Forum Discussion
NimbostratusInstalling a PKCS 12 File onto an F5 Device
I have been able to upload my pfx file to the devices downloads and such and checked using /mgmt/tm/util/bash. I have been trying to install it on the F5 device using:
{
"command": "install",
"name": f"{appname}.geico.com",
"from-local-file": f"/var/config/rest/downloads/{cert_file_name}"
}
But I receive the error,
Error uploading certificate: {"code":400,"message":"Key management library returned bad status: -7, error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long","errorStack":[],"apiError":26214401}
What can I change to correctly install?
1 Reply
Instead of a PKCS12, have you tried uploading the identity cert, intermediate CA bundle and privat key separately using PEM format?
I have used the iControl REST API previously to install an SSL cert/key pair and intermediate certificates.curl -sk -u "<ADMIN USERNAME>":"<PASSWORD>" -H "Content-Type: application/json" -X POST -d \ '{"command":"install","name":"<INTERMEDIATE CA BUNDLE>.crt","from-local-file":"/var/tmp/<INTERMEDIATE CA BUNDLE>.crt"}' \ https://<BIG-IP MGMT IP>/mgmt/tm/sys/crypto/cert curl -sk -u "<ADMIN USERNAME>":"<PASSWORD>" -H "Content-Type: application/json" -X POST -d \ '{"command":"install","name":"<CERTIFICATE FILENAME>.crt","from-local-file":"/var/tmp/<CERTIFICATE FILENAME>.crt"}' \ https://<BIG-IP MGMT IP>/mgmt/tm/sys/crypto/cert curl -sk -u "<ADMIN USERNAME>":"<PASSWORD>" -H "Content-Type: application/json" -X POST -d \ '{"command":"install","name":"<CERTIFICATE FILENAME>.key","from-local-file":"/var/tmp/<CERTIFICATE FILENAME>.key"}' \ https://<BIG-IP MGMT IP>/mgmt/tm/sys/crypto/key
