Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Modify SSL profiles via REST API

lnxgeek
MVP
MVP

Hi wiz's

I have been spending some time on automating certificate maintenance.

This has brought my attention to this documentation: https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_ltm_profile_client-ssl.html

In the table descriping "cert", "chain" and "key" it states in the notes that they are depricated and I should use certKeyChain option instead.

However no matter what I construct of calls which makes changes to an already existing clientssl profile (PATCH and PUT) I'm told:

{"code":403,"message":"Operation is not supported on component /ltm/profile/client-ssl.","errorStack":[],"apiError":1}

Example code:

 

curl -sk -H "X-F5-Auth-Token: $TOKEN" -X PATCH https://$f5/mgmt/tm/ltm/profile/client-ssl/ --header 'Content-Type: application/json' --data-raw '{                  
    "name":"sletmig",                                                                             
    "certKeyChain":[{"name":"default","cert":"hest.dk_2023","key":"hest.dk_2023","chain":"My_CA"}]
}'
{"code":403,"message":"Operation is not supported on component /ltm/profile/client-ssl.","errorStack":[],"apiError":1}


 

I can make the change via this syntax:

 

curl -sk -H "X-F5-Auth-Token: $TOKEN" -X PATCH  https://$f5/mgmt/tm/ltm/profile/client-ssl/~Common~sletmig   -H "Content-Type: application/json" -d '{
  "key":"/Common/hest.dk_2023",
  "cert":"/Common/hest.dk_2023",
  "chain":"/Common/My_CA"
  }'|jq

 

Do I read the documentation wrong or am I missing something else?

@JRahm any hints?

 

1 ACCEPTED SOLUTION

JRahm
Community Manager
Community Manager

Hi @lnxgeek that's correct, you can't PATCH a collection, just the resources within that collection. From that doc, the methods support are shown one the resource, not the collection:

Resource URI
/mgmt/tm/ltm/profile/client-ssl/~resource id
Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST

Let me know if I'm misunderstanding the issue. Also, check your DM, I sent you something that might be of interest to you, but I'm equally interested in your test feedback if you have the time to check it out.

View solution in original post

5 REPLIES 5

JRahm
Community Manager
Community Manager

Hi @lnxgeek that's correct, you can't PATCH a collection, just the resources within that collection. From that doc, the methods support are shown one the resource, not the collection:

Resource URI
/mgmt/tm/ltm/profile/client-ssl/~resource id
Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST

Let me know if I'm misunderstanding the issue. Also, check your DM, I sent you something that might be of interest to you, but I'm equally interested in your test feedback if you have the time to check it out.

Hi @JRahm 

In that context it make sense.

But does that mean that my working example (don't know what to call it 😀) shouldn't be considered deprecated?

I don't want to work down a future dead end 😆

JRahm
Community Manager
Community Manager

What version of TMOS are you running? If you've tested on 17.1.x and it's working, it will go away on BIG-IP. That said, the APIs for BIG-IP Next are different and will connect to Central Manager, not the Next instances directly. 

It is 17.1 I'm using.

I guess I have to get started with NEXT in my lab to be ready for the new shiny tool 😆

JRahm
Community Manager
Community Manager

For sure! Labbing it up myself for the last couple of weeks.