addExternalCertificate - Firepower Threat Defense API v6.2 (FTD v7.2)

Description

The addExternalCertificate operation handles configuration related to ExternalCertificate model.
This API call is not allowed on the standby unit in an HA pair.

HTTP request

POST /api/fdm/v6/object/externalcertificates

Data Parameters

Parameter	Required	Type	Description
name	True	string	A mandatory UTF string containing the name for the certificate. The string can be up to 128 characters. The name is used in the configuration as an object name only, it is not part of the certificate itself.
cert	False	string	PEM formatted X.509v3 certificate.
privateKey	False	string	PEM formatted private key. Only unencrypted keys are supported.
passPhrase	False	string	Password used for encrypted private key. Encrypted keys are not supported yet.
issuerCommonName	False	string	Common Name, typically product name/brand, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
issuerCountry	False	string	An ISO3166 two character country code of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
issuerLocality	False	string	Locality, city name, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
issuerOrganization	False	string	Organization, company name, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
issuerOrganizationUnit	False	string	The Organization Unit, division or unit, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
issuerState	False	string	State or the province of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
subjectCommonName	False	string	Common Name, typically product name/brand, of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
subjectCountry	False	string	An ISO3166 two character country code of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
subjectDistinguishedName	False	string	A DN (Distinguished Name) defining the entity (subject) being certified or authenticated in the given certificate. For a root certificate the issuer and subject will be the same DN. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
subjectLocality	False	string	Locality, city name, of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
subjectOrganization	False	string	Organization, company name, of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
subjectOrganizationUnit	False	string	The Organization Unit, division or unit, of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
subjectState	False	string	State or the province of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
validityStartDate	False	string	UTC formatted begin date, for the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
validityEndDate	False	string	UTC formatted end or expiry date for the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
validationUsage	False	[object]
isSystemDefined	False	boolean	A boolean value, TRUE and FALSE (the default). The TRUE value indicates that certificate is created by system and cannot be deleted. FALSE indicates that the certificate can be deleted.
keyType	False	string
keySize	False	integer
allowWeakCert	False	boolean
signatureHashType	False	string
weakCertificate	False	boolean
type	True	string	A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name.

Example

curl -X POST \
    --header "Accept: application/json" \
    --header "Authorization: Bearer ${ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    -d '{
        "allowWeakCert": true,
        "cert": "string",
        "id": "string",
        "isSystemDefined": true,
        "issuerCommonName": "string",
        "issuerCountry": "string",
        "issuerLocality": "string",
        "issuerOrganization": "string",
        "issuerOrganizationUnit": "string",
        "issuerState": "string",
        "keySize": 0,
        "keyType": "string",
        "name": "string",
        "passPhrase": "string",
        "privateKey": "string",
        "signatureHashType": "string",
        "subjectCommonName": "string",
        "subjectCountry": "string",
        "subjectDistinguishedName": "string",
        "subjectLocality": "string",
        "subjectOrganization": "string",
        "subjectOrganizationUnit": "string",
        "subjectState": "string",
        "type": "externalcertificate",
        "validationUsage": [],
        "validityEndDate": "string",
        "validityStartDate": "string",
        "version": "string",
        "weakCertificate": true
    }' \
    "https://${HOST}:${PORT}/api/fdm/v6/object/externalcertificates"

from bravado.requests_client import RequestsClient
from bravado.client import SwaggerClient


def get_client(host, token):
    http_client = RequestsClient()
    http_client.ssl_verify = False
    http_client.set_api_key(
        host,
        "Bearer {}".format(token),
        param_name="Authorization",
        param_in="header"
    )
    return SwaggerClient.from_url(
        "https://{}/apispec/ngfw.json".format(host),
        http_client=http_client,
        config={
            "validate_responses": False,
            "validate_swagger_spec": False
        }
    )


def add_external_certificate(client, body):
    return client.Certificate.addExternalCertificate(
        body=body
    ).response().result


if __name__ == "__main__":
    host = "ftd.example.com"
    token = "access_token"
    client = get_client(host, token)

    body = {'allowWeakCert': True,
 'cert': 'string',
 'isSystemDefined': True,
 'issuerCommonName': 'string',
 'issuerCountry': 'string',
 'issuerLocality': 'string',
 'issuerOrganization': 'string',
 'issuerOrganizationUnit': 'string',
 'issuerState': 'string',
 'keySize': 0,
 'keyType': 'string',
 'name': 'string',
 'passPhrase': 'string',
 'privateKey': 'string',
 'signatureHashType': 'string',
 'subjectCommonName': 'string',
 'subjectCountry': 'string',
 'subjectDistinguishedName': 'string',
 'subjectLocality': 'string',
 'subjectOrganization': 'string',
 'subjectOrganizationUnit': 'string',
 'subjectState': 'string',
 'type': 'externalcertificate',
 'validationUsage': [],
 'validityEndDate': 'string',
 'validityStartDate': 'string',
 'weakCertificate': True}

    add_external_certificate(client, body)