Get certificates from Pfsense Cert Manager using linux commandline
-
Is there a way to get the certificates from the Cert. Manager in pfsense on some other box by using an URL and wget or curl ?
I would like to use Pfsense as my central Cert Management server so it would be great if it's possible in some way.
Any ideas ?
-
Not with what is currently on the firewall.
The certificates are stored in the configuration, not in an accessible place on the filesystem.
You could write a script to parse them out of the config.xml but there are no tools around currently that will do exactly what you're after.
-
Not with what is currently on the firewall.
The certificates are stored in the configuration, not in an accessible place on the filesystem.
You could write a script to parse them out of the config.xml but there are no tools around currently that will do exactly what you're after.
OK, but as there is a an "export key" button in the GUI can we not create a user which is able to only download certs or so ?
Sounds like an idea ?
-
Hi,
I know this is old but if anyone else is every looking for this, here's a quick example of how it might be done.
You would need to change the "certname" and the "id" in the script.
The id can be found when hovering over the export buttons in the web gui.
I commented out the rms because they were deleting before the wget was done.
BACKUPDIR="where the cert will go" USERNAME="pfsense user" PASSWORD="pfsense password" PORT="pfsense port" SITE="pfsense ip or address" wget -qO- --keep-session-cookies --save-cookies /tmp/pfsense_cookies.txt \ --no-check-certificate https://$SITE/system_certmanager.php \ | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > /tmp/pfsense_csrf.txt wget -qO- --keep-session-cookies --load-cookies /tmp/pfsense_cookies.txt \ --save-cookies /tmp/pfsense_cookies.txt --no-check-certificate \ --post-data "login=Login&usernamefld="$USERNAME"&passwordfld="$PASSWORD"&__csrf_magic=$(cat /tmp/pfsense_csrf.txt)" \ https://$SITE/system_certmanager.php | grep "name='__csrf_magic'" \ | sed 's/.*value="\(.*\)".*/\1/' > /tmp/pfsense_csrf2.txt if [ -e /tmp/pfsense_cookies.txt ]; then FILENAME="$BACKUPDIR/certname.crt" wget --keep-session-cookies --load-cookies /tmp/pfsense_cookies.txt --no-check-certificate \ --post-data "act=exp&id=1&__csrf_magic=$(head -n 1 /tmp/pfsense_csrf2.txt)" \ https://$SITE/system_certmanager.php -O $FILENAME FILENAME2="$BACKUPDIR/certname.key" wget --keep-session-cookies --load-cookies /tmp/pfsense_cookies.txt --no-check-certificate \ --post-data "act=key&id=1&__csrf_magic=$(head -n 1 /tmp/pfsense_csrf2.txt)" \ https://$SITE/system_certmanager.php -O $FILENAME2 #rm -f /tmp/pfsense_cookies.txt #rm -f /tmp/pfsense_csrf.txt #rm -f /tmp/pfsense_csrf2.txt else echo "Failed to retrieve cert from $SITE" fi done
-
sorry because replying this old post..
so for the oposite operation to import certificate or maybe overwrite a specific certificate it is possible or exist some solution scripting??
at today i'm looking for a solution to automate the copy to anothers pfsense and import these certificate previously generated by acme, i will ask for help to a developer on another department to make a search of the encodec certificate and remplace by the new if it has not be changed or expired over php on xml config, based on anothers scripts like this https://forum.netgate.com/topic/95774/automating-certificate-imports-with-letencrypt-script/12 -