Junos Automation (Scripting)
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 57
Registered: ‎01-02-2014
0 Kudos

Junos Space -> script for clear security pki local-certificate system-generated

HI all,

 

I have some SRX-Boxes with expired local system generated certificates.

So normaly I execute the command -> clear security pki local-certificate system-generated and the box is generating a new local certificate.

But now, I want to execute this command on the affected devices  via JSPACE.

So I think, the best way would be to create a script which will be imported into JSPACE.

I am sorry, but I am totally new to Junos Scripting so I will need your help.

Could you please tell me, how to achive my goal ?

 

Thanks and have a nice day.

Christoph.

Recognized Expert
Posts: 325
Registered: ‎10-04-2012
0 Kudos

Re: Junos Space -> script for clear security pki local-certificate system-generated

[ Edited ]

Hi,

 

The following is very basic script that performs this function, no error handling or anything like that, but a starting point at least.

 

Regards,

Andy

 

version 1.2; /* don't change this value */
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";

/* 
   Notes: The CONTEXT is defined so that the script will only be available
          when executed against SRX (junos-es) devices.
          The PROMOTE annotation will convert this script into a menu item only
          if Advanced Xpath Processing is enabled via 
          [Adminstration\Applications\Network Management Platform\Modify Application Settings\
          CLIConfiglets\Advanced Xpath Processing]

    Installation:
        Import this SLAX script into Junos Space as you would any other SLAX script.
        Since this script is defined as a local script (ISLOCAL) you do not stage this
        script, it is executed by Junos Space and not by a device!
        Once the script has been imported, Navigate to the Device Management view, and
        select a SINGLE SRX device.
        - Right click the selected device, or select the Action menu
        - Select Device Operations
        - Select menu item Generate new certificate (only if Advanced Xpath processing is enabled)
        - else select Execute Scripts and select the script and then click Execute.
*/

/* Junos Space specific context, name and description */
/* @CONTEXT = "/device[system-information/os-name='junos-es']" */
/* @NAME = "Generate new certificate" */
/* @DESCRIPTION = "jnet example" */
/* @ISLOCAL = "true" */
/* @PROMOTE = "yes" */

main <op-script-results> {
    <output> {
        var $conn = jcs:open(); /* open connection to selected device */
        var $rpc = {
            <clear-pki-local-certificate> {
                <system-generated>;
            }
        }
        var $results = jcs:execute($conn, $rpc);
        expr "\nAll done...\n";
        expr "Certificate details as follows:\n";
        var $certrpc = {
            <get-pki-local-certificate> {
                <system-generated>;
<detail>; } } var $rescert = jcs:execute($conn, $certrpc);

/* rough dump of the rpc */
        expr "Identifier: \t\t" _ $rescert//identifier _ "\n";
        expr "Version: \t\t" _ $rescert//version _ "\n";
        expr "Serial Number: \t\t" _ $rescert//serial-number-x509 _ "\n";
        expr "Common Name: \t\t"  _ $rescert//issuer-name/distinguished-name/common-name _ "\n";
        expr "Subject: \t\t" _ $rescert//subject-string _ "\n";
        expr "Valid Not Before: \t" _ $rescert//not-before _ "\n";
        expr "Valid Not After: \t" _ $rescert//not-after _ "\n";
        expr "Public Key Algo: \t" _ $rescert//public-key-algorithm _ "\n";
        expr "Public Key Length: \t" _ $rescert//public-key-length _ "\n";
        expr "Public Key Contents:\n";
        expr $rescert//key-contents _ "\n";
        expr "Signature Algo: \t" _ $rescert//signature-algorithm _ "\n";

expr jcs:close($conn); /* close connection */ } }
Highlighted
Contributor
Posts: 57
Registered: ‎01-02-2014
0 Kudos

Re: Junos Space -> script for clear security pki local-certificate system-generated

Wow, thanks a lot !

Will try your scrit and will give you feedback asap.

 

Thanks Smiley Happy