cancel
Showing results for 
Search instead for 
Did you mean: 

API REST error 400

Francois_LAGANT
Nimbostratus
Nimbostratus

Hello,
I try to download an ssl certificate via the REST APIs /mgmt/tm/sys/crypto/cert from f5 but I always get the following response:

 

curl -sk -H "X-F5-Auth-Token: XXXXXX" https://x.x.x.x/mgmt/tm/sys/crypto/cert -H 'Content-Type: application/json' -d '{"command": "install","name":"testcsr","from-local-file":"/var/www/html/certs/certificates/files/test_certificate.pem"}'
{"code":400,"message":"Unable to copy (/var/www/html/certs/certificats/files/test_certificate.pem) into tempfile (/var/system/tmp/tmsh/LmjqSd/test_certificate.pem), No such file or directory","errorStack":[],"apiError":26214401}

 

with the API /mgmt/tm/sys/crypto/key it's the same

 

curl -sk -H "X-F5-Auth-Token: XXXXXX" https://x.x.x.x/mgmt/tm/sys/crypto/key -H 'Content-Type: application/json' -d '{"command": "install","name":"testpriv","from-local-file":"/var/www/html/certs/certificates/files/test_priv_key.pem"}'
{"code":400,"message":"Unable to copy (/var/www/html/certs/certificats/files/test_priv_key.pem) into tempfile (/var/system/tmp/tmsh/qbfN77/test_priv_key.pem)

 

However, the upload function works correctly:

 

curl -sk -H "X-F5-Auth-Token: XXXXXX" https://x.x.x.x/mgmt/shared/file-transfer/uploads/test_certificate.pem -H 'Content-Type: application/octet-stream' -H 'Content-Range: 0-2060/2061' -H 'Connection: Close' --data-binary @/var/www/html/certs/certificates/files/test_certificate.pem
{"remainingByteCount":0,"usedChunks":{"0":2061},"totalByteCount":2061,"localFilePath":"/var/config/rest/downloads/test_certificate.pem","temporaryFilePath":"/ var/config/rest/downloads/tmp/test_certificate.pem","generation":0,"lastUpdateMicros":1661351051400388}

 

But from this last command how can I create the certificate?
Thank you for your help

François

6 REPLIES 6

JRahm
Community Manager
Community Manager

Hi @Francois_LAGANT, those endpoints are deprecated. You should use these instead:

I wrote functional tests against these endpoints while developing the python SDK, they're here in this repo on Github if that's of any help.

Francois_LAGANT
Nimbostratus
Nimbostratus

Hello JRahm
Thank you for your answer but it does not work, I have another error.
Test done via curl and via python.

 

curl -sk -H "X-F5-Auth-Token: XXXXXX" -X POST https://x.x.x.x/mgmt/tm/sys/file/ssl-cert -H 'Content-Type: application/json' -d '{"name":"testcsr","partition": "Common","sourcePath":"/var/www/html/certs/certificats/files/test_certificate.pem"}'
{
  "code": 400,
  "message": "Failed! exit_code (3).\n",
  "errorStack": [],
  "apiError": 26214401
}
from f5.bigip import ManagementRoot
# Connect to the BIG-IP
mgmt = ManagementRoot("x.x.x.x", "admin", "admin")
cert = mgmt.tm.sys.file.ssl_certs.ssl_cert.create(name='test_cert', sourcePath='/var/www/html/certs/certificats/files/test_certificate.pem')
Traceback (most recent call last):
  File "/root/test-f5-api.py", line 22, in <module>
    cert = mgmt.tm.sys.file.ssl_certs.ssl_cert.create(name='test_cert', sourcePath='/var/www/html/certs/certificats/files/test_certificate.pem')
  File "/root/f5-common-python/f5/bigip/resource.py", line 1053, in create
    return self._create(**kwargs)
  File "/root/f5-common-python/f5/bigip/resource.py", line 1015, in _create
    response = session.post(_create_uri, json=kwargs, **requests_params)
  File "/usr/local/lib/python3.9/site-packages/icontrol/session.py", line 295, in wrapper
    raise iControlUnexpectedHTTPError(error_message, response=response)
icontrol.exceptions.iControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri: https://x.x.x.x:443/mgmt/tm/sys/file/ssl-cert/
Text: '{"code":400,"message":"Failed! exit_code (3).\\n","errorStack":[],"apiError":26214401}'

 

Do you have a working example?
Test carried out on an F5 in version 13.1.5 and in version 14.1.4.6 with the same result.

I saw on a devcentral post that it was necessary to add file: to the pathfile.

 

curl -sku admin:admin -X POST https://x.x.x.x/mgmt/tm/sys/file/ssl-cert -H 'Content-Type: application/json' -d '{"name":"testcsr.crt","partition": "Common","sourcePath":"file:/var/www/html/certs/certificats/files/test_certificate.pem"}'
{
  "code": 400,
  "message": "Failed! exit_code (37).\n",
  "errorStack": [],
  "apiError": 26214401
}
from f5.bigip import ManagementRoot

# Connect to the BIG-IP
mgmt = ManagementRoot("x.x.x.x", "admin", "admin")
cert = mgmt.tm.sys.file.ssl_certs.ssl_cert.create(name='test_cert', sourcePath='file:/var/www/html/certs/certificats/files/test_certificate.pem')
Traceback (most recent call last):
  File "/root/test-f5-api.py", line 22, in <module>
    cert = mgmt.tm.sys.file.ssl_certs.ssl_cert.create(name='test_cert', sourcePath='file:/var/www/html/certs/certificats/files/test_certificate.pem')
  File "/root/f5-common-python/f5/bigip/resource.py", line 1053, in create
    return self._create(**kwargs)
  File "/root/f5-common-python/f5/bigip/resource.py", line 1015, in _create
    response = session.post(_create_uri, json=kwargs, **requests_params)
  File "/usr/local/lib/python3.9/site-packages/icontrol/session.py", line 295, in wrapper
    raise iControlUnexpectedHTTPError(error_message, response=response)
icontrol.exceptions.iControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri: https://lbaind2itvpx101-adm.nor.fr.intraorange:443/mgmt/tm/sys/file/ssl-cert/
Text: '{"code":400,"message":"Failed! exit_code (37).\\n","errorStack":[],"apiError":26214401}'

 

it would be a problem of rights or other API but I don't know where?

Looks like you're missing a letter in certificates in your source file path on quick glance.

on my phone with a break in daddy duty...can dig in a little later this morning once little man gets to preschool.

For me it's ok the names of the sources are ok

-rwxrwxrwx. 1 apache apache 2061 Aug 24 09:57 /var/www/html/certs/certificats/files/test_certificate.pem

ok...this is my working python hook script I use for Let's Encrypt, which can be modified.

But to step back a little bit, are you using an admin account to make the request? It is required unless you create custom roles for the REST API.