How to reimport a csr via api

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to reimport a csr via api

Cyber Elite
Cyber Elite

Anyone ever tried to import a csr back into config?

 

I generated a csr on panorama the other day and then went to generate a certificate. (I did not commit at this time)

 

when I came back with the csr response someone had reverted the config so my csr was gone

I now have a config audit entry with some rest API information about the cert car, but can't seem to inject it back into panorama, anyone ever tried this before?

 

i tried the below, which is probably not right 🙂

 

/api/?type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='MyFirewall']/config/shared/certificate/entry[@name='CertName']/common-name/entry[@name='portal.example.com']/subject/entry[@name='subject=/C=BE/ST=Antwerp/L=Antwerp/O=PANgurus BV/OU=PANgurus BV/CN=portal.example.com']/algorithm/entry[@name='RSA']/csr/entry[@name='-----BEGIN CERTIFICATE REQUEST-----.myCSR.-----END CERTIFICATE REQUEST-----.']&REST_API_TOKEN=xxxx

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
5 REPLIES 5

L7 Applicator

Hi @reaper 

I know this situation (generated a csr and when importing the cert, the initial csr was gone). I then started all over snd generated another csr.

Does it need to be the API for this? If not I think the best chances are there if you take the config of the backup/config version and past this into the current running config : P

Hi @Remo : because I didn't commit, there is no config to roll back to unfortunately. All that's left of the original csr is the entry in the config log, which is rest API

My next attemp might be to try CLI as this is a little more "user friendly" with error messages, but this is in an organization where CLI is pretty hard to obtain 😉

 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Got it about the config. But if you need exactly this csr, then I still would try to enter this directly to the config xml (export config, paste the csr (maybe create another csr prior to that so you have the configstructure where you could replace the csr) and then import the xml again). Right now you have all the required fields but so far only the wrong format to paste it directly.

Cyber Elite
Cyber Elite

Hello,

Does the CSR get entered into the config.xml file? Perhaps you can grab it from there or put it back into it/

Just thinking out loud.

 

Regards,

If you don't commit, it doesn't get entered into the config file unfortunately

 

We've since needed to move forward so created a new csr and got the cert reissued

 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 3071 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!