Unable to authenticate to access restconf API

marcbigos · ‎02-22-2021

I've been going around and around with Cisco TAC on this problem. I'm beginning to wonder if access to the restconf API on Cisco switches is actually a myth. I am running Cisco 3850s with Restconf enabled. IOS XE 16.6.6. I've tried upgrading to IOS XE 16.9.7. I've tried local authentication as well as authentication using TACACS via ISE and get the same authentication error. I am using self signed SSL certs. Cisco TAC tried totally removing the config for htttp, https, yang, restconf, as well as removing and regenerating the self signed SSL certificate. I've tried this via a Windows 10 PC as well as a Linux PC.

Here is the command I used to test access to the restconf API and the error I receive. My real credentials were used for the username and password. The switch IP was used as well. I've tried other curl commands as well. All fail authentication.

H:\>curl -k https://ipaddress/restconf/ -u "username:password"
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.

yangorelik · ‎02-22-2021

You should not have this issue with YDK-0.8.5, which provides support for SSL connection to Restconf server. The documentation describes procedure how the SSL certificate should be installed on the client platform.

If you are working with YANG Suite, please change the subject label.

Yan Gorelik
YDK Solutions

bigevilbeard · ‎02-23-2021

Hello @marcbigos take a look and try this Postman collection for XE https://developer.cisco.com/codeexchange/github/repo/jeremycohoe/cisco-ios-xe-postman-collections - you can try this on your own devices with your own environment file or test with devnet sandbox.

Hope this helps.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io