How to delete a certificate using API?

Hello Lev Anni,

Thank you for reaching out to the community, you may refer the following link: https://docs.sophos.com/nsg/sophos-firewall/18.5/API/index.html

Seems like you missed my point what I meant, general question was WHERE I should put this "Name" attribute? What is the complete XML request for doing that? 

https://172.16.16.17:4444/webconsole/APIController?reqxml=<Request><Login><Username>admin</Username><Password>ABC@123</Password></Login><Set operation="delete"><CertificateAuthority><Name>cert name</Name></CertificateAuthority></Set></Request>
replace the IP, Username, password and Certificate name

I already did that and I'm getting this error:

<Status code="500">Operation could not be performed on Entity.</Status>

was login successful ?
Can you share a screenshot ?
And are you trying to delete the cert or cert authority ? 

between Lev Anni, 
If the certificate is in use somewhere in that scenario you'll not be able to delete and you'll have to do it manually !! 

based on the post, this is mostly due to certificate in use...
Can you please double check ??

yes I have deleted the one that was specified in API, manually, without any problems. I know what you are saying that it can not be deleted while in use, maybe it can't be deleted for other reasons, I don't know where to look.

by the way, I'm getting exact same error if I just specify anything withing <Name></Name> tag!! Something else is going on.

is the cert authority you are trying to delete corrupted or expired ?  

no it's working. what is strange to me is that when I export certificate entries to disk, I see that the certificate name in <CertificateAuthority> is different, it's like name_GA213023. I guess this entry is automatically created when the certificate is being uploaded. Because the actual name is in <Certificate> tag. Now, When I try:

<Set operation="delete"><Certificate><Name>cert name</Certificate></Set>

I'm getting this error:

no it's working. what is strange to me is that when I export certificate entries to disk, I see that the certificate name in <CertificateAuthority> is different, it's like name_GA213023. I guess this entry is automatically created when the certificate is being uploaded. Because the actual name is in <Certificate> tag. Now, When I try:

<Set operation="delete"><Certificate><Name>cert name</Certificate></Set>

I'm getting this error:

Here it looks like incorrect parameters, may be using a guide of how to use api might help identify the issue - https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/BackupAndFirmware/API/index.html

man I already know that documentation better than Einstein knew his theory of relativity

 Alrighty noted, can you share few more details with the screenshot for the working and non-working both if possible ?

Sorry what you mean by working? 

By the way, I have recently discovered that I'm also unable to delete a firewall rule! This time, unlike certificate, the error is somewhat different:

Figured all out!

You just have to put the request code in <Remove> tag

So, enclosing it with <Remove></Remove> tags instead of <Set operation="delete"></Set>. Final code to remove a certificate for instance, will look like this:

1.1.1.1:4444/.../APIController passwordform="plain">password</Password></Login><Remove><Certificate><Name>domain.com</Name></Certificate></Remove></Request>

I would recommend to let users know this at the documentation page, because logically I had no idea that the delete operation would be absolutely different compared to Add/Update operations that work by using <Set operation="add/update"> tag. Again, this page is useless until somebody spend tons of time and effort:

Thanks