Automated Certificate Renewal

Does anyone have experience automating the management of EPIC or RIO server certificates?

We’ve tried uploading using multi-form PUT to /manage/api/v1/ssl/upload using both our apiKey (ideal), and even valid NXTIO_JSESSIONID session cookies, and are getting 403 Forbidden responses. There’s something the browser is capable of doing that we haven’t figured out yet.

With root privileges on the EPIC we could do the heavy-handed thing and replace the certificates on the FS followed by an nginx reboot, but that won’t work on the RIO.

Anyone with advise on how to best automate this process? We expect to update thousands of certificates on a regular basis, and need a way to do it without human involvement.

Thank you,
-Loren

@loren1 Thanks for this post.
It has caused a solid amount of discussion among the software engineers and a few others.
A request ticket has been put in and the process of building this feature into both EPIC and RIO has begun.

In the few days since the post, the 3.0.0 RIO firmware was announced with SSH access, so the heavy handed approach should be viable for us until official support is added.

We have been using NodeJS through Node-RED for the multi-part form request, and have been working to see if a shell call to curl will do the trick. If so, we’ll update this thread with our findings.

Thank you for considering adding this support!