Newman: How to send ssl cert in newman request - ssl

I have a curl command that I'd like to have run as a collection using newman:
curl -i -v \
-H "X-FromAppId: APPLICATION" \
-H "X-TransactionId: 22222222" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
--cacert iis_cert_2018_07.pem \
--key iis_cert_2018_07.pem \
--cert iis_cert_2018_07.pem \
-X GET https://iis-udev02.dev.test.com:8443/iis/v1/common/policies/343
--insecure
I have a collection that executes that GET request, and it works just fine on Postman (after configuring the certs in the UI), but how do I notify newman of those certs when running the collection through the commandline?
I've tried:
newman run GETRequest.postman_collection.json --ssl-client-cert iis_cert_2018_07.pem --ssl-client-passphrase iis_cert_2018_07.pem --insecure
But that doesn't work.
How is a cert sent in a newman request?

You are passing in the key as the passphrase here: --ssl-client-passphrase iis_cert_2018_07.pem, it should be --ssl-client-key iis_cert_2018_07.pem
Try:
newman run GETRequest.postman_collection.json --ssl-client-cert iis_cert_2018_07.pem --ssl-client-key iis_cert_2018_07.pem --insecure
This should work assuming the key is not encrypted with a passphrase, and everything else is right.
The relevant newman documentation is here:
https://www.npmjs.com/package/newman#ssl-client-certificates

if you have the key encrypted then you can use the below command
newman run GETRequest.postman_collection.json --ssl-client-cert iis_cert_2018_07.pem --ssl-client-key iis_cert_2018_07key.pem --ssl-client-passphrase password

Related

curl command to tarball ALL organizations repos thru API

Was making a bash script to backup organization's repos (private included) convert them into a tar file and then send off to s3 bucket.
curl -H "Authorization: token {PAT}" -L https://api.github.com/repos/{org}/tarball/main > main.tar.gz
When I do this command with one single repo it works, but my task was to have it grab all 100+ repos in the organization. Any thoughts of what I am missing?
I don't think that there is any API from GitHub to provide your desired HTTP call out of the box.
You can try to create a Bash/PowerShell script to:
List the organization:
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
https://api.github.com/orgs/ORG/repos
(reference: https://docs.github.com/en/rest/repos/repos#list-organization-repositories)
Take the result and convert it to an array.
For each element in the array, run your command:
curl -H "Authorization: token {PAT}" -L
https://api.github.com/repos/{org}/tarball/main > main.tar.gz

How to create Ravendb database using CURL Command

I have resolved this issue. My learnings so far...
CURL command accepts thumbprint in the command line instead of certificate files. We need to mention the thumbprint using the certificate store path. To get the certificate store and thumbprint run the following command in the powershell.
cd Cert:\LocalMachine\My\
Get-ChildItem -Path Cert:\LocalMachine\My\ (To get the certificate thumbprint)
PS Cert:\LocalMachine> curl.exe -X PUT -H "Content-Type: application/json" -d '{"DatabaseName": "DB_Name"}' --cert "LocalMachine\My\xxxxxx" --key "D:\RavenDB\certificates\xxx.key" https://xxx:000/admin/databases
This is the command which finally worked to create a database using CURL Command in Ravendb.
Thanks
Kannadasan

Can I get a working curl command to remove a system from RHEL subscription?

I want to automate the addition and removal of VMs from the RHEL Subscription. I want to use a curl command if possible and keep it simple.
I tried executing curl commands on the api.access.redhat.com/management/v1/subscriptions endpoints but it is giving errors like "Authentication parameters missing".
Below is an example command I am using:
curl -X GET -s -k -u username:Password "https://api.access.redhat.com/management/v1/subscriptions" -H "accept: application/json"
Expected to see the list of Subscribed systems but getting the "Authentication parameters missing" message.
In order to get all the subscriptions you have, run the following command:
curl -H "Authorization: Bearer $access_token" "https://api.access.redhat.com/management/v1/subscriptions"
You can retrieve the access_token variable by running the following command:
curl https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token -d grant_type=refresh_token -d client_id=rhsm-api -d refresh_token=$offline_token
The offline_token, instead, has to be generated from the API Tokens Page.
Check this article for further details.

Wonder why trying to upload a Letsencrypt .pem certificate using cURL to Cloudflare API throws "Malformed JSON in request body" error?

I have a script that attempts to replace my site's SSL cert on Cloudflare.
Certbot auto-renews the cert on the local server from Letsencrypt every three months. Now, the SSL .pem certificate renewed by certbot needs to be uploaded to Cloudflare using its API.
PRIVATE_KEY="/etc/letsencrypt/live/autoxxx.com.au/privkey.pem"
CERTIFICATE="/etc/letsencrypt/live/aautoxxx.com.au/cert.pem"
# read from files
PRIVATE_KEY=`cat $PRIVATE_KEY`
CERTIFICATE=`cat $CERTIFICATE`
DATA='{"private_key":"'$PRIVATE_KEY'","certificate":"'$CERTIFICATE'","bundle_method":"ubiquitous"}'
curl -i \
-X PATCH "https://api.cloudflare.com/client/v4/zones/rCWR4i3A24NZEzI4dFLYLAhU7tUBtJUSYQkh/custom_certificates/iqXVG2FV8Cgj5FXGMexIoJovtFQx5UhecVya" \
-H "X-Auth-Email: webdev#autoxxx.com.au" \
-H "X-Auth-Key: pg5Q89JI33nsgdA9iZwPky3q" \
-H "Content-Type: application/json" \
-d "$DATA" --trace-ascii /dev/stdout
But, running this script throws the following error
{"success":false,"errors":[{"code":6007,"message":"Malformed JSON in request body"}],"messages":[],"result":null}
Tried the quotes suggestion as in answer to the following question, but still the same error.
Why do I get a malformed JSON in request body in this cURL call?
I searched Google extensively.
Tried the following https://docs.vmware.com/en/Unified-Access-Gateway/3.0/com.vmware.access-point-30-deploy-config.doc/GUID-870AF51F-AB37-4D6C-B9F5-4BFEB18F11E9.html to put .pem into a single line. Used awk 'NF {sub(/\r/, ""); printf "%s\n",$0;}' to achieve this, but now it threw "Invalid Certificate" response.
The following code works perfectly. The above awk command was replacing carriage returns with new line \n, but Cloudflare, apparently, wants the literal "\n".
PRIVATE_KEY="/etc/letsencrypt/live/autoxxx.com.au/privkey.pem"
CERTIFICATE="/etc/letsencrypt/live/aautoxxx.com.au/cert.pem"
# read from file, put the .pem into single line and replace carriage returns with the literal "\n"
PRIVATE_KEY=`awk 'NF {sub(/\r/, ""); printf "%s\\\n",$0;}' $PRIVATE_KEY`
CERTIFICATE=`awk 'NF {sub(/\r/, ""); printf "%s\\\n",$0;}' $CERTIFICATE`
DATA='{"private_key":"'$PRIVATE_KEY'","certificate":"'$CERTIFICATE'","bundle_method":"ubiquitous"}'
curl -i \
-X PATCH "https://api.cloudflare.com/client/v4/zones/rCWR4i3A24NZEzI4dFLYLAhU7tUBtJUSYQkh/custom_certificates/iqXVG2FV8Cgj5FXGMexIoJovtFQx5UhecVya" \
-H "X-Auth-Email: webdev#autoxxx.com.au" \
-H "X-Auth-Key: pg5Q89JI33nsgdA9iZwPky3q" \
-H "Content-Type: application/json" \
-d "$DATA" --trace-ascii /dev/stdout

Spring Cloud config server encryption decryption

I am using the below command to encryot the password.
curl -H "Content-Type: text/plain" lonrs03668:8888/encrypt -d Simple12$jedi
after decryting the password, the value after $ sign getting lost and it is only returning the Simple12.
The issue is that if string contains the $ sign it is not encrypting/decrypting correctly.
Try curl -H 'content-type: text/plain' localhost:8888/encrypt --data-raw 'your password'
Below is working for me by adding \ before $ .
curl -u root:s3cr3t -H "Content-Type: text/plain" lonrs03668:8888/encrypt --data-ascii Simple12\$jedi.