Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 1048 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PHP script for uploading Lets Encrypt certificate not works

Angel Vallvidrera

Hi and sorry for my poor english,

I'm triying to use the PHP script provide from user burton, but the scrip say this:

 CREATING TEMP CERT...
<?xml version="1.0" encoding="UTF-8"?>
<Response APIVersion="1800.1" IPS_CAT_VER="0">
  <Login>
    <status>Authentication Successful</status>
  </Login>
  <Certificate transactionid="">
    <Status code="200">Configuration applied successfully.</Status>
  </Certificate>
</Response>



FINDING POLICIES USING CERT: *.edelweiss.es
PHP Notice:  Undefined variable: rule_names in /home/ubuntu/script.php on line 176
PHP Notice:  Trying to access array offset on value of type null in /home/ubuntu/script.php on line 176
PHP Warning:  Invalid argument supplied for foreach() in /home/ubuntu/script.php on line 176






UPLOADING UPDATED CERTs

PHP Notice:  Undefined variable: update_policy in /home/ubuntu/script.php on line 268

<?xml version="1.0" encoding="UTF-8"?>
<Response APIVersion="1800.1" IPS_CAT_VER="0">
  <Login>
    <status>Authentication Successful</status>
  </Login>
  <Certificate transactionid="">
    <Status code="500">Operation could not be performed on Entity.</Status>
  </Certificate>
</Response>



PHP Notice:  Undefined variable: restore_policies in /home/ubuntu/script.php on line 281
PHP Warning:  Invalid argument supplied for foreach() in /home/ubuntu/script.php on line 281






DELETING TEMP CERT...
<?xml version="1.0" encoding="UTF-8"?>
<Response APIVersion="1800.1" IPS_CAT_VER="0">
  <Login>
    <status>Authentication Successful</status>
  </Login>
  <Certificate transactionid="">
    <Status code="200">Configuration applied successfully.</Status>
  </Certificate>
</Response>

I'm using Sophos XG SFOS 19.0.1 MR-1-Build365, the script is running in a Ubuntu 20.

Can you help me please.

Thx for advance

Best Regards



This thread was automatically locked due to age.
Parents
  • +1

    It appears that the script did not find any firewall policies using the cert name of "*.edelweiss.es"  You must provide the exact name of the certificate(s) being used on the xg firewall.  These can be found under the Certificates Menu, on the bottom left, and then the "Certificates" tab, which loads by default.  Use the entries in the "Name" column.  Can you please confirm that "*.edelweiss.es" is a name in that column please?

  • 0 in reply to burton

    In fact, the script should respond with "FOUND MATCHING POLICY RULE TO BE UPDATED: xxx.xxx.xxx" where xxx is the name of your certificate in XG.  So basically, it found no matching policies using that certificate, so the other php notices and warnings are just stating that the arrays are empty, so nothing to loop through to execute the other steps.  Otherwise, it looks like you set up the rest ok, because it found the certificates on your ubuntu server, and it was able to login, and create and delete the temp certificate ok.  So once we sort out why it can't find any firewall polices using *.edelweiss.es, then it should work for you.

Reply
  • 0 in reply to burton

    In fact, the script should respond with "FOUND MATCHING POLICY RULE TO BE UPDATED: xxx.xxx.xxx" where xxx is the name of your certificate in XG.  So basically, it found no matching policies using that certificate, so the other php notices and warnings are just stating that the arrays are empty, so nothing to loop through to execute the other steps.  Otherwise, it looks like you set up the rest ok, because it found the certificates on your ubuntu server, and it was able to login, and create and delete the temp certificate ok.  So once we sort out why it can't find any firewall polices using *.edelweiss.es, then it should work for you.

Children
Unfiltered HTML