03-24-2021 11:01 PM
I'm trying to use REST API to GET details of external ca certificates I've uploaded via FDM gui, I've noticed the external ca certificates that come with the device show up with details but not the one I've uploaded...
Does anyone know why?
I ask because I'll like to make changes to the revocation configuration and the only way is by REST API...
Solved! Go to Solution.
03-25-2021 02:42 PM
I just tried this on my 6.7 device it looks like Internal Certificates show detail when clicking on the pencil you will see something similar to this:
However external and user-defined external certificates have little very little detail beyond the name.
My suggestion would be to revert to the API explorer to query the details of the certificate.
For external certificates go into the "Certificate" bucket and if you want to look at the CA certs I would suggest going into:
I uploaded Verisigns public certificate as a test and it ends up giving me data like the following regarding that cert:
{ "version": "jcd67gheb464u", "name": "verisign-test", "cert": "*********", "privateKey": null, "passPhrase": null, "issuerCommonName": "DigiCert EV RSA CA G2", "issuerCountry": "US", "issuerLocality": "", "issuerOrganization": "DigiCert Inc", "issuerOrganizationUnit": "", "issuerState": "", "subjectCommonName": "www.verisign.com", "subjectCountry": "US", "subjectDistinguishedName": " businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=2497886, C=US, ST=Virginia, L=Reston, O=Verisign, Inc, OU=Enterprise IT, CN=www.verisign.com", "subjectLocality": "Reston", "subjectOrganization": "Verisign, Inc", "subjectOrganizationUnit": "Enterprise IT", "subjectState": "Virginia", "validityStartDate": "Jul 13 00:00:00 2020 GMT", "validityEndDate": "Jul 14 12:00:00 2021 GMT", "isSystemDefined": false, "revocationCheck": "NONE", "crlCacheTime": 60, "disableOcspNonce": false, "id": "6d2facc4-8ccc-11eb-915e-d9dfa128b1fb", "type": "externalcacertificate", "links": { "self": "https://ast0072-pod.cisco.com:670/api/fdm/v6/object/externalcacertificates/6d2facc4-8ccc-11eb-915e-d9dfa128b1fb" } }
You can do similar for the other certificate types.
I'll follow up by filing a bug on this as I don't believe it was ever intentional it is an inconsistency in our UI. So we can see if we can get this repaired.
03-25-2021 02:42 PM
I just tried this on my 6.7 device it looks like Internal Certificates show detail when clicking on the pencil you will see something similar to this:
However external and user-defined external certificates have little very little detail beyond the name.
My suggestion would be to revert to the API explorer to query the details of the certificate.
For external certificates go into the "Certificate" bucket and if you want to look at the CA certs I would suggest going into:
I uploaded Verisigns public certificate as a test and it ends up giving me data like the following regarding that cert:
{ "version": "jcd67gheb464u", "name": "verisign-test", "cert": "*********", "privateKey": null, "passPhrase": null, "issuerCommonName": "DigiCert EV RSA CA G2", "issuerCountry": "US", "issuerLocality": "", "issuerOrganization": "DigiCert Inc", "issuerOrganizationUnit": "", "issuerState": "", "subjectCommonName": "www.verisign.com", "subjectCountry": "US", "subjectDistinguishedName": " businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=2497886, C=US, ST=Virginia, L=Reston, O=Verisign, Inc, OU=Enterprise IT, CN=www.verisign.com", "subjectLocality": "Reston", "subjectOrganization": "Verisign, Inc", "subjectOrganizationUnit": "Enterprise IT", "subjectState": "Virginia", "validityStartDate": "Jul 13 00:00:00 2020 GMT", "validityEndDate": "Jul 14 12:00:00 2021 GMT", "isSystemDefined": false, "revocationCheck": "NONE", "crlCacheTime": 60, "disableOcspNonce": false, "id": "6d2facc4-8ccc-11eb-915e-d9dfa128b1fb", "type": "externalcacertificate", "links": { "self": "https://ast0072-pod.cisco.com:670/api/fdm/v6/object/externalcacertificates/6d2facc4-8ccc-11eb-915e-d9dfa128b1fb" } }
You can do similar for the other certificate types.
I'll follow up by filing a bug on this as I don't believe it was ever intentional it is an inconsistency in our UI. So we can see if we can get this repaired.
03-25-2021 08:33 PM
I did try externalcacertificates but mislooked the limit parameter, I increased the limit parameter and my Certificate showed up
Thank you for your help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: