ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
I'm trying to upload a set of SSL certificates into some templates on my Panorama using XML API. But I've not been able to find any documentation for doing that.
I'm able upload certificates for the Panorama, using APIs. But I also want to be able to upload certificates into specific firewall template configs that I have on the Panorama using API.
Appreciate any pointers here.
I am having the same issue. I have a script that can do this process completely on the firewalls themselves as well as in Panorama, just not in Panorama templates. This is where it is needed most.
Palo Alto API team has stated that they don't have enough interest to spend the time to add this feature.
If you have any interest in the feature, please have your support team request it or "vote" on my existing feature request.
Answering my own question for the record...
It appeared to be easy to upload a certificate directly to the firewall - it's just a matter of constructing a correctly formatted MIME message. It must be a POST request with Content-type header set to multipart/form-data; boundary=<random tag>, followed by Content-length set to the length of the form data. Form data has to be constructed along these lines (Python):
form = '--'+<the_boundary_tag>+'\r\n'+'Content-Disposition: form-data; name="file"; filename="certificate.cer"\r\n'+'Content-Type: application/octet-stream\r\n\r\n'
form = form+cert_body+'\r\n'
form = form+'--'+<the_boundary_tag>+'--\r\n'
cert_body here is a plain string with Base64/PEM-encoded certificate. Form data has also be encoded as UTF-8 before referencing from the actual request object. For example like this:
form_binary = form.encode('utf-8')
req = Request(url, form_binary)
URL in its turn may be constructed like
I hope this help and saves somebody's time from reverse engineering Curl requests...(which is what I had to do to overcome the scarce API docs on this topic :))
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!