Get certificates using API
You can download certificates from the firewall using a GET API request in a Linux command-line interface or a web browser.
Note
Make sure you've turned on API access and added the IP addresses from which administrators can make API requests. See API configuration.
Get certificate files
To get the certificates, their private keys, and the Entities.xml file, use one of the following options:
-
Go to a Linux command-line interface and use the following syntax to enter the
GETrequest:curl -ko <anyfilename.tar> 'https://<Firewall IP address or FQDN>:<web admin console's port>/webconsole/APIController?reqxml=<Request><Login><Username><admin username></Username><Password><admin password></Password></Login><Get><Certificate/></Get></Request>'Example
curl -ko test.tar 'https://172.16.16.16:4444/webconsole/APIController?reqxml=<Request><Login><Username>admin</Username><Password>adminxyzpwd</Password></Login><Get><Certificate/></Get></Request>'The files are downloaded to the
test.tarfile. -
Go to a web browser and use the following syntax to enter the
GETrequest in the address bar:https://<Firewall IP address or FQDN>:<web admin console's port>/webconsole/APIController?reqxml=<Request><Login><Username><admin username></Username><Password><admin password></Password></Login><Get><Certificate/></Get></Request>Example
https://172.16.16.16:4444/webconsole/APIController?reqxml=<Request><Login><Username>admin</Username><Password><adminxyzpwd></Password></Login><Get><Certificate/></Get></Request>
Extract the files
Go to the folder where you saved the .tar file and use the following command to extract the files:
tar -xvf <filename>.tar