Hello,
I'm running the following REST call from an ec2 host in the same VPC as my Cisco CSR to get the X-auth token:
curl -v -X POST https://172.31.4.113/api/v1/auth/token-services -H "Accept:application/json" -u "cisco:cisco" -d "" --insecure -3
This is producing the following error:
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 172.31.4.113...
* TCP_NODELAY set
* Connected to 172.31.4.113 (172.31.4.113) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv3 (OUT), TLS handshake, Client hello (1):
* SSLv3 (IN), TLS alert, Server hello (2):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* stopped the pause stream!
* Closing connection 0
Please advise!
Output of show virtual-service detail:
Virtual service csr_mgmt detail
State : Activated
Owner : IOSd
Package information
Name : iosxe-remote-mgmt.16.06.01.ova
Path : bootflash:/iosxe-remote-mgmt.16.06.01.ova
Application
Name : csr_mgmt
Installed version : 2017.6
Description : CSR-MGMT
Signing
Key type : Cisco release key
Method : SHA-1
Licensing
Name : Not Available
Version : Not Available
Detailed guest status
----------------------------------------------------------------------
Process Status Uptime # of restarts
----------------------------------------------------------------------
nginx UP 0Y 0W 0D 5:46:37 0
climgr UP 0Y 0W 0D 5:46:37 1
restful_api UP 0Y 0W 0D 5:46:37 0
fcgicpa Down
pnscag Down
pnscdme Down
----------------------------------------------------------------------
Feature Status Configuration
----------------------------------------------------------------------
Restful API Enabled, UP port: 55443
auto-save-timer: 30 seconds
socket: unix:/usr/local/nginx/csrapi-fcgi.sock;
single-session: Disabled
PNSC Disabled, Down
Network stats:
eth0: RX packets:55939, TX packets:55571
eth1: RX packets:26, TX packets:8
Coredump file(s): CSR-V2-Secondary_climgr_49_20180426-173614-UTC.core.gz, ip-172-31-4-113_climgr_67_20180405-220057-UTC.core.gz, lost+found
Activated profile name: None
Resource reservation
Disk : 756 MB
Memory : 512 MB
CPU : 5% system CPU
Attached devices
Type Name Alias
---------------------------------------------
NIC ieobc_1 ieobc
NIC dp_1_33 net2
Disk _rootfs
Disk /opt/var
Disk /opt/var/c
Serial/shell serial0
Serial/aux serial1
Serial/Syslog serial2
Serial/Trace serial3
Watchdog watchdog-2
Network interfaces
MAC address Attached to interface
------------------------------------------------------
54:0E:00:0B:0C:02 ieobc_1
02:CE:0A:42:57:A8 VirtualPortGroup33
Guest interface
---
Interface: eth1
ip address: 172.31.4.113/21
---
Guest routes
---
Address/Mask Next Hop Intf.
-------------------------------------------------------------------------------
---
Resource admission (without profile) : passed
Disk space : 756MB
Memory : 512MB
CPU : 5% system CPU
VCPUs : Not specified
My running config:
!
remote-management
!
!
username cisco password 0 cisco priv level 15
!
!
interface VirtualPortGroup0
ip address 192.168.35.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet1
ip address dhcp
ip nat outside
negotiation auto
!
!
virtual-service csr_mgmt
ip shared host-interface GigabitEthernet1
activate
!
ip http secure-server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 172.31.0.1
!
transport type persistent webui input https-webui
