Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 1661 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is there an example of uploading an LE cert to UTM 9?

yobyotan

Hello,

I've been looking for a code sample of how to upload (replace, actually) an expired Let's Encrypt cert using the REST API or, better a cron-based script on 9.7.

I'd appreciate pointers to some examples, if there are any.

My use case is that I am using pfSense to generate a multi-SAN LE cert which I wish to distribute to various network devices. I know some folks do this in reverse (generate on UTM and distribute from there) but that's not possible for me any longer.

Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    I don't think it would be possible to do it using a cronjob even when you are able to provide a specific location to download the certificate. As it would not be possible to add it in UTM in a way that it can be used from GUI. This remains unchartered territory for me, however.

    Were you able to find something from this guide https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf

    Regards

    Jaydeep

  • 0 in reply to Jaydeep

    Thanks.

    No, that document doesn't have detailed examples; it's more about the concept and design of the REST API.

    This is too bad. I've been using UTM as a VPN since Astaro days -- almost 14 years. (I was a vp of marketing for Astaro.) I still prefer UTM's SSL VPN to pfSense's. 

    But the lack of usable automation capability -- something I think the API was supposed to address -- marks the end of the road for me since my UTM is not on my network edge anymore and my DigiCert wildcard expires this year.

    While the document @Jaydeep links is well-written. as long as there's no body of examples Sophos is relying on the few brave people who will experiment and share. Too bad Sophos didn't prep at least a few how-tos with the release of the API itself.

    BTW, I could easily run a cron job (either on a different host or as a scheduled Windows task) to replace the certs using PowerShell's Invoke-RestMethod cmdlet if only I had an example of how to use the 'ca' object.

  • 0 in reply to yobyotan

    Hi and welcome back to the UTM Community!

    There are quite a few examples here, but the built-in search function is not easy to use.  I prefer to use a Google including the site parameter.  For example:

    site:community.sophos.com/products/unified-threat-management/f letsencrypt

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks.

    But it’s a sorry state when Google has to suffice instead of actual doc. My search on a mobile device yielded no actual examples of using the REST API to store a cert.

    I give up. I’m retiring my UTM VM in March when it’s current cert expires.

Reply
  • 0 in reply to BAlfson

    Thanks.

    But it’s a sorry state when Google has to suffice instead of actual doc. My search on a mobile device yielded no actual examples of using the REST API to store a cert.

    I give up. I’m retiring my UTM VM in March when it’s current cert expires.

Children
No Data
Unfiltered HTML