Skip to content

Instantly share code, notes, and snippets.

@aman207
Created August 21, 2023 13:32
Show Gist options
  • Save aman207/238fccff28b251d976cce7f015d4a90e to your computer and use it in GitHub Desktop.
Save aman207/238fccff28b251d976cce7f015d4a90e to your computer and use it in GitHub Desktop.
Fortigate wildcard certificate update
from fortigate_api import Fortigate
import base64
from datetime import datetime
import inotify.adapters
import inotify.constants
import requests
#Wildcard cert file location
CERT_FILE = ""
#Key file location
KEY_FILE = ""
#URL of the fortigate (FQDN/IP only, no https://)
URL = ""
#API token
TOKEN = ""
def _main():
inot = inotify.adapters.Inotify()
inot.add_watch(path_unicode=CERT_FILE,mask=inotify.constants.IN_CLOSE_WRITE)
for event in inot.event_gen(yield_nones=False):
fortigate = Fortigate(host=URL, token=TOKEN)
fortigate.login()
with open(CERT_FILE, "rb") as read:
cert = base64.urlsafe_b64encode(read.read(-1)).decode()
with open(KEY_FILE, "rb") as read:
key = base64.urlsafe_b64encode(read.read(-1)).decode()
date = datetime.today().strftime('%Y-%m-%d')
data = {
"certname": "CERTIFICATE-" + date,
"file_content": cert,
"key_file_content": key,
"password": "",
"scope": "global",
"type": "regular"
}
response = fortigate.post(url="api/v2/monitor/vpn-certificate/local/import/", data=data)
print(response)
data = {
"name": "wildcard deep inspection",
"server-cert": [
{"name": "CERTIFICATE-" + date}
],
"server-cert-mode": "replace"
}
response = fortigate.put(url="api/v2/cmdb/firewall/ssl-ssh-profile/wildcard%20deep%20inspection/", data=data)
print(response)
fortigate.logout()
if __name__ == '__main__':
_main()
fortigate_api
inotify
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment