Python programming against dogtag
by Pascal Jakobi
I created the following python test script.
import requests
import json
url = "https://zbook.home:8443/ca/rest/agent/certrequests"
headers = {'Accept': 'application/json'}
certfile='/etc/pki/tls/certs/ca_admin_cert.crt.pem'
keyfile='/etc/pki/tls/private/ca_admin_cert.key.pem'
r = requests.request("GET", url, headers=headers, verify=False,
cert=(certfile,keyfile))
print('DEBUG {}'.format(r.status_code))
print('DEBUG {}'.format(r.json()))
It works fine against dogtag. However, it will fail if verify is set to
True.
So how can I enable SSL verification ? In other terms, what's the
equivalent to the "-k" switch from curl ?
Thanks in advance
--
*Pascal Jakobi*
5 years
- 2
- 1
Re: [Pki-users] curl / certrequests
by Dinesh Prasanth Moluguwan Krishnamoorthy
(cc'ing pki-users for more wider audience)
Try to extract the admin cert and key from PKCS12 to a PEM file:
````
$ openssl pkcs12 -in ~/.dogtag/pki-tomcat/ca_admin_cert.p12 -out
file.crt.pem -clcerts -nokeys
$ openssl pkcs12 -in ~/.dogtag/pki-tomcat/ca_admin_cert.p12 -out
file.key.pem -nocerts -nodes
````
Then, pass both the cert and key as params to curl:
$ curl -v -k -E file.crt.pem --key file.key.pem https://
<host>:8443/ca/rest/agent/certrequests
Note that I am passing in `-k` since I am using a self-signed CA cert.
Ref:
https://stackoverflow.com/questions/32253909/curl-with-a-pkcs12-certifica...
HTH.
Regards,
--Dinesh
On Wed, Jun 17, 2020 at 7:02 AM Pascal Jakobi <pascal.jakobi(a)gmail.com>
wrote:
> [root@auth pki-tomcat]# curl -v -E "/tmp/ca_admin.cert" -H "Accept: application/json" https://zbook.home:8443/ca/rest/agent/certrequests
> * Trying 192.168.1.20:8443...
> * TCP_NODELAY set
> * Connected to zbook.home (192.168.1.20) port 8443 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * unable to set private key file: '/tmp/ca_admin.cert' type PEM
> * Closing connection 0
> curl: (58) unable to set private key file: '/tmp/ca_admin.cert' type PEM
> [root@auth pki-tomcat]#
>
>
> For the time being, I do not understand what's to be done...
>
> Rgds
>
> P
> Le 16/06/2020 à 01:09, Dinesh Prasanth Moluguwan Krishnamoorthy a écrit :
>
> Hi Pascal,
>
> What version of PKI are you using?
>
> Can you try replacing your URL with https protocol and corresponding port
> number? https://zbook.home:8443/ca/rest/agent/certrequests
> By default, secure port is 8443
>
> Regards,
> --Dinesh
>
> On Mon, Jun 15, 2020 at 6:55 PM Pascal Jakobi <pascal.jakobi(a)gmail.com>
> wrote:
>
>> I am trying to retrieve the cert reqs that are in my CA at the moment.
>>
>> The (wrong) curl command I use is below, with its result :
>>
>> curl -v -E "/tmp/ca_admin.cert" -H "Accept: application/json"
>> http://zbook.home:8080/ca/rest/agent/certrequests
>> * Trying 192.168.1.20...
>> * TCP_NODELAY set
>> * Connected to zbook.home (192.168.1.20) port 8080 (#0)
>> > GET /ca/rest/agent/certrequests HTTP/1.1
>> > Host: zbook.home:8080
>> > User-Agent: curl/7.61.1
>> > Accept: application/json
>> >
>> < HTTP/1.1 302
>> < Cache-Control: private
>> < Expires: Thu, 01 Jan 1970 00:00:00 GMT
>> < Location: https://zbook.home:8443/ca/rest/agent/certrequests
>> < Content-Length: 0
>> < Date: Mon, 15 Jun 2020 22:50:24 GMT
>> <
>> * Connection #0 to host zbook.home left intact
>>
>> Can someone tell me what's the correct curl command or why don't I
>> receive anything as a result ?
>>
>>
>> Thank you in advance.
>> --
>> *Pascal Jakobi*
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
> --
> *Pascal Jakobi* 116 rue de Stalingrad 93100 Montreuil, France
> pascal.jakobi(a)gmail.com - +33 6 87 47 58 19
>
5 years
- 1
- 0
curl / certrequests
by Pascal Jakobi
I am trying to retrieve the cert reqs that are in my CA at the moment.
The (wrong) curl command I use is below, with its result :
curl -v -E "/tmp/ca_admin.cert" -H "Accept: application/json"
http://zbook.home:8080/ca/rest/agent/certrequests
* Trying 192.168.1.20...
* TCP_NODELAY set
* Connected to zbook.home (192.168.1.20) port 8080 (#0)
> GET /ca/rest/agent/certrequests HTTP/1.1
> Host: zbook.home:8080
> User-Agent: curl/7.61.1
> Accept: application/json
>
< HTTP/1.1 302
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Location: https://zbook.home:8443/ca/rest/agent/certrequests
< Content-Length: 0
< Date: Mon, 15 Jun 2020 22:50:24 GMT
<
* Connection #0 to host zbook.home left intact
Can someone tell me what's the correct curl command or why don't I
receive anything as a result ?
Thank you in advance.
--
*Pascal Jakobi*
5 years
- 2
- 2
- ← Newer
- 1
- Older →