Certificate Managment via API

[ziptx]

We have several+ servers we need to maintain the SSL/TLS certificates on. The dev API documents allude to this being possible, but there does not seem to be any type of example on how to leverage the API to get the CSR and then push back the PEM file and restart the required services. [As described in https://docs.cohesity.com/6_8_1/Web/UserGuide/Content/CLI/UpdateSSLCLI.htm] Would you be willing to rough draft a powershell script that has the major steps to leverage the API to do this? I am assuming there are (2). One to generate and obtain the CSR, the other to load the signed cert / PEM and restart the service.

Best Regards

[bseltz-cohesity]

I have PowerShell and Python scripts to upload a cert and private key (not created via CSR on the cluster): https://github.com/bseltz-cohesity/scripts/tree/master/powershell/uploadSSLCert https://github.com/bseltz-cohesity/scripts/tree/master/python/uploadSSLCertificate I'll have to investigate how to generate the CSR on the cluster

[ziptx]

That's actually the rough outline I needed to get this accomplished (ie. building the sslparams and restarting the service). Thank you.

Sorry I missed that in my search. No sure why 'SSL' or 'certificate' didn't surface that script. No reason to generate a CSR on the cluster if you can pass all the necessary signed CA certificates / pieces to the cluster to use. This request can be closed.

PS … your work is amazing. Thanks for sharing it.