Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
639
Views
1
Helpful
2
Replies

is there an ISE OpenAPI Filters Reference Guide

Arne Bier
VIP
VIP

‎08-03-2024 04:21 PM

Hello,

I am using the ISE OpenAPI to renew guest portal certificates.

/api/v1/certs/system-certificate/{hostName} Get all system certificates of a particular node

The API works well. However, after importing the new cert and private key, the old certificate is still there, and I was looking for a simple method to remove an unused cert. Below is a JSON snippet showing the old cert's details - my plan was to apply a Filter for usedBy.EQ."Not in use"

      "id": "bbde1038-7e3d-4e34-88b6-89fd86427b80",
      "friendlyName": "Guest1",
      "serialNumberDecimalFormat": "480224914593749011",
      "issuedTo": "guest1",
      "issuedBy": "GlobalRoot",
      "validFrom": "Sat Aug 03 21:23:00 UTC 2024",
      "expirationDate": "Sun Aug 03 21:23:00 UTC 2025",
      "usedBy": "Not in use",
      "keySize": 2048,
      "groupTag": "",
      "selfSigned": false,
      "signatureAlgorithm": "SHA256withRSA",
      "portalsUsingTheTag": "",

 

 

The Swagger UI comes back with this error: that's not very useful at all - I would expect filters to apply to any of the fields

"The filter field 'usedBy' is not supported. These are supported fields: [issuedTo, subject, issuedBy, validFrom, friendlyName, expirationDate, status]"

I can't find "status" in regards to the fields shown above.

How then should I use the API to find certificates that are not in use, in order to easily delete them via API?

 

 

regards

Arne

0 Helpful
2 Replies 2

Greg Gibbs
Cisco Employee
Cisco Employee

‎08-04-2024 04:22 PM

Hi @Arne Bier... depending on what tools you are using for the API calls, you would likely need to use some sort of JSONPath query to find the 'id' values for the items that have usedBy=='Not in use'
Here's an example of using curl in conjunction with 'jq' to output the relevant 'id' values.

curl -k 'https://<ISE PAN>/api/v1/certs/system-certificate/<ISE NODE>' -H 'Authorization: Basic <TOKEN>' |jq '.response[] | select(.usedBy == "Not in use") | .id'

Arne Bier
VIP
VIP

‎08-04-2024 04:29 PM

Thanks.  In my case,  was prototyping with the Swagger UI in ISE 3.2 and I was hoping that since there were all those filter operators (EQ, STARTSWITH, etc.), that I could apply those to any of the attributes for that particular query - I was surprised to find that only a handful of attributes were eligible as search arguments. Most of them are self explanatory, but "status" is not an attribute.  I was hoping for a better explanation of filters in the ISE Swagger UI.

Perhaps Swagger has its limits. Ultimately, I am planning to write a python script that does all this - and I'll surely have more levers to pull in that environment.

0 Helpful
Customers Also Viewed These Support Documents