Hi
I've been testing some script againts ISE 3.2.0 OpenAPI to test the functionality and i found an issue in uploading a trusted certificate for Letsencrypt via the openapi. If i download the intermediate certificate from https://letsencrypt.org/certs/lets-encrypt-r3.pem and use the ise admin portal to upload it works 100%.
When i use the openapi to upload the certificate i get a security check failed.
I then download the next certificate in the chain for letsencrypt https://letsencrypt.org/certs/isrgrootx1.pem.
i use the same procedure and the upload is successfull.
The error in the log on ISE says something about malicious content in the certificate.
Anybody seen this or know of a solution.
At the end i want to have the certificate and deployment done all via a script.
You still need to enable ERS on the admin portal before you can start doing any script testing.
Added message from the logfile
2022-10-23 17:47:08,898 INFO [openapi-http-pool9][[]] cpm.iseopenapi.certmgmt.validators.CertMgmtSecurityValidator -::::- Inside certSecurityCheck, checking if certificate has been detected with Malicious content
2022-10-23 17:47:08,901 ERROR [openapi-http-pool9][[]] cpm.iseopenapi.certmgmt.validators.CertMgmtValidator -::::- Exception while validating request
com.cisco.cpm.admin.restui.websec.WebSecurityException: null
at com.cisco.cpm.admin.restui.websec.WebSecurityCheckerUtil.onBeanSecurityBreaches(WebSecurityCheckerUtil.java:512) ~[admin-rest-infra-3.2.0-542.jar:?]
2022-10-23 17:47:08,901 ERROR [openapi-http-pool9][[]] cpm.iseopenapi.certmgmt.validators.CertMgmtValidator -::::- Found Malicious content in request: [CN=R3,O=Let's Encrypt,C=US, CN=R3,O=Let's Encrypt,C=US]
2022-10-23 17:47:08,901 ERROR [openapi-http-pool9][[]] cpm.iseopenapi.certmgmt.validators.CertMgmtSecurityValidator -::::- Malicious content detected in Certificate Attributes
com.cisco.cpm.infrastructure.certmgmt.openapi.exception.CertMgmtAPIValidationFailedEx: Found malicious content in request
at com.cisco.cpm.iseopenapi.certmgmt.validators.CertMgmtValidator.checkReqSecurity(CertMgmtValidator.java:90) ~[certmgmt-oas-3.2.0-542.jar:?]