Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Automate Certificate Management on Imperva Waf

    Posted 07-03-2020 17:58
    Hi all, 
    I am working on an Integration project of Imperva Waf ( cloud / on-prem ).My aim is to manage user uploaded certificate on the Imperva WAF.  Below are my queries.
    1. Do we have any API or CLI commands to fetch the details of certificate ( key and cert file ) of all the sites on Imperva WAF( Cloud and on -Prem ) ??
    2. Do we have any API  or CLI commands to automate delete/renew/upload certificates ( key and cert file )  of all the sites on Imperva WAF( Cloud and on -Prem ) including the root certificate.

    #CloudWAF(formerlyIncapsula)
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Surya Kant Pasayat

    ------------------------------


  • 2.  RE: Automate Certificate Management on Imperva Waf

    Posted 07-05-2020 03:57
    Hi Surya,

    We have a tool which can help with all these tasks, it's Imperva API composer.
    The additional information about it is here:
    https://community.imperva.com/communities/community-home/digestviewer/viewthread?MessageKey=08027b50-0644-46e4-9e22-c3fb27262561&CommunityKey=39c6092a-d67a-4bc2-8134-bfbb25fc43af&tab=digestviewer#bm08027b50-0644-46e4-9e22-c3fb27262561

    Also the API commands are documented in docs.imperva.com.
    If you need more specific information, just let me know.
    Best,

    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------



  • 3.  RE: Automate Certificate Management on Imperva Waf

    Posted 07-06-2020 09:17

    Hi Surya,

     

    Since you are looking for lots of different operations, I will send you the links where you can find those instead of specific commands.

    For Cloud WAF it's https://my.imperva.com/api/docs/v1/

    Or Certificate manager for client certificates: https://docs.imperva.com/bundle/cloud-application-security/page/certificate-api.htm

    For On-Prem the details can be found here for the latest version:

    https://docs.imperva.com/bundle/v14.2-api-reference-guide/

    Some of the options you are looking for do not exist as an API command and cannot be automated yet.
    If there's a need for this commands to be available with API, please submit FR on our website.
    Thanks,



    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------



  • 4.  RE: Automate Certificate Management on Imperva Waf

    Posted 01-20-2021 23:58
    HI @Ira Miga

    I am trying to automate the uploading of custom certificates in Incapsula for few sites as well. I was referring to the API documentation and i didnt understand the below part

    #!/bin/sh
    
    CERT_B64=`base64 -i a.crt`
    KEY_B64=`base64 -i a.key`
    
    curl -d api_id=12345 -d api_key=48d69342-eaec-44cf-8a5c-56c4ff1cd5e8 -d site_id=14081980 \
         -d certificate="$CERT_B64" -d private_key="$KEY_B64" -d passphrase=12345678 \
         https://my.imperva.com/api/prov/v1/sites/customCertificate/upload

    How can i provide certificate and key files which is stored on my laptop in my postman call?

    ------------------------------
    Nikhil Chodankar
    Prudential Services Asia
    ------------------------------



  • 5.  RE: Automate Certificate Management on Imperva Waf

    Posted 01-24-2021 05:16
    Hi @Nikhil Chodankar,

    The above is script.
    If you would like to use Postman, here's what you need to do:
    Example: curl -X POST 'https://api.imperva.com/certificate-manager/v2/accounts/XXXXX/client-certificates?api_id=XXXXX&api_key=XXXXXX' -H 'Content-Type: multipart/form-data' -F 'ca_file=@example.ca'

    The curl command must be executed from the same directory, where the CA certificate is located. Please make sure to add "@" before the CA file name.

    Postman example:


    It is recommended that the CA file contain only one certificate. 

    Hope this helps,

    Best,



    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------



  • 6.  RE: Automate Certificate Management on Imperva Waf

    Posted 01-24-2021 05:21
    @Nikhil Chodankar, this was for CA certificate, but if you need to upload a custom certificate, just use:

    --cert <cert file> - Includes the client certificate in the request.

    --key <key file> - Includes the client certificate private key in the request.



    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------



  • 7.  RE: Automate Certificate Management on Imperva Waf

    Posted 01-24-2021 20:48
    HI @Ira Miga

    I am trying like this


    And getting below output



    Am i doing it correctly? ​​

    ------------------------------
    Nikhil Chodankar
    Prudential Services Asia
    ------------------------------



  • 8.  RE: Automate Certificate Management on Imperva Waf

    Posted 01-25-2021 03:50
    Hi @Nikhil Chodankar,

    Just use "certificate" and "private_key" as the key name in parameters.
    In the Post request, you don't need to put them too.
    See the example here:
    Best,

    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------



  • 9.  RE: Automate Certificate Management on Imperva Waf

    Posted 05-06-2021 08:36
    Hi Ira,

    I'm on a similar situation as Nikhil, (Postman also) , using PFX for the certificate file, since the key is embedded, I considered I need the passphrase (same as I do on the WEBUI), but it doesn't seem to help either entering the passphrase as parameter or as part of the form body.

    Is PFX/Passphrase actually accepted via API? what could I be missing?

    Passphrase in body

    Passphrase in Parameters



    ------------------------------
    Galileo Shell - Alvaro
    Technical User
    ------------------------------



  • 10.  RE: Automate Certificate Management on Imperva Waf

    Posted 01-28-2021 11:56
    @Nikhil Chodankar

    Did you get this figured out?
    I wrote the IncapCLI and you can get this from the Imperva Github for example code or use pip install cwaf-cli to install and run the CLI.
    https://pypi.org/project/cwaf-cli/

    https://github.com/imperva/incapsula-cli

    ------------------------------
    Joe Moore
    Director of Technology
    imperva
    ------------------------------