Certificate Authority creation

[HemantBiharecwl]

{
"active": true,
"descr": "CA-LP-2",
"randomserial": true,
"dn_city": "BGL",
"dn_commonname": "CWL",
"dn_country": "IN",
"dn_organization": "CWL",
"dn_state": "KTK",
"keylen": 1024,
"keytype": "RSA",
"lifetime": 3650,
"method": "internal",
"digest_alg": "sha256",
"type": "server",
"serial": 1,
"trust": false,
"apply": true
}

Error:
{
"code": 400,
"status": "bad request",
"response_id": "FIELD_IS_REQUIRED",
"message": "Field crt is required.",
"data": []
}
How to give crt paramter. In previous versions by above paramters CA gets created. But it is asking for both crt and prv. Please fix this as soon as possible

[jaredhendrickson13]

In v2 it's currently not possible. There is still work that needs to go into the certificate related endpoints for v2 that is waiting on some upstream pfSense changes. In the meantime, you can run the v1 and v2 packages at the same time and continue utilizing the v1 endpoint as usual.

[HemantBiharecwl]

there is no older version available in System/REST API /Update/ only v2 is showing

[jaredhendrickson13]

Refer to the v2 announcement and upgrade guide. v1 and v2 are separate packages and operate independently from each other.

If you removed v1, you can reinstall it as usual using the URL from the releases page. For example:

pkg-static -C /dev/null https://github.com/jaredhendrickson13/pfsense-api/releases/download/v1.7.5/pfSense-2.7-pkg-API.pkg

[HemantBiharecwl]

Diagnostics/Command Prompt

Shell Output - pkg-static -C /dev/null https://github.com/jaredhendrickson13/pfsense-api/releases/download/v1.7.5/pfSense-2.7-pkg-API.pkg
pkg: unknown command: https://github.com/jaredhendrickson13/pfsense-api/releases/download/v1.7.5/pfSense-2.7-pkg-API.pkg

For more information on available commands and options see 'pkg help'.

[jaredhendrickson13]

Sorry I forgot the add in the command:

pkg-static -C /dev/null add https://github.com/jaredhendrickson13/pfsense-api/releases/download/v1.7.5/pfSense-2.7-pkg-API.pkg

[Coffee-Processing-Unit]

In v2 it's currently not possible. There is still work that needs to go into the certificate-related endpoints for v2 that is waiting on some upstream pfSense changes. In the meantime, you can run the v1 and v2 packages at the same time and continue utilizing the v1 endpoint as usual.

@jaredhendrickson13 Hello, I have a few questions.

1. What is your estimation for the completion of this issue?
2. Do you know when the pfSense version your are waiting for will be released?
3. Why can't you implement this like you did in V1?

[jaredhendrickson13]

@Coffee-Processing-Unit

1. Probably in v2.2.0 which will be later this year, I'd estimate some time in October. That release will focus primarily on feature parity whereas the focus of v2.1.0 is performance and framework improvements.
2. Sorry looking back my original statement is a little misleading. At the time it was initially being looked at for v2 there were differences between CE and Plus (late 2022 early 2023) that resulted in some inconsistent behavior in the functions being called. The plan was to revisit later in v2s development in hopes that they behaved more similarly rather than hack together support for CE and Plus separately. Long story short I ran out of time and couldn't revisit it like I had planned. I haven't verified myself but I'd expect that is not an issue now that they are both on FreeBSD-CURRENT and both use the new config accessors.
3. When it's ported to v2 it will essentially work the same way, but v2 handles object relations differently and requires the other certificate manager Models to be fully be built out at the same time too. In the end it will be a more accurate representation of what's available in the webConfigurator and require much less manual logic on the backend.