Ability to sign a CSR using api.

[devatnull]

Is your feature request related to existing pfSense functionality that is missing from the API? Please describe.
Can not sign a CSR using the api.

Is your feature request related to a problem? Please describe.
No.

Describe the solution you'd like
I would like to sign a CSR.

Describe alternatives you've considered
Implementing methods to createcert function would be fine i believe.(user must know the CA refid first.)

Additional context

curl --location --request POST 'https://192.168.124.2/api/v1/system/certificate' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Basic YasdasdaWasdIzasdasdasdh' \
--data-raw '{
  "method": "sign",
  "descr": "FreeIPA CSR",
  "catosignwith": "$CA_REFID",
  "csrtosign": "new",
  "csrpaste:": "$CSR",
  "csrsign_lifetime": 10,
  "csrsign_digest_alg": "sha256",
  "import_type": "x509",
  "pkcs12_cert": "(binary)",
  "csr_keylen": 2048,
  "csr_ecname": "prime256v1",
  "csr_digest_alg": "sha256",
  "type": "server"
}'

Output:

{
  "status": "bad request",
  "code": 400,
  "return": 1032,
  "message": "Unsupported certificate management method specified",
  "data": []
}

[DTvGe45vc]

I have same problem

curl -k -X 'POST' 'https://hostnameXXX/api/v1/system/certificate'
-H 'Authorization: XXXXXXXXX XXXXXXXXXXXXX'
-H 'accept: application/json'
-H 'Content-Type: application/json'
-d '{
"active": true,
"altnames": [
{}
],
"caref": "test",
"crt": "test1",
"descr": "test1",
"digest_alg": "sha256",
"dn_city": "test",
"dn_commonname": "test1",
"dn_country": "test",
"dn_organization": "test",
"dn_organizationalunit": "test",
"dn_state": "RU",
"keylen": 2048,
"keytype": "RSA",
"lifetime": 3650,
"method": "create",
"type": "user"
}'

{"status":"bad request","code":400,"return":1032,"message":"Unsupported certificate management method specified","data":[]}

[av-commits]

@devatnull
As far as I understand your reqest is to sign a extrenal CSR (private key is not in pfsense) with a local CA (CA private key is in pfsense)?

@DTvGe45vc
If I interpret your curl request correctly you ask for sign a pfsense CSR (private key is in pfsense) with a external CA? the Two functions: on to generate a keypair and the accoring CSR and a second one to add the external create certificate to the existing key.

Both feature are available in the web ui.

My CA platform (ce version) is not supporting acme. Currently I'm automating the certificate replacement process, that also include the generation of CSR and load of Cert (sign a pfsense CSR with a external CA). I will try to do a PR for that.

But I think this only partly related to this issue, maybe to DTvGe45vc request.