cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
213
Views
1
Helpful
2
Replies

Cannot PUT new internalcertificates on FMC

shutk
Level 1
Level 1

Im attempting to use /api/fmc_config/v1/domain/{domainUUID}/object/internalcertificates/{objectId} to replace/rotate the LetsEncrypt certificate on the FMC.  I get a 200 response, but the certificate does not change.

Has anyone successfully done this?  What are the minimum fields required for the api call body .e.g.

{
"cert": "-----BEGIN CERTIFICATE-----\nblah\n-----END CERTIFICATE-----",
"privateKey": "-----BEGIN PRIVATE KEY-----\nblah\n-----END PRIVATE KEY-----",
"id": "object_id",
"name": "cert_name"
}

 

2 Replies 2

ruby05guy
Level 1
Level 1

Hello,

It’s a great example of how even something as mundane as certificate rotation can be streamlined with a little coding. A quick tip that might help others: I’ve had similar issues in the past where the 200 OK response was returned, but the changes didn't apply. In my case, it turned out to be a subtle formatting issue in the private key or certificate, where an extra line break or hidden character was sneaking in. Sometimes even a minor discrepancy in formatting can cause FMC to ignore the update my methodist mychart without throwing an error. Always good to triple-check the formatting, especially when dealing with certs!

Thats helpful thanks! The formatting does look ok. Which fields are required as a minimum when rotating a certificate? I.e. is it enough to include just the cert, privateKey, name , and id, or does every field which is changing need to be included in the api body: validityStart/EndDate, certFingerprint, publicKeyFingerprint, etc?
Review Cisco Networking for a $25 gift card