SonicOS API and Public Key Auth

AdamTheManTyler

Hello, I have been working on a method of authenticating to the SonicWALL firewall API programatically. PowerShell is my comfort zone, so been attempting to get it working. So far I have successfully gotten the Invoke-WebRequest command in PowerShell 7 working for both Basic and Digest Authentication.

Example Basic

$credential = get-credential

$body = @"

{`"override`" : true}

"@

Invoke-WebRequest "https://IP Address/api/sonicos/auth" -Credential $credential -method POST -Body $body -ContentType "application/json" -SkipCertificateCheck:$true -Authentication Basic

Example Digest

$credential = get-credential

$body = @"

{`"override`" : true}

"@

Invoke-WebRequest "https://IP Address/api/sonicos/auth" -Credential $credential -method POST -Body $body -ContentType "application/json" -SkipCertificateCheck:$true

I celebrated for a moment when I got digest auth working, just to realize I can't use LDAP credentials with it. I need to use LDAP creds. Basic Auth works, but everything I am reading states this is insecure and not recommended.

I cannot get Public Key Authentication working for the life of me. We have a root cert installed and user certificates issued to all machines already.

Invoke-WebRequest "https://IP Address/api/sonicos/auth" -method POST -Body $body -ContentType "application/json" -SkipCertificateCheck:$true -CertificateThumbprint <thumbprint of user cert>

I just get the following error...

Invoke-WebRequest: Response status code does not indicate success: 401 (Unauthorized).

Jaime

Hi,

Please take a look at a couple of example scripts in Bash and Python here: https://github.com/jaimeesc/sonicos-api-examples

Make sure you enable "PKCS#1 v2.0 OAEP" padding type and SHA256 hash/mask.

Hope that helps!