08-Oct-2023 10:18
Hi wiz's
I have been spending some time on automating certificate maintenance.
This has brought my attention to this documentation: https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_ltm_profile_client-ssl.html
In the table descriping "cert", "chain" and "key" it states in the notes that they are depricated and I should use certKeyChain option instead.
However no matter what I construct of calls which makes changes to an already existing clientssl profile (PATCH and PUT) I'm told:
{"code":403,"message":"Operation is not supported on component /ltm/profile/client-ssl.","errorStack":[],"apiError":1}
Example code:
curl -sk -H "X-F5-Auth-Token: $TOKEN" -X PATCH https://$f5/mgmt/tm/ltm/profile/client-ssl/ --header 'Content-Type: application/json' --data-raw '{
"name":"sletmig",
"certKeyChain":[{"name":"default","cert":"hest.dk_2023","key":"hest.dk_2023","chain":"My_CA"}]
}'
{"code":403,"message":"Operation is not supported on component /ltm/profile/client-ssl.","errorStack":[],"apiError":1}
I can make the change via this syntax:
curl -sk -H "X-F5-Auth-Token: $TOKEN" -X PATCH https://$f5/mgmt/tm/ltm/profile/client-ssl/~Common~sletmig -H "Content-Type: application/json" -d '{
"key":"/Common/hest.dk_2023",
"cert":"/Common/hest.dk_2023",
"chain":"/Common/My_CA"
}'|jq
Do I read the documentation wrong or am I missing something else?
@JRahm any hints?
Solved! Go to Solution.
09-Oct-2023 14:17
Hi @lnxgeek that's correct, you can't PATCH a collection, just the resources within that collection. From that doc, the methods support are shown one the resource, not the collection:
Resource URI
/mgmt/tm/ltm/profile/client-ssl/~resource id
Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST
Let me know if I'm misunderstanding the issue. Also, check your DM, I sent you something that might be of interest to you, but I'm equally interested in your test feedback if you have the time to check it out.
09-Oct-2023 14:17
Hi @lnxgeek that's correct, you can't PATCH a collection, just the resources within that collection. From that doc, the methods support are shown one the resource, not the collection:
Resource URI
/mgmt/tm/ltm/profile/client-ssl/~resource id
Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST
Let me know if I'm misunderstanding the issue. Also, check your DM, I sent you something that might be of interest to you, but I'm equally interested in your test feedback if you have the time to check it out.
09-Oct-2023 22:19
Hi @JRahm
In that context it make sense.
But does that mean that my working example (don't know what to call it 😀) shouldn't be considered deprecated?
I don't want to work down a future dead end 😆
10-Oct-2023 06:50
What version of TMOS are you running? If you've tested on 17.1.x and it's working, it will go away on BIG-IP. That said, the APIs for BIG-IP Next are different and will connect to Central Manager, not the Next instances directly.
10-Oct-2023 07:24
It is 17.1 I'm using.
I guess I have to get started with NEXT in my lab to be ready for the new shiny tool 😆
10-Oct-2023 07:26
For sure! Labbing it up myself for the last couple of weeks.