Get certificates from Pfsense Cert Manager using linux commandline



  • Is there a way to get the certificates from the Cert. Manager in pfsense on some other box by using an URL and wget or curl ?

    I would like to use Pfsense as my central Cert Management server so it would be great if it's possible in some way.

    Any ideas ?


  • Rebel Alliance Developer Netgate

    Not with what is currently on the firewall.

    The certificates are stored in the configuration, not in an accessible place on the filesystem.

    You could write a script to parse them out of the config.xml but there are no tools around currently that will do exactly what you're after.



  • @jimp:

    Not with what is currently on the firewall.

    The certificates are stored in the configuration, not in an accessible place on the filesystem.

    You could write a script to parse them out of the config.xml but there are no tools around currently that will do exactly what you're after.

    OK, but as there is a an "export key" button in the GUI can we not create a user which is able to only download certs or so ?

    Sounds like an idea ?



  • Hi,

    I know this is old but if anyone else is every looking for this, here's a quick example of how it might be done.

    You would need to change the "certname" and the "id" in the script.

    The id can be found when hovering over the export buttons in the web gui.

    I commented out the rms because they were deleting before the wget was done.

    
    BACKUPDIR="where the cert will go"
    USERNAME="pfsense user"
    PASSWORD="pfsense password"
    PORT="pfsense port"
    SITE="pfsense ip or address"
    
    wget -qO- --keep-session-cookies --save-cookies /tmp/pfsense_cookies.txt \
      --no-check-certificate https://$SITE/system_certmanager.php \
      | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > /tmp/pfsense_csrf.txt
    
    
    wget -qO- --keep-session-cookies --load-cookies /tmp/pfsense_cookies.txt \
      --save-cookies /tmp/pfsense_cookies.txt --no-check-certificate \
      --post-data "login=Login&usernamefld="$USERNAME"&passwordfld="$PASSWORD"&__csrf_magic=$(cat /tmp/pfsense_csrf.txt)" \
      https://$SITE/system_certmanager.php  | grep "name='__csrf_magic'" \
      | sed 's/.*value="\(.*\)".*/\1/' > /tmp/pfsense_csrf2.txt
    
            if [ -e /tmp/pfsense_cookies.txt ]; then
            FILENAME="$BACKUPDIR/certname.crt"
    
    wget --keep-session-cookies --load-cookies /tmp/pfsense_cookies.txt --no-check-certificate \
      --post-data "act=exp&id=1&__csrf_magic=$(head -n 1 /tmp/pfsense_csrf2.txt)" \
      https://$SITE/system_certmanager.php -O $FILENAME
    
            FILENAME2="$BACKUPDIR/certname.key"
    
    wget --keep-session-cookies --load-cookies /tmp/pfsense_cookies.txt --no-check-certificate \
      --post-data "act=key&id=1&__csrf_magic=$(head -n 1 /tmp/pfsense_csrf2.txt)" \
      https://$SITE/system_certmanager.php -O $FILENAME2
    
    #rm -f /tmp/pfsense_cookies.txt
    #rm -f /tmp/pfsense_csrf.txt
    #rm -f /tmp/pfsense_csrf2.txt
    
            else
                    echo "Failed to retrieve cert from $SITE"
            fi
    
    done