Forum Discussion
Aaron_McMahon_2
Nimbostratus
NimbostratusProblems adding SSL certs through iControl
I'm uploading an SSL certificate and a key separately using the "upload_file()" command. That works fine.
But when I use "certificate_import_from_file()", I get a faultcode response from the server with this error_string:
PEM routines:PEM_read_bio:no start line
The primary_error_code is -7.
This same error occurs on both the .crt and .key files (the latter uses the key_import_from_file(), of course). At first, I had been base64 encoding the files until I opened them in a text editor and noticed they already were base64 encoded. So I tried sending them straight through without encoding during the upload process, then running the import commands. Exact same error.
Any ideas?
Thanks...
- Aaron
1 Reply
- Are your certificates in PEM format?
This is from the Local Traffic Configuration Guide for BIG-IP v9.2.2
Importing keys, certificates, and archives
If you have transferred a key/certificate pair, a certificate, or a key/certificate archive onto the LTM system from another system, and the certificate or archive is in the form of a file or a base-64 encoded text string, you can import this certificate or archive into the Configuration utility. By importing a certificate or archive into the Configuration utility, you ease the task of managing that certificate or archive. You can use the Import SSL Certificates and Keys screen only when the certificate you are importing is in Privacy Enhanced Mail (PEM) format.
From the looks of your error message, the input format is incorrect. If I were you I'd try to get the import working from the GUI first. There may be some more error reporting in there. If all else fails, F5 Product Technical Support could probably help you out.
-Joe
