Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1232
Views
0
Helpful
1
Replies

ISE API Trust Certificate

Go to solution
fitzie
Level 1
Level 1

‎12-30-2021 02:44 PM

We're just getting started with the ISE API, and I have what I'm sure is a really basic question.    We wish to use python to search for, create, and update endpoint data.  In the ERS API examples I can find, I typically see the following comment:

# SECURITY WARNING - DO NOT USE THIS SCRIPT IN PRODUCTION!                #
# The script allows connections to SSL sites without trusting             #
# the server certificates.                                                #
# For production, it is required to add certificate check.

For our production ISE setup, we have certs issed and installed via our internal AD CA.  How do I perform a certificate check?  I see very generic references like:

requests.get(url, verify=path_to_bundle_file)

I'm assuming that the URL is the address of the ISE PAN, but I'm a bit confused about the path_to bundle_file.  What is this bundle file, and how do I generate it?  My assumption is that the path is on the device running the python script.

 

If my ISE server is using 10.10.10.10 and uses all standard ports with ERS enabled, what is the exact URL?

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Brian Sak
Cisco Employee
Cisco Employee

‎01-07-2022 01:02 PM

The path_to_bundle_file is the location of the certificate (.pem) file for the ISE PAN on the computer you are running your script from. The requests library will do certificate validation against the endpoint you're connected to.  More information on this is available from the requests advanced documentation. You're seeing the warning above, because most likely the verify is set to false in your script which does not validate the server certificate.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Brian Sak
Cisco Employee
Cisco Employee

‎01-07-2022 01:02 PM

The path_to_bundle_file is the location of the certificate (.pem) file for the ISE PAN on the computer you are running your script from. The requests library will do certificate validation against the endpoint you're connected to.  More information on this is available from the requests advanced documentation. You're seeing the warning above, because most likely the verify is set to false in your script which does not validate the server certificate.

0 Helpful
Customers Also Viewed These Support Documents