5 replies

Create Origin Cert via API -- do I need a CSR? Seems like I shouldn't.

I've tried both using an API key and with an Origin CA service key...
But in both instances, it is coming back saying

CSR parsed as empty

CSR parsed as empty

, despite it being an optional field?
Is there not a way to do this without generating a CSR manually in my script?

https://developers.cloudflare.com/api/resources/origin_ca_certificates/

Here's one using Origin CA key

CF_API_BASE = "https://api.cloudflare.com/client/v4"

load_dotenv()
ORIGIN_CA_KEY = os.getenv("ORIGIN_CA_KEY")

def get_headers(origin_ca_key):
    return {
        "X-Auth-User-Service-Key": origin_ca_key,
        "Content-Type": "application/json",
    }

def issue_origin_ca_cert(origin_ca_key, domains):
    url = f"{CF_API_BASE}/certificates"
    payload = {
        "hostnames": domains,
        "requested_validity": 5475,
        "request_type": "origin-rsa"
    }
    resp = requests.post(url, json=payload, headers=get_headers(origin_ca_key))
    if resp.status_code != 200:
        print(f"[ERROR] Cloudflare API error (issue origin ca cert): {resp.text}")
        return None, None, None
    result = resp.json()["result"]
    return result["certificate"], result["private_key"], result.get("id", "new")

CF_API_BASE = "https://api.cloudflare.com/client/v4"

load_dotenv()
ORIGIN_CA_KEY = os.getenv("ORIGIN_CA_KEY")

def get_headers(origin_ca_key):
    return {
        "X-Auth-User-Service-Key": origin_ca_key,
        "Content-Type": "application/json",
    }

def issue_origin_ca_cert(origin_ca_key, domains):
    url = f"{CF_API_BASE}/certificates"
    payload = {
        "hostnames": domains,
        "requested_validity": 5475,
        "request_type": "origin-rsa"
    }
    resp = requests.post(url, json=payload, headers=get_headers(origin_ca_key))
    if resp.status_code != 200:
        print(f"[ERROR] Cloudflare API error (issue origin ca cert): {resp.text}")
        return None, None, None
    result = resp.json()["result"]
    return result["certificate"], result["private_key"], result.get("id", "new")

[INFO] Starting process for 1 domain(s).
[ACTION] Issuing new origin ca cert for redacated.com and *.redacated.com...
[ERROR] Cloudflare API error (issue origin ca cert): {"success":false,"messages":[],"errors":[{"code":1007,"message":"CSR parsed as empty"}],"result":{},"result_info":{"count":0,"total_count":0}}
[ERROR] Could not create or save new origin ca cert for redacated.com.
[INFO] Done.

[INFO] Starting process for 1 domain(s).
[ACTION] Issuing new origin ca cert for redacated.com and *.redacated.com...
[ERROR] Cloudflare API error (issue origin ca cert): {"success":false,"messages":[],"errors":[{"code":1007,"message":"CSR parsed as empty"}],"result":{},"result_info":{"count":0,"total_count":0}}
[ERROR] Could not create or save new origin ca cert for redacated.com.
[INFO] Done.

Create Origin Cert via API -- do I need a CSR? Seems like I shouldn't.

I've tried both using an API key and with an Origin CA service key...
But in both instances, it is coming back saying

CSR parsed as empty

CSR parsed as empty

CF_API_BASE = "https://api.cloudflare.com/client/v4"

load_dotenv()
ORIGIN_CA_KEY = os.getenv("ORIGIN_CA_KEY")

def get_headers(origin_ca_key):
    return {
        "X-Auth-User-Service-Key": origin_ca_key,
        "Content-Type": "application/json",
    }

def issue_origin_ca_cert(origin_ca_key, domains):
    url = f"{CF_API_BASE}/certificates"
    payload = {
        "hostnames": domains,
        "requested_validity": 5475,
        "request_type": "origin-rsa"
    }
    resp = requests.post(url, json=payload, headers=get_headers(origin_ca_key))
    if resp.status_code != 200:
        print(f"[ERROR] Cloudflare API error (issue origin ca cert): {resp.text}")
        return None, None, None
    result = resp.json()["result"]
    return result["certificate"], result["private_key"], result.get("id", "new")

CF_API_BASE = "https://api.cloudflare.com/client/v4"

load_dotenv()
ORIGIN_CA_KEY = os.getenv("ORIGIN_CA_KEY")

def get_headers(origin_ca_key):
    return {
        "X-Auth-User-Service-Key": origin_ca_key,
        "Content-Type": "application/json",
    }

def issue_origin_ca_cert(origin_ca_key, domains):
    url = f"{CF_API_BASE}/certificates"
    payload = {
        "hostnames": domains,
        "requested_validity": 5475,
        "request_type": "origin-rsa"
    }
    resp = requests.post(url, json=payload, headers=get_headers(origin_ca_key))
    if resp.status_code != 200:
        print(f"[ERROR] Cloudflare API error (issue origin ca cert): {resp.text}")
        return None, None, None
    result = resp.json()["result"]
    return result["certificate"], result["private_key"], result.get("id", "new")

[INFO] Starting process for 1 domain(s).
[ACTION] Issuing new origin ca cert for redacated.com and *.redacated.com...
[ERROR] Cloudflare API error (issue origin ca cert): {"success":false,"messages":[],"errors":[{"code":1007,"message":"CSR parsed as empty"}],"result":{},"result_info":{"count":0,"total_count":0}}
[ERROR] Could not create or save new origin ca cert for redacated.com.
[INFO] Done.

[INFO] Starting process for 1 domain(s).
[ACTION] Issuing new origin ca cert for redacated.com and *.redacated.com...
[ERROR] Cloudflare API error (issue origin ca cert): {"success":false,"messages":[],"errors":[{"code":1007,"message":"CSR parsed as empty"}],"result":{},"result_info":{"count":0,"total_count":0}}
[ERROR] Could not create or save new origin ca cert for redacated.com.
[INFO] Done.

Create Origin Cert via API -- do I need a CSR? Seems like I shouldn't.

Create Origin Cert via API -- do I need a CSR? Seems like I shouldn't.

Similar Threads

Similar Threads

Similar Threads