Forum Discussion
Francois_LAGANT
Nimbostratus
NimbostratusAPI REST error 400
Hello,
I try to download an ssl certificate via the REST APIs /mgmt/tm/sys/crypto/cert from f5 but I always get the following response:
curl -sk -H "X-F5-Auth-Token: XXXXXX" https://x.x.x.x/mgmt/tm/sys/crypto/cert -H 'Content-Type: application/json' -d '{"command": "install","name":"testcsr","from-local-file":"/var/www/html/certs/certificates/files/test_certificate.pem"}'{"code":400,"message":"Unable to copy (/var/www/html/certs/certificats/files/test_certificate.pem) into tempfile (/var/system/tmp/tmsh/LmjqSd/test_certificate.pem), No such file or directory","errorStack":[],"apiError":26214401}
with the API /mgmt/tm/sys/crypto/key it's the same
curl -sk -H "X-F5-Auth-Token: XXXXXX" https://x.x.x.x/mgmt/tm/sys/crypto/key -H 'Content-Type: application/json' -d '{"command": "install","name":"testpriv","from-local-file":"/var/www/html/certs/certificates/files/test_priv_key.pem"}'{"code":400,"message":"Unable to copy (/var/www/html/certs/certificats/files/test_priv_key.pem) into tempfile (/var/system/tmp/tmsh/qbfN77/test_priv_key.pem)
However, the upload function works correctly:
curl -sk -H "X-F5-Auth-Token: XXXXXX" https://x.x.x.x/mgmt/shared/file-transfer/uploads/test_certificate.pem -H 'Content-Type: application/octet-stream' -H 'Content-Range: 0-2060/2061' -H 'Connection: Close' --data-binary @/var/www/html/certs/certificates/files/test_certificate.pem{"remainingByteCount":0,"usedChunks":{"0":2061},"totalByteCount":2061,"localFilePath":"/var/config/rest/downloads/test_certificate.pem","temporaryFilePath":"/ var/config/rest/downloads/tmp/test_certificate.pem","generation":0,"lastUpdateMicros":1661351051400388}
But from this last command how can I create the certificate?
Thank you for your help
François
6 Replies
Francois_LAGANTHello JRahm
Thank you for your answer but it does not work, I have another error.
Test done via curl and via python.curl -sk -H "X-F5-Auth-Token: XXXXXX" -X POST https://x.x.x.x/mgmt/tm/sys/file/ssl-cert -H 'Content-Type: application/json' -d '{"name":"testcsr","partition": "Common","sourcePath":"/var/www/html/certs/certificats/files/test_certificate.pem"}'{ "code": 400, "message": "Failed! exit_code (3).\n", "errorStack": [], "apiError": 26214401 }from f5.bigip import ManagementRoot # Connect to the BIG-IP mgmt = ManagementRoot("x.x.x.x", "admin", "admin") cert = mgmt.tm.sys.file.ssl_certs.ssl_cert.create(name='test_cert', sourcePath='/var/www/html/certs/certificats/files/test_certificate.pem')Traceback (most recent call last): File "/root/test-f5-api.py", line 22, in <module> cert = mgmt.tm.sys.file.ssl_certs.ssl_cert.create(name='test_cert', sourcePath='/var/www/html/certs/certificats/files/test_certificate.pem') File "/root/f5-common-python/f5/bigip/resource.py", line 1053, in create return self._create(**kwargs) File "/root/f5-common-python/f5/bigip/resource.py", line 1015, in _create response = session.post(_create_uri, json=kwargs, **requests_params) File "/usr/local/lib/python3.9/site-packages/icontrol/session.py", line 295, in wrapper raise iControlUnexpectedHTTPError(error_message, response=response) icontrol.exceptions.iControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri: https://x.x.x.x:443/mgmt/tm/sys/file/ssl-cert/ Text: '{"code":400,"message":"Failed! exit_code (3).\\n","errorStack":[],"apiError":26214401}'Do you have a working example?
Test carried out on an F5 in version 13.1.5 and in version 14.1.4.6 with the same result.- Francois_LAGANT
I saw on a devcentral post that it was necessary to add file: to the pathfile.
curl -sku admin:admin -X POST https://x.x.x.x/mgmt/tm/sys/file/ssl-cert -H 'Content-Type: application/json' -d '{"name":"testcsr.crt","partition": "Common","sourcePath":"file:/var/www/html/certs/certificats/files/test_certificate.pem"}'{ "code": 400, "message": "Failed! exit_code (37).\n", "errorStack": [], "apiError": 26214401 }from f5.bigip import ManagementRoot # Connect to the BIG-IP mgmt = ManagementRoot("x.x.x.x", "admin", "admin") cert = mgmt.tm.sys.file.ssl_certs.ssl_cert.create(name='test_cert', sourcePath='file:/var/www/html/certs/certificats/files/test_certificate.pem')Traceback (most recent call last): File "/root/test-f5-api.py", line 22, in <module> cert = mgmt.tm.sys.file.ssl_certs.ssl_cert.create(name='test_cert', sourcePath='file:/var/www/html/certs/certificats/files/test_certificate.pem') File "/root/f5-common-python/f5/bigip/resource.py", line 1053, in create return self._create(**kwargs) File "/root/f5-common-python/f5/bigip/resource.py", line 1015, in _create response = session.post(_create_uri, json=kwargs, **requests_params) File "/usr/local/lib/python3.9/site-packages/icontrol/session.py", line 295, in wrapper raise iControlUnexpectedHTTPError(error_message, response=response) icontrol.exceptions.iControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri: https://lbaind2itvpx101-adm.nor.fr.intraorange:443/mgmt/tm/sys/file/ssl-cert/ Text: '{"code":400,"message":"Failed! exit_code (37).\\n","errorStack":[],"apiError":26214401}'it would be a problem of rights or other API but I don't know where?
- JRahm
Admin
Looks like you're missing a letter in certificates in your source file path on quick glance.
on my phone with a break in daddy duty...can dig in a little later this morning once little man gets to preschool.
- JRahm
Hi Francois_LAGANT, those endpoints are deprecated. You should use these instead:
- /mgmt/tm/sys/file/ssl-cert
- /mgmt/tm/sys/file/ssl-crl
- /mgmt/tm/sys/file/ssl-csr
- /mgmt/tm/sys/file/ssl-key
- /mgmt/tm/sys/file/system-ssl-cert
- /mgmt/tm/sys/file/system-ssl-key
I wrote functional tests against these endpoints while developing the python SDK, they're here in this repo on Github if that's of any help.
