Comments
-
Thank you for the confirmation, even if it's a little disappointing. I assume from your comments about updating the documentation that there is no intention to go back and add the direct import functionality to the older Gen6. That makes sense considering the "next-gen" is already in place. At least the FTP/SCP method is…
-
Oh, and one MORE thing... If getting all of these various import methods functional requires an update to the SonicWALL appliance's firmware, I might need to look into using the /import/firmware endpoint (or whatever it takes to install a new firmware version through the API), but that's a whole OTHER set of potential…
-
FYI, I also tried using the SCP endpoint (certificates/import/cert-key-pair/name/{CERTNAME}/password/{PASSWORD}/scp/{SCPURI}) and got basically the same result: "status": { "success": false, "cli": { "mode": "certificate_mode", "depth": 2, "command": "import cert-key-pair Friendly\ Name password PfXpAsSwOrD scp…
-
I just came up with one quick follow-up question, when you get a minute, @Jaime: I'm trying to put together all of the SSL certificate upload/installation stuff, but the thought occurred to me, what if I (the user) needed to specify a port for the FTP server (e.g., ftp.example.com:990 for implicit TLS)? In my testing, it…
-
Yeah, that was my guess as well after seeing the "API endpoint is incomplete" message. It isn't a critical thing for me at present as I have an FTP server I can use for my own, personal implementation, but it'd be nice to have the option to bypass the need for it by directly submitting the PFX data. Especially because, as…
-
UPDATE: In my previous tests with Postman, I wasn't receiving any JSON response from the API - only the 406 - Not Acceptable message showing in the Status label in the response section at the bottom of the window. However, I removed all of the additional headers and left only: Authorization = [My Authorization String]…
-
ADDITIONAL INFORMATION FOR PREVIOUS COMMENT: (I waited too long to edit) I forgot to mention that I'm developing my solution in a (VB).NET application. I've tried a couple of ways to submit the PFX to the endpoint in addition to copying the FileStream to the request stream. These methods involve converting the PFX to an…
-
Hello, @Jaime - I know this thread is a bit older, and I've been able to get my API calls to work using the ftp variant of the endpoint (ref. SonicOS API Endpoint for Importing SSL Certificate), but I'm trying to build a more generic utility method that doesn't require the use of an FTP server using your suggestions here.…
-
Well, I had tried a few times with the same result before including that bit about the commit error in the previous comment. But, I just tried again and it worked without a problem this time. I've connected to the web management UI again to verify that it's using my new certificate, and it all looks exactly as expected. I…
-
@Jaime - First of all, thank you so much! The hotfix seems to have resolved the problem with uploading the certificates. I was able to successfully import the new certificate from my application and have it show up in the certificate list through the SonicWALL management UI just fine. Additionally, it looks like I can…
-
Ahh! I was SO CLOSE! 😝 Thank you again. All of this information is incredibly helpful to finishing up my automation project. Maybe I'll even put it on GitHub at some point for other users to poke around in. I've applied the hotfix to the device, but I haven't yet had the chance to test the import. I'll let you know as soon…
-
UPDATE/FOLLOW-UP: After posting in the Certify the Web community forums (ref. Let’s Encrypt Certificate Chain Issues On SonicWALL), I found that the issue with the root CA certificate is caused by Let's Encrypt using an old, now expired chain for backward-compatibility (Additional explanation/detail: Let's Encrypt DST Root…
-
I do have one additional question about the imported (and now verified) certificate. I need to get the new certificate "activated" for the web management interface. In the management UI, I'd go to System Setup -> Appliance -> Base Settings -> Web Management Settings -> Certificate Selection and choose the new certificate…
-
Sorry... I jumped the gun a little on that last bit. I found the resolution for the "Not Verified" issue by exporting the root CA from another endpoint using a Let's Encrypt certificate and importing that .p7b file into the SonicWALL appliance. The problem was, as you said, that the CA certificates weren't (properly)…
-
Well, I guess it was the root certificate. I found this KB article Imported Certificates Not Validating and went through the recommended steps of exporting the CA certificate from my browser to a .p7b file. I deleted and reimported the CA certificate (using the file generated from the intermediate certificate) through the…