Forum Discussion
NimbostratusInstall pkcs12 Certificate with REST Api and Authentication Token
I have successfully uploaded pkcs12 file via rest api. Then I want to install the file using this command:
curl -kv -H "X-F5-Auth-Token: " -H "Content-Type: application/json" -X POST https:///mgmt/tm/sys/crypto/pkcs12 -d '{"command":"install","name":"test","from-local-file":"/var/config/rest/downloads/test.p12","passphrase":""}'I get the error:
May 12 13:30:03 notice icrd_child[19790]: 01420002:5: AUDIT - pid=19790 user= folder=/Common module=(tmos) status=[Unexpected Error: Unable to copy (/var/config/rest/downloads/test.p12) into tempfile (/var/system/tmp/tmsh/REZLBM/test.p12), Permission denied] cmd_data=install sys crypto pkcs12 test { from-local-file /var/config/rest/downloads/test.p12 passphrase **** }If I use the corresponding tmsh command, it works :
/Common)(tmos) install sys crypto pkcs12 test from-local-file /var/config/rest/downloads/test.p12 passphrase ******I assume it is an issue with the authentication token. I cannot use basic auth, as tacacs+ is mandatory for the system. Looks like all rest api calls that only read configuration, are working, and all calls that change configuration are not working. Any advice ?
- JRahm
Admin
those endpoints won't work with iControl REST due to the permissions issue you found. You need to use
- /sys/file/ssl-key
- /sys/file/ssl-cert
Dennis_Jalbert_Thanks so much! I had the same problem on 12.1.3.2 and this fixed it for me too. Do you know if the permissions problem is a different bug?
- JRahm
- Dennis_Jalbert_
Changing the permissions from 600 to 644 is a good workaround. I've found this is only needed when using an external account such as AD. If you use admin, you don't have this problem. I opened a case with F5 and they escalated to PD and created bug ID740203 to track this.
