07-01-2021 04:56 AM
Can someone help to find exact api url for device certificate features like import, export, renew, revoke, generate
I tried to generate certificate under template(tlv-5260) but it is getting generated under panorama tab only instead of Device Tab as per API URL given under Manage Certificates(API) page link.
API URL that I was trying to use as below:
"https://<panorama-ip>/api/?type=op&cmd=<request><certificate><generate><algorithm><RSA>"
"<rsa-nbits>512</rsa-nbits></RSA></algorithm><certificate-name>SSCert</certificate-name>"
"<name>10.1.1.1</name><ca>yes</ca></generate></certificate></request>&target-tpl=template&"
"target-tpl-vsys=vsys1&template=tlv-5260&key=<api-key>".
Also I tried to generate the certificate with below XML API as well but I am not sure which action I should use for remaining features like import/export/renew/revoke.
"https://<panorama-ip>/api/?type=config&action=set&xpath=/config/devices/entry[@name=\'localhost.localdomain\']"
"/template/entry[@name='{}']/config/shared/certificate/entry[@name='<certificate-name>']&element=<common-name>10.0.0.1</common-name>&key=<api-key>"
It would be better if someone can test the same and share the exact URL for all the features.
07-01-2021 07:24 AM
Hi @AModi, one good way to get the correct API call is to debug the CLI, details here. If you are unsure of CLI commands, on the CLI you can type "find command keyword {{something}}" to find the correct command.
In this instance, whilst the web GUI uses "target-tpl=template" to direct commands to a specific template in Panorama, this cannot be used as an external XML API client. Instead, first "set" the target template with this command, as you would on CLI:
https://{{host}}/api?key={{key}}&type=op&cmd=<set><system><setting><target><template><name>{{template-name}}</name></template></target></setting></system></set>
Then carry on with your subsequent certificate operation API calls, but do not include the "target-tpl=template" part. For example, these two commands will lead you to upload a certificate to a specific template.
https://{{host}}/api?key={{key}}&type=op&cmd=<set><system><setting><target><template><name>{{template-name}}</name></template></target></setting></system></set>
https://{{host}}/api/?key={{key}}&type=import&category=certificate&format=pem&certificate-name={{cert-name}}
Hope this helps!
07-01-2021 07:24 AM
Hi @AModi, one good way to get the correct API call is to debug the CLI, details here. If you are unsure of CLI commands, on the CLI you can type "find command keyword {{something}}" to find the correct command.
In this instance, whilst the web GUI uses "target-tpl=template" to direct commands to a specific template in Panorama, this cannot be used as an external XML API client. Instead, first "set" the target template with this command, as you would on CLI:
https://{{host}}/api?key={{key}}&type=op&cmd=<set><system><setting><target><template><name>{{template-name}}</name></template></target></setting></system></set>
Then carry on with your subsequent certificate operation API calls, but do not include the "target-tpl=template" part. For example, these two commands will lead you to upload a certificate to a specific template.
https://{{host}}/api?key={{key}}&type=op&cmd=<set><system><setting><target><template><name>{{template-name}}</name></template></target></setting></system></set>
https://{{host}}/api/?key={{key}}&type=import&category=certificate&format=pem&certificate-name={{cert-name}}
Hope this helps!
08-24-2021 03:46 AM
Thanks a lot @JimmyHolland for sharing the solution, I tried it & it worked for me.
11-10-2021 02:07 PM
This is really great info. So I got the first line without issue so I am set on the correct template however where I am confused is step 2. How do you select the certificate to upload? Like the actual file that is on my PC for example. Thank you
11-12-2021 09:36 AM
Hi @jasonwald , you can use requests module with parameter "files={"file": open(target file path, "rb")}" inside it for import feature for certificate.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
