Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

License and certificate information #5

Open
ognjen011 opened this issue Dec 17, 2020 · 7 comments
Open

License and certificate information #5

ognjen011 opened this issue Dec 17, 2020 · 7 comments

Comments

@ognjen011
Copy link

Do you have any plans to add new features? I was thinking an ability to get license information so i can start sending alerts well ahead of time when the license is about to expire. Same thing for the loaded Certificates used for GP.
@jenningsloy318
Copy link
Owner

Hi @ognjen011

I will check it later, if possible I can add this license info . as for "Same thing for the loaded Certificates used for GP." I don't understand your mean, can you elaborate it a little bit ?

@ognjen011
Copy link
Author

Hi

So we have ssl certificates that get loaded for global protect. It would be nice to get a certificate expiration date and then be able to alert on it.

@jenningsloy318
Copy link
Owner

I hope I can get this, but our environment configured without this. But nevertheless, will try it out. If no luck, I'd like ask your help to provide me some output as xml or json format.

@ognjen011
Copy link
Author

Ok that is perfect i can provide the info you need.

@jenningsloy318
Copy link
Owner

Hi from my device, I did't find any license API, if your device has such api, please let me konw the path and output

regarding for global protect, my device only contain API > Operational Commands > show > global-protect > redirect, there is no ssl entities under global-protect.

P.S. you can get all APIs under https://pa-ipaddress/api

@ognjen011
Copy link
Author

ognjen011 commented Dec 18, 2020
edited
Loading

SSL certificates for the GP and few other things. To get the SSL via API in my case it is in:

https://{host}/api/?type=op&cmd=<request><certificate><show><certificate-name></certificate-name></show></certificate></request>

In there i see a list of certificates on the system:

DigiCert
Global Protect
SSL1
SSL2
Wildcard
Self Signed CA

then i specify a name of the cert and i get the output below which i amended not to show all the fields also this is just one of the few certificates loaded.

{
"response": {
"@status": "success",
"result": {
"entry": {
"@name": "DigiCert",
"ca": "yes",
"common-name": "DigiCert Global Root CA",
"expiry": "1608242400",
"issuer": "",
"issuer-hash": "",
"not-valid-after": "Nov 10 00:00:00 2031 GMT",
"not-valid-before": "Nov 10 00:00:00 2006 GMT",
"subject": "",
"subject-hash": ""
}
}
}
}

Then for the license,

 https://{host}/api/?type=op&cmd=<request><license><info></info></license></request>

"response": {
"@status": "success",
"result": {
"licenses": {
"entry": [
{
"authcode": null,
"description": "Standard VM-Series",
"expired": "no",
"expires": "Never",
"feature": "VM",
"issued": "December 23, 2019",
"serial": "myserialnumber"
},
{
"authcode": null,
"base-license-name": "Name",
"description": "GlobalProtect Gateway License",
"expired": "yes",
"expires": "December 02, 2020",
"feature": "GlobalProtect Gateway",
"issued": "December 23, 2019",
"serial": "myserialnumber"
},
{
"authcode": null,
"base-license-name": "VM",
"description": "Palo Alto Networks DNS Security License",
"expired": "yes",
"expires": "December 02, 2020",
"feature": "DNS Security",
"issued": "December 23, 2019",
"serial": "myserialnumber"
},
{
"authcode": null,
"base-license-name": "VM",
"description": "Threat Prevention",
"expired": "yes",
"expires": "December 02, 2020",
"feature": "Threat Prevention",
"issued": "December 23, 2019",
"serial": "myserialnumber"
},
{
"authcode": null,
"base-license-name": "VM",
"description": "WildFire signature feed, integrated WildFire logs, WildFire API",
"expired": "yes",
"expires": "December 02, 2020",
"feature": "WildFire License",
"issued": "December 23, 2019",
"serial": "myserialnumber"
},
{
"authcode": null,
"base-license-name": "VM",
"description": "Palo Alto Networks URL Filtering License",
"expired": "yes",
"expires": "December 02, 2020",
"feature": "PAN-DB URL Filtering",
"issued": "December 23, 2019",
"serial": "myserialnumber"
},
{
"authcode": null,
"base-license-name": "VM",
"description": "Premium Partner",
"expired": "yes",
"expires": "December 02, 2020",
"feature": "Premium Partner",
"issued": "December 23, 2019",
"serial": "myserialnumber"
}
]
}
}
}
}

@jenningsloy318
Copy link
Owner

jenningsloy318 commented Aug 2, 2021
edited
Loading

Hi @ognjen011 I am considering the feature, and kindly provide below info, as you don't paste all parameters of request, so I don't know how to construct the request, and my environment don't have such entities, I can't re-produce your request.

  1. response body of json for the first request?
  2. all requests of individual certs ? including all parameters?
  3. for the third request, do you add any parameter to the request? please also include all parameters?

and my current implementation works on 8.1.7, whose response body is xml, so can you please confirm your panos version, and if your version is 9 or above, this should not work

@zbbfufu zbbfufu self-assigned this Jan 11, 2022
@zbbfufu zbbfufu removed their assignment Oct 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zbbfufu @ognjen011 @jenningsloy318