For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

lnxgeek's avatar
lnxgeek
Icon for MVP rankMVP
Feb 23, 2022
Solved

Enable OCSP Stapling via REST API

Hi all I'm struggling with the command syntax that will apply my OCSP stabling configuration on a certificate. I have found a workaround by pushing native tmsh commands via the bash api like this: ...
devops
ocsp
rest api
  • JRahm's avatar
    JRahm
    Mar 01, 2022

    Hi lnxgeek, give this a shot:

     

    ## Human Readable ##
POST
to: https://ltm3.test.local/mgmt/tm/sys/file/ssl-cert/example.com_2021-12-12/cert-validators
body: {“name": "letsencrypt_ocsp_R3"}

PATCH
to: https://ltm3.test.local/mgmt/tm/sys/file/ssl-cert/example.com_2021-12-12/
body: {“certValidationOptions": ["ocsp"], "issuerCert": "RE_LE_2025"}

## CURL COMMANDS ##
curl -X POST \
  'https://ltm3.test.local/mgmt/tm/sys/file/ssl-cert/example.com_2021-12-12/cert-validators' \
  --header 'Accept: */*' \
  --header 'User-Agent: Thunder Client (https://www.thunderclient.io)' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Basic YWRtaW46YWRtaW4=' \
  --data-raw '{"name": "letsencrypt_ocsp_R3"}'

curl -X PATCH \
  'https://ltm3.test.local/mgmt/tm/sys/file/ssl-cert/example.com_2021-12-12/' \
  --header 'Accept: */*' \
  --header 'User-Agent: Thunder Client (https://www.thunderclient.io)' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Basic YWRtaW46YWRtaW4=' \
  --data-raw '{"certValidationOptions": ["ocsp"], "issuerCert": "RE_LE_2025"}'

     

     

     

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Mar 01, 2022

Hi lnxgeek, give this a shot:

 

## Human Readable ##
POST
to: https://ltm3.test.local/mgmt/tm/sys/file/ssl-cert/example.com_2021-12-12/cert-validators
body: {“name": "letsencrypt_ocsp_R3"}

PATCH
to: https://ltm3.test.local/mgmt/tm/sys/file/ssl-cert/example.com_2021-12-12/
body: {“certValidationOptions": ["ocsp"], "issuerCert": "RE_LE_2025"}

## CURL COMMANDS ##
curl -X POST \
  'https://ltm3.test.local/mgmt/tm/sys/file/ssl-cert/example.com_2021-12-12/cert-validators' \
  --header 'Accept: */*' \
  --header 'User-Agent: Thunder Client (https://www.thunderclient.io)' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Basic YWRtaW46YWRtaW4=' \
  --data-raw '{"name": "letsencrypt_ocsp_R3"}'

curl -X PATCH \
  'https://ltm3.test.local/mgmt/tm/sys/file/ssl-cert/example.com_2021-12-12/' \
  --header 'Accept: */*' \
  --header 'User-Agent: Thunder Client (https://www.thunderclient.io)' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Basic YWRtaW46YWRtaW4=' \
  --data-raw '{"certValidationOptions": ["ocsp"], "issuerCert": "RE_LE_2025"}'

 

 

 

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Mar 01, 2022

also note that the /sys/crypto interface shouldn't be used period with the iControl REST interface, use /sys/file/ssl-key, /sys/file/ssl-cert, and /sys/file/ssl-csr instead.