This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS validation CA upload via RESTful API

Hello!

 

Because we have to upload many HTTPS validation CAs to the UTM and the UTM does not have

an option to upload more than one CA at a time, we wrote a small script which uses the RESTful API.

 

The script works fine and I can see all uploaded CAs in the list of

  Web Protection -> Filtering Options -> HTTPS CAs -> Local verification CAs

 

The only problem is: The UTM does not use these added CAs!

 

What do I have to do?

 

If I upload the CAs manually, it works. So the GUI must do anything that is not shown by

"confd-watch.plx -v".

 

Regards

 Sven Anders

 

 



This thread was automatically locked due to age.
Parents
  • Hi, Sven, and welcome to the UTM Community!

    I only know how to do this with:

    cc ca_import_verification_ca CA_NAME <pem> http_verification_ca

    I don't how to do that with the RESTful API.

    Cheers - Bob

    EDIT 2017-10-02 I left out the name to assign to the new CA. <pem> is the file name

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

    And does this command works for you? I always get this error when I try

      'attrs' => [

                          'reason'

                        ],

             'class' => 'ca',

             'fatal' => 1,

             'format' => 'Cannot import: certificate malformed (%s).',

             'msgtype' => 'CA_VERIFICATION_CA_IMPORT_FAILURE',

             'name' => 'Cannot import: certificate malformed (missing attribute).',

             'never_hide' => 0,

             'reason' => 'missing attribute',

             'type' => 'verification_ca'

    Is <PEM> the path to pen file or should be text like "-----BEGIN CERTIFICATE-----\n...."

    Or "-----BEGIN CERTIFICATE-----

    ...

    ....END...."

    ?

    Thank you

  • Thanks, Daniel, I've corrected the post.  Does that work for you now?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children