Forum Discussion

  • Ed_Summers's avatar
    Ed_Summers
    Icon for Nimbostratus rankNimbostratus
    Aug 01, 2017

    I encountered a small issue and haven't worked out the proper (per SDK) way to handle it yet.

    The config has both the cert-key-chain field that holds the cert, key, and chain-cert as one item. But the config also has what I believe are the 'legacy' cert, key, and chain fields. In the SDK these are represented by attributes certKeyChain, cert, key, and chain, respectively.

    I have not been able to update a profile by only updating the certKeyChain. I've tried various ways of 'blanking' out the other fields, or even deleting the attributes entirely before performing an update. All result in error. The only success I've had is to update both certKeyChain and the cert, key, and chain fields with the same value. I assume there's a cleaner way to do this.

    Note: Output heavily trimmed for brevity:

    >>> pprint(my_profile.raw)
{'_meta_data': {'allowed_commands': [],
[...]
 u'cert': u'/Common/second-test-key.crt',
 u'certExtensionIncludes': [u'basic-constraints', u'subject-alternative-name'],
 u'certKeyChain': [{u'appService': u'none',
                    u'cert': u'/Common/second-test-key.crt',
                    u'certReference': {u'link': u'https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~second-test-key.crt?ver=13.0.0'},
                    u'chain': u'none',
                    u'key': u'/Common/second-test-key.key',
                    u'keyReference': {u'link': u'https://localhost/mgmt/tm/sys/file/ssl-key/~Common~second-test-key.key?ver=13.0.0'},
                    u'name': u'second-test-key'}],
 u'chain': u'none',
 u'key': u'/Common/second-test-key.key',
 u'name': u'my_profile',

>>> new_certificate = '/Common/first_test_key.crt'
>>> new_key = '/Common/first_test_key.key'
>>> new_certKeyChain = {'name': 'first_test_key',
...                     'cert': new_certificate,
...                     'key': new_key,
...                     }
>>> my_profile.certKeyChain.pop()
>>> my_profile.certKeyChain.append(new_certKeyChain)
>>> my_profile.cert = new_certificate
>>> my_profile.key = new_key
>>> my_profile.update()
>>> pprint(my_profile.raw)
{'_meta_data': {'allowed_commands': [],
 u'cert': u'/Common/first_test_key.crt',
 u'certExtensionIncludes': [u'basic-constraints', u'subject-alternative-name'],
 u'certKeyChain': [{u'appService': u'none',
                    u'cert': u'/Common/first_test_key.crt',
                    u'certReference': {u'link': u'https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~first_test_key.crt?ver=13.0.0'},
                    u'chain': u'none',
                    u'key': u'/Common/first_test_key.key',
                    u'keyReference': {u'link': u'https://localhost/mgmt/tm/sys/file/ssl-key/~Common~first_test_key.key?ver=13.0.0'},
                    u'name': u'first_test_key'}],
 u'chain': u'none',
 u'key': u'/Common/first_test_key.key',
 u'name': u'my_profile',