- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Generate New SSL Certificate for Grid Manager GUI
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
109 
1
Here's an example of generating a new Certificate Signing Request.
Step 1: Create CSR
curl -k1 -u admin:infoblox -X POST 'https://gm.blox.corp/wapi/v2.11/fileop?_function=generatecsr' -H 'Content-Type: application/json' -d \
'{
"member":"gm.blox.corp",
"certificate_usage" : "ADMIN",
"key_size":2048,
"algorithm":"SHA-512",
"cn" : "gm.blox.corp",
"country" : "US",
"state" : "California",
"locality" : "Santa Clara",
"org" : "Infoblox",
"subject_alternative_names":
[
{
"type":"DNS",
"value": "gm.blox.corp"
},
{
"type":"IP",
"value": "192.168.1.2"
}
]
}'
This call returns a download URL and a token:
{
"token": "eJyljssKwjAURH+lZG3z6CtNd5UqCNKCCC5Daa410JdpBEX8d5uFbl24PcOcmSeC+6TNQ1rdA8o8\nlvCUpXEacix4SKlgKw/dTLdE6GLtNGeEMBFglqSY4YA4JpU20Fh51h1IPRIDV6mVX1Sncl/lhU9D\nyqmIwpgLToOIkgaMxRP0aHGr2tYShmZUemjdynpXfnk/KncKFfkxl4fN9hM4RmY7mroFYvvp/xta\nOeevCnq9Ac50WVc=\n",
"url": "https://192.168.1.2/http_direct_file_io/req_id-DOWNLOAD-0307094357970240/cert.pem"
}
Step 2: Download the generated CSR using the download URL from above:
curl -k -u admin:infoblox -H "Content-type:application/force-download" -O 'https://192.168.1.2/http_direct_file_io/req_id-DOWNLOAD-0307094357970240/cert.pem'
Step 3: Close the file using the token from above:
curl -k1 -u admin:infoblox -X POST 'https://gm.blox.corp/wapi/v2.11/fileop?_function=downloadcomplete' \
-H "Content-Type: application/json" -d \
'{
"token": "eJyljssKwjAURH+lZG3z6CtNd5UqCNKCCC5Daa410JdpBEX8d5uFbl24PcOcmSeC+6TNQ1rdA8o8\nlvCUpXEacix4SKlgKw/dTLdE6GLtNGeEMBFglqSY4YA4JpU20Fh51h1IPRIDV6mVX1Sncl/lhU9D\nyqmIwpgLToOIkgaMxRP0aHGr2tYShmZUemjdynpXfnk/KncKFfkxl4fN9hM4RmY7mroFYvvp/xta\nOeevCnq9Ac50WVc=\n"
}'
Step 4: Sign the CSR using your preferred Certificate Authority service. Here's an example for signing a CSR using OpenSSL commands:
openssl x509 -req -days 360 -copy_extensions copyall -in cert.pem -CA ca.crt -CAkey ca.key -CAcreateserial -out gm.blox.corp.crt
Step 5: Initiate an upload for the signed cert generated in the previous step:
curl -k1 -u admin:infoblox -X POST 'https://gm.blox.corp/wapi/v2.11/fileop?_function=uploadinit'
This returns a file upload URL and a token:
{
"token": "eJytjk0LgjAYx79K7Jxuj4v5cjMsCKIi6jzELXtAnc0FRfTdc0QdO3X9/V8fRN96tHfpsNUkm4CI\nE0hEytMQuOBMTCfkaptRIWfn+iGjFNIoBJGEEEbUM6nQ6srJEzZaoqFWXySq4Lhbb/MiYJzFwFgE\nKXA+Y5xi2xv7dpOxXJWulLqrjMKu9jPz1ebLW6P8KVLkh1zuF8uP4BkdnLFlralr+z/8QOVLf2fI\n8wX88lob\n",
"url": "https://192.168.1.2/http_direct_file_io/req_id-UPLOAD-0307100219133403/import_file"
}
Step 6: Upload the signed cert to the URL specified in the previous step:
curl -k1 -u admin:infoblox -F name=gm.blox.corp.crt -F filedata=@gm.blox.corp.crt 'https://192.168.1.2/http_direct_file_io/req_id-UPLOAD-0307100219133403/import_file'
Step 7: Apply the uploaded cert as a new SSL cert:
curl -k1 -u admin:infoblox -X POST 'https://gm.blox.corp/wapi/v2.11/fileop?_function=uploadcertificate' -H "Content-Type: application/json" -d \
'{
"certificate_usage": "ADMIN",
"member":"gm.blox.corp",
"token": "eJytjk0LgjAYx79K7Jxuj4v5cjMsCKIi6jzELXtAnc0FRfTdc0QdO3X9/V8fRN96tHfpsNUkm4CI\nE0hEytMQuOBMTCfkaptRIWfn+iGjFNIoBJGEEEbUM6nQ6srJEzZaoqFWXySq4Lhbb/MiYJzFwFgE\nKXA+Y5xi2xv7dpOxXJWulLqrjMKu9jPz1ebLW6P8KVLkh1zuF8uP4BkdnLFlralr+z/8QOVLf2fI\n8wX88lob\n"
}'
The grid manager's web interface will restart automatically. This may take a minute or two to complete.
