02-22-2021 09:03 AM - edited 02-22-2021 09:04 AM
I've been going around and around with Cisco TAC on this problem. I'm beginning to wonder if access to the restconf API on Cisco switches is actually a myth. I am running Cisco 3850s with Restconf enabled. IOS XE 16.6.6. I've tried upgrading to IOS XE 16.9.7. I've tried local authentication as well as authentication using TACACS via ISE and get the same authentication error. I am using self signed SSL certs. Cisco TAC tried totally removing the config for htttp, https, yang, restconf, as well as removing and regenerating the self signed SSL certificate. I've tried this via a Windows 10 PC as well as a Linux PC.
Here is the command I used to test access to the restconf API and the error I receive. My real credentials were used for the username and password. The switch IP was used as well. I've tried other curl commands as well. All fail authentication.
H:\>curl -k https://ipaddress/restconf/ -u "username:password"
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
02-22-2021 09:33 AM
You should not have this issue with YDK-0.8.5, which provides support for SSL connection to Restconf server. The documentation describes procedure how the SSL certificate should be installed on the client platform.
If you are working with YANG Suite, please change the subject label.
02-23-2021 03:51 AM
Hello @marcbigos take a look and try this Postman collection for XE https://developer.cisco.com/codeexchange/github/repo/jeremycohoe/cisco-ios-xe-postman-collections - you can try this on your own devices with your own environment file or test with devnet sandbox.
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide