08-02-2021 08:51 AM - edited 08-02-2021 08:57 AM
Anyone ever tried to import a csr back into config?
I generated a csr on panorama the other day and then went to generate a certificate. (I did not commit at this time)
when I came back with the csr response someone had reverted the config so my csr was gone
I now have a config audit entry with some rest API information about the cert car, but can't seem to inject it back into panorama, anyone ever tried this before?
i tried the below, which is probably not right 🙂
/api/?type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='MyFirewall']/config/shared/certificate/entry[@name='CertName']/common-name/entry[@name='portal.example.com']/subject/entry[@name='subject=/C=BE/ST=Antwerp/L=Antwerp/O=PANgurus BV/OU=PANgurus BV/CN=portal.example.com']/algorithm/entry[@name='RSA']/csr/entry[@name='-----BEGIN CERTIFICATE REQUEST-----.myCSR.-----END CERTIFICATE REQUEST-----.']&REST_API_TOKEN=xxxx
08-02-2021 10:13 AM
Hi @reaper
I know this situation (generated a csr and when importing the cert, the initial csr was gone). I then started all over snd generated another csr.
Does it need to be the API for this? If not I think the best chances are there if you take the config of the backup/config version and past this into the current running config : P
08-02-2021 10:41 AM
Hi @Remo : because I didn't commit, there is no config to roll back to unfortunately. All that's left of the original csr is the entry in the config log, which is rest API
My next attemp might be to try CLI as this is a little more "user friendly" with error messages, but this is in an organization where CLI is pretty hard to obtain 😉
08-02-2021 10:49 AM - edited 08-02-2021 10:50 AM
Got it about the config. But if you need exactly this csr, then I still would try to enter this directly to the config xml (export config, paste the csr (maybe create another csr prior to that so you have the configstructure where you could replace the csr) and then import the xml again). Right now you have all the required fields but so far only the wrong format to paste it directly.
08-03-2021 02:25 PM
Hello,
Does the CSR get entered into the config.xml file? Perhaps you can grab it from there or put it back into it/
Just thinking out loud.
Regards,
08-05-2021 10:29 AM
If you don't commit, it doesn't get entered into the config file unfortunately
We've since needed to move forward so created a new csr and got the cert reissued
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
