Page MenuHomeVyOS Platform

HTTPS API ability to import PKI certificates
Needs testing, NormalPublicFEATURE REQUEST

Description

HTTPS API ability to import PKI certificates x.x.x.x/import

vyos@r4:~$ import pki 
Possible completions:
  ca                    Import CA certificate into PKI
  certificate           Import certificate into PKI
  crl                   Import certificate revocation list into PKI
  dh                    Import DH parameters into PKI
  key-pair              Import key pair into PKI
  openvpn               Import OpenVPN keys into PKI

We have a limitation: we can't import certs without entering configuration mode and committing.

vyos@r4:~$ import pki ca myca file /config/auth/ca_ansible.crt
You are not in configure mode, commands to install manually from configure mode:
set pki ca myca certificate 'MXXXxxx=='
vyos@r4:~$

Details

Version
-
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

Obviously, it does not work.
https://github.com/sever-sever/vyos-1x/tree/T5743
https://github.com/sever-sever/vyos-1x/commit/e3767cb7deb8c0e8f9be2c452a74dabb537ed89a

vyos@r4:~$ curl -k --location --request POST 'https://192.168.122.14/import-pki' \
  --form data='{"op": "import-pki", "path": ["pki", "ca", "myca", "file", "/config/auth/ca_ansible.crt"]}' \
  --form key='foo'


{"success": true, "data": "1 value(s) installed. Use \"compare\" to see the pending changes, and \"commit\" to apply.\n", "error": null}
Viacheslav triaged this task as Normal priority.Jan 20 2024, 1:52 PM
natali-rs1985 changed the task status from Open to In progress.Feb 19 2024, 8:57 AM
natali-rs1985 claimed this task.
Viacheslav changed the task status from In progress to Needs testing.Aug 20 2024, 11:38 AM