Forum Discussion
Tuomas_Jormola_
Nimbostratus
NimbostratusProblems with Management:: KeyCertificate:: get_certificate_list()
Hello,
I'm trying to build a command-line management interface for certificates and keys stored on our F5 BIG-IP LTM. I'm using Perl and SOAP::Lite. Generally the iControl interface is working ok. But I've troubles understanding the behaviour of Management::KeyCertificate::get_certificate_list() method.
According to the API documentation, method Management::KeyCertificate::get_certificate_list() takes argument "mode" of type Management::KeyCertificate::ManagementModeType. This enum has valid values of 0 and 1. If I understood correctly, 0 deals with certs/keys that are used in SSL profiles and 1 with certs/keys used by the devive internally. So I want to manage "mode" 0 certs/keys with my program.
However, no matter what value I set for "mode", even undefined value like 4 or 5, it seems to behave like "mode" is 1 and thus returning the information about the SSL certificate of the HTTPS server on the device. There're many certificate/key pairs installed on the device, and they can be listed and used just fine using the web management interface. I'm testing the issue with following piece of code (I hope I get it right, this forum should definitely have preview mode when posting messages). I've attached output of the script.
As you can see, "mode" is set to 0, but only the certificate of the web server is listed. Why's this?
System info:
BIG-IP Operating System 9.1
iControl version BIG-IP_v9.0
SOAP::Lite 0.67 w/ Perl 5.8.8
!/usr/bin/perl
use strict;
use warnings;
use SOAP::Lite + trace => qw(debug);;
use SOAP::Lite;
use iControlTypeCast;
use Data::Dumper;
use vars qw($HOST $USER $PASS);
$HOST = 'f5host.example.com';
$USER = 'adminuser'
$PASS = 'adminpassword';
$|++;
sub SOAP::Transport::HTTP::Client::get_basic_credentials { return($USER, $PASS) };
my $version = get_management_keycertificate_interface_version();
print 'version: ' . Dumper $version;
my $certificates = get_all_certificate_names();
print 'certificates: ' . Dumper $certificates;
sub get_management_keycertificate_interface_version {
my $res = do_request('Management', 'KeyCertificate', 'get_version');
return ref $res ? $res->result : undef;
}
sub get_all_certificate_names {
my $params = SOAP::Data->name(mode => 0); 0 == MANAGEMENT_MODE_DEFAULT
my $res = do_request('Management', 'KeyCertificate', 'get_certificate_list', $params);
return ref $res ? $res->result : undef;
}
sub do_request {
my ($module, $interface, $method, $params) = @_;
my $uri = sprintf "urn:iControl:%s/%s", $module, $interface;
my $proxy = sprintf "https://%s:%s/iControl/iControlPortal.cgi", $HOST, 443;
my $service = SOAP::Lite->new;
$service->uri($uri);
$service->proxy($proxy);
my $res = $service->$method($params);
return $res;
}- Actually, as of 9.0, enums are represented by their string values. In 4.x we had enums as integers, but from based on feedback we changed that behavior in 9.0. If the value passed in for the mode flag isn't one of the valid string values (which 0, 1, ... are not), it defaults to MANAGEMENT_MODE_DEFAULT.
Change your code like this and you should be set:sub get_all_certificate_names { Management of keys/certs used in SSL profiles. my $params = SOAP::Data->name(mode => 'MANAGEMENT_MODE_DEFAULT'); Management of keys/certs used by the web server. my $params = SOAP::Data->name(mode => 'MANAGEMENT_MODE_WEBSERVER'); Management of keys/certs used by enterprise management my $params = SOAP::Data->name(mode => 'MANAGEMENT_MODE_EM'); Management of keys/certs used by GTM's iQuery. my $params = SOAP::Data->name(mode => 'MANAGEMENT_MODE_IQUERY'); my $res = do_request('Management', 'KeyCertificate', 'get_certificate_list', $params); return ref $res ? $res->result : undef; }
-Joe 
Tuomas_Jormola_Yep, works great. Thanks!
