Add certificates using Postman API
You can add and update certificates through an API request using the Postman app.
Introduction
To add or update certificates, do as follows:
- Turn on API configuration, and enter the IP addresses from which you want to send the API requests.
- Upload the certificate and private key files to Postman and send an XML request.
Allow API access
Allow configuration using the API, and enter the IP address from which you want to allow access.
- Go to Backup and firmware > API.
- Select API configuration.
-
For Allowed IP address, enter the IP address from which you'll make the API request and click the add button.
Here's an example:
To find your IP address, go to Log viewer and select Admin in the drop-down list. The source IP address shows the IP address with which you're accessing the web admin console.
-
Click Apply.
Post a certificate using Postman
Send a post request with the certificate, private key files and the XML request using the Postman desktop app.
-
Download the Postman desktop app compatible with your operating system.
By default, the app uses your computer's configuration to send API requests. So, you only need to enter your computer's IP address on the web admin console to allow API requests.
-
On your computer, store the certificate and the private key files in the following folder:
C:/Users/[yourname]/Postman/files
. -
Open the Postman app and click New in your workspace.
-
Click Request.
-
Enter a Request name, select a collection, or create a collection, and click Save.
-
Select
POST
and enter the following URL:https://[Firewall IP address]/webconsole/APIController
. -
Select Body and then select form-data.
-
Under Key, enter a name for the certificate, select File from the drop-down list, and select the certificate file you stored on your computer.
-
Enter a name for the private key, select File from the drop-down list, and select the private key file you stored on your computer.
-
Enter
reqxml
, and enter the following request:<Request><Login><Username>admin</Username><Password>pppp</Password></Login><Set><Certificate transactionid=""><Name>TestCertificate</Name><Action>UploadCertificate</Action><CertificateFormat>pem</CertificateFormat><CertificateFile>TestCertificate.pem</CertificateFile><PrivateKeyFile>TestCertificate.key</PrivateKeyFile></Certificate></Set></Request>
Note
Sophos Firewall uses a Set request rather than the Post request Postman uses.
You can enter a transaction ID if you want to identify the requests.
-
Click Send.
-
Scroll down and click Body to see the status of the request.
-
On the web admin console of Sophos Firewall, go to Certificates > Certificates and check if the certificate is listed.