Forum Discussion
gtsg86
Altostratus
AltostratusUnable to extract key information from \"/config/filestore/files_d/partition_d/ to /var/system/tmp/t
Hi,
I am trying to create a csr from an existing key using:
device = bigip.BIGIP(lb,uname,pwd)
csr_created = device.create(f'/mgmt/tm/sys/crypto/csr', csr_o)
where csr is :
csr_o = {'name': f'/{partition_name}/{xl_cert_name}',
'partition': cert.name.split('/')[1],
'adminEmailAddress': email,
'city': cert.city,
'commonName': xl_cert_name,
'country': cert.country,
'emailAddress': email,
'key': key.name,
'organization': cert.organization,
'subjectAlternativeName': cert.subjectAlternativeName,
'sourcePath': f'/config/ssl/ssl.csr/'}
I got the error:
bigrest.common.exceptions.RESTAPIError:
Status:
400
Response Body:
{
"code": 400,
"message": "Unable to extract key information from \"/config/filestore/files_d/GCMS_PROD_d/certificate_key_d/:GCMS_PROD:gcdocs-gcms.apps.ci.gc.ca_78757_1\"to \"/var/system/tmp/tmsh/U5XCTm/ssl.key//GCMS_PROD/gcdocs-gcms.apps.ci.gc.ca\"",
"errorStack": [],
"apiError": 26214401
}
Please some can help me to solve this error
Have you tried using the DELETE method on the existing CSR, rather than deleting it using tmsh? The iControlREST API for /tm/sys/crypto/csr appears to support that method.
oh! yes I understood the process.
to Renew the csr and keep the same key and cert, delete the csr and create a new one :
1) delete the old CSR:
csr1 = mgmt.tm.sys.file.ssl_csrs.ssl_csr.load(name=csr_found['name'], partition=partition_name)
csr1.delete()2) create a new one, by specifying the key location
csr = mgmt.tm.util.bash.exec_cmd('run',
utilCmdArgs=f"-c 'tmsh create sys crypto csr /{name[1]}/{name[2]} "
f"admin-email-address \"{email}\" "
f"city \"{cert_found['city']}\" "
f"common-name \"{name[2]}\" "
f"country \"{cert_found['country']}\" "
f"email-address \"{email}\" "
f"key \"{key_found['name']}\" "
f"organization \"{cert_found['organization']}\" "
f"state \"{cert_found['state']}\" "
f"subject-alternative-name \"{cert_found['subjectAlternativeName']}\" "
f"'")Thank you VernonWells
VernonWellsEmployee
Are there any errors in /var/log/restjavad.log.0 or /var/log/ltm after you make the request?
gtsg86Hi VernonWells,
I looked at the log, i found nothing.
I want to automatise the task of renewing a cert. to do that I want to create a csr based on the existing key.
so i delete the old csr and with this line i want to create a new one. in the lab env that work but not in prod :
mgmt.tm.util.bash.exec_cmd('run',
utilCmdArgs=f"-c 'tmsh create sys crypto csr {key_found['name']} "
f"admin-email-address \"{csr['adminEmailAddress']}\" "
f"city \"{csr['city']}\" "
f"common-name \"{csr['commonName']}\" "
f"country \"{csr['country']}\" "
f"email-address \"{csr['emailAddress']}\" "
f"key \"{csr['key']}\" "
f"organization \"{csr['organization']}\" "
f"state \"{csr['state']}\" "
f"subject-alternative-name \"{csr['subjectAlternativeName']}\" "f"'")
i use the python f5.bigip library
thanks
- VernonWells
Have you tried using the DELETE method on the existing CSR, rather than deleting it using tmsh? The iControlREST API for /tm/sys/crypto/csr appears to support that method.
- gtsg86
oh! yes I understood the process.
to Renew the csr and keep the same key and cert, delete the csr and create a new one :
1) delete the old CSR:
csr1 = mgmt.tm.sys.file.ssl_csrs.ssl_csr.load(name=csr_found['name'], partition=partition_name)
csr1.delete()2) create a new one, by specifying the key location
csr = mgmt.tm.util.bash.exec_cmd('run',
utilCmdArgs=f"-c 'tmsh create sys crypto csr /{name[1]}/{name[2]} "
f"admin-email-address \"{email}\" "
f"city \"{cert_found['city']}\" "
f"common-name \"{name[2]}\" "
f"country \"{cert_found['country']}\" "
f"email-address \"{email}\" "
f"key \"{key_found['name']}\" "
f"organization \"{cert_found['organization']}\" "
f"state \"{cert_found['state']}\" "
f"subject-alternative-name \"{cert_found['subjectAlternativeName']}\" "
f"'")Thank you VernonWells