Simple way to update HTTPS certificates from linux cli?

[stanford-scs]

I have a deployment with a large number of axis cameras, and I periodically need to update the HTTPS certificates when they expire. Doing so through the web UI is extremely painful.

The VAPIX library does have support for certificate management, but unfortunately it's only a SOAP API. Is it possible to upload a new certificate (for the existing key) or a key/certificate combination from the command line, either using curl or maybe some simple WSDL tool? If so, I would really appreciate an example of how to do this. Thanks.

[vivekatoffice]

Hi @stanford-scs ,

Please find following two ways to update the certificate using Linux CLI:

Please note: For windows machine I will suggest to use AXIS Device Manager at first place. The CA certificate used below is generated with AXIS Device Manager only 😊

Using CURL

Curl command:

curl --anyauth -u "root:pass" --header "Content-Type': 'text/xml; charset=utf-8" --header "SOAPAction:Post" --data @test_curl.xml http://192.168.2.13/vapix/services

test_curl.xml in same folder

<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="http://www.w3.org/2003/05/soap-envelope">
 <Header/>
 <Body >
<LoadCACertificates xmlns="http://www.onvif.org/ver10/device/wsdl" xmlns:tt="http://www.onvif.org/ver10/schema"><CACertificate><tt:CertificateID>Axis_Device_Management_Root_Certificate_VIVEK_by_cURL</tt:CertificateID><tt:Certificate><tt:Data>MIIFZjCCA06gAwIBAgIIHXwMt/qNiPcwDQYJKoZIhvcNAQELBQAwPzE9MDsGA1UEAww0QVhJUyBE
ZXZpY2UgTWFuYWdlciByb290IGNlcnRpZmljYXRlIERFU0tUT1AtREJEOUQ4QjAeFw0yMzA5MTIw
NzIyNDJaFw0zMzA5MTIwNzIyNDJaMD8xPTA7BgNVBAMMNEFYSVMgRGV2aWNlIE1hbmFnZXIgcm9v
dCBjZXJ0aWZpY2F0ZSBERVNLVE9QLURCRDlEOEIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCFU/B/3K+TcAyDGDwE9bifxEzkM38O6UNIG6bSUZS/y8w9Q19yZMm58cHzoJqYuLxf24Xj
A4fQMFrmjTXhTKhBUyZGxfdd/nkeIQjC3NjYDMToH+272gHcc/LEW8UwK9FXaMLVmH7qwgdM3slM
7uuU+HJQNU+DMITGYbUTLMLq777aVju0GyWYBb25w+FCE8rjJDx0NA5egyIe5ZNIYetzIsqviV5D
lkZyvDojRfFKnuBvdX5NOs8HzYMQ4wBwOIcOPnOia7qtEdR/v4rURkrNYhFE8QfO8E1sfHN7d4gd
Zmogjjexw+Gp/idHj+HZ0lWEyqTxd6KKyQGXmOfYj6rDb/ciGJzJ4Oxa5Sol6zY7Ra6gIxJMlk7+
7n59h2dN9H7R4sxM+la0fd/amMKLIuv+ZHsJwYBLqplsVLNi49I7NGtYmoJdT1LuThoJ2Ze5FVOz
fnhzba7H6TuBKWcDn7MIs9k069XgDYwxlF28d8QDKp8lRy7G38nCe7jK35kG/XT49tBOf8BTjh28
wvvp6QUisbQYMFXsd6pfgtOSpaCA8/N4Da1aoFQ72cHZQy9MeRTGLzN0w2JkreMziHvBur0pQLYU
eOpTkMLbho0rafG8VrBzu0aEIdlIxTpJr86S/1NzqtSoBKHNfU+468lUQ1LdWzHUa3/7riEHC1YS
I3l9GQIDAQABo2YwZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwICBDAdBgNVHQ4E
FgQU6Ut818qCg6ARbTaZbb+L9e2h76cwHwYDVR0jBBgwFoAU6Ut818qCg6ARbTaZbb+L9e2h76cw
DQYJKoZIhvcNAQELBQADggIBABLqYKV4GKGA+aBsQOkcbxwMX2mD7GPN0UQBRWTpC3xwZoTjUB5B
VtHG0sc0Op9HUcJwevEYSkjKfxTtjOoD0Ke/lzAOfaZAtYvFpjO1TvRdPJqhXzfLkDcBC9v/pACd
vv2EsX8w+JhlLF7c89SNBFjUcdswxr3/8eiZFmGZCsiLHzpzBmdHmhyIQx+0OfnjFsDqygr0/3Q0
PHOvKJJ4EdxxBJlRCbxlOeLoI//WrvKPZ/3/18PaysOqYs1uoeVO5gBTMQSyx7bkP4CWNiozAI+2
Y4cfhsZFC8evfKAGRaFZeJj6rYPpWMhYSokUSjLTQzQEmrDLpwDf6X41iqH1eUnwrOWNma2XtLIS
04SEwhHMM4pHGVgl4fLktbkYKFjYE9J+w3Dcckd4XGMxW1zQNWK7jCzRQ41ojslp78YlI2y6FZFK
aLbUKUPTK/k4WbgLvDhKQJlrVLBjeo9UVChBkTc5Ng88uUCsYNMjJAii74kmREojM77/ChGAeZOr
TDEE2kBdIb/C9tB199gYdCnR+GcFqNQbhsjZcvWp/ze57R/EIlnoZFNFxuJgDzBSuo2harDD+PJA
wvjKYVkZ7vfMGAsamRvUvLrhR7oTKokoygMkS9Lwrjn4PdmCUNPmejMCyP10ALC02wYL1uBs94gL
saYRZnA4oXwGeGBKmzPeQYk3</tt:Data></tt:Certificate></CACertificate></LoadCACertificates>
 </Body>
</Envelope>

Response

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsa5="http://www.w3.org/2005/08/addressing" xmlns:xmime="http://tempuri.org/xmime.xsd" xmlns:xop="http://www.w3.org/2004/08/xop/include" xmlns:ns1="http://www.onvif.org/ver20/analytics/humanface" xmlns:ns2="http://www.onvif.org/ver20/analytics/humanbody" xmlns:wsrfbf="http://docs.oasis-open.org/wsrf/bf-2" xmlns:wstop="http://docs.oasis-open.org/wsn/t-1" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:acert="http://www.axis.com/vapix/ws/cert" xmlns:wsrfr="http://docs.oasis-open.org/wsrf/r-2" xmlns:aa="http://www.axis.com/vapix/ws/action1" xmlns:acertificates="http://www.axis.com/vapix/ws/certificates" xmlns:aentry="http://www.axis.com/vapix/ws/entry" xmlns:aev="http://www.axis.com/vapix/ws/event1" xmlns:aeva="http://www.axis.com/vapix/ws/embeddedvideoanalytics1" xmlns:ali1="http://www.axis.com/vapix/ws/light/CommonBinding" xmlns:ali2="http://www.axis.com/vapix/ws/light/IntensityBinding" xmlns:ali3="http://www.axis.com/vapix/ws/light/AngleOfIlluminationBinding" xmlns:ali4="http://www.axis.com/vapix/ws/light/DayNightSynchronizeBinding" xmlns:ali="http://www.axis.com/vapix/ws/light" xmlns:apc="http://www.axis.com/vapix/ws/panopsiscalibration1" xmlns:arth="http://www.axis.com/vapix/ws/recordedtour1" xmlns:asd="http://www.axis.com/vapix/ws/shockdetection" xmlns:aweb="http://www.axis.com/vapix/ws/webserver" xmlns:tan1="http://www.onvif.org/ver20/analytics/wsdl/RuleEngineBinding" xmlns:tan2="http://www.onvif.org/ver20/analytics/wsdl/AnalyticsEngineBinding" xmlns:tan="http://www.onvif.org/ver20/analytics/wsdl" xmlns:tds="http://www.onvif.org/ver10/device/wsdl" xmlns:tev1="http://www.onvif.org/ver10/events/wsdl/NotificationProducerBinding" xmlns:tev2="http://www.onvif.org/ver10/events/wsdl/EventBinding" xmlns:tev3="http://www.onvif.org/ver10/events/wsdl/SubscriptionManagerBinding" xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" xmlns:tev4="http://www.onvif.org/ver10/events/wsdl/PullPointSubscriptionBinding" xmlns:tev="http://www.onvif.org/ver10/events/wsdl" xmlns:timg="http://www.onvif.org/ver20/imaging/wsdl" xmlns:tmd="http://www.onvif.org/ver10/deviceIO/wsdl" xmlns:tptz="http://www.onvif.org/ver20/ptz/wsdl" xmlns:tr2="http://www.onvif.org/ver20/media/wsdl" xmlns:trc="http://www.onvif.org/ver10/recording/wsdl" xmlns:trp="http://www.onvif.org/ver10/replay/wsdl" xmlns:trt="http://www.onvif.org/ver10/media/wsdl" xmlns:tse="http://www.onvif.org/ver10/search/wsdl" xmlns:ter="http://www.onvif.org/ver10/error" xmlns:tns1="http://www.onvif.org/ver10/topics" xmlns:tnsaxis="http://www.axis.com/2009/event/topics"><SOAP-ENV:Header></SOAP-ENV:Header><SOAP-ENV:Body><tds:LoadCACertificatesResponse></tds:LoadCACertificatesResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>

Python code

SOAP_CALL_CA_Certificate_upload.py

import requests
from requests.auth import HTTPDigestAuth

url = "http://192.168.2.13/vapix/services"
payload =""

# open the input xml file and read
# data in form of python dictionary
# using xmltodict module
with open("test.xml") as xml_file:
     
    payload = xml_file.read()
# headers
headers = {
    'Content-Type': 'text/xml; charset=utf-8'
}
# POST request
#response = requests.request("POST", url, headers=headers, data=payload)
response = requests.request('POST',url,data=payload, auth=HTTPDigestAuth('root','pass'), verify=False) 
# prints the response
print(response.text)
print(response)

test.xml

<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="http://www.w3.org/2003/05/soap-envelope">
 <Header/>
 <Body >
<LoadCACertificates xmlns="http://www.onvif.org/ver10/device/wsdl" xmlns:tt="http://www.onvif.org/ver10/schema"><CACertificate><tt:CertificateID>Axis_Device_Management_Root_Certificate_VIVEK</tt:CertificateID><tt:Certificate><tt:Data>MIIFZjCCA06gAwIBAgIIHXwMt/qNiPcwDQYJKoZIhvcNAQELBQAwPzE9MDsGA1UEAww0QVhJUyBE
ZXZpY2UgTWFuYWdlciByb290IGNlcnRpZmljYXRlIERFU0tUT1AtREJEOUQ4QjAeFw0yMzA5MTIw
NzIyNDJaFw0zMzA5MTIwNzIyNDJaMD8xPTA7BgNVBAMMNEFYSVMgRGV2aWNlIE1hbmFnZXIgcm9v
dCBjZXJ0aWZpY2F0ZSBERVNLVE9QLURCRDlEOEIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCFU/B/3K+TcAyDGDwE9bifxEzkM38O6UNIG6bSUZS/y8w9Q19yZMm58cHzoJqYuLxf24Xj
A4fQMFrmjTXhTKhBUyZGxfdd/nkeIQjC3NjYDMToH+272gHcc/LEW8UwK9FXaMLVmH7qwgdM3slM
7uuU+HJQNU+DMITGYbUTLMLq777aVju0GyWYBb25w+FCE8rjJDx0NA5egyIe5ZNIYetzIsqviV5D
lkZyvDojRfFKnuBvdX5NOs8HzYMQ4wBwOIcOPnOia7qtEdR/v4rURkrNYhFE8QfO8E1sfHN7d4gd
Zmogjjexw+Gp/idHj+HZ0lWEyqTxd6KKyQGXmOfYj6rDb/ciGJzJ4Oxa5Sol6zY7Ra6gIxJMlk7+
7n59h2dN9H7R4sxM+la0fd/amMKLIuv+ZHsJwYBLqplsVLNi49I7NGtYmoJdT1LuThoJ2Ze5FVOz
fnhzba7H6TuBKWcDn7MIs9k069XgDYwxlF28d8QDKp8lRy7G38nCe7jK35kG/XT49tBOf8BTjh28
wvvp6QUisbQYMFXsd6pfgtOSpaCA8/N4Da1aoFQ72cHZQy9MeRTGLzN0w2JkreMziHvBur0pQLYU
eOpTkMLbho0rafG8VrBzu0aEIdlIxTpJr86S/1NzqtSoBKHNfU+468lUQ1LdWzHUa3/7riEHC1YS
I3l9GQIDAQABo2YwZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwICBDAdBgNVHQ4E
FgQU6Ut818qCg6ARbTaZbb+L9e2h76cwHwYDVR0jBBgwFoAU6Ut818qCg6ARbTaZbb+L9e2h76cw
DQYJKoZIhvcNAQELBQADggIBABLqYKV4GKGA+aBsQOkcbxwMX2mD7GPN0UQBRWTpC3xwZoTjUB5B
VtHG0sc0Op9HUcJwevEYSkjKfxTtjOoD0Ke/lzAOfaZAtYvFpjO1TvRdPJqhXzfLkDcBC9v/pACd
vv2EsX8w+JhlLF7c89SNBFjUcdswxr3/8eiZFmGZCsiLHzpzBmdHmhyIQx+0OfnjFsDqygr0/3Q0
PHOvKJJ4EdxxBJlRCbxlOeLoI//WrvKPZ/3/18PaysOqYs1uoeVO5gBTMQSyx7bkP4CWNiozAI+2
Y4cfhsZFC8evfKAGRaFZeJj6rYPpWMhYSokUSjLTQzQEmrDLpwDf6X41iqH1eUnwrOWNma2XtLIS
04SEwhHMM4pHGVgl4fLktbkYKFjYE9J+w3Dcckd4XGMxW1zQNWK7jCzRQ41ojslp78YlI2y6FZFK
aLbUKUPTK/k4WbgLvDhKQJlrVLBjeo9UVChBkTc5Ng88uUCsYNMjJAii74kmREojM77/ChGAeZOr
TDEE2kBdIb/C9tB199gYdCnR+GcFqNQbhsjZcvWp/ze57R/EIlnoZFNFxuJgDzBSuo2harDD+PJA
wvjKYVkZ7vfMGAsamRvUvLrhR7oTKokoygMkS9Lwrjn4PdmCUNPmejMCyP10ALC02wYL1uBs94gL
saYRZnA4oXwGeGBKmzPeQYk3</tt:Data></tt:Certificate></CACertificate></LoadCACertificates>
 </Body>
</Envelope>

Output: