Hi,
according to the docs:
https://docs.opnsense.org/development/api/core/trust.html
There is a raw_dump function. I assume it can be used to export a full certificate incl private key?
When I try to use it, it returns 404.
Does it exist?
I have a dedicated "api" user with the privileges: "System: Certificate Manager"
I have successfully tested it and parsed out the UUID by using:
CERT_UUID=$(curl -s -u "$API_KEY:$API_SECRET" "$HOST/api/trust/cert/search" | jq -r '.rows[] | select(.commonname == "<my common name>") | .uuid')Now when I run:
curl -v -u "$API_KEY:$API_SECRET" "$HOST/api/trust/cert/raw_dump?uuid=$CERT_UUID"it returns 404.
Any hint?
I am running on 25.1.10.
thank you!
Almost all APi endpoints are used in the GUI.
Use this example and click around trust to see where and how raw_dump is used. Probably when downloading a certificate.
https://docs.opnsense.org/development/how-tos/api.html#using-browser-console-to-inspect-api
Thank you Cedrik, this was a good hint.
It actually pointed me towards the generate_file action that can (according to the browser session dump) generate crt,prv and pkcs12 files.
However there are two things to notice:
- The documentation says it requires POST while the browser session uses GET
- Neither does work with cURL. CSRF issue? I only get {"status":"failed"} as a response.
Has anyone ever tried this outside of an authenticated browser session?
Thanks for your help and kind regards, Till
I actually got this working by using trust/cert/get