HTTPS validation CA upload via RESTful API

Hi, Sven, and welcome to the UTM Community!

I only know how to do this with:

cc ca_import_verification_ca CA_NAME <pem> http_verification_ca

I don't how to do that with the RESTful API.

Cheers - Bob

EDIT 2017-10-02 I left out the name to assign to the new CA. <pem> is the file name

Hi, Sven, and welcome to the UTM Community!

I only know how to do this with:

cc ca_import_verification_ca CA_NAME <pem> http_verification_ca

I don't how to do that with the RESTful API.

Cheers - Bob

EDIT 2017-10-02 I left out the name to assign to the new CA. <pem> is the file name

Hi,

And does this command works for you? I always get this error when I try

  'attrs' => [

                      'reason'

                    ],

         'class' => 'ca',

         'fatal' => 1,

         'format' => 'Cannot import: certificate malformed (%s).',

         'msgtype' => 'CA_VERIFICATION_CA_IMPORT_FAILURE',

         'name' => 'Cannot import: certificate malformed (missing attribute).',

         'never_hide' => 0,

         'reason' => 'missing attribute',

         'type' => 'verification_ca'

Is <PEM> the path to pen file or should be text like "-----BEGIN CERTIFICATE-----\n...."

Or "-----BEGIN CERTIFICATE-----

...

....END...."

?

Thank you

Thanks, Daniel, I've corrected the post.  Does that work for you now?

Cheers - Bob

Hi Bob,

Unfortunately it still does not work.

I get the same error

Any other ideas?

Thank you

Hello!

I need a solution to update the certificate from outside, not on the machine, because we need to update many UTMs at once.

Therefore this maybe another solution, but not the solution to the real problem that the certificate is added but not used by the UTM.

Regards

 Sven

Daniel, did you specify http_verification_ca?  There are three parameters.  It's been years since I used this, but I'm fairly certain that <pem> is the file name and not the content of the pem.

Cheers - Bob

Hi Bob

Yes I did tried with both http_verification_ca and verification_ca (default) but without success.

Hi Sven

Enable api and open the api explorer

You will need first to update meta x509 for your new certificate and then update the verification_ca.

Tip: use get methods to see what should be in the fields and use post method to do the updates with new data.

Aehmmm?

Did you (or anybody) read my initial question?

This script works fine, but the UTM does not use the added certificates...

I think this is a bug in the UTM, but I need confirmation or a hit what I'm doing wrong...

Regards

 Sven

Hi Sven

Is your script updating both (certificate and ref meta)?

Otherwise UTM will not notice the change

Yes and it's display correctly in the GUI.

I can enable/disable in the GUI, but it does not work.

I rebooted the UTM but it doesn't change anything...

Regards

 Sven