Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Import Certificate via SonicOS API

MarioMario Newbie ✭

Hi

I'm trying to automatically import a certificate into a Gen7 Sonicwall using the API, as this has to be done on a regular basis. According to the information found on https://sonicos-api.sonicwall.com, it's supposed to be a PUT call to

/api/sonicos/import/certificates/cert-key-pair/name/{NAME}/password/{PASSWD}

But it looks like it's missing important information about how to transmit the certificate itself.

Testing the API using CURL (after successful authentication indeed):

# curl -ksX PUT -H "accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer eyJ...snip...uxw" https://192.168.168.168/api/sonicos/import/certificates/cert-key-pair/name/myKey/password/myPass -d {}

Returns an error indicating that the file is in the wrong format:

{
  "status": {
   "success": false,
   "cli": {
   "mode": "certificate_mode",
   "depth": 2,
   "command": "import cert-key-pair myCert password myPass api",
   "configuring": true,
   "pending_config": false,
   "restart_required": "FALSE"
  },
   "info": [
    {
     "level": "error",
     "code": "E_ERROR",
     "message": "Improper file format. Please select PKCS#12 (*.p12) file."
    }
   ]
  }
}

As the CLI command requires to add a scp or ftp URL, I've tried to send something in the body like this:

{
 "name":"myCert", 
 "password":"myPass", 
 "ftp":"ftp://user:[email protected]/myCert.p12"
}

But as this is completely made up, I get the same error message as above. Also sending the full certificate inside the body doesn't work as it immediately crashes the firewall.

Has anyone an idea how to do this properly?

Category: Developer Hub
Reply

Answers

  • JaimeJaime SonicWall Employee

    Hi @Mario,

    Either I haven't figured out how to properly use that endpoint or there's a problem with the endpoint. I'm working with Engineering to identify why it's not working. In the meantime, here's an alternative method using the API to send direct CLI commands. An FTP server hosts the certificate:

    Send a POST to /api/sonicos/direct/cli with a text/plain body of CLI commands.

    Send the Content-Type header: text/plain

    The text/plain body should be one command per line. Send the following commands to import a PFX/P12:

    certificates

    import cert-key-pair CERTIFICATE-NAME password CERTIFICATE-PASSWORD ftp ftp://FTP_USER:[email protected]_HOST_NAME_OR_IP/CERTIFICATE_FILENAME.PFX

    exit


    I'll follow up on this thread once I figure out the issue with the endpoint. Good luck!

  • JaimeJaime SonicWall Employee

    To make this work you need to send the PUT to

    /api/sonicos/import/certificates/cert-key-pair/name/{NAME}/password/{PASSWD}
    

    with Content-Type: multipart/form-data in the header.

    The body should be a .PFX/.P12 file opened in binary mode with the Content-Type included. I used application/octet-stream.

    I was able to get it working in Postman, ARC, and Python with the Requests module.

  • JaimeJaime SonicWall Employee

    I'm not very familiar with curl. You can try this, but may need to change the Content-Type to application/octet-stream:

    curl -k --location --request PUT 'https://firewall/api/sonicos/import/certificates/cert-key-pair/name/MYCERTNAME/password/MYCERTPASSWORD' --header 'Content-Type: application/json' -F '[email protected]/path/to/file.pfx'

Sign In or Register to comment.