Developer

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.

What the API swagger about body ? because i think you need to "upload" the certificate 

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.

Do you mean the https://mobilitymaster:4343/api/ documentation thing?

It only says this:
{
  "cert_type": "ServerCert",
  "name": "string",
  "filename": "string"
}

But the filename parameter is just a string, it is not the file itself. 

What the API swagger about body ? because i think you need to "upload" the certificate 

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.

Hi,

I think filename is the payload of file (using base64 encoding ?)

What do you have when make a get ?

Do you mean the https://mobilitymaster:4343/api/ documentation thing?

It only says this:
{
  "cert_type": "ServerCert",
  "name": "string",
  "filename": "string"
}

But the filename parameter is just a string, it is not the file itself. 

What the API swagger about body ? because i think you need to "upload" the certificate 

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.

There is a limit on how long the string can be, so base64 would be too much:
"Error : Expecting string of length 1 to 31"

Here's the output for get:

  '_data': {  'crypto_local_pki_cert': [  {  '_flags': {  'default': True,                                                           'inherited': True},                                              'cert_type': 'PublicCert',                                              'filename': 'master-ssh-pub-cert',                                              'name': 'master-ssh-pub-cert'},                                           {  'cert_type': 'ServerCert',                                              'filename': 'mobility-ctrl01.pfx',                                              'name': 'mobility-ctrl01'}]}}

Hi,

I think filename is the payload of file (using base64 encoding ?)

What do you have when make a get ?

Do you mean the https://mobilitymaster:4343/api/ documentation thing?

It only says this:
{
  "cert_type": "ServerCert",
  "name": "string",
  "filename": "string"
}

But the filename parameter is just a string, it is not the file itself. 

What the API swagger about body ? because i think you need to "upload" the certificate 

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.

There is a limit on how long the string can be, so base64 would be too much:
"Error : Expecting string of length 1 to 31"

Here's the output for get:

  '_data': {  'crypto_local_pki_cert': [  {  '_flags': {  'default': True,                                                           'inherited': True},                                              'cert_type': 'PublicCert',                                              'filename': 'master-ssh-pub-cert',                                              'name': 'master-ssh-pub-cert'},                                           {  'cert_type': 'ServerCert',                                              'filename': 'mobility-ctrl01.pfx',                                              'name': 'mobility-ctrl01'}]}}

Hi,

I think filename is the payload of file (using base64 encoding ?)

What do you have when make a get ?

Do you mean the https://mobilitymaster:4343/api/ documentation thing?

It only says this:
{
  "cert_type": "ServerCert",
  "name": "string",
  "filename": "string"
}

But the filename parameter is just a string, it is not the file itself. 

What the API swagger about body ? because i think you need to "upload" the certificate 

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.

First you will have to upload the certificate to the controllers flash using {{url_md}}/v1/configuration/object/copy_scp_flash

Second you will have to install the certificate on the controller using {{url_md}}/v1/configuration/object/crypto_pki_import_cer

With this body:

{
  "format": "pkcs12",
  "cert": "ServerCert",
  "name": "<display_name_of_certificate>",
  "filename": "newcert.pfx",
  "passphrase": "************"
}

Results

Last, if the controller is managed by a Conductor, you will have set the new certificate with the following API call to the Conductor

{{url_mm}}/v1/configuration/object/crypto_local_pki_cert

Body:

{
  "cert_type": "ServerCert",
  "name": "ctrl-01",
  "filename": "domain.pfx"
}

Results:

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.

Awesome info, works like a charm... using ftp instead of scp to avoid putting scp credentials in the script, but with these steps it works nicely!

First you will have to upload the certificate to the controllers flash using {{url_md}}/v1/configuration/object/copy_scp_flash

Second you will have to install the certificate on the controller using {{url_md}}/v1/configuration/object/crypto_pki_import_cer

With this body:

{
  "format": "pkcs12",
  "cert": "ServerCert",
  "name": "<display_name_of_certificate>",
  "filename": "newcert.pfx",
  "passphrase": "************"
}

Results

Last, if the controller is managed by a Conductor, you will have set the new certificate with the following API call to the Conductor

{{url_mm}}/v1/configuration/object/crypto_local_pki_cert

Body:

{
  "cert_type": "ServerCert",
  "name": "ctrl-01",
  "filename": "domain.pfx"
}

Results:

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.

Big thanks to my colleague olehaa who figured this out and posting the solution :)

Awesome info, works like a charm... using ftp instead of scp to avoid putting scp credentials in the script, but with these steps it works nicely!

First you will have to upload the certificate to the controllers flash using {{url_md}}/v1/configuration/object/copy_scp_flash

Second you will have to install the certificate on the controller using {{url_md}}/v1/configuration/object/crypto_pki_import_cer

With this body:

{
  "format": "pkcs12",
  "cert": "ServerCert",
  "name": "<display_name_of_certificate>",
  "filename": "newcert.pfx",
  "passphrase": "************"
}

Results

Last, if the controller is managed by a Conductor, you will have set the new certificate with the following API call to the Conductor

{{url_mm}}/v1/configuration/object/crypto_local_pki_cert

Body:

{
  "cert_type": "ServerCert",
  "name": "ctrl-01",
  "filename": "domain.pfx"
}

Results:

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.

I've made some changes to the solution. Here everything is done towards the Mobility Master. You need to specify the path for each controller. The path can be found by typing "cd ?" when logged into the Mobility Master with SSH.

{{url_mm}}/v1/configuration/object/copy_tftp_flash?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
{{url_mm}}/v1/configuration/object/crypto_pki_import_cert?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
{{url_mm}}/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
{{url_mm}}/v1/configuration/object/write_memory?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
(config_path might not be needed on that last one)

However, there is one last step that I'm missing, and that is to configure the Web Server with the new certificate that has been uploaded. I can't find any API endpoints that configure the Web Server.

If I try to upload a certificate with the same name as before I get an error that says that it already exists a certificate with that name (It's the second API request above that gives the error).

Big thanks to my colleague olehaa who figured this out and posting the solution :)

Awesome info, works like a charm... using ftp instead of scp to avoid putting scp credentials in the script, but with these steps it works nicely!

First you will have to upload the certificate to the controllers flash using {{url_md}}/v1/configuration/object/copy_scp_flash

Second you will have to install the certificate on the controller using {{url_md}}/v1/configuration/object/crypto_pki_import_cer

With this body:

{
  "format": "pkcs12",
  "cert": "ServerCert",
  "name": "<display_name_of_certificate>",
  "filename": "newcert.pfx",
  "passphrase": "************"
}

Results

Last, if the controller is managed by a Conductor, you will have set the new certificate with the following API call to the Conductor

{{url_mm}}/v1/configuration/object/crypto_local_pki_cert

Body:

{
  "cert_type": "ServerCert",
  "name": "ctrl-01",
  "filename": "domain.pfx"
}

Results:

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.

Ah, I didn't realize, but that is what I did in my lab.

In order to apply the certification you would need the /v1/configuration/object/httpd_wrap_prof

{ "cp_cert": { "captive-portal-cert": certname }} does the captive portal certificate.

I haven't tested, but the Web UI cert should be { "switch_cert": { "switch-cert": certname }} ; but check the httpd_wrap_prof object for confirmation.

I've made some changes to the solution. Here everything is done towards the Mobility Master. You need to specify the path for each controller. The path can be found by typing "cd ?" when logged into the Mobility Master with SSH.

{{url_mm}}/v1/configuration/object/copy_tftp_flash?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
{{url_mm}}/v1/configuration/object/crypto_pki_import_cert?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
{{url_mm}}/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
{{url_mm}}/v1/configuration/object/write_memory?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
(config_path might not be needed on that last one)

However, there is one last step that I'm missing, and that is to configure the Web Server with the new certificate that has been uploaded. I can't find any API endpoints that configure the Web Server.

If I try to upload a certificate with the same name as before I get an error that says that it already exists a certificate with that name (It's the second API request above that gives the error).

Big thanks to my colleague olehaa who figured this out and posting the solution :)

Awesome info, works like a charm... using ftp instead of scp to avoid putting scp credentials in the script, but with these steps it works nicely!

First you will have to upload the certificate to the controllers flash using {{url_md}}/v1/configuration/object/copy_scp_flash

Second you will have to install the certificate on the controller using {{url_md}}/v1/configuration/object/crypto_pki_import_cer

With this body:

{
  "format": "pkcs12",
  "cert": "ServerCert",
  "name": "<display_name_of_certificate>",
  "filename": "newcert.pfx",
  "passphrase": "************"
}

Results

Last, if the controller is managed by a Conductor, you will have set the new certificate with the following API call to the Conductor

{{url_mm}}/v1/configuration/object/crypto_local_pki_cert

Body:

{
  "cert_type": "ServerCert",
  "name": "ctrl-01",
  "filename": "domain.pfx"
}

Results:

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.

I think you need to change the web UI cert via Admin -> Admin Authentication Options -> Server certificate

This will update it in the profile as well.

Log from the web UI if I change it through Admin Authentication Options manually:
Controller mobility-ctrl01 in Managed Network > XXXXX > XXXXXX
System > Admin > Admin Authentication Options:
Server certificate = mobility-ctrl01-2023-64.pfx
Authentication = Disabled
System > Profiles > Other Profiles > Web Server Configuration:
Switch Certificate = mobility-ctrl01-2023-64.pfx
Additional changes from CLI

However, I have a hard time navigating through the API to find the correct place to set this.

Ah, I didn't realize, but that is what I did in my lab.

In order to apply the certification you would need the /v1/configuration/object/httpd_wrap_prof

{ "cp_cert": { "captive-portal-cert": certname }} does the captive portal certificate.

I haven't tested, but the Web UI cert should be { "switch_cert": { "switch-cert": certname }} ; but check the httpd_wrap_prof object for confirmation.

I've made some changes to the solution. Here everything is done towards the Mobility Master. You need to specify the path for each controller. The path can be found by typing "cd ?" when logged into the Mobility Master with SSH.

{{url_mm}}/v1/configuration/object/copy_tftp_flash?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
{{url_mm}}/v1/configuration/object/crypto_pki_import_cert?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
{{url_mm}}/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
{{url_mm}}/v1/configuration/object/write_memory?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
(config_path might not be needed on that last one)

However, there is one last step that I'm missing, and that is to configure the Web Server with the new certificate that has been uploaded. I can't find any API endpoints that configure the Web Server.

If I try to upload a certificate with the same name as before I get an error that says that it already exists a certificate with that name (It's the second API request above that gives the error).

Big thanks to my colleague olehaa who figured this out and posting the solution :)

Awesome info, works like a charm... using ftp instead of scp to avoid putting scp credentials in the script, but with these steps it works nicely!

First you will have to upload the certificate to the controllers flash using {{url_md}}/v1/configuration/object/copy_scp_flash

Second you will have to install the certificate on the controller using {{url_md}}/v1/configuration/object/crypto_pki_import_cer

With this body:

{
  "format": "pkcs12",
  "cert": "ServerCert",
  "name": "<display_name_of_certificate>",
  "filename": "newcert.pfx",
  "passphrase": "************"
}

Results

Last, if the controller is managed by a Conductor, you will have set the new certificate with the following API call to the Conductor

{{url_mm}}/v1/configuration/object/crypto_local_pki_cert

Body:

{
  "cert_type": "ServerCert",
  "name": "ctrl-01",
  "filename": "domain.pfx"
}

Results:

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.

Never mind, it doesn't seem to matter where you change it. It replaces it in both places. I just remember I had some trouble changing the cert from the profile section a while back.

But I get this error when I try to deploy: "Certificate either expired or not found in path /mm".

I can see the certificates under "certificates" on each mobility controller on the mobility master, so not sure what the issue is.

I think you need to change the web UI cert via Admin -> Admin Authentication Options -> Server certificate

This will update it in the profile as well.

Log from the web UI if I change it through Admin Authentication Options manually:
Controller mobility-ctrl01 in Managed Network > XXXXX > XXXXXX
System > Admin > Admin Authentication Options:
Server certificate = mobility-ctrl01-2023-64.pfx
Authentication = Disabled
System > Profiles > Other Profiles > Web Server Configuration:
Switch Certificate = mobility-ctrl01-2023-64.pfx
Additional changes from CLI

However, I have a hard time navigating through the API to find the correct place to set this.

Ah, I didn't realize, but that is what I did in my lab.

In order to apply the certification you would need the /v1/configuration/object/httpd_wrap_prof

{ "cp_cert": { "captive-portal-cert": certname }} does the captive portal certificate.

I haven't tested, but the Web UI cert should be { "switch_cert": { "switch-cert": certname }} ; but check the httpd_wrap_prof object for confirmation.

I've made some changes to the solution. Here everything is done towards the Mobility Master. You need to specify the path for each controller. The path can be found by typing "cd ?" when logged into the Mobility Master with SSH.

{{url_mm}}/v1/configuration/object/copy_tftp_flash?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
{{url_mm}}/v1/configuration/object/crypto_pki_import_cert?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
{{url_mm}}/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
{{url_mm}}/v1/configuration/object/write_memory?config_path=%2Fmd%2FMyCompany%2FMyLocation%2F00:00:00:00:00:00
(config_path might not be needed on that last one)

However, there is one last step that I'm missing, and that is to configure the Web Server with the new certificate that has been uploaded. I can't find any API endpoints that configure the Web Server.

If I try to upload a certificate with the same name as before I get an error that says that it already exists a certificate with that name (It's the second API request above that gives the error).

Big thanks to my colleague olehaa who figured this out and posting the solution :)

Awesome info, works like a charm... using ftp instead of scp to avoid putting scp credentials in the script, but with these steps it works nicely!

First you will have to upload the certificate to the controllers flash using {{url_md}}/v1/configuration/object/copy_scp_flash

Second you will have to install the certificate on the controller using {{url_md}}/v1/configuration/object/crypto_pki_import_cer

With this body:

{
  "format": "pkcs12",
  "cert": "ServerCert",
  "name": "<display_name_of_certificate>",
  "filename": "newcert.pfx",
  "passphrase": "************"
}

Results

Last, if the controller is managed by a Conductor, you will have set the new certificate with the following API call to the Conductor

{{url_mm}}/v1/configuration/object/crypto_local_pki_cert

Body:

{
  "cert_type": "ServerCert",
  "name": "ctrl-01",
  "filename": "domain.pfx"
}

Results:

I'm using the REST API for Mobility Master, trying to automate cert-renewal.

I am able to get a list of existing certificates, but when I try to use post, it doesn't work.

I'm using this API request:

https://mobilitymaster:4343/v1/configuration/object/crypto_local_pki_cert?config_path=%2Fmd%2FLocation%2F00:00:00:00:00:00

body = {'cert_type':"ServerCert","name":"testcert","filename":"certificate.pfx"}

However, the certificate itself is not attached to this request, and I don't know how to add it.