12-30-2021 02:44 PM
We're just getting started with the ISE API, and I have what I'm sure is a really basic question. We wish to use python to search for, create, and update endpoint data. In the ERS API examples I can find, I typically see the following comment:
# SECURITY WARNING - DO NOT USE THIS SCRIPT IN PRODUCTION! # # The script allows connections to SSL sites without trusting # # the server certificates. # # For production, it is required to add certificate check.
For our production ISE setup, we have certs issed and installed via our internal AD CA. How do I perform a certificate check? I see very generic references like:
requests.get(url, verify=path_to_bundle_file)
I'm assuming that the URL is the address of the ISE PAN, but I'm a bit confused about the path_to bundle_file. What is this bundle file, and how do I generate it? My assumption is that the path is on the device running the python script.
If my ISE server is using 10.10.10.10 and uses all standard ports with ERS enabled, what is the exact URL?
Solved! Go to Solution.
01-07-2022 01:02 PM
The path_to_bundle_file is the location of the certificate (.pem) file for the ISE PAN on the computer you are running your script from. The requests library will do certificate validation against the endpoint you're connected to. More information on this is available from the requests advanced documentation. You're seeing the warning above, because most likely the verify is set to false in your script which does not validate the server certificate.
01-07-2022 01:02 PM
The path_to_bundle_file is the location of the certificate (.pem) file for the ISE PAN on the computer you are running your script from. The requests library will do certificate validation against the endpoint you're connected to. More information on this is available from the requests advanced documentation. You're seeing the warning above, because most likely the verify is set to false in your script which does not validate the server certificate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide