API returns 200/OK but doesn't actually import certificate

[ksalad99]

I'm trying to import a certificate that I already have generated into TrueNAS with it's API.

I think I have the script right because it returns 200/OK, but it doesn't show up in the certificate list with the GET API call nor the UI!

Here's my powershell:

Code:

# Define the URL of the API endpoint where you want to make the request
$endpointUrl = "https://truenas.mydomain.local/api/v2.0/certificate/"

$Cert = Get-Content -Path "C:\Windows\Temp\tempcerts\certchain.crt" -Raw

$PrivKey = Get-Content -Path "C:\Windows\Temp\tempcerts\key.key" -Raw

# Define the JSON data
$jsonData = @"
{
  "create_type": "CERTIFICATE_CREATE_IMPORTED",
  "name": "TESTAPI",
  "certificate": "$Cert",
  "privatekey": "$PrivKey"
}
"@

$jsonData = $jsonData | ConvertTo-Json -Depth 100

# Set the content type for the request
$headers = @{
    "Authorization" = "Bearer API_KEY"
}

# Make the request using Invoke-WebRequest
$response = Invoke-RestMethod -Uri $endpointUrl -Method POST -Headers $headers -Body $JSONString -ContentType "application/json"

# Output the response
$response

I then receive this as an output:

Code:

StatusCode        : 200
StatusDescription : OK
Content           : 138
RawContent        : HTTP/1.1 200 OK
                    Connection: keep-alive
                    Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                    X-Content-Type-Options: nosniff
                    X-XSS-Protection: 1; mode=block
                    Permissions-Policy: ...
Forms             : {}
Headers           : {[Connection, keep-alive], [Strict-Transport-Security, max-age=63072000; includeSubDomains; preload], [X-Content-Type-Options, nosniff],
                    [X-XSS-Protection, 1; mode=block]...}
Images            : {}
InputFields       : {}
Links             : {}
ParsedHtml        : System.__ComObject
RawContentLength  : 3

But as I said before - still no certificate is populated.

Any help would be amazing, I am terrible at APIs and they frustrate me quite considerably.

Thanks!

 

[ksalad99]

Update to this:

I happed to look at the task manager and I saw a number of "certificate.create" tasks but they are all in a failed state with the following:

Code:

Status: FAILED
Start Time: 2023-07-25 23:39:53
Finished Time: 2023-07-25 23:39:53
Error: [certificate_create] A dict was expected

I can't find any reference to that error anywhere...

 

[sretalla]

So the 200 from http is just telling you the instruction arrived successfully.

Usually the return code for tasks is a taskID, which you can use to look up the result with your script.

Since you did that manually anyway, I would suggest the dict message indicates you're specifying something that isn't in the list of expected values (the dict). Either that, or you haven't specified one of the mandatory values at all (hence not in the dict).

 

[ksalad99]

Thanks for the reply!

I'm trying to think how I am missing/not specifying mandatory values, since all I am doing is copying lines 83-102 of the famous deploy-freenas.py script and converting it to PowerShell... Is there any more detail I can pull from the error?

 

[ksalad99]

Issues were with syntax in powershell... after I cleaned up the JSON variable, it uploaded correctly.