Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/22.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=certificates-add-using-postman-API

Add certificates using Postman API

You can add and update certificates through an API request using the Postman app.

To add or update certificates, do as follows:

  1. Turn on API access, and add the IP hosts from which you want to send the API requests.
  2. Upload the certificate and private key files to Postman and send an XML request.

Note

You can't get certificates using the Postman API because the data is downloaded in a .tar file. You can use a browser or a Linux command-line interface. See Get certificates using API.

Allow API access

Allow configuration using the API, and enter the IP hosts from which you want to allow access.

  1. Go to Administration > API.
  2. Select API access.
  3. Under Allowed IP hosts, add the IP hosts from which administrators can make API requests and click Add button..

  4. Click Apply.

    Here's an example:

    Allow API access.

Post a certificate using Postman

Send a post request with the certificate, private key files, and the XML request using the Postman desktop app.

  1. Download the Postman desktop app compatible with your operating system.

    By default, the app uses your endpoint's configuration (including the IP address) to send API requests.

  2. On your endpoint, store the certificate and the private key files in the following folder:

    C:/Users/[yourname]/Postman/files

  3. Open the Postman app and click New in your workspace.

    New request in Postman.

  4. Click HTTP Request.

    Postman request.

  5. Click Save.

    Save request name.

  6. Enter a Request name, select a collection, and click Save.

    Alternatively, click New folder to create a collection.

    Postman Collection for the request.

  7. Select POST in the drop-down list and enter the following URL:

    https://[Firewall IP address or hostname]:[Port]/webconsole/APIController

    Post request in Postman.

  8. Select Body and then select form-data.

    Postman body and form data.

  9. Specify the certificate as follows:

    1. Under Key, enter a name for the certificate and select File from the drop-down list.

      Select the files.

    2. Under Value, click Select files and select the certificate file you stored on your computer.

      Select the certificate file.

  10. Specify the private key as follows:

    1. Enter a name for the private key and select File from the drop-down list.
    2. Under Value, click Select files and select the private key file you stored on your computer.

  11. Specify the request as follows:

    1. Under Key, enter reqxml.
    2. Under Value, enter the following request:
    <Request><Login><Username>xxxxx</Username><Password>xxxxx</Password></Login><Set><Certificate transactionid="10"><Name>TestCertificate</Name><Action>UploadCertificate</Action><CertificateFormat>pem</CertificateFormat><CertificateFile>TestCertificate.pem</CertificateFile><PrivateKeyFile>TestCertificate.key</PrivateKeyFile></Certificate></Set></Request>

    You can enter a transaction ID if you want to identify the request. In this example, the transaction ID is set to 10. See the above request.

    Note

    Sophos Firewall uses a Set request rather than the Post request Postman uses.

    Certificate and private key upload and xml entry.

  12. Click Send.

    Send the request.

  13. Scroll down and click Body to see the status of the request.

    Status of the request.

  14. On the web admin console of Sophos Firewall, go to Certificates > Certificates and check if the certificate is listed.