WebADM - Sign_Certificate_Request

Rémi Beck -

The Sign_Certificate_Request method is used to sign a previously generated certificate request (CSR).

The required parameters are the certificate request and the type of the certificate, which can be either 'server', 'client' or 'other'.
There are 4 optional parameters :

  • expires to define the expiraiton of the certificate. It defaults to 365 days when not set.
  • altnames may contain a list of subject alternative names for server certificates. It cannot be passed through the CSR. If included in the CSR, they will be removed from the signed certificate. They must be explicitly provided as a parameter in the API call. It can only be added with 'server' type.
  • attributes may contain a list of Radius value-pairs for NAC access.It can only be added with 'client' type for RADIUS AVP.
  • application to restrict the certificate usage for a specific application. It can only be added with 'client' type.

This method returns the locally signed certificate in PEM format.


### SERVER Certificate Example ###
      
import requests
import json

# Define the method and parameters
method = 'Sign_Certificate_Request'
params = {
    'request': '-----BEGIN CERTIFICATE REQUEST-----
    MIIC2DCCAcACAQAwgYcxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDYWxpZm9ybmlh 
    MREwDwYDVQQHDAhTYW4gSm9zZTEQMA4GA1UECgwHQ29tcGFueTEMMAoGA1UECwwD 
    SVQxFjAUBgNVBAMMDUpvaG4gRG9lIElUIENBMRswGQYJKoZIhvcNAQkBFgxqb2hu 
    LmRvZUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB 
    AMHxf9X+xBBy9KoN6w/avK+xBCSzr+yjFxnyHHqydqD8/LZ5Bl4lsIqXr8D4hbyD 
    30EbYZF8GZy5sW5J8opA5Kjc7PqMYsVCX9rsBMXYT2BaWZbGxdJ6wYsmN5sGGkNn 
    szdUZcpn8cSHOwJAAZNRkG5/wN+0H3zCWWYaFfCrVY7kFzdiMbYctL15npBmfU3EX 
    FX0vRmZbqOSRmh1khyrYh7ZL23+jAadqRe9hHTnQlfZ8oiI/KU0JXZbBbq/J5k1C 
    THRQJ/qy7yK6VCfUsX/V7XLtf5ex5vlx3OtWBK5A9/jpQ2hO0QBOZ91PU/N3mPBD 
    v+FvPTeSM8L2V4kXpp0CgYEAwMw= 
    -----END CERTIFICATE REQUEST-----',
    'type': 'SERVER',
    'expires': 365,
    'altnames': 'hostname1,hostname2'
}

# Create the request payload
request_payload = {
    'jsonrpc': "2.0",
    'method': method,
    'params': params,
    'id': 0
}

# Convert payload to JSON
json_payload = json.dumps(request_payload)

# Define the URL and credentials
url = "https://webadm1.rcdevsdocs.com/manag/"
auth = ("RCDEVSDOCS\\administrator", "password")

# Define the headers
headers = {
    "Content-Type": "application/json",
    "Connection": "close"
}

# Make the POST request
response = requests.post(url, data=json_payload, headers=headers, auth=auth, verify=False)

# Print the HTTP response code and response content
print(f"HTTP response code: {response.status_code}")
print(response.json())


      
      
### CLIENT Certificate Example ###

import requests
import json

# Define the method and parameters
method = 'Sign_Certificate_Request'
params = {
    'request': '-----BEGIN CERTIFICATE REQUEST-----
    MIIC2DCCAcACAQAwgYcxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDYWxpZm9ybmlh 
    MREwDwYDVQQHDAhTYW4gSm9zZTEQMA4GA1UECgwHQ29tcGFueTEMMAoGA1UECwwD 
    SVQxFjAUBgNVBAMMDUpvaG4gRG9lIElUIENBMRswGQYJKoZIhvcNAQkBFgxqb2hu 
    LmRvZUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB 
    AMHxf9X+xBBy9KoN6w/avK+xBCSzr+yjFxnyHHqydqD8/LZ5Bl4lsIqXr8D4hbyD 
    30EbYZF8GZy5sW5J8opA5Kjc7PqMYsVCX9rsBMXYT2BaWZbGxdJ6wYsmN5sGGkNn 
    szdUZcpn8cSHOwJAAZNRkG5/wN+0H3zCWWYaFfCrVY7kFzdiMbYctL15npBmfU3EX 
    FX0vRmZbqOSRmh1khyrYh7ZL23+jAadqRe9hHTnQlfZ8oiI/KU0JXZbBbq/J5k1C 
    THRQJ/qy7yK6VCfUsX/V7XLtf5ex5vlx3OtWBK5A9/jpQ2hO0QBOZ91PU/N3mPBD 
    v+FvPTeSM8L2V4kXpp0CgYEAwMw= 
    -----END CERTIFICATE REQUEST-----',
    'type': 'CLIENT',
    'expires': 365,
    'attributes': 'ASA:ASA-VLAN=1,Tunnel-Type=0',
    'application': 'OpenOTP'
}

# Create the request payload
request_payload = {
    'jsonrpc': "2.0",
    'method': method,
    'params': params,
    'id': 0
}

# Convert payload to JSON
json_payload = json.dumps(request_payload)

# Define the URL and credentials
url = "https://webadm1.rcdevsdocs.com/manag/"
auth = ("RCDEVSDOCS\\administrator", "password")

# Define the headers
headers = {
    "Content-Type": "application/json",
    "Connection": "close"
}

# Make the POST request
response = requests.post(url, data=json_payload, headers=headers, auth=auth, verify=False)

# Print the HTTP response code and response content
print(f"HTTP response code: {response.status_code}")
print(response.json())      
    

### SERVER Certificate Example ###
      
<?php
$method = 'Sign_Certificate_Request';
$params = array(
    'request' => '-----BEGIN CERTIFICATE REQUEST-----
    MIIC2DCCAcACAQAwgYcxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDYWxpZm9ybmlh 
    MREwDwYDVQQHDAhTYW4gSm9zZTEQMA4GA1UECgwHQ29tcGFueTEMMAoGA1UECwwD 
    SVQxFjAUBgNVBAMMDUpvaG4gRG9lIElUIENBMRswGQYJKoZIhvcNAQkBFgxqb2hu 
    LmRvZUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB 
    AMHxf9X+xBBy9KoN6w/avK+xBCSzr+yjFxnyHHqydqD8/LZ5Bl4lsIqXr8D4hbyD 
    30EbYZF8GZy5sW5J8opA5Kjc7PqMYsVCX9rsBMXYT2BaWZbGxdJ6wYsmN5sGGkNn 
    szdUZcpn8cSHOwJAAZNRkG5/wN+0H3zCWWYaFfCrVY7kFzdiMbYctL15npBmfU3EX 
    FX0vRmZbqOSRmh1khyrYh7ZL23+jAadqRe9hHTnQlfZ8oiI/KU0JXZbBbq/J5k1C 
    THRQJ/qy7yK6VCfUsX/V7XLtf5ex5vlx3OtWBK5A9/jpQ2hO0QBOZ91PU/N3mPBD 
    v+FvPTeSM8L2V4kXpp0CgYEAwMw= 
    -----END CERTIFICATE REQUEST-----',
    'type' => 'SERVER',
    'expires' => 365,
    'altnames' => 'hostname1,hostname2'
);

$request = array(
    'jsonrpc' => "2.0",
    'method' => $method,
    'params' => $params,
    'id' => 0
);
$json = json_encode($request);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://webadm1.rcdevsdocs.com/manag/");
curl_setopt($ch, CURLOPT_USERPWD, "RCDEVSDOCS\\administrator:password");
curl_setopt($ch, CURLOPT_HTTPHEADER, array("connection: close"));
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
$out = curl_exec($ch);
curl_close($ch);

print_r(json_decode($out));
?>


      

### CLIENT Certificate Example ###
      
<?php
$method = 'Sign_Certificate_Request';
$params = array(
    'request' => '-----BEGIN CERTIFICATE REQUEST-----
    MIIC2DCCAcACAQAwgYcxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDYWxpZm9ybmlh 
    MREwDwYDVQQHDAhTYW4gSm9zZTEQMA4GA1UECgwHQ29tcGFueTEMMAoGA1UECwwD 
    SVQxFjAUBgNVBAMMDUpvaG4gRG9lIElUIENBMRswGQYJKoZIhvcNAQkBFgxqb2hu 
    LmRvZUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB 
    AMHxf9X+xBBy9KoN6w/avK+xBCSzr+yjFxnyHHqydqD8/LZ5Bl4lsIqXr8D4hbyD 
    30EbYZF8GZy5sW5J8opA5Kjc7PqMYsVCX9rsBMXYT2BaWZbGxdJ6wYsmN5sGGkNn 
    szdUZcpn8cSHOwJAAZNRkG5/wN+0H3zCWWYaFfCrVY7kFzdiMbYctL15npBmfU3EX 
    FX0vRmZbqOSRmh1khyrYh7ZL23+jAadqRe9hHTnQlfZ8oiI/KU0JXZbBbq/J5k1C 
    THRQJ/qy7yK6VCfUsX/V7XLtf5ex5vlx3OtWBK5A9/jpQ2hO0QBOZ91PU/N3mPBD 
    v+FvPTeSM8L2V4kXpp0CgYEAwMw= 
    -----END CERTIFICATE REQUEST-----',
    'type' => 'CLIENT',
    'expires' => 365,
    'attributes' => 'ASA:ASA-VLAN=1,Tunnel-Type=0',
    'application' => 'OpenOTP'
);

$request = array(
    'jsonrpc' => "2.0",
    'method' => $method,
    'params' => $params,
    'id' => 0
);
$json = json_encode($request);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://webadm1.rcdevsdocs.com/manag/");
curl_setopt($ch, CURLOPT_USERPWD, "RCDEVSDOCS\\administrator:password");
curl_setopt($ch, CURLOPT_HTTPHEADER, array("connection: close"));
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
$out = curl_exec($ch);
curl_close($ch);

print_r(json_decode($out));
?>      
    

### SERVER Certificate Example ###
      
# Define the method and parameters
$method = 'Sign_Certificate_Request'
$params = @{
    request = '-----BEGIN CERTIFICATE REQUEST-----
    MIIC2DCCAcACAQAwgYcxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDYWxpZm9ybmlh 
    MREwDwYDVQQHDAhTYW4gSm9zZTEQMA4GA1UECgwHQ29tcGFueTEMMAoGA1UECwwD 
    SVQxFjAUBgNVBAMMDUpvaG4gRG9lIElUIENBMRswGQYJKoZIhvcNAQkBFgxqb2hu 
    LmRvZUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB 
    AMHxf9X+xBBy9KoN6w/avK+xBCSzr+yjFxnyHHqydqD8/LZ5Bl4lsIqXr8D4hbyD 
    30EbYZF8GZy5sW5J8opA5Kjc7PqMYsVCX9rsBMXYT2BaWZbGxdJ6wYsmN5sGGkNn 
    szdUZcpn8cSHOwJAAZNRkG5/wN+0H3zCWWYaFfCrVY7kFzdiMbYctL15npBmfU3EX 
    FX0vRmZbqOSRmh1khyrYh7ZL23+jAadqRe9hHTnQlfZ8oiI/KU0JXZbBbq/J5k1C 
    THRQJ/qy7yK6VCfUsX/V7XLtf5ex5vlx3OtWBK5A9/jpQ2hO0QBOZ91PU/N3mPBD 
    v+FvPTeSM8L2V4kXpp0CgYEAwMw= 
    -----END CERTIFICATE REQUEST-----'
    type = 'SERVER'
    expires = 365
    altnames = 'hostname1,hostname2'
}

# Create the request payload
$requestPayload = @{
    'jsonrpc' = '2.0'
    'method' = $method
    'params' = $params
    'id' = 0
}

# Convert the request payload to JSON
$jsonPayload = $requestPayload | ConvertTo-Json

# Define the URL and credentials
$url = "https://webadm1.rcdevsdocs.com/manag/"
$auth = "RCDEVSDOCS\administrator:password"

# Make the POST request
$response = Invoke-RestMethod -Uri $url -Method Post -Body $jsonPayload -Headers @{ "Content-Type" = "application/json" } -Credential (New-Object System.Management.Automation.PSCredential($auth, (ConvertTo-SecureString "password" -AsPlainText -Force))) -SkipCertificateCheck

# Output the response
Write-Host "HTTP Response Code: $($response.status_code)"
Write-Host $response | ConvertTo-Json



      
### CLIENT Certificate Example ###
      
# Define the method and parameters
$method = 'Sign_Certificate_Request'
$params = @{
    request = '-----BEGIN CERTIFICATE REQUEST-----
    MIIC2DCCAcACAQAwgYcxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDYWxpZm9ybmlh 
    MREwDwYDVQQHDAhTYW4gSm9zZTEQMA4GA1UECgwHQ29tcGFueTEMMAoGA1UECwwD 
    SVQxFjAUBgNVBAMMDUpvaG4gRG9lIElUIENBMRswGQYJKoZIhvcNAQkBFgxqb2hu 
    LmRvZUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB 
    AMHxf9X+xBBy9KoN6w/avK+xBCSzr+yjFxnyHHqydqD8/LZ5Bl4lsIqXr8D4hbyD 
    30EbYZF8GZy5sW5J8opA5Kjc7PqMYsVCX9rsBMXYT2BaWZbGxdJ6wYsmN5sGGkNn 
    szdUZcpn8cSHOwJAAZNRkG5/wN+0H3zCWWYaFfCrVY7kFzdiMbYctL15npBmfU3EX 
    FX0vRmZbqOSRmh1khyrYh7ZL23+jAadqRe9hHTnQlfZ8oiI/KU0JXZbBbq/J5k1C 
    THRQJ/qy7yK6VCfUsX/V7XLtf5ex5vlx3OtWBK5A9/jpQ2hO0QBOZ91PU/N3mPBD 
    v+FvPTeSM8L2V4kXpp0CgYEAwMw= 
    -----END CERTIFICATE REQUEST-----'
    type = 'CLIENT'
    expires = 365
    attributes = 'ASA:ASA-VLAN=1,Tunnel-Type=0'
    application = 'OpenOTP'
}

# Create the request payload
$requestPayload = @{
    'jsonrpc' = '2.0'
    'method' = $method
    'params' = $params
    'id' = 0
}

# Convert the request payload to JSON
$jsonPayload = $requestPayload | ConvertTo-Json

# Define the URL and credentials
$url = "https://webadm1.rcdevsdocs.com/manag/"
$auth = "RCDEVSDOCS\administrator:password"

# Make the POST request
$response = Invoke-RestMethod -Uri $url -Method Post -Body $jsonPayload -Headers @{ "Content-Type" = "application/json" } -Credential (New-Object System.Management.Automation.PSCredential($auth, (ConvertTo-SecureString "password" -AsPlainText -Force))) -SkipCertificateCheck

# Output the response
Write-Host "HTTP Response Code: $($response.status_code)"
Write-Host $response | ConvertTo-Json