API path /api/trust/cert/raw_dump not working?

skywalker007 · July 02, 2025, 05:40:45 PM

Hi,
according to the docs:
https://docs.opnsense.org/development/api/core/trust.html
There is a raw_dump function. I assume it can be used to export a full certificate incl private key?
When I try to use it, it returns 404.
Does it exist?
I have a dedicated "api" user with the privileges: "System: Certificate Manager"
I have successfully tested it and parsed out the UUID by using:

Code Select

CERT_UUID=$(curl -s -u "$API_KEY:$API_SECRET" "$HOST/api/trust/cert/search" | jq -r '.rows[] | select(.commonname == "<my common name>") | .uuid')

Now when I run:

Code Select

curl -v -u "$API_KEY:$API_SECRET" "$HOST/api/trust/cert/raw_dump?uuid=$CERT_UUID"it returns 404.
Any hint?
I am running on 25.1.10.

thank you!

Monviech (Cedrik) · July 02, 2025, 06:22:08 PM

Almost all APi endpoints are used in the GUI.

Use this example and click around trust to see where and how raw_dump is used. Probably when downloading a certificate.

https://docs.opnsense.org/development/how-tos/api.html#using-browser-console-to-inspect-api

skywalker007 · July 03, 2025, 10:42:42 AM

Thank you Cedrik, this was a good hint.
It actually pointed me towards the generate_file action that can (according to the browser session dump) generate crt,prv and pkcs12 files.
However there are two things to notice:
- The documentation says it requires POST while the browser session uses GET
- Neither does work with cURL. CSRF issue? I only get {"status":"failed"} as a response.
Has anyone ever tried this outside of an authenticated browser session?

Thanks for your help and kind regards, Till

skywalker007 · July 03, 2025, 03:41:15 PM

I actually got this working by using trust/cert/get

API path /api/trust/cert/raw_dump not working?

skywalker007

July 02, 2025, 05:40:45 PM

Monviech (Cedrik)

July 02, 2025, 06:22:08 PM #1

skywalker007

July 03, 2025, 10:42:42 AM #2

skywalker007

July 03, 2025, 03:41:15 PM #3