Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

REST API documentation Certificate Order Manager

restwell
Nimbostratus
Nimbostratus

‎04-May-2020 05:25 - last edited on ‎14-Dec-2022 08:51 by Fog

Hello guys,

I am in the progress of automating my certificate deployment on big ip. Because I am a customer at Sectigo (Comodo) I am using the new Certificate Order Manager feature (new since 15.0). Ofcourse, because I'm automating things, I started to learn how to talk to REST API's and so far I'm enjoying it but I feel the documentation is not what it should be.... Or that I might be missing something...

In this specific instance I generated a crypto key and csr and I found the "certOrderManager" property fairly quickly although it is not documented on https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_sys_crypto_key.html. It was a shot in the dark, but it worked.

However, after generating the CSR I need to tell the big-ip to request the certificate from Sectigo. it took me a few hours to finally find a solution on how to change its status to "New" so my big-ip does a call to Sectigo and requests the certificate.

All I had to do was send this piece of code to /mgmt/tm/sys/crypto/key/~resource id:

   "certOrderManager": {
       "My-Cert-Order-Manager-Profile": {
           "order-type": "new"
       }
   }

I tried this code because after searching for hours I decided to dig in the tmsh help (just on the box using ?) and just try until I found it.

Now my question: how do you find all the properties you need to configure? Are you supposed to do some guessing based on tmsh commands or am I missing a very important resource? For instance when I did a GET for this CertOrderManager I was only returned statistics, no properties like "order-type".

Labels:
0 Kudos
4 REPLIES 4

Mathieu_Sturm
Nimbostratus
Nimbostratus

‎19-Oct-2021 04:21

Did you ever got this to work? I can create and revoke certificates through Sectigo. The renew function doesn't work. Is this working for you?

0 Kudos

restwell
Nimbostratus
Nimbostratus
In response to Mathieu_Sturm

‎19-Oct-2021 04:40

Hi Mathieu, yes I got it to work.

 

I however didn't trust the auto renew function (mostly due to the 5 certificates per 1 minute limitation of Sectigo and the fact that I have +/- 1500 certificates expiring on the same date) so I created a script to renew them before they expire. I have 20 less important certificates expiring by the end of november, they will be my test case for the renew function....

 

What specific issue do you have?

0 Kudos

Mathieu_Sturm
Nimbostratus
Nimbostratus

‎19-Oct-2021 04:54

After manually selecting Renew I get an error which says "Wrong method or empty parameter supplied". Is it possible to send me a screenshot of your configuration in the Certificate Order Manager List?

My email address is mathieu.sturm@hogent.be

0 Kudos

restwell
Nimbostratus
Nimbostratus
In response to Mathieu_Sturm

‎19-Oct-2021 05:27

You are correct, I'm seeing the same issue. Likely a bug:

 

Order Status   Auto Renew Order Rejected

Response:   

code   -14.0

description   Wrong method or empty parameter supplied

0 Kudos
Copyright © 2023 Khoros, LLC