aXAPI upload a certificate, key via slb.ssl.upload
kgh
Member ✭
Hello,
I had to upload about 50 certificates and keys into a box running version 2.6.1-P4. I read the AX_aXAPI_Ref_v2_6_1-P3-20111130.pdf document and found in chapter 6.31.4 “slb.ssl.upload” Method. There are these three parameter session_id, method and type. I am missing the information which file will be uploaded. What is meaning off " HPPT-Action: Mutipart-POST" ?
I hope this is the correct forum to post questions about aXAPI.
Kind regrdas
Klaus
I had to upload about 50 certificates and keys into a box running version 2.6.1-P4. I read the AX_aXAPI_Ref_v2_6_1-P3-20111130.pdf document and found in chapter 6.31.4 “slb.ssl.upload” Method. There are these three parameter session_id, method and type. I am missing the information which file will be uploaded. What is meaning off " HPPT-Action: Mutipart-POST" ?
I hope this is the correct forum to post questions about aXAPI.
Kind regrdas
Klaus
0
Comments
Kind regards
Klaus
Kind regards
Klaus
http://odin.himinbi.org/MultipartPostHandler.py
THis is just a sample of code ->> this code is not complete but should give a head start on how to access this method:
sessionID = minidom.parse(urllib.urlopen(sid_url.__str__(), authparams)).getElementsByTagName('session_id')[0].childNodes[0].nodeValue ##set the method method = "method=“slb.ssl.upload&type=cert" request = UrlBuilder(host, services_path, session_id_path.__str__() + sessionID + "&" + method.__str__()) cookies = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookies), MultipartPostHandler.MultipartPostHandler) opener.open(request, open("/path/yourcertificatename", "rb"))thanks for your feedback. I will try both solutions.
Kind regards
Klaus
I'm currently using Python 2.6.6 and I tried using the MultipartPostHandler but I'm getting errors from UrlBuilder which works fine with my other methods when trying to use slb.ssl.upload
http://pypi.python.org/pypi/MultipartPostHandler/0.1.0
When running the code I would get this error:
File "/usr/lib64/python2.6/urllib2.py", line 380, in open
req.add_data(data)
AttributeError: UrlBuilder instance has no attribute 'add_data'
and the code errors out on the last line:
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookies), MultipartPostHandler.MultipartPostHandler)
opener.open(request, open("/locations/of/file", "rb")) <-- this will error out
The request is the url but I use the exact same url for my other calls using axapi.
Any help would be greatly appreciated!
I took this portion from your example to get mine working:
opener = urllib2.build_opener(MultipartPostHandler.MultipartPostHandler)
urllib2.install_opener(opener)
req = urllib2.Request(request, params)
response = urllib2.urlopen(req).read().strip()
I did have 3 questions:
When I upload my certificate (a self-sign cert in PEM format)
I don't see attribute when calling slb.ssl.getAll
Does that mean there is an issue with my certificate?
I also noticed that the output from slb.ssl.getAll is different XML structure vs slb.template.client_ssl.getAll
nodes such as this <x509_file file_name="file" instead of file from the documentation.
Is this a known quirk or is it the way I'm parsing my code?
And lastly, I can see that I can upload/download certs but is it possible to delete uploaded certs from the api? (I didn't see an equivalent delete method and overwriting causes an error)
Thanks again!
Ahh, I can see some of my code is being taken out
but to clarify my first question:
"I don’t see attribute when calling slb.ssl.getAll"
I was referring to the <key key_size="1024" attribute in the output of slb.ssl.getAll
For my second question, I was referring to the multi values in <x509_file file_name="file" element from the output of slb.ssl.getAll which seems to be different than the example in the documentation for v2.
1. The SSL template and the ssl certificate are different objects and different methods. They will produce different information that is relevant for the object being requested.
2. In the output for the XML you will see multiple values like
'''
/*
“
”
XML SAMPLE NOT SHOWING UP
*/
'''
This is two different self-signed certificates self-signed certificate. An easy way to parse the XML is:
import xml.dom.minidom
req = slb.ssl.getAll(sid, host)
xml = xml.dom.minidom.parseString(req)
pretty_xml_as_string = xml.toprettyxml()
print pretty_xml_as_string
Hopes this helps Taking over the world one packet at a time with A10 Sorry about the last 2 posts, my sentences weren't coming out as the post was stripping a lot of my code making my sentences look broken :P
1) I had success with the below code for parsing slb.ssl.template.client_ssl but your code helped me parse the XML in a more readable format for slb.ssl.getAll; I was just asking if there was a better way to parse it as I noticed that between the two methods (slb.ssl.template.client_ssl had single values per node vs slb.ssl.getAll which has multiple values)
tree = ElementTree.parse(StringIO(sslTemplateList)) print for certList in tree.getiterator('client_ssl_template_list'): print "---------------------------" for cert in certList.findall('client_ssl_template'): for attribute in cert.getchildren(): print attribute.tag, ":", attribute.text print "---------------------------"2) I'm noticing that the certificate I upload does not contain a key size node, I was wondering if that would cause an issue or if there was a specific way to create the certs/key for the upload method?
3) I can see a slb.ssl.create but I don't see an equivalent slb.ssl.delete in the documentation, I also could not overwrite an existing certificate. Is there a way to delete a certificate using the aXAPI?
Thanks a bunch,
I'm starting to love Python + aXAPI (any tips would be greatly appreciated!)
I'll play around with it this weekend
2. I do not have an answer as to why the key-size node would not show up. I would open a case on that if you have concerns. This should be handled by the AX automatically.
3. I do not see the ability to delete the certificate. However you can utilize cli.deploy in API version 2.0 to do this. It is not as clean but you can accomplish the same thing until a native method is available.
I would look at lynda.com for great course information on python.
Cheers.
I noticed in the attached XML that the certificate type was certificate-key but when I reference the documentation it says certificate, key or crl. What's the difference? (I can also see with that type that you have a key size node)
I tried uploading with type=certificate-key but I get failures (urllib2.HTTPError: HTTP Error 404: Not Found); am I missing something?
And are you only uploading one certificate that has ----BEGIN CERTIFICATE---- and ----END CERTIFICATE----- in the uploaded file? (that's what I've been doing so far)
I can currently upload with a certificate, I just don't see the key size for some reason.
I'll keep playing around with it; I'm using openssl to create the cert (are you by any chance using a different tool?)
My output looks like below when I run slb.ssl.getAll:
x509_file file_name="server.crt" type="certificate" certificate common_name="test" country="US" division="testing" email="test@test.com" expiration="Oct 11 16:06:10 2013 GMT" issuer="Self" locality="place" organization="someplace" state-province="somewhere" /x509_fileBut now I need to associate a real chain (root CA, intermediate, end_user) to the template but I'm not sure where the intermediate needs to go.
For my self-sign, I upload a certificate and key separately but I see options for chain_name and [ca_cert_list:ca_cert] but I seem to have issues seeing my self-sign CA that signed my cert.
In what order should I be attempting to setup a chain? and where do I upload a chain?
Should I be using the slb.ssl.upload method to upload a certificate but have root_ca, intermediate, end_user concatenated (I will be trying this now, but I thought I'd ask the forums to see if anyone had an idea).
Thanks a bunch!