Forum Discussion

gtsg86's avatar
gtsg86
Icon for Altostratus rankAltostratus
Mar 13, 2023

F5 automation

I would like to automate  the csr generation to renew certificate. here is the script

tmsh create sys crypto csr {key_name}.csr partition {data["partition"]} common-name {cert[cert_name]["common-name"]  ' 'key /{partition}/{key_fullname}'

I got this error:

['Unable to extract key information from "/config/filestore/files_d/partition_d/certificate_key_d/:partition:key_name_65813_1"to "/var/system/tmp/tmsh/YgC3se/ssl.key//partition/key_name"\n']

Please someone know how to solve this.

why there is double slashes in the "/var/system/tmp/tmsh/YgC3se/ssl.key//partition/key_name".

Thanks

  • gtsg86 If I had to guess without seeing the entire script I would say that in the section with 'key /{partition}/{key_fullname}' the value of "{partition}" actually has a "/" in the value at the begining so you can change it to be the following instead.

    tmsh create sys crypto csr {key_name}.csr partition {data["partition"]} common-name {cert[cert_name]["common-name"]  ' 'key {partition}/{key_fullname}'
    • gtsg86's avatar
      gtsg86
      Icon for Altostratus rankAltostratus

      Thanks Paulius

      I tried with '/' without '/' and it generates  errors. I tried with the REST API same error. it work only when the certificate is in the Common partition. I tried on version 14 and on version 15.

      I wonder if it is not a bug.

      or if you are able to automate csr from a partition, just explain me with an example.

      • Paulius's avatar
        Paulius
        Icon for MVP rankMVP

        gtsg86 It could be that this is using a relative path that loads for the user that the script is running under. You might consider using the openssl command instead of using the tmsh commands built into the F5 OS because I find that those are a bit more friendly when it comes to automation.