Wired Intelligent Edge

last person joined: 18 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

AOS REST API Trouble with .pem files

This thread has been viewed 1 times

  • 1.  AOS REST API Trouble with .pem files

    Posted Apr 27, 2020 02:32 PM
      |   view attached

    Hi everyone,

     

    Using this quarantine time to learn about REST APIs. I have been following this template:

     

    https://robin.lauren.fi/posts/hp-switch-certificate/

     

    I have been able to get most of it done, but I run into trouble getting the certificate chain related to the trust anchor. I have been getting help with our cert guy, so a lot of this is foreign to me. Basically when I try to copy via TFTP, it tells me it's invalid (see attached photo), by my guy is telling me the certificate I'm relating is .pem encoded, so I'm confused.

     

    I know this is kind of vague, but I'll answer any questions or offer more information if need be. Any help is appreciated.

     

     



  • 2.  RE: AOS REST API Trouble with .pem files

    MVP GURU
    Posted Apr 28, 2020 03:21 AM

    Hi bs1,

     

    What do you try to make ?

     

    Because the link is about certificate on the switch (and not REST API)



  • 3.  RE: AOS REST API Trouble with .pem files

    Posted Apr 28, 2020 03:33 AM

    With what are you accessing the API? I have Python code for everything regarding certificates and AOS-S switches, so maybe I can give you a hand with your problem.

     

    If you want to take a look yourself:

    https://github.com/Linkk93/aos_api_connector/blob/master/aos_s/api_cert.py

     

    What your colleague meant is probably, that the file you get from the switch is base64 encoded, you need to decode it (using f.e. OpenSSL) and if you want to upload it, you need to encode it first.

     

    Edit:

    You don't work with a TFTP if you work with the API. You just dump the data in the HTTP request.



  • 4.  RE: AOS REST API Trouble with .pem files

    Posted Apr 28, 2020 08:33 AM

    Hi guys,

     

    Thanks for the info. I am very new to all this, so thanks for your patience.

     

    My understanding was even before starting any REST APIs, I need to open up web management SSL on our switches, hence the need to put all these certs and trust chains on them.

     

    Ideally, my goal was to be able to call for data from our 400+ switches (ex VLANs, MAC or IP addresses, or user-roles, etc.)



  • 5.  RE: AOS REST API Trouble with .pem files
    Best Answer

    Posted Apr 28, 2020 08:46 AM

    The API is enabled by default in plaintext (HTTP). In CLI that would be "web-management" (note, no "ssl" behind it) 

    If you want to encrypt the communication (HTTPS), you'd need a web server certificate on the switch. CLI: "web-management ssl"

     

    For that, you can either use a self-signed certificate or a CA-signed certificate.

    If you want to use your local CA, you need to install your certificate chain as Trust Anchor (make your PKI trusted), and then generate a CSR, so that your CA can sign it.

     

    You can do that all via CLI or via API. 

    On the CLI these commands are "crypto key" and "crypto pki", for API look at my previous post. 

     

    EDIT:

    I wrote a small tutorial:

    https://kohnkenet.de/index.php/2020/04/16/introduction-to-arubaos-s-rest-api/