Forum Discussion

restwell's avatar
restwell
Icon for Nimbostratus rankNimbostratus
May 04, 2020

REST API documentation Certificate Order Manager

Hello guys,

I am in the progress of automating my certificate deployment on big ip. Because I am a customer at Sectigo (Comodo) I am using the new Certificate Order Manager feature (new since 15.0). Ofcourse, because I'm automating things, I started to learn how to talk to REST API's and so far I'm enjoying it but I feel the documentation is not what it should be.... Or that I might be missing something...

In this specific instance I generated a crypto key and csr and I found the "certOrderManager" property fairly quickly although it is not documented on https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_sys_crypto_key.html. It was a shot in the dark, but it worked.

However, after generating the CSR I need to tell the big-ip to request the certificate from Sectigo. it took me a few hours to finally find a solution on how to change its status to "New" so my big-ip does a call to Sectigo and requests the certificate.

All I had to do was send this piece of code to /mgmt/tm/sys/crypto/key/~resource id:

   "certOrderManager": {
       "My-Cert-Order-Manager-Profile": {
           "order-type": "new"
       }
   }

I tried this code because after searching for hours I decided to dig in the tmsh help (just on the box using ?) and just try until I found it.

Now my question: how do you find all the properties you need to configure? Are you supposed to do some guessing based on tmsh commands or am I missing a very important resource? For instance when I did a GET for this CertOrderManager I was only returned statistics, no properties like "order-type".

4 Replies

  • Did you ever got this to work? I can create and revoke certificates through Sectigo. The renew function doesn't work. Is this working for you?

    • restwell's avatar
      restwell
      Icon for Nimbostratus rankNimbostratus

      Hi Mathieu, yes I got it to work.

       

      I however didn't trust the auto renew function (mostly due to the 5 certificates per 1 minute limitation of Sectigo and the fact that I have +/- 1500 certificates expiring on the same date) so I created a script to renew them before they expire. I have 20 less important certificates expiring by the end of november, they will be my test case for the renew function....

       

      What specific issue do you have?

  • After manually selecting Renew I get an error which says "Wrong method or empty parameter supplied". Is it possible to send me a screenshot of your configuration in the Certificate Order Manager List?

    My email address is mathieu.sturm@hogent.be

    • restwell's avatar
      restwell
      Icon for Nimbostratus rankNimbostratus

      You are correct, I'm seeing the same issue. Likely a bug:

       

      Order Status   Auto Renew Order Rejected

      Response:   

      code   -14.0

      description   Wrong method or empty parameter supplied