Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BJBee
New Contributor

Created on ‎02-15-2022 01:31 AM

FortiADC - upload PFX certificate with PowerShell

Hi,

I am working on a PowerShell script for the Forti-ADC to upload PFX-certificates. The API is working fine and I can GET information with API-calls from the Forti-ADC with PowerShell. The only thing I cannot get to work is uploading a certificate

I found a way to upload certificates via Bash, as this is written in the manual (https://docs.fortinet.com/document/fortiadc/6.0.1/rest-api-programming-guide). This is working fine, but I could not succeed in doing the same with PowerShell.

 

The request looks like this (session details not added).

$ClearTextPfxPassword = "password"
$URI = "https://1.2.3.4/api/upload/certificate_local"

$Body = @{}
$Body.add("vdom", "root")
$Body.add("mkey", "ScriptName")
$Body.add("type", "PKCS12")
$Body.add("passwd", $ClearTextPfxPassword)
$Body.add("cert", "certificateFilename.pfx")
$ResultUploadCertificate = Invoke-webrequest -Uri $URI -Method Post -Headers $Headers -form $Body -WebSession $session -SkipCertificateCheck -verbose


The response looks like this:
PS Microsoft.PowerShell.Core\FileSystem::> $ResultUploadCertificate
StatusCode : 200
StatusDescription : OK
Content : {"payload":-2001}
RawContent : HTTP/1.1 200 OK
Date: Tue, 30 Feb 2022 07:42:01 GMT
Connection: keep-alive
Set-Cookie: last_access_time=1644444444; Path=/; SameSite=strict; HttpOnly; Secure
X-XSS-Protection: 1; mode=block
Conte…
Headers : {[Date, System.String[]], [Connection, System.String[]], [Set-Cookie, System.String[]], [X-XSS-Protection, System.String[]]…}
Images : {}
InputFields : {}
Links : {}
RawContentLength : 17
RelationLink : {}


The bash variant looks like this and is working:
curl -v -F 'mkey=ScriptTestName' -F 'vdom=root' -F 'type=PKCS12' -F 'passwd=password' -F 'cert=@certificateFilename.pfx' -H "Authorization: Bearer xxxxxxxxxxxxxxxxxxxxx" -H "Cookie: last_access_time=164444444" --insecure https://1.2.3.4/api/upload/certificate_local

 

I tried several things, like:

  • using absolute path (for now PFX-certificates is in same folder to keep it simple), but not sure if I should use the '@' which is used in the bash-script.
  • different file notations in body (relative/absolute path, with '@', etc...)


Is someone able to inform what is wrong with the PS-script and how I can get it to work?

Labels:
1165
0 Kudos
3 REPLIES 3
Anonymous
Not applicable

Created on ‎02-24-2022 10:17 AM

Hello @BJBee ,

Thank you for posting to Fortinet Community Forums. We would be having someone answer this query on the post. Thank you for your patience.

1086
0 Kudos
Anonymous
Not applicable

Created on ‎02-25-2022 01:51 PM

Hello @BJBee,

Can you confirm if the WAF is enabled on the device?

 

1059
0 Kudos
jonasmellander
Staff
Staff

Created on ‎02-27-2022 11:50 PM

Hi BJBee. When using Postman to upload certificate files, I've had to add this HTTP header. Maybe the bash script does it automatically and the PowerShell does not?
Content-Type: "multipart/form-data; boundary=--------------------------"

The reason is that the POST consists of both an HTML form with the parameters, and then the binary part being the upload of the actual PFX file.

If you enable HTTP management on ADC, and disable redirect to HTTPS, you can make a packet capture to see what the HTTP request actually looks like, and see if this may be a hint.

Systems Engineer, CSP, Nordics
1041
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.