Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1358
Views
5
Helpful
2
Replies

Firepower REST API Certificate question..

Go to solution
dvo73d123
Level 1
Level 1

‎03-24-2021 11:01 PM

I'm trying to use REST API to GET details of external ca certificates I've uploaded via FDM gui, I've noticed the external ca certificates that come with the device show up with details but not the one I've uploaded... 

 

Does anyone know why?

 

I ask because I'll like to make changes to the revocation configuration and the only way is by REST API...

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jarsmith
Cisco Employee
Cisco Employee

‎03-25-2021 02:42 PM

I just tried this on my 6.7 device it looks like Internal Certificates show detail when clicking on the pencil you will see something similar to this:

 

 
 

internal certificate.jpg

 

However external and user-defined external certificates have little very little detail beyond the name.

 

My suggestion would be to revert to the API explorer to query the details of the certificate.

 

For external certificates go into the "Certificate" bucket and if you want to look at the CA certs I would suggest going into:

GET /object/externalcacertificates

I uploaded Verisigns public certificate as a test and it ends up giving me data like the following regarding that cert:

 

{ "version": "jcd67gheb464u", "name": "verisign-test", "cert": "*********", "privateKey": null, "passPhrase": null, "issuerCommonName": "DigiCert EV RSA CA G2", "issuerCountry": "US", "issuerLocality": "", "issuerOrganization": "DigiCert Inc", "issuerOrganizationUnit": "", "issuerState": "", "subjectCommonName": "www.verisign.com", "subjectCountry": "US", "subjectDistinguishedName": " businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=2497886, C=US, ST=Virginia, L=Reston, O=Verisign, Inc, OU=Enterprise IT, CN=www.verisign.com", "subjectLocality": "Reston", "subjectOrganization": "Verisign, Inc", "subjectOrganizationUnit": "Enterprise IT", "subjectState": "Virginia", "validityStartDate": "Jul 13 00:00:00 2020 GMT", "validityEndDate": "Jul 14 12:00:00 2021 GMT", "isSystemDefined": false, "revocationCheck": "NONE", "crlCacheTime": 60, "disableOcspNonce": false, "id": "6d2facc4-8ccc-11eb-915e-d9dfa128b1fb", "type": "externalcacertificate", "links": { "self": "https://ast0072-pod.cisco.com:670/api/fdm/v6/object/externalcacertificates/6d2facc4-8ccc-11eb-915e-d9dfa128b1fb" } }

 

You can do similar for the other certificate types.

 

I'll follow up by filing a bug on this as I don't believe it was ever intentional it is an inconsistency in our UI.  So we can see if we can get this repaired.

 

 

View solution in original post

2 Replies 2

Go to solution
jarsmith
Cisco Employee
Cisco Employee

‎03-25-2021 02:42 PM

I just tried this on my 6.7 device it looks like Internal Certificates show detail when clicking on the pencil you will see something similar to this:

 

 
 

internal certificate.jpg

 

However external and user-defined external certificates have little very little detail beyond the name.

 

My suggestion would be to revert to the API explorer to query the details of the certificate.

 

For external certificates go into the "Certificate" bucket and if you want to look at the CA certs I would suggest going into:

GET /object/externalcacertificates

I uploaded Verisigns public certificate as a test and it ends up giving me data like the following regarding that cert:

 

{ "version": "jcd67gheb464u", "name": "verisign-test", "cert": "*********", "privateKey": null, "passPhrase": null, "issuerCommonName": "DigiCert EV RSA CA G2", "issuerCountry": "US", "issuerLocality": "", "issuerOrganization": "DigiCert Inc", "issuerOrganizationUnit": "", "issuerState": "", "subjectCommonName": "www.verisign.com", "subjectCountry": "US", "subjectDistinguishedName": " businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=2497886, C=US, ST=Virginia, L=Reston, O=Verisign, Inc, OU=Enterprise IT, CN=www.verisign.com", "subjectLocality": "Reston", "subjectOrganization": "Verisign, Inc", "subjectOrganizationUnit": "Enterprise IT", "subjectState": "Virginia", "validityStartDate": "Jul 13 00:00:00 2020 GMT", "validityEndDate": "Jul 14 12:00:00 2021 GMT", "isSystemDefined": false, "revocationCheck": "NONE", "crlCacheTime": 60, "disableOcspNonce": false, "id": "6d2facc4-8ccc-11eb-915e-d9dfa128b1fb", "type": "externalcacertificate", "links": { "self": "https://ast0072-pod.cisco.com:670/api/fdm/v6/object/externalcacertificates/6d2facc4-8ccc-11eb-915e-d9dfa128b1fb" } }

 

You can do similar for the other certificate types.

 

I'll follow up by filing a bug on this as I don't believe it was ever intentional it is an inconsistency in our UI.  So we can see if we can get this repaired.

 

 

Go to solution
dvo73d123
Level 1
Level 1
In response to jarsmith

‎03-25-2021 08:33 PM

I did try externalcacertificates but mislooked the limit parameter, I increased the limit parameter and my Certificate showed up

 

Thank you for your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents