Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

API Examples

Reply

Generate New SSL Certificate for Grid Manager GUI

Moderator
Moderator
Posts: 293
1369     0

Here's an example of generating a new Certificate Signing Request.

 

Step 1: Create CSR

curl -k1 -u admin:infoblox -X POST 'https://gm.blox.corp/wapi/v2.11/fileop?_function=generatecsr' -H 'Content-Type: application/json' -d \
'{
	"member":"gm.blox.corp",
	"certificate_usage" : "ADMIN",
	"key_size":2048,
	"algorithm":"SHA-512",
	"cn" : "gm.blox.corp",
	"country" : "US",
	"state" : "California",
	"locality" : "Santa Clara",
	"org" : "Infoblox",
	"subject_alternative_names":
	[
		{
			"type":"DNS",
			"value": "gm.blox.corp"
		},
		{
			"type":"IP",
			"value": "192.168.1.2"
		}
	]
}'

This call returns a download URL and a token:

{
    "token": "eJyljssKwjAURH+lZG3z6CtNd5UqCNKCCC5Daa410JdpBEX8d5uFbl24PcOcmSeC+6TNQ1rdA8o8\nlvCUpXEacix4SKlgKw/dTLdE6GLtNGeEMBFglqSY4YA4JpU20Fh51h1IPRIDV6mVX1Sncl/lhU9D\nyqmIwpgLToOIkgaMxRP0aHGr2tYShmZUemjdynpXfnk/KncKFfkxl4fN9hM4RmY7mroFYvvp/xta\nOeevCnq9Ac50WVc=\n", 
    "url": "https://192.168.1.2/http_direct_file_io/req_id-DOWNLOAD-0307094357970240/cert.pem"
}

Step 2: Download the generated CSR using the download URL from above:

curl -k -u admin:infoblox -H "Content-type:application/force-download" -O 'https://192.168.1.2/http_direct_file_io/req_id-DOWNLOAD-0307094357970240/cert.pem'

Step 3: Close the file using the token from above:

curl -k1 -u admin:infoblox -X POST 'https://gm.blox.corp/wapi/v2.11/fileop?_function=downloadcomplete' \
-H "Content-Type: application/json" -d \
'{
  "token": "eJyljssKwjAURH+lZG3z6CtNd5UqCNKCCC5Daa410JdpBEX8d5uFbl24PcOcmSeC+6TNQ1rdA8o8\nlvCUpXEacix4SKlgKw/dTLdE6GLtNGeEMBFglqSY4YA4JpU20Fh51h1IPRIDV6mVX1Sncl/lhU9D\nyqmIwpgLToOIkgaMxRP0aHGr2tYShmZUemjdynpXfnk/KncKFfkxl4fN9hM4RmY7mroFYvvp/xta\nOeevCnq9Ac50WVc=\n"
}'



Step 4: Sign the CSR using your preferred Certificate Authority service.  Here's an example for signing a CSR using OpenSSL commands:

openssl x509 -req -days 360 -copy_extensions copyall -in cert.pem -CA ca.crt -CAkey ca.key -CAcreateserial -out gm.blox.corp.crt


Step 5: Initiate an upload for the signed cert generated in the previous step:

curl -k1 -u admin:infoblox -X POST 'https://gm.blox.corp/wapi/v2.11/fileop?_function=uploadinit'


This returns a file upload URL and a token:

 
{
    "token": "eJytjk0LgjAYx79K7Jxuj4v5cjMsCKIi6jzELXtAnc0FRfTdc0QdO3X9/V8fRN96tHfpsNUkm4CI\nE0hEytMQuOBMTCfkaptRIWfn+iGjFNIoBJGEEEbUM6nQ6srJEzZaoqFWXySq4Lhbb/MiYJzFwFgE\nKXA+Y5xi2xv7dpOxXJWulLqrjMKu9jPz1ebLW6P8KVLkh1zuF8uP4BkdnLFlralr+z/8QOVLf2fI\n8wX88lob\n", 
    "url": "https://192.168.1.2/http_direct_file_io/req_id-UPLOAD-0307100219133403/import_file"
}


Step 6: Upload the signed cert to the URL specified in the previous step:

curl -k1 -u admin:infoblox -F name=gm.blox.corp.crt -F filedata=@gm.blox.corp.crt 'https://192.168.1.2/http_direct_file_io/req_id-UPLOAD-0307100219133403/import_file'


Step 7: Apply the uploaded cert as a new SSL cert:

curl -k1 -u admin:infoblox -X POST 'https://gm.blox.corp/wapi/v2.11/fileop?_function=uploadcertificate' -H "Content-Type: application/json" -d \
'{
	"certificate_usage": "ADMIN",
	"member":"gm.blox.corp",
    "token": "eJytjk0LgjAYx79K7Jxuj4v5cjMsCKIi6jzELXtAnc0FRfTdc0QdO3X9/V8fRN96tHfpsNUkm4CI\nE0hEytMQuOBMTCfkaptRIWfn+iGjFNIoBJGEEEbUM6nQ6srJEzZaoqFWXySq4Lhbb/MiYJzFwFgE\nKXA+Y5xi2xv7dpOxXJWulLqrjMKu9jPz1ebLW6P8KVLkh1zuF8uP4BkdnLFlralr+z/8QOVLf2fI\n8wX88lob\n"
}'

The grid manager's web interface will restart automatically.  This may take a minute or two to complete.

Re: Generate New SSL Certificate for Grid Manager GUI

[ Edited ]
New Member
Posts: 1
1369     0

Choose a Certificate Authority (CA) that you trust, or set up your own CA if you have the expertise and resources.Generate a private key on the server where the Grid Manager GUI is hosted. You can use tools like OpenSSL to generate the private key. Create a Certificate Signing Request (CSR) based on the private key, and send it to the CA.The CA will verify your identity and domain ownership, and issue a signed SSL certificate based on the CSR.Install the SSL certificate on the server where the Grid Manager GUI is hosted. The specific steps for installation may vary depending on the server and operating system you are using.Test the SSL certificate to ensure that it is working properly.

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You