OPNsense CA API Issue

Started by auc, March 26, 2025, 11:51:35 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 26, 2025, 11:51:35 AM
Hello,

I'm relatively new to OPNsense and currently trying to automate the creation of a Certificate Authority (CA) using the OPNsense API with Python. However, when I run my script, the response I receive is always:

Code Select
{'result': 'failed'}
Below is the Python script I'm using. I've replaced sensitive API key details with placeholders:

Code Select
#!/usr/bin/env python3

import json
import requests
import sys
from requests.exceptions import RequestException
import urllib3

api_key = "your_api_key_here"
api_secret = "your_api_secret_here"

url = "http://your_opnsense_ip"
api_link = "/api/trust/ca/add"

payload = {
  "ca": {
    "action": "internal",
    "descr": "Script Test CA",
    "key_type": "4096",
    "digest": "sha512",
    "caref": "",
    "lifetime": "365",
    "country": "TR",
    "state": "Ankara",
    "city": "Ankara",
    "organization": "XXX",
    "organizationalunit": "XXX",
    "email": "",
    "commonname": "ca_test",
    "ocsp_uri": "",
    "crt_payload": "",
    "prv_payload": "",
    "serial": ""
  }
}

addr = f"{url}{api_link}"
auth = (api_key, api_secret)

# Suppress SSL verification warnings
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

try:
    r = requests.post(addr, json=payload, verify=False, auth=auth)
    if r.status_code < 200 or r.status_code >= 300:
        print(f"Error: HTTP status code {r.status_code}")
        print(f"Response content: {r.text}")
        sys.exit(1)
   
    res = json.loads(r.text)
    print(res)

except RequestException as e:
    print(f"Request error: {e}")
    sys.exit(1)
except Exception as e:
    print(f"Unexpected error: {e}")
    sys.exit(1)

Could someone please assist me in identifying what I might be doing wrong or missing? I'm using an API key generated from an admin-level user, and I've verified basic connectivity to OPNsense. Any guidance would be greatly appreciated.

Thank you!

Versions: OPNsense 24.7-amd64
FreeBSD: 14.1-RELEASE-p2
OpenSSL: 3.0.14
March 26, 2025, 12:19:30 PM #1 Last Edit: March 26, 2025, 12:31:42 PM by patient0
Does the OPNsense user you created the API key/secret, for have enough rights to create a CA?

For testing purposes, I copy-pasted your script and used an API key/secret for user root and URL https://opnsense, and it worked right out of the box (excellent work!).

Edit: I have to add I'm on OPNsense 25, not yet sure how it works on 24.7. Any reason for sticking to 24.7?
Deciso DEC740
Print
Go Up Pages1
User actions