11-25-2015 10:46 AM
Hi. I'm ttrying to create ClientCertificateUserConfiguration type user with using SOAP API.
So far I've managed to create "blank" user without a certificate, but don't know how to provide a certificate into request. Here is a quote from the Northbound Guide from "CreateClientCertificateUserConfiguration" section: "RawData (string)—For information about the format of the raw data, see the Client Certificate User Specification in EDCS." That explains everything, right.... Could anyone please reveal some more details about this topic.
Thanks.
Solved! Go to Solution.
12-10-2015 08:28 AM
Which version of the guide are you looking at?
If you look at the 3.2 version at http://www.cisco.com/c/dam/en/us/td/docs/net_mgmt/datacenter_mgmt/Process_Orchestrator/3-2/NBWS/NB_WebServicesGuide.pdf
On page 41 I see this...
12-10-2015 08:28 AM
Which version of the guide are you looking at?
If you look at the 3.2 version at http://www.cisco.com/c/dam/en/us/td/docs/net_mgmt/datacenter_mgmt/Process_Orchestrator/3-2/NBWS/NB_WebServicesGuide.pdf
On page 41 I see this...
01-12-2016 06:55 AM
Hi. Thank you for the response. The mentioned problem was solved, but now I have another one.
I'm using ClientCertificateUser as runtimeUser for a web target to authenticate requests. It works smooth for GET requests, but fails for POST with 403 (Forbidden) error. It happens only in CPO, with other REST clients (I'm calling REST API) everything works fine, so it's probably not certificate or API access privilege issue.
Thanks.
01-13-2016 05:00 AM
Does it only *not* work for just POST requests? All POST? Certain POST only? Do you have the method set to POST?
If it were me, I would use wireshark and compare the across the wire messages and make sure what you have (that is working from other clients) is the same. If not, look at why it's not.
Also -- I would suggest you open a TAC case and have support look as well in case a bug needs to be opened with the BU.
01-13-2016 06:56 AM
Hi Yes, the problem with all POST requests. And I'll try wiresharking Thanks for the suggestion!
12-10-2015 09:01 AM
I haven't created a cert user via the api, only manually.
Export your cert as base64, open in a text editor and use the <cert data> without the tags:
-----BEGIN CERTIFICATE-----
<cert data>
-----END CERTIFICATE-----
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide