Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
0
Replies

ISE OpenAPI Trusted Certificate upload fails due to malicious content

Johannes Botha
Level 1
Level 1

‎10-23-2022 06:36 AM - edited ‎10-23-2022 08:53 AM

Hi

I've been testing some script againts ISE 3.2.0 OpenAPI to test the functionality and i found an issue in uploading a trusted certificate for Letsencrypt via the openapi. If i download the intermediate certificate from https://letsencrypt.org/certs/lets-encrypt-r3.pem and use the ise admin portal to upload it works 100%.

When i use the openapi to upload the certificate i get a security check failed.

I then download the next certificate in the chain for letsencrypt https://letsencrypt.org/certs/isrgrootx1.pem.

i use the same procedure and the upload is successfull.

 

The error in the log on ISE says something about malicious content in the certificate.

Anybody seen this or know of a solution.

 

At the end i want to have the certificate and deployment done all via a script.

You still need to enable ERS on the admin portal before you can start doing any script testing.

 

 

 

Added message from the logfile

 

 

2022-10-23 17:47:08,898 INFO [openapi-http-pool9][[]] cpm.iseopenapi.certmgmt.validators.CertMgmtSecurityValidator -::::- Inside certSecurityCheck, checking if certificate has been detected with Malicious content
2022-10-23 17:47:08,901 ERROR [openapi-http-pool9][[]] cpm.iseopenapi.certmgmt.validators.CertMgmtValidator -::::- Exception while validating request
com.cisco.cpm.admin.restui.websec.WebSecurityException: null
at com.cisco.cpm.admin.restui.websec.WebSecurityCheckerUtil.onBeanSecurityBreaches(WebSecurityCheckerUtil.java:512) ~[admin-rest-infra-3.2.0-542.jar:?]

 

2022-10-23 17:47:08,901 ERROR [openapi-http-pool9][[]] cpm.iseopenapi.certmgmt.validators.CertMgmtValidator -::::- Found Malicious content in request: [CN=R3,O=Let's Encrypt,C=US, CN=R3,O=Let's Encrypt,C=US]

 

2022-10-23 17:47:08,901 ERROR [openapi-http-pool9][[]] cpm.iseopenapi.certmgmt.validators.CertMgmtSecurityValidator -::::- Malicious content detected in Certificate Attributes

 

com.cisco.cpm.infrastructure.certmgmt.openapi.exception.CertMgmtAPIValidationFailedEx: Found malicious content in request
at com.cisco.cpm.iseopenapi.certmgmt.validators.CertMgmtValidator.checkReqSecurity(CertMgmtValidator.java:90) ~[certmgmt-oas-3.2.0-542.jar:?]

 

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents