19-Jul-2017
00:32
- last edited on
22-Nov-2022
15:37
by
JimmyPackets
Hello everyone,
Iam currently testing the REST API and having trouble with some simple changes on a SSL profile. Iam using local authentication, trying to modify a certificate used in a test profile, however iam getting an error. I do not find any documentation regarding the issue, hence i hope someone here could point me to the right direction.
My code looks as following (By the way, iam using Ruby.). Basically it is just pushing the data. I got the format via a GET request to be sure to have the right format. The values i changed in this request are: "certKeyChain" => "name", "cert" and "key".
@session = RestClient::Resource.new('https://10.70.235.105/mgmt/tm', :verify_ssl => false, :user => "admin", :password => "admin") open session
c = {"kind"=>"tm:ltm:profile:client-ssl:client-sslstate",
"name"=>"test_bastian",
"partition"=>"Common",
"fullPath"=>"/Common/test_bastian",
"generation"=>1702,
"selfLink"=>
"https://localhost/mgmt/tm/ltm/profile/client-ssl/~Common~test_bastian?ver=12.1.2",
"alertTimeout"=>"indefinite",
"allowDynamicRecordSizing"=>"disabled",
"allowExpiredCrl"=>"disabled",
"allowNonSsl"=>"disabled",
"authenticate"=>"once",
"authenticateDepth"=>9,
"cacheSize"=>262144,
"cacheTimeout"=>3600,
"cert"=>"/Common/new_test.crt",
"certReference"=>
{"link"=>
"https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~new_test.crt?ver=12.1.2"},
"certExtensionIncludes"=>["basic-constraints", "subject-alternative-name"],
"certLifespan"=>30,
"certLookupByIpaddrPort"=>"disabled",
"chain"=>"/Common/new_test.crt",
"chainReference"=>
{"link"=>
"https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~new_test.crt?ver=12.1.2"},
"ciphers"=>"DEFAULT",
"defaultsFrom"=>"/Common/clientssl",
"defaultsFromReference"=>
{"link"=>
"https://localhost/mgmt/tm/ltm/profile/client-ssl/~Common~clientssl?ver=12.1.2"},
"forwardProxyBypassDefaultAction"=>"intercept",
"genericAlert"=>"enabled",
"handshakeTimeout"=>"10",
"inheritCertkeychain"=>"false",
"key"=>"/Common/new_test.key",
"keyReference"=>
{"link"=>
"https://localhost/mgmt/tm/sys/file/ssl-key/~Common~new_test.key?ver=12.1.2"},
"maxActiveHandshakes"=>"indefinite",
"maxAggregateRenegotiationPerMinute"=>"indefinite",
"maxRenegotiationsPerMinute"=>5,
"maximumRecordSize"=>16384,
"modSslMethods"=>"disabled",
"mode"=>"enabled",
"tmOptions"=>["dont-insert-empty-fragments"],
"peerCertMode"=>"ignore",
"peerNoRenegotiateTimeout"=>"10",
"proxySsl"=>"disabled",
"proxySslPassthrough"=>"disabled",
"renegotiateMaxRecordDelay"=>"indefinite",
"renegotiatePeriod"=>"indefinite",
"renegotiateSize"=>"indefinite",
"renegotiation"=>"enabled",
"retainCertificate"=>"true",
"secureRenegotiation"=>"require",
"sessionMirroring"=>"disabled",
"sessionTicket"=>"disabled",
"sessionTicketTimeout"=>0,
"sniDefault"=>"false",
"sniRequire"=>"false",
"sslForwardProxy"=>"disabled",
"sslForwardProxyBypass"=>"disabled",
"sslSignHash"=>"any",
"strictResume"=>"disabled",
"uncleanShutdown"=>"enabled",
"certKeyChain"=>
[{"name"=>"default",
"cert"=>"/Common/default.crt",
"certReference"=>
{"link"=>
"https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~new_test.crt?ver=12.1.2"},
"chain"=>"",
"chainReference"=>
{"link"=>
"https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~new_test.crt?ver=12.1.2"},
"key"=>"/Common/default.key",
"keyReference"=>
{"link"=>
"https://localhost/mgmt/tm/sys/file/ssl-key/~Common~new_test.key?ver=12.1.2"}}]} build data
c = c.to_json
push_profile = @session["ltm/profile/client-ssl/~Common~" + profile].put(c, :content_type => :json) push data
When running the script, i get the following errors:
RestClient.put "https://10.70.235.105/mgmt/tm/ltm/profile/client-ssl/~Common~test_bastian", 2467 byte(s) length, "Accept"=>"*/*", "Accept-Encoding"=>"gzip, deflate", "Content-Length"=>"2467", "Content-Type"=>"application/json", "User-Agent"=>"rest-client/2.0.2 (linux-gnu x86_64) ruby/2.4.1p111"
=> 400 BadRequest | application/json 145 bytes
{"code":400,"message":"010717e7:3: cert-key-chain and profile cert, key or chain options cannot be input together.","errorStack":[],"apiError":3}
would be nice to get some feedback 🙂
Solved! Go to Solution.
19-Jul-2017
23:50
- last edited on
05-Jun-2023
22:36
by
JimmyPackets
thanks for your feedback PK, but i found the issue:
so all i had to push is:
{"cert"=>"/Common/new_test.crt",
"key"=>"//Common/new_test.key",
"chain"=>"/Common/new_test.crt"}
19-Jul-2017
11:44
- last edited on
05-Jun-2023
15:10
by
JimmyPackets
"certKeyChain"=>
[{"name"=>"default", "cert"=>"/Common/default.crt",// this should be new_test.crt
"certReference"=>
19-Jul-2017
23:50
- last edited on
05-Jun-2023
22:36
by
JimmyPackets
thanks for your feedback PK, but i found the issue:
so all i had to push is:
{"cert"=>"/Common/new_test.crt",
"key"=>"//Common/new_test.key",
"chain"=>"/Common/new_test.crt"}
21-Feb-2022 02:19
Thanks for the solution. However this is not working for me if i just send the payload you mentioned. I get an error "one or more configuration identifiers must be provided". Not sure what's missing. Any idea ?
Also, in your request, where do you specify which SSL profile you need to update since it's neither mentioned in the payload not in your url ?