I have been trying to upload a Let's Encrypt certificate to our XG firewalls, this would allow for the automated renewal of the certificates and replacement at WAF rule on the firewall. Unfortunately I am getting stuck on the upload part with the following error: "<Status code="500">Operation could not be performed on Entity.</Status>".
I have followed this post (I did ask this question at the end of that post, but thought I should create a new question): https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/102208/upload-certificate-using-api
This is the PowerShell script that I have got so far (based a lot off this page: http://blog.majcica.com/2016/01/13/powershell-tips-and-tricks-multipartform-data-requests/)
$ContentType = "application/octet-stream"$certFile = "C:\temp\LE_cert.pfx"$fileName = Split-Path $certFile -leaf$boundary = [guid]::NewGuid().ToString()$fileBin = [System.IO.File]::ReadAllBytes($certFile)$enc = [System.Text.Encoding]::GetEncoding("iso-8859-1")
$template = @' --{0} Content-Type: application/xml; charset=utf-8 Content-Disposition: form-data; name=reqxml <Request> <Login> <Username>apiUSER</Username> <Password>apiPWD</Password> </Login> <Set operation="add"> <Certificate> <Name>LE_tcxapi_20181105_cert</Name> <Action>UploadCertificate</Action> <CertificateFormat>pkcs12</CertificateFormat> <Password>pwd</Password> <CertificateFile>{1}</CertificateFile> </Certificate> </Set> </Request> --{0} Content-Disposition: form-data; filename="{1}"; name="Unique" Content-Type: {2} {3} --{0}--'@
$body = $template -f $boundary, $fileName, $ContentType, $enc.GetString($fileBin)
$response = Invoke-WebRequest -UseBasicParsing -Headers $headers -Uri 'fw-exg-00:4444/.../APIControlleroperation="add"><Certificate><Name>MHA_TEST_Cert</Name><Action>UploadCertificate</Action><CertificateFormat>pkcs12</CertificateFormat><Password>pwd</Password><CertificateFile>LE_cert.pfx</CertificateFile></Certificate></Set></Request>' -Method POST -body $body
This gives me the following request body:
--db611ddb-ea8a-450f-aad8-90bee1c6a889Content-Type: application/xml; charset=utf-8Content-Disposition: form-data; name=reqxml<Request> <Login> <Username>apiUSER</Username> <Password>apiPWD</Password> </Login> <Set operation="add"> <Certificate> <Name>LE_cert</Name> <Action>UploadCertificate</Action> <CertificateFormat>pkcs12</CertificateFormat> <Password>password1</Password> <CertificateFile>LE_cert.pfx</CertificateFile> </Certificate> </Set></Request>--db611ddb-ea8a-450f-aad8-90bee1c6a889Content-Disposition: form-data; filename="LE_cert.pfx"; name="LE_cert"Content-Type: application/octet-stream<<--redactedEncodedTXT-->>--db611ddb-ea8a-450f-aad8-90bee1c6a889--
I think I have got my request in the same format as Trond's example in the referenced post but I am still getting "<Status code="500">Operation could not be performed on Entity.</Status>"
I was wondering how I should encode the certificate, I have tried the above iso-8859-1, but also UTF-8 and Base64 and none of them have got the certificate uploaded.
I think I have got this right, but I just can't get the certificate uploaded, so any help would be greatly appreciated.
Cheers,
Tim
This thread was automatically locked due to age.