Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Rotate SSL Cert and Encrypted Key with iControl REST API

Ross_Beehler
Nimbostratus
Nimbostratus

‎13-Nov-2021 10:32 - last edited on ‎05-Jun-2023 16:24 by Fog

I'm trying to rotate SSL Certs and Encrypted Keys (i.e. those protected with a passphrase) using the iControl REST API. If the Cert and Key are in use on a Client SSL Profile (the very normal situation), I get the error "error:0906A068:PEM routines:PEM_do_header:bad password read" when patching 

/mgmt/tm/sys/file/ssl-key
. What is the correct procedure to rotate in this scenario?

Also, since I believe I have to update the passphrase on the Client SSL Profile, does that mean there may be a downtime for any Virtual Servers using that profile? I see a warning about this in K15462: Managing SSL certificates for BIG-IP systems using tmsh but not in K14620: Manage SSL certificates for BIG-IP systems using the Configuration utility, though neither of those articles speak to the iControl REST API.

Labels:
0 Kudos
1 REPLY 1

Nik
Cirrus
Cirrus

‎04-Apr-2022 11:49

Did you end up figuring this out?  I have a similar issue, when trying to install a new cert + key using the api that are different from what currently exists on the f5 -

"code": 400,
"message": "01070317:3: profile /Common/foo.com's key(/Common/foo.com) and certificate(/Common/foo.com) do not match.",
"errorStack": [],
"apiError": 3

 

0 Kudos
Copyright © 2023 Khoros, LLC