Forum Discussion

chelusco's avatar
chelusco
Icon for Nimbostratus rankNimbostratus
Oct 17, 2024

Installing a PKCS 12 File onto an F5 Device

I have been able to upload my pfx file to the devices downloads and such and checked using /mgmt/tm/util/bash. I have been trying to install it on the F5 device using:

{

"command": "install",

"name": f"{appname}.geico.com",

"from-local-file": f"/var/config/rest/downloads/{cert_file_name}"

}

But I receive the error, 
Error uploading certificate: {"code":400,"message":"Key management library returned bad status: -7, error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long","errorStack":[],"apiError":26214401}

What can I change to correctly install?

cloud
devops
  • Michael_Saleem's avatar
    Michael_Saleem
    Icon for MVP rankMVP
    Oct 17, 2024

    Instead of a PKCS12, have you tried uploading the identity cert, intermediate CA bundle and privat key separately using PEM format?

    I have used the iControl REST API previously to install an SSL cert/key pair and intermediate certificates.

        curl -sk -u "<ADMIN USERNAME>":"<PASSWORD>" -H "Content-Type: application/json" -X POST -d \
    '{"command":"install","name":"<INTERMEDIATE CA BUNDLE>.crt","from-local-file":"/var/tmp/<INTERMEDIATE CA BUNDLE>.crt"}' \
    https://<BIG-IP MGMT IP>/mgmt/tm/sys/crypto/cert

    curl -sk -u "<ADMIN USERNAME>":"<PASSWORD>" -H "Content-Type: application/json" -X POST -d \
    '{"command":"install","name":"<CERTIFICATE FILENAME>.crt","from-local-file":"/var/tmp/<CERTIFICATE FILENAME>.crt"}' \
    https://<BIG-IP MGMT IP>/mgmt/tm/sys/crypto/cert

    curl -sk -u "<ADMIN USERNAME>":"<PASSWORD>" -H "Content-Type: application/json" -X POST -d \
    '{"command":"install","name":"<CERTIFICATE FILENAME>.key","from-local-file":"/var/tmp/<CERTIFICATE FILENAME>.key"}' \
    https://<BIG-IP MGMT IP>/mgmt/tm/sys/crypto/key