SonicOS API and Public Key Auth
Hello, I have been working on a method of authenticating to the SonicWALL firewall API programatically. PowerShell is my comfort zone, so been attempting to get it working. So far I have successfully gotten the Invoke-WebRequest command in PowerShell 7 working for both Basic and Digest Authentication.
Example Basic
$credential = get-credential
$body = @"
{`"override`" : true}
"@
Invoke-WebRequest "https://IP Address/api/sonicos/auth" -Credential $credential -method POST -Body $body -ContentType "application/json" -SkipCertificateCheck:$true -Authentication Basic
Example Digest
$credential = get-credential
$body = @"
{`"override`" : true}
"@
Invoke-WebRequest "https://IP Address/api/sonicos/auth" -Credential $credential -method POST -Body $body -ContentType "application/json" -SkipCertificateCheck:$true
I celebrated for a moment when I got digest auth working, just to realize I can't use LDAP credentials with it. I need to use LDAP creds. Basic Auth works, but everything I am reading states this is insecure and not recommended.
I cannot get Public Key Authentication working for the life of me. We have a root cert installed and user certificates issued to all machines already.
Invoke-WebRequest "https://IP Address/api/sonicos/auth" -method POST -Body $body -ContentType "application/json" -SkipCertificateCheck:$true -CertificateThumbprint <thumbprint of user cert>
I just get the following error...
Invoke-WebRequest: Response status code does not indicate success: 401 (Unauthorized).
Answers
Hi,
Please take a look at a couple of example scripts in Bash and Python here: https://github.com/jaimeesc/sonicos-api-examples
Make sure you enable "PKCS#1 v2.0 OAEP" padding type and SHA256 hash/mask.
Hope that helps!