Forum Discussion

JaiAgarwal's avatar
Icon for Nimbostratus rankNimbostratus
Jun 13, 2022

Error on Updating certificate on a client SSL profile using the REST API

Hi All,

I find the below error response on calling the API to update SSL profile on F5 device. I have already upload the cert and key successfully, but on updating the existing client ssl profile with the new cert and key I get an error.

URL: https://hostname/mgmt/tm/ltm/profile/client-ssl/~Common~profile_name?ver=

PUT Body:


  "cert": "/Common/<client-ssl-profile-name>.crt",
  "key": "/Common/<client-ssl-profile-name>.key",
  "chain": "/Common/<client-ssl-profile-name>.crt",
  "passphrase": "<passphrase>"




  "code": 400,
  "message": "\"{ dont-insert-empty-fragments no-tlsv1.3 }\" unexpected argument",
  "errorStack": [],
  "apiError": 26214401


Please guide me on how to fix this.

Edit: I am using an Administrator account while calling the above PUT request to update client ssl profile with new cert and key.

4 Replies

  • xuwen's avatar
    Icon for Cumulonimbus rankCumulonimbus

    Try to use the patch method, which may be a bug, cannot update the existing ssl profile configuration, activate the sni-default function of the ssl profile configuration, use the PATCH method work well, but use the POST method update will fail.

    i also find this problem, i use f5-sdk api to set a exists ssl profile named best-test2, and set its attribute sniDefault='true',i use update() fuction and its equals icontrolrest POST method, but i use modify() function and its equals icontrolrest PATCH method, it works correct

    but i find when i edit its attribute tmOptions,use update() or modify() function all failed, and raise this error:

    HTTP 400 :: {"code":400,"message":"\"{ dont-insert-empty-fragments no-tlsv1.3 }\" unexpected argument","errorStack":[],"apiError":26214401}

    see bigip auit log i find it create this instructions, It is possible that the extra " in front of { causes the tmsh command line syntax error

    modify ltm profile client-ssl /Common/bestpay-test2 { options "{ dont-insert-empty-fragments no-tlsv1.3 }" }
    the tmsh command extra " cause [Syntax Error: "{dont-insert-empty-fragments no-tlsv1.3}" 

    use api linux tmsh bash can solve this problem

  • After one year this problem still exists. I built a workaround in Postman. I defined a new variable in my environment settings. When creating a new SSL profile with a POST I extract the name value and put in the new defined variable. After creating the profile I am sending a second POST with a tmsh command to change the SSL options of the freshly created SSL profile.

    Postman JavaScript Tests Script

    let responseClientSslName=pm.response.json();

     TMSH JSON code

        "utilCmdArgs":"-c 'tmsh modify ltm profile client-ssl {{f5clientsslname}} options { dont-insert-empty-fragments }'"

     Hope this helps a bit.