For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kenjib_118428's avatar
kenjib_118428
Icon for Nimbostratus rankNimbostratus
Dec 09, 2014

ManagementKeyCertificateBindingStub.certificate_import_from_file not working

I am trying to upload and import a certificate to a BigIP load balancer using iControl. I am able to upload the file but importing the certificate does not work. My code is included below. Here is what I have been able to determine so far:

 

  1. The file uploads successfully and I can see it in the server file system.
  2. The call to certificate_import_from_file does not return any error messages. It returns as if successful.
  3. The file does not show up in the certificate list on the server after this call. It has not been imported.
  4. If I import the same file manually via the GUI, it imports fine.
  5. If I import the uploaded file via tmsh directly on the server, it also imports fine.
  6. The log files show no errors.
  7. Version:BIG-IP 11.4.0 Build 2384.0 Final
  8. I am using the latest iControl library that I just downloaded today.

I can not figure out why the certificate is not importing when called via the web service yet I am not receiving any errors. Any help would be very much appreciated. Thank you!

 

iControl.Interfaces interfaces = new iControl.Interfaces();

 

if (interfaces.initialize(bigIP, (long)443, user, password) ) {

 

    SystemConfigSyncBindingStub stub = interfaces.getSystemConfigSync();
    SystemConfigSyncFileTransferContext systemConfigSyncFileTransferContext = new SystemConfigSyncFileTransferContext();
    systemConfigSyncFileTransferContext.setChain_type(CommonFileChainType.FILE_FIRST_AND_LAST);
systemConfigSyncFileTransferContext.setFile_data(certificate.getBytes("UTF-8"));
// Uploading certificate
stub.upload_file("/config/" + commonName + ".crt", systemConfigSyncFileTransferContext);

ManagementKeyCertificateBindingStub keyCertificateBindingStub = interfaces.getManagementKeyCertificate();
            keyCertificateBindingStub.certificate_import_from_file(ManagementKeyCertificateManagementModeType.MANAGEMENT_MODE_DEFAULT, new String[] {commonName}, new String[] {"/config/" + commonName + ".crt"}, true);

} else { throw new IOException("FAILURE: COULD NOT INITIALIZE INTERFACE"); }

 

devops
iControl

1 Reply

  • David_Holmes_12's avatar
    David_Holmes_12
    Historic F5 Account
    Jan 05, 2015

    I've heard that the certificate_import_from_file API function was recently reported broken. The current workaround is to use the certificate_import_from_pem call.

     

    Let me know if you need a bug number, I might be able to get it.