aXAPIv3 ssl-cert import

Community Forum Forums Thunder and AX Series aXAPIv3 ssl-cert import

This topic contains 2 replies, has 3 voices, and was last updated by avatar Anonymous 2 weeks, 5 days ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #16794
    avatar
    Anonymous

    Hi,

    I know there has been topics with the same issue, but none of them really came to a satisfying conclusion.
    I’m trying to import certificates with a python script to a specific partition with the v3 API. Here is what steps I took so far:

    Login (post to axapi/v3/auth):
    200 {‘authresponse’: {‘signature’: ‘61271516dd9030444b488b7ab19ba0’, ‘description’: ‘the signature should be set in Authorization header for following request.’}}

    Change Partition (post to axapi/v3/active-partition/partitionname):
    200 {‘response’: {‘status’: ‘OK’}}

    The documentation for the import isn’t very explanatory, I assume the following attributes would be right:

    3.24.24 file ssl-cert
    post to /axapi/v3/file/ssl-cert
    “action”: “import”
    “certificate-type”: “pem”
    “file-handle”: “filename” (full path of the uploaded file)
    “file”: “filename” (ssl certificate local file name)

    If I try to post that I will get the following response:
    400 {‘response’: {‘status’: ‘fail’, ‘err’: {‘code’: 1023590403, ‘from’: ‘JSON’, ‘msg’: ‘Failed to handle field “file-handle”. Incorrect file value.’}}}
    I’m not sure what is expected here. In other threads I was reading that the certificate could be directly send in the body:

    
    import requests
    
    def ssl-cert(signature):
        url = 'https://lb-ip/axapi/v3/file/ssl-cert'
        #load certificate
        files = {'cert.crt': open('cert.crt','rb')}
        #load attributes
        with open('post.json') as json_file:  
            data = json.load(json_file)
    
        post_data = requests.post(
            url, 
            headers={'Authorization': signature},
            json=data,
            files=files,
            verify=False
        )
        print (
            post_data.status_code,
            post_data.json()
        )
        return post_data.status_code  
    

    File “post.json” containing the json:

    
    {
    "ssl-cert":{
        "file":"cert.crt",
        "certificate-type":"pem",
        "file-handle":"cert.crt",
        "action":"import"
    }
    }
    

    File “cert.crt” containing the certificate:

    
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    

    This unfortunately doesn’t work:
    400 {‘response’: {‘status’: ‘fail’, ‘err’: {‘code’: 1023459336, ‘from’: ‘BACKEND’, ‘msg’: ‘Backend Error’}}}

    If someone has this working or could point me in the right direction I would be forever grateful. Also I would post the full script when it is working so others won’t go through so much trouble.

    Cheers!

    #16796
    avatar
    HelpingHand
    Member

    Take a look at this:

    https://github.com/a10-fhafez/a10-ansible/blob/master/library/a10_ssl_v3.py

    I’ve got it to work for Ansible. You can use the aXAPI code from the module above.

    I hope this helps.

    #16799
    avatar
    Anonymous

    Thanks for the helping hand :P

    I finally got it to work in python3, the post must look something like this:

        data = {
            "ssl-cert":{
                "file":cert,
                "certificate-type":"pem",
                "file-handle":cert,
                "action":"import"
            }
        }
    
        files = {
         'json': (None, json.dumps(data), 'application/json'),
         'file': (os.path.basename(cert), open(cert, 'rb'), 'application/octet-stream')
        }
    
        headers = {
            'Authorization': signature,
            }
    
        post_data = requests.post(
            url,
            headers=headers,
            files=files,
            verify=False
        )
    

    Hope that helps other people who struggle.
    Cheers

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Comments are closed.