cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Gary_Galehouse
Nimbostratus
Nimbostratus

Hi,

I am trying to overwrite an existing cert and key within the LTM SSL Traffic cert and key using iControlREST. Here is the basic process, and result of each step.

  1. Upload key and cert PEM files to the uploads directory. I have tried this step both inside and outside of a transaction with the same result. This works fine.
  2. Create a transaction using the transaction REST endpoint. This works fine.
  3. Add a command to install the key over the desired SSL Traffic key referencing the local path from step 1 with the transaction id in the header. The command is set to install and from-local-file. Successfully added to the transaction commands.
  4. Add a command to install the key over the desired SSL Traffic cert referencing the local path from step 1 with the transaction id in the header.  The command is set to install and from-local-file.  Successfully added to the transaction commands.
  5. Get the transaction commands just to observe the contents. The commands are present, and the paths are correct per steps 3 & 4 above.
  6. Attempt to commit the transaction, and receive the failure with a message like the one below.

 

message=transaction failed:01070712:3: file (/var/system/tmp/tmsh/GexeqO/IIS-F5v13.key) expected to exist.

 

As you can see, F5 is looking in a different directory than specified in steps 3 & 4. I've closely examined all requests and responses using Fiddler, and there's no way to determine the randomly generated sub directory name ('GexeqO' in this particular case). It is different each transaction. Also note, this happens even when not overwriting existing entries. But I am using a transaction so that I don't get the 'key and certificate do not match' message. Any insights would be tremendously helpful.

 

Best,

Gary

0 REPLIES 0