Forum Discussion
NimbostratusFail to import PKCS12 to BigIQ using REST: key store mac invalid - wrong password or corrupted file.
I am trying to import a PKCS12 certificate to BigIQ.
I am able to upload the certificate correctly, but when I try to import it, it fails to read it:
Add certificate failed: Unable to retrieve PKCS#12 key information: Unable parse PKCS#12 file /var/config/rest/downloads/my_cert.pfx PKCS12 key store mac invalid - wrong password or corrupted file.
The steps I am doing:
1. Upload the pkcs12 cert to /mgmt/shared/file-transfer/uploads/my_cert.pfx
DEBUG:root:{'remainingByteCount': 0, 'totalByteCount': 5829, 'localFilePath': '/var/config/rest/downloads/my_cert.pfx', 'temporaryFilePath': '/var/config/rest/downloads/tmp/my_cert.pfx', 'generation': 0, 'lastUpdateMicros': 1689675638105998}
2. Add the certificate using ADD_PKCS12 (simplified version):
url = f"https://{server}/mgmt/cm/adc-core/tasks/certificate-management"
body = {
"filePath": "/var/config/rest/downloads/my_cert.pfx",
"itemName": "my_cert.pfx_TEST_NEW",
"itemPartition": "Common",
"command": "ADD_PKCS12",
"keyPassphrase": "MyKeyPassPhrase",
"securityType": "normal",
}
headers = {"X-F5-Auth-Token": token_id}
response = requests.post(url=url, headers=headers, json=body)
But I always get the same error, with or without keyPassphrase or securityType:
{
"id": "...",
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"status": "FAILED",
"command": "ADD_KEY",
"filePath": "/var/config/rest/downloads/my_cert.pfx",
"itemName": "my_cert.pfx_TEST_NEW",
"progress": "Parsing PKCS#12 key file information",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/...",
"username": "...",
"generation": 3,
"endDateTime": "2023-07-17T08:56:57.876-0700",
"errorMessage": "Unable to retrieve PKCS#12 key information: Unable parse PKCS#12 file /var/config/rest/downloads/my_cert.pfx PKCS12 key store mac invalid - wrong password or corrupted file.",
"thirdPartyCa": {},
"itemPartition": "Common",
"startDateTime": "2023-07-17T08:56:57.791-0700",
"userReference": {
"link": "https://localhost/mgmt/cm/system/authn/providers/tacplus/.../users/..."
},
"ownerMachineId": "...",
"lastUpdateMicros": 1689609417925835,
"identityReferences": [
{
"link": "https://localhost/mgmt/cm/system/authn/providers/tacplus/.../user-groups/..."
},
{
"link": "https://localhost/mgmt/cm/system/authn/providers/tacplus/.../users/..."
}
]
}
Can you please help me with this?
* Edit to add upload response.
3 Replies
Hey felipelemos - I see nobody from the community has replied yet; I'll feature your post in Monday's Community Highlights to boost visibility if there's still no answer by then.
lfineI am running into the exact same issue. Has there been any resolution on this?
- lfine
I was able to solve this. I added a pkcs12 formatted certificate via the UI with network trace on and the resulting request json body included a pkcs12Passphrase element. This element name s undocumented here, and I had been using keyPassphrase instead. Using pkcs12Passphrase worked.
