Forum Discussion

Ed_Summers's avatar
Ed_Summers
Icon for Nimbostratus rankNimbostratus
Nov 17, 2016

F5 Python SDK - list certificates on device results in error

python 2.6; TMOS v12.1.1

I'm new to the F5 Python SDK and trying to obtain a list of certificates on a device. Not sure if I'm referencing wrong or if this is a specific issue to my device/configuration. Appreciate any pointers.

Trying to get the collection with:

 

certificates = mgmt.tm.sys.crypto.certs.get_collection()

 

Returns the following error:

`Traceback (most recent call last):

File "", line 1, in File "/usr/lib/python2.6/site-packages/f5/bigip/resource.py", line 692, in get_collection self.refresh(kwargs) File "/usr/lib/python2.6/site-packages/f5/bigip/resource.py", line 568, in refresh self._refresh(kwargs) File "/usr/lib/python2.6/site-packages/f5/bigip/resource.py", line 551, in _refresh **requests_params) File "/usr/lib/python2.6/site-packages/icontrol/session.py", line 241, in wrapper raise iControlUnexpectedHTTPError(error_message, response=response) icontrol.exceptions.iControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri: https://:443/mgmt/tm/sys/crypto/cert/ Text: u'{"code":400,"message":"Key management library returned bad status: -4, Invalid Parameter","errorStack":[],"apiError":26214401}'`

  • To clarify this is an error returned as part of the REST request, not really related to the SDK. I am able to get the other subcollections, such as a list of the keys, fine. Only the certs subcollection results in this error.

    API guide indicates possible reasons for a 400 error are a malformed request or incorrect name in request. I confirmed the name with the parent collection (crypto), and requesting in the same manner as done for the keys subcollection. Not sure what is going wrong with listing the cert subcollection.

    >>> crypto = session.get('https:///mgmt/tm/sys/crypto')

    >>> print(crypto.text)

    {"kind":"tm:sys:crypto:cryptocollectionstate","selfLink":";:[{"reference":{"link":";}},{"reference":{"link":";}},{"reference":{"link":";}},{"reference":{"link":";}},{"reference":{"link":";}},{"reference":{"link":";}},{"reference":{"link":";}}]}

    >>> cert = session.get("https:///mgmt/tm/sys/crypto/cert?ver=12.1.1")

    >>> print(cert.text)

    {"code":400,"message":"Key management library returned bad status: -4, Invalid Parameter","errorStack":[],"apiError":26214401}

  • Perhaps I was at the wrong endpoint: I can get the list from /mgmt/tm/sys/file/ssl-cert. The number of object here matches the number from TMSH 'show sys crypto cert'.

     

  • I could get the class:

    certificates = session.tm.sys.crypto.certs.get_collection()

     Then you can iterate through it and get the list.

    {'_meta_data': {'allowed_commands': [],
    'allowed_lazy_attributes': [<class 'f5.bigip.resource.Stats'>],
    'bigip': <f5.bigip.ManagementRoot object at 0x000001E2405E39D0>,
    'container': <f5.bigip.tm.sys.crypto.Certs object at 0x000001E25450A8C0>,
    'creation_uri_frag': '',
    'creation_uri_qargs': {'ver': ['15.1.5.1']},
    'exclusive_attributes': [],
    'icontrol_version': '',
    'icr_session': <icontrol.session.iControlRESTSession object at 0x000001E252664880>,
    'minimum_additional_parameters': set(),
    'minimum_version': '11.5.0',
    'object_has_stats': True,
    'read_only_attributes': [],
    'reduction_forcing_pairs': [('enabled', 'disabled'),
    ('online', 'offline'),
    ('vlansEnabled', 'vlansDisabled')],
    'required_command_parameters': set(),
    'required_creation_parameters': {'name'},
    'required_json_kind': 'tm:sys:crypto:cert:certstate',
    'required_load_parameters': {'name'},
    'uri': 'https://10.71.199.18:443/mgmt/tm/sys/crypto/cert/~Common~f5-irule.crt/'},
    'apiRawValues': {'certificateKeySize': '2048',
    'expiration': 'Jul 18 21:00:13 2027 GMT',
    'issuer': 'emailAddress=support@f5.com,CN=support.f5.com,OU=Product '
    'Development,O=F5 '
    'Networks,L=Seattle,ST=Washington,C=US',
    'publicKeyType': 'RSA'},
    'certValidatorsReference': {'isSubcollection': True,
    'link': 'https://localhost/mgmt/tm/sys/crypto/cert/~Common~f5-irule.crt/cert-validators?ver=15.1.5.1'},
    'city': 'Seattle',
    'commonName': 'support.f5.com',
    'country': 'US',
    'emailAddress': 'support@f5.com',
    'fingerprint': 'SHA256/AC:08:EA:3F:0E:AC:C8:DD:A2:2A:7D:AA:73:02:86:1E:1F:38:51:4A:80:D3:E6:AE:4E:6B:01:0C:68:FF:18:D2',
    'fullPath': '/Common/f5-irule.crt',
    'generation': 1,
    'kind': 'tm:sys:crypto:cert:certstate',
    'name': '/Common/f5-irule.crt',
    'organization': 'F5 Networks',
    'ou': 'Product Development',
    'selfLink': 'https://localhost/mgmt/tm/sys/crypto/cert/~Common~f5-irule.crt?ver=15.1.5.1',
    'state': 'Washington'}