gmarth/opnsense_cert_exporter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added option to disable ssl verification

Browse Source
This commit is contained in:
Alexander Thiess
2025-12-20 07:16:00 +01:00
parent 19d3ba4fa3
commit 1ffcbf09dc
3 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.env.example
View File

@@ -6,6 +6,9 @@ OPNSENSE_HOST=https://your-opnsense.local
# Optional # Optional
OUTPUT_DIRECTORY=./certs OUTPUT_DIRECTORY=./certs
# Optional: disable SSL verification for self-signed certificates
# VERIFY_SSL=false
# Optional: file permissions (Linux only) # Optional: file permissions (Linux only)
# FILE_OWNER=root # FILE_OWNER=root
# FILE_GROUP=root # FILE_GROUP=root

4
README.md
View File

@@ -68,6 +68,9 @@ OPNSENSE_HOST=https://your-opnsense.local
# Optional # Optional
OUTPUT_DIRECTORY=./certs OUTPUT_DIRECTORY=./certs
# Optional: disable SSL verification for self-signed certificates
# VERIFY_SSL=false
# Optional: file permissions (Linux only) # Optional: file permissions (Linux only)
# FILE_OWNER=root # FILE_OWNER=root
# FILE_GROUP=root # FILE_GROUP=root
@@ -82,6 +85,7 @@ OUTPUT_DIRECTORY=./certs
| `OPNSENSE_API_SECRET` | Yes | OPNsense API secret | | `OPNSENSE_API_SECRET` | Yes | OPNsense API secret |
| `OPNSENSE_HOST` | Yes | OPNsense URL (e.g., `https://192.168.1.1`) | | `OPNSENSE_HOST` | Yes | OPNsense URL (e.g., `https://192.168.1.1`) |
| `OUTPUT_DIRECTORY` | No | Directory to save exported certificates (default: `./certs`) | | `OUTPUT_DIRECTORY` | No | Directory to save exported certificates (default: `./certs`) |
| `VERIFY_SSL` | No | Set to `false` to disable SSL verification for self-signed certs (default: `true`) |
| `FILE_OWNER` | No | Set file owner (Linux only) | | `FILE_OWNER` | No | Set file owner (Linux only) |
| `FILE_GROUP` | No | Set file group (Linux only) | | `FILE_GROUP` | No | Set file group (Linux only) |
| `FILE_MODE` | No | Set file permissions in octal (e.g., `0600`) | | `FILE_MODE` | No | Set file permissions in octal (e.g., `0600`) |

14
main.py
View File

@@ -36,6 +36,7 @@ def get_config():
'api_secret': os.environ['OPNSENSE_API_SECRET'], 'api_secret': os.environ['OPNSENSE_API_SECRET'],
'host': os.environ['OPNSENSE_HOST'], 'host': os.environ['OPNSENSE_HOST'],
'output_directory': os.environ.get('OUTPUT_DIRECTORY', './certs'), 'output_directory': os.environ.get('OUTPUT_DIRECTORY', './certs'),
'verify_ssl': os.environ.get('VERIFY_SSL', 'true').lower() != 'false',
'file_owner': os.environ.get('FILE_OWNER'), 'file_owner': os.environ.get('FILE_OWNER'),
'file_group': os.environ.get('FILE_GROUP'), 'file_group': os.environ.get('FILE_GROUP'),
'file_mode': os.environ.get('FILE_MODE'), 'file_mode': os.environ.get('FILE_MODE'),
@@ -45,14 +46,23 @@ def get_config():
def search_certificates(config, search_phrase): def search_certificates(config, search_phrase):
url = f"{config['host']}/api/trust/cert/search" url = f"{config['host']}/api/trust/cert/search"
payload = {"searchPhrase": search_phrase} payload = {"searchPhrase": search_phrase}
response = requests.post(url, json=payload, auth=HTTPBasicAuth(config['api_key'], config['api_secret'])) response = requests.post(
url,
json=payload,
auth=HTTPBasicAuth(config['api_key'], config['api_secret']),
verify=config['verify_ssl']
)
response.raise_for_status() response.raise_for_status()
return response.json().get("rows", []) return response.json().get("rows", [])
def export_certificate(config, uuid, format): def export_certificate(config, uuid, format):
url = f"{config['host']}/api/trust/cert/generate_file/{uuid}/{format}" url = f"{config['host']}/api/trust/cert/generate_file/{uuid}/{format}"
response = requests.post(url, auth=HTTPBasicAuth(config['api_key'], config['api_secret'])) response = requests.post(
url,
auth=HTTPBasicAuth(config['api_key'], config['api_secret']),
verify=config['verify_ssl']
)
response.raise_for_status() response.raise_for_status()
return response.json().get("payload") return response.json().get("payload")