will report the task as OK. Instead, the PaloAlto ansible module always imports the certificate even if it is the same certificate and reports a change is made.
05-22-2022 06:41 PM
Should be treated same as importing a certificate directly to a firewall. This is the same as simply removing the target-tpl parameter. At least that's how it behaves for me running on 10.1 and 10.2.
05-14-2022 04:16 AM - edited 05-15-2022 10:15 PM
Check this out, this might help : https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/set-up-panorama/install-the-panorama-d.../epayitonline
05-16-2022 07:19 AM
Thank you for the suggestion, however it unfortunately does not help in my case. The certificate that I am importing is for the web interface HTTPS. I have a certificate from Lets Encrypt that I am trying to automate the deployment of to Panorama's to handle SSL for Panorama and a couple templates that will push the certificate to our PaltoAlto firewalls for the SSL on their web interfaces as well.
05-22-2022 06:41 PM
Should be treated same as importing a certificate directly to a firewall. This is the same as simply removing the target-tpl parameter. At least that's how it behaves for me running on 10.1 and 10.2.
05-24-2022 07:34 AM
Thank you. I must have a typo or something some where then.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
