since CVP 2018.1 introduced the SSL/TLS certificate management to the web ui I wondered if there is also a supported way to change it via the cli on the system itself?
What you’ve suggested is one option, adding the certs as /etc/nginx/cvp.crt and /etc/nginx/cvp.key, and restarting the nginx service. Another option is to use CVP’s API to upload the certificate/key.
Within CVP, at the top right click on the question-mark and there’s an option called ‘Supported APIs’. This has information about the APIs that we expose to CVP users. Under ssl > ssl/importCertAndPrivateKey.do, you have an option to upload your certificate. The API expects your cert in PEM format with separate key and certificate.
Json data expected:
publicCert – string value of the base64 certificate data.
For some useful examples of how to interact with the CVP api, check out the CVPRAC project on github: https://github.com/aristanetworks/cvprac/. It doesn’t currently have a module to import certificates itself, but I wouldn’t be surprised if it gets added soon.
Just ran this through my lab to validate, and it works well with a couple other points:
Post your Answer
You must be logged in to post an answer.