Need help to migrate Certificate Import from API 1.0 to 2.0

Chris Ekcennel · Feb 1, 2021

Hi,
My Python script to import the certificate using API 1.0 stopped working after I upgraded FreeNAS 11 to TrueNAS 12.

My Python code used to look like the following and the status code was 201 if it was imported successfully.

Code:

r = requests.post(
  'http://' + HOST + '/api/v1.0/system/certificate/import/',
  auth=(USER, PASSWORD),
  headers={'Content-Type': 'application/json'},
  data=json.dumps({
  "cert_name": cert_name,
  "cert_certificate": cert,
  "cert_privatekey": priv_key,
  "cert_serial": 1
  }),
)

It does not work anymore on TrueNAS 12.

So after reading the 2.0 REST API documentation a little bit, I tried the following:

Code:

r = requests.post(
  'http://' + HOST + '/api/v2.0/certificate',
  auth=(USER, PASSWORD),
  headers={'Content-Type': 'application/json'},
  data=json.dumps({
  "create_type": "CERTIFICATE_CREATE_IMPORTED",
  "name": cert_name,
  "certificate": cert,
  "privatekey": priv_key,
  "serial": 1
  }),
)

And this doesn't work either. I got the status_code of 200.

Any suggestions?

Thanks,

Chris Ekcennel · Feb 1, 2021

Quick update. It works now after I removed "serial" from the input json structure. Following is the working code:

Code:

r = requests.post(
  'http://' + HOST + '/api/v2.0/certificate',
  auth=(USER, PASSWORD),
  headers={'Content-Type': 'application/json'},
  data=json.dumps({
  "create_type": "CERTIFICATE_CREATE_IMPORTED",
  "name": cert_name,
  "certificate": cert,
  "privatekey": priv_key
  }),
)

I also had to replace the following code to use the newly imported certificate for use with TrueNAS GUI.

Code:

  r = requests.put(
    'http://' + HOST + '/api/v1.0/system/settings/',
    auth=(USER, PASSWORD),
    headers={'Content-Type': 'application/json'},
    data=json.dumps({
    "stg_guicertificate": cert_id
    })
  )

New code using API 2.0.

Code:

r = requests.put(
    'http://' + HOST + '/api/v2.0/system/general/',
    auth=(USER, PASSWORD),
    headers={'Content-Type': 'application/json'},
    data=json.dumps({
    "ui_certificate": cert_id
    })
  )

danb35 · Feb 1, 2021

I have a script that handles this:

GitHub - danb35/deploy-freenas: Python script to automate deploying TLS certificates to FreeNAS servers

Python script to automate deploying TLS certificates to FreeNAS servers - danb35/deploy-freenas

github.com

Chris Ekcennel · Feb 2, 2021

danb35 said:
I have a script that handles this:

GitHub - danb35/deploy-freenas: Python script to automate deploying TLS certificates to FreeNAS servers

Python script to automate deploying TLS certificates to FreeNAS servers - danb35/deploy-freenas

github.com

Perfect, thanks!

Lapheus · Feb 3, 2021

danb35 said:
I have a script that handles this:

GitHub - danb35/deploy-freenas: Python script to automate deploying TLS certificates to FreeNAS servers

Python script to automate deploying TLS certificates to FreeNAS servers - danb35/deploy-freenas

github.com

Hello danb35,

I use your scipt as a template. I would like to use the deploy mechanisms of the acme.sh script and therefore recreate yout scipt on the basis of the shell. Curl is used there. When I upload the certificate with my own acme deploy script, the return value is "209624". If I forget a quotation mark as an example, I get {"message": "Expecting value: line 1 column 3622 (char 3621)"} The return Code from curl = 0 in both cases.

Any ideas on that? Unfortunately, the documentation is not very helpful either.

Greetings
Frank

Lapheus · Feb 3, 2021

Found it.
Imported manually in the web interface:
The certificate name cannot contain any spaces.
But the return value that comes back doesn't make any sense for me.
You can only check for the CURL error code.

danb35 · Feb 3, 2021

Are you planning to submit it as a PR to acme.sh? It'd be nice to have a deploy script as part of that package.

Lapheus · Feb 4, 2021

Yes, that is the plan.

Lapheus · Feb 6, 2021

Here is the first try:

F-Plass/acme.sh deploy Scipt for TrueNAS Server that uses the REST API from TrueNAS.

Authentification with API Key
default to "localhost", with option to "Truenas-IP"
If HTTP redirect is configured on TrueNAS, automatik switch to HTTPS
If WebDAV Certificate is the same as Web UI Certificate, Webdav Certificate get also an update
If FTP Certificate is the same as Web UI Certificate, FTP Certificate get also an update

Lapheus · Feb 7, 2021

Here in this new Post I tell about my Scipt.
The Topic here is not the best to tell about it.
Pull request for Official acme.sh is active.

Important Announcement for the TrueNAS Community.

Need help to migrate Certificate Import from API 1.0 to 2.0

Chris Ekcennel

Cadet

Chris Ekcennel

Cadet

danb35

Hall of Famer

GitHub - danb35/deploy-freenas: Python script to automate deploying TLS certificates to FreeNAS servers

Chris Ekcennel

Cadet

GitHub - danb35/deploy-freenas: Python script to automate deploying TLS certificates to FreeNAS servers

Lapheus

Cadet

GitHub - danb35/deploy-freenas: Python script to automate deploying TLS certificates to FreeNAS servers

Lapheus

Cadet

danb35

Hall of Famer

Lapheus

Cadet

Lapheus

Cadet

Lapheus

Cadet

Similar threads