-
Notifications
You must be signed in to change notification settings - Fork 761
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trust: How to import certificates programmatically via a plugin? #8141
Comments
Hi Frank, from code on the machine, you can implement the model. Do you have a code snippet you're currently using to import certificates? maybe I can offer you a small example on how to do that using the model. |
Sure, but it's not pretty. 😄 This is the part where the certificated is added to the config "the legacy way". In the lines before this the cert entry is crafted using the legacy |
ok, so seek and update by |
Converting my code to use the new cert uuid may also be an option, in case this matters. |
ok, here we go, first some functional example code to update a certificate, the description in this case, but other fields do work more or less the same:
When you risk concurrency, you can lock the operation using If the upsert by refid is a pattern used more often, I also don't mind adding a method in the model which retrieves a record or creates a new one based on the offered refid. Relevant functions to use certificates can be found in https://github.com/opnsense/core/blob/master/src/opnsense/mvc/app/library/OPNsense/Trust/Store.php, which should avoid the need for cert.inc as well. |
Important notices
Our forum is located at https://forum.opnsense.org , please consider joining discussions there in stead of using GitHub for these matters.
Before you ask a new question, we ask you kindly to acknowledge the following:
The Acme Client Plugin plugin frequently imports new certificates to the OPNsense Trust Storage. However, it still uses the legacy method of importing certificates, which has severe drawbacks.
So I'm wondering: is there a new method available? I couldn't find one. Please point me to the right direction (no in-depth example necessary). Thanks! 😊
The text was updated successfully, but these errors were encountered: