Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Get certificates using API

You can download certificates from the firewall using a GET API request in a Linux command-line interface or a web browser.

Note

Make sure you've turned on API access and added the IP addresses from which administrators can make API requests. See API configuration.

Get certificate files

To get the certificates, their private keys, and the Entities.xml file, use one of the following options:

  • Go to a Linux command-line interface and use the following syntax to enter the GET request:

    curl -ko <anyfilename.tar> 'https://<Firewall IP address or FQDN>:<web admin console's port>/webconsole/APIController?reqxml=<Request><Login><Username><admin username></Username><Password><admin password></Password></Login><Get><Certificate/></Get></Request>'
    
    Example

    curl -ko test.tar 'https://172.16.16.16:4444/webconsole/APIController?reqxml=<Request><Login><Username>admin</Username><Password>adminxyzpwd</Password></Login><Get><Certificate/></Get></Request>'

    The files are downloaded to the test.tar file.

  • Go to a web browser and use the following syntax to enter the GET request in the address bar:

    https://<Firewall IP address or FQDN>:<web admin console's port>/webconsole/APIController?reqxml=<Request><Login><Username><admin username></Username><Password><admin password></Password></Login><Get><Certificate/></Get></Request>
    
    Example

    https://172.16.16.16:4444/webconsole/APIController?reqxml=<Request><Login><Username>admin</Username><Password><adminxyzpwd></Password></Login><Get><Certificate/></Get></Request>

Extract the files

Go to the folder where you saved the .tar file and use the following command to extract the files:

tar -xvf <filename>.tar