Forum Discussion

JaiAgarwal's avatar
JaiAgarwal
Icon for Nimbostratus rankNimbostratus
Jun 13, 2022

Error on Updating certificate on a client SSL profile using the REST API

Hi All,

I find the below error response on calling the API to update SSL profile on F5 device. I have already upload the cert and key successfully, but on updating the existing client ssl profile with the new cert and key I get an error.

URL: https://hostname/mgmt/tm/ltm/profile/client-ssl/~Common~profile_name?ver=15.1.2.1

PUT Body:

 

{
  "cert": "/Common/<client-ssl-profile-name>.crt",
  "key": "/Common/<client-ssl-profile-name>.key",
  "chain": "/Common/<client-ssl-profile-name>.crt",
  "passphrase": "<passphrase>"
}

 

Response:

 

{
  "code": 400,
  "message": "\"{ dont-insert-empty-fragments no-tlsv1.3 }\" unexpected argument",
  "errorStack": [],
  "apiError": 26214401
}

 

Please guide me on how to fix this.

Edit: I am using an Administrator account while calling the above PUT request to update client ssl profile with new cert and key.

application delivery
security
  • xuwen's avatar
    xuwen
    Icon for Cumulonimbus rankCumulonimbus
    Jun 14, 2022

    Try to use the patch method, which may be a bug, cannot update the existing ssl profile configuration, activate the sni-default function of the ssl profile configuration, use the PATCH method work well, but use the POST method update will fail.

    i also find this problem, i use f5-sdk api to set a exists ssl profile named best-test2, and set its attribute sniDefault='true',i use update() fuction and its equals icontrolrest POST method, but i use modify() function and its equals icontrolrest PATCH method, it works correct

    but i find when i edit its attribute tmOptions,use update() or modify() function all failed, and raise this error:

    HTTP 400 :: {"code":400,"message":"\"{ dont-insert-empty-fragments no-tlsv1.3 }\" unexpected argument","errorStack":[],"apiError":26214401}

    see bigip auit log i find it create this instructions, It is possible that the extra " in front of { causes the tmsh command line syntax error

    modify ltm profile client-ssl /Common/bestpay-test2 { options "{ dont-insert-empty-fragments no-tlsv1.3 }" }
    the tmsh command extra " cause [Syntax Error: "{dont-insert-empty-fragments no-tlsv1.3}" 

    use api linux tmsh bash can solve this problem

  • seamlessfirework's avatar
    seamlessfirework
    Icon for Cirrus rankCirrus
    Sep 07, 2023

    After one year this problem still exists. I built a workaround in Postman. I defined a new variable in my environment settings. When creating a new SSL profile with a POST I extract the name value and put in the new defined variable. After creating the profile I am sending a second POST with a tmsh command to change the SSL options of the freshly created SSL profile.

    Postman JavaScript Tests Script

    let responseClientSslName=pm.response.json();
console.log(responseClientSslName);
pm.environment.set("f5clientsslname", responseClientSslName.name);

     TMSH JSON code

    {
    "command":"run",
    "utilCmdArgs":"-c 'tmsh modify ltm profile client-ssl {{f5clientsslname}} options { dont-insert-empty-fragments }'"
}

     Hope this helps a bit.