Truenas Scale - CERTIFICATE_CREATE_IMPORTED - Curl Command

gitday · April 11, 2024, 8:51am

Hi, seeking support for the following error after running a certificate import command via CURL. I am using the API capability within Truenas scale.

Error: "500 Internal Server Error Server got itself in trouble# "

CURL Command being run on the Truenas scale host:
curl -X ‘POST’
‘https://truenas.local/api/v2.0/certificate/’
-H ‘accept: application/json’
-H ‘Authorization: Bearer 1-xxxxxxxxxxxxxxxxxxxxxxxxxxx’
-H ‘Content-Type: application/json’
-d ‘{
“create_type”: “CERTIFICATE_CREATE_IMPORTED”,
“name”: cert,
“certificate”: /etc/certificates/Test.crt,
“privatekey”: /etc/certificates/Test.key,
}’

The ultimate goal is to use the import function via an Invoke-RestMethod powershell script. But looking at getting the CURL working first.

Any support or guidance is appreciated.

gitday · April 25, 2024, 4:27am

All, I have since tweaked the CURL command to look like the following. Note that the GCert and GKey are env variables that contain the Cert and PrivKey.

curl -k -X ‘POST’
‘https://truenas.local/api/v2.0/certificate/’
-H ‘accept: application/json’
-H ‘Authorization: Bearer 1-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx’
-H ‘Content-Type: application/json’
-d ‘{
“create_type”: “CERTIFICATE_CREATE_IMPORTED”,
“name”: “gcert”,
“certificate”: “$GCert”,
“privatekey”: “$GKey”
}’

On the Truenas host, the logs show the following. Any ideas? The cert and privkey can be imported with no issues via the WebUI.

Error

[EINVAL] certificate_create.certificate: Not a valid certificate
[EINVAL] certificate_create.privatekey: A valid private key is required, with a passphrase if one has been set.
[EINVAL] certificate_create.certificate: Unable to parse certificate

gitday · April 25, 2024, 1:08pm

For those that are interested, I have solved this problem via PowerShell. Below is a working TrueNAS certificate import.

#Define the URL of the API endpoint where you want to make the request
$endpointUrl = "https://truenas.local/api/v2.0/certificate/"

$Cert = Get-Content -Path "C:\Cert.crt" -Raw
$PrivKey = Get-Content -Path "C:\Priv.key" -Raw

$jsonData = @{
    "create_type" = "CERTIFICATE_CREATE_IMPORTED"
    "name" = "Cert"
    "certificate" = "$Cert"
    "privatekey" = "$PrivKey"
}

$jsonData = $jsonData | ConvertTo-Json 

# Set the content type for the request
$headers = @{
    "Accept"= "application/json"; 
    "Authorization" = "Bearer 1-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; 
    "Content-Type" = "application/json"
}

# Make the request using Invoke-RestMethod
$response = Invoke-RestMethod -Uri $endpointUrl -Method Post -Body $jsonData -Headers $headers

# Output the response
$response