Firepower REST API Certificate question..

dvo73d123 — Thu, 25 Mar 2021 06:01:40 GMT

I'm trying to use REST API to GET details of external ca certificates I've uploaded via FDM gui, I've noticed the external ca certificates that come with the device show up with details but not the one I've uploaded...

Does anyone know why?

I ask because I'll like to make changes to the revocation configuration and the only way is by REST API...

Re: Firepower REST API Certificate question..

jarsmith — Thu, 25 Mar 2021 21:42:14 GMT

I just tried this on my 6.7 device it looks like Internal Certificates show detail when clicking on the pencil you will see something similar to this:

However external and user-defined external certificates have little very little detail beyond the name.

My suggestion would be to revert to the API explorer to query the details of the certificate.

For external certificates go into the "Certificate" bucket and if you want to look at the CA certs I would suggest going into:

GET /object/externalcacertificates

I uploaded Verisigns public certificate as a test and it ends up giving me data like the following regarding that cert:

{ "version": "jcd67gheb464u", "name": "verisign-test", "cert": "*********", "privateKey": null, "passPhrase": null, "issuerCommonName": "DigiCert EV RSA CA G2", "issuerCountry": "US", "issuerLocality": "", "issuerOrganization": "DigiCert Inc", "issuerOrganizationUnit": "", "issuerState": "", "subjectCommonName": "www.verisign.com", "subjectCountry": "US", "subjectDistinguishedName": " businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=2497886, C=US, ST=Virginia, L=Reston, O=Verisign, Inc, OU=Enterprise IT, CN=www.verisign.com", "subjectLocality": "Reston", "subjectOrganization": "Verisign, Inc", "subjectOrganizationUnit": "Enterprise IT", "subjectState": "Virginia", "validityStartDate": "Jul 13 00:00:00 2020 GMT", "validityEndDate": "Jul 14 12:00:00 2021 GMT", "isSystemDefined": false, "revocationCheck": "NONE", "crlCacheTime": 60, "disableOcspNonce": false, "id": "6d2facc4-8ccc-11eb-915e-d9dfa128b1fb", "type": "externalcacertificate", "links": { "self": "https://ast0072-pod.cisco.com:670/api/fdm/v6/object/externalcacertificates/6d2facc4-8ccc-11eb-915e-d9dfa128b1fb" } }

You can do similar for the other certificate types.

I'll follow up by filing a bug on this as I don't believe it was ever intentional it is an inconsistency in our UI. So we can see if we can get this repaired.

Re: Firepower REST API Certificate question..

dvo73d123 — Fri, 26 Mar 2021 03:33:49 GMT

I did try externalcacertificates but mislooked the limit parameter, I increased the limit parameter and my Certificate showed up 🙂

Thank you for your help.

topic Firepower REST API Certificate question.. in Network Security

Firepower REST API Certificate question..

Re: Firepower REST API Certificate question..

GET /object/externalcacertificates

Re: Firepower REST API Certificate question..