Page MenuHomeVyOS Platform
Create Task
Maniphest T5743

HTTPS API ability to import PKI certificates
In progress, NormalPublicFEATURE REQUEST
Actions

Description

HTTPS API ability to import PKI certificates x.x.x.x/import

vyos@r4:~$ import pki 
Possible completions:
  ca                    Import CA certificate into PKI
  certificate           Import certificate into PKI
  crl                   Import certificate revocation list into PKI
  dh                    Import DH parameters into PKI
  key-pair              Import key pair into PKI
  openvpn               Import OpenVPN keys into PKI

We have a limitation: we can't import certs without entering configuration mode and committing.

vyos@r4:~$ import pki ca myca file /config/auth/ca_ansible.crt
You are not in configure mode, commands to install manually from configure mode:
set pki ca myca certificate 'MXXXxxx=='
vyos@r4:~$

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

Viacheslav created this task.Nov 15 2023, 11:35 AM
pasik added a subscriber: pasik.Nov 15 2023, 2:18 PM
Viacheslav updated the task description. (Show Details)Nov 15 2023, 4:23 PM
Viacheslav added a comment.EditedNov 15 2023, 4:34 PM

Obviously, it does not work.
https://github.com/sever-sever/vyos-1x/tree/T5743
https://github.com/sever-sever/vyos-1x/commit/e3767cb7deb8c0e8f9be2c452a74dabb537ed89a

vyos@r4:~$ curl -k --location --request POST 'https://192.168.122.14/import-pki' \
  --form data='{"op": "import-pki", "path": ["pki", "ca", "myca", "file", "/config/auth/ca_ansible.crt"]}' \
  --form key='foo'


{"success": true, "data": "1 value(s) installed. Use \"compare\" to see the pending changes, and \"commit\" to apply.\n", "error": null}
Viacheslav added a comment.Nov 20 2023, 12:42 PM

If someone will implement it, there was a discussion https://github.com/vyos/vyos-1x/pull/2488

Viacheslav triaged this task as Normal priority.Jan 20 2024, 1:52 PM
natali-rs1985 added a subscriber: natali-rs1985.Feb 8 2024, 8:18 AM
natali-rs1985 changed the task status from Open to In progress.Feb 19 2024, 8:57 AM
natali-rs1985 claimed this task.