For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

hobbi123_249359's avatar
hobbi123_249359
Icon for Nimbostratus rankNimbostratus
Feb 14, 2016

How to export private key from BIGIP?

I am trying to export private key from f5 but getting following error : Exception: Common::OperationFailed primary_error_code : 2 (0x00000002) secondary_error_code : 0 error_string : No such file or directory at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222) at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129) at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(Unknown Source) at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227) at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696) at org.apache.axis.Message.getSOAPEnvelope(Message.java:435) at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:796) at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) at iControl.ManagementKeyCertificateBindingStub.key_export_to_pem(ManagementKeyCertificateBindingStub.java:2634)

devops
iControl
security

3 Replies

  • eneR's avatar
    eneR
    Icon for Cirrostratus rankCirrostratus
    Feb 15, 2016

    Obviously the key you are trying to export is missing -> see line 2 - "No such file or directory at"

     

    Have you already tried to export via CLI??

     

  • eneR's avatar
    eneR
    Icon for Cirrostratus rankCirrostratus
    Feb 15, 2016

    No it is not necessary to export via CLI first! I am not sure if we are talking over the same thing?! =D

     

    Is it correct that you are trying to export the key of an SSL Certificate, correct?

     

    Do you see the specific key when you use the F5 GUI and go to

     

    System -> File Management -> SSL Cert List -> your desired certificate -> Key -> Export ??

     

    If you get your error message at this point, have you already tried the same thing for any other certificate?

     

  • uchi_122495's avatar
    uchi_122495
    Icon for Cirrus rankCirrus
    Mar 31, 2016

    Here is sample code to generate key and print key as pem.

     

    ManagementKeyCertificateBindingStub stub = interfaces.getManagementKeyCertificate();
interfaces.getManagementPartition().set_active_partition("Common");

ManagementKeyCertificateManagementModeType mode = ManagementKeyCertificateManagementModeType.MANAGEMENT_MODE_DEFAULT;

ManagementKeyCertificateKey[] keys = new ManagementKeyCertificateKey[1];
ManagementKeyCertificateX509Data[] x509_datas = new ManagementKeyCertificateX509Data[1];
String key_id = "testkey001";

ManagementKeyCertificateKey key = new ManagementKeyCertificateKey();
key.setId(key_id);
key.setKey_type(ManagementKeyCertificateKeyType.KTYPE_RSA_PRIVATE);
key.setBit_length(2048L);
key.setSecurity(ManagementKeyCertificateSecurityType.STYPE_NORMAL);
keys[0] = key;

ManagementKeyCertificateX509Data x509_data = new ManagementKeyCertificateX509Data();
x509_data.setCommon_name("www.hogehoge.hoge");
x509_data.setCountry_name("JP");
x509_data.setDivision_name("hoge");
x509_data.setLocality_name("hoge");
x509_data.setOrganization_name("hoge");
x509_data.setState_name("Tokyo");
x509_datas[0] = x509_data;

boolean create_optional_cert_csr = true;
boolean overwrite = false;

stub.key_generate(mode, keys, x509_datas, create_optional_cert_csr, overwrite);

String[] key_ids = {key_id};
System.out.println(stub.key_export_to_pem(mode,key_ids)[0]);

     

    also, you can find generated key on

    /config/filestore/files_d/Common_d/certificate_key_d/:Common:testkey001.key_1148889_1