cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Iron

Third Parties Certificate details

Jump to solution

Hi There,

cpca_client lscert will list only the details of internal certificates, just wonder if anyone out there aware of a CLI command -or API call- to get the details for any third party used certificate on the SMS.

We were caught of a certificate expiring -causing impact on remote users, which we're trying to avoid by creating a cron job -or something similar- to alert us, but first we need to get the command to extract the information.

Many thanks as always

 

 

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Platinum

Re: Third Parties Certificate details

Jump to solution

fwm printcert -ca <CA_NAME>

Kind regards,
Jozko Mrkvicka

View solution in original post

0 Kudos
9 Replies
Highlighted
Admin
Admin

Re: Third Parties Certificate details

Jump to solution

Doesn't appear to be API support for this, and I'm not aware of any way to pull this over the CLI.
Might be an RFE.
@Eran_Habad 

0 Kudos
Highlighted

Re: Third Parties Certificate details

Jump to solution

API commands for user management are still on the roadmap.

However, 

 echo -e "query users\n-q\n" |dbedit -local

with some additional greps should do the trick

0 Kudos
Highlighted
Iron

Re: Third Parties Certificate details

Jump to solution

Thanks both,

Though not after the user details in particular rather the third party certificate's details installed on the gateway for remote users connecting to.

Will keep a close eye

Cheers

0 Kudos
Highlighted

Re: Third Parties Certificate details

Jump to solution

Even easier, you can query GW with HTTPS on SSL portal and script certificate expiration retrieval. 

0 Kudos
Highlighted
Platinum

Re: Third Parties Certificate details

Jump to solution

From management where gateway/cluster is managed:

fwm printcert -obj <MANAGED_GATEWAY_NAME>

Kind regards,
Jozko Mrkvicka
0 Kudos
Highlighted
Admin
Admin

Re: Third Parties Certificate details

Jump to solution
Pretty sure that doesn't work for OPSEC CAs.
It returned an empty result on my R80.40 Manager where I have at least one OPSEC CA configured.
0 Kudos
Highlighted
Platinum

Re: Third Parties Certificate details

Jump to solution

fwm printcert -ca <CA_NAME>

Kind regards,
Jozko Mrkvicka

View solution in original post

0 Kudos
Highlighted
Admin
Admin

Re: Third Parties Certificate details

Jump to solution

Sure enough that works.

[Expert@R8040Mgmt:0]# fwm printcert -ca testca
Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
Not Valid Before: Thu Jun  4 04:04:38 2015 Local Time
Not Valid After:  Mon Jun  4 04:04:38 2035 Local Time
Serial No.:  008210cfb0d240e3594463e0bb63828b00
Public Key: RSA (4096 bits)
Signature: RSA with SHA256
Key Usage:
        keyCertSign
        cRLSign
Basic Constraint:
        is CA
MD5 Fingerprint:
   0C:D2:F9:E0:DA:17:73:E9:ED:86:4D:A5:E3:70:E7:4E
SHA-1 Fingerprints:
1. CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
2. OWNS TERM INCA TOY DRAM HAL ULAN TENT AQUA COST LINT RENT

Nice work 🙂

0 Kudos
Highlighted
Iron

Re: Third Parties Certificate details

Jump to solution

Thanks Jozko,

This command perfectly lists the CA details, not though the certificate(s) generated -and assigned to a particular gateway- by this CA itself.

I've tried another flavor of it:  fwm printcert -obj <gateway>-cert <cert nickname> but didn't list the details we're after, rather it listed the certificate generated by the internal CA. Adding or removing the -cert option didn't make any difference in our case

 

Wish this command got an option as below:

fwm printcert -ca <3rd party CA> -cert <cert nickname>

 

But I still think, if the GUI can list the details, then there should be a CLI command to do it as well... I'm still digging 😉

0 Kudos