cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to extract key information from \"/config/filestore/files_d/partition_d/ to /var/system/tmp/t

gtsg86
Altostratus
Altostratus

Hi,

I am trying to create a csr from an existing key  using:

device = bigip.BIGIP(lb,uname,pwd)

csr_created = device.create(f'/mgmt/tm/sys/crypto/csr', csr_o)

where csr is :

csr_o = {'name': f'/{partition_name}/{xl_cert_name}',
'partition': cert.name.split('/')[1],
'adminEmailAddress': email,
'city': cert.city,
'commonName': xl_cert_name,
'country': cert.country,
'emailAddress': email,
'key': key.name,
'organization': cert.organization,
'subjectAlternativeName': cert.subjectAlternativeName,
'sourcePath': f'/config/ssl/ssl.csr/'}

I got the error:

bigrest.common.exceptions.RESTAPIError:
Status:
400
Response Body:
{
"code": 400,
"message": "Unable to extract key information from \"/config/filestore/files_d/GCMS_PROD_d/certificate_key_d/:GCMS_PROD:gcdocs-gcms.apps.ci.gc.ca_78757_1\"to \"/var/system/tmp/tmsh/U5XCTm/ssl.key//GCMS_PROD/gcdocs-gcms.apps.ci.gc.ca\"",
"errorStack": [],
"apiError": 26214401
}

Please some can help me to solve this error

2 ACCEPTED SOLUTIONS

VernonWells
F5 Employee
F5 Employee

Have you tried using the DELETE method on the existing CSR, rather than deleting it using tmsh?  The iControlREST API for /tm/sys/crypto/csr appears to support that method.

View solution in original post

oh! yes I understood the process.

to Renew the csr and keep the same key and cert,  delete the csr and create a new one :

1) delete the old CSR:

csr1 = mgmt.tm.sys.file.ssl_csrs.ssl_csr.load(name=csr_found['name'], partition=partition_name)
csr1.delete()

2) create a new one,  by specifying the key location

csr = mgmt.tm.util.bash.exec_cmd('run',
utilCmdArgs=f"-c 'tmsh create sys crypto csr /{name[1]}/{name[2]} "
f"admin-email-address \"{email}\" "
f"city \"{cert_found['city']}\" "
f"common-name \"{name[2]}\" "
f"country \"{cert_found['country']}\" "
f"email-address \"{email}\" "
f"key \"{key_found['name']}\" "
f"organization \"{cert_found['organization']}\" "
f"state \"{cert_found['state']}\" "
f"subject-alternative-name \"{cert_found['subjectAlternativeName']}\" "
f"'")

 

Thank you @VernonWells

View solution in original post

4 REPLIES 4

VernonWells
F5 Employee
F5 Employee

Are there any errors in /var/log/restjavad.log.0 or /var/log/ltm after you make the request?

Hi  VernonWells,

I looked at the log, i found nothing.

I want to automatise the task of renewing a cert. to do that I want to create a csr based on the existing key.

so i delete the old csr and with this line i want to create a new one. in the lab env that work but not in prod  :

mgmt.tm.util.bash.exec_cmd('run',
utilCmdArgs=f"-c 'tmsh create sys crypto csr {key_found['name']} "
f"admin-email-address \"{csr['adminEmailAddress']}\" "
f"city \"{csr['city']}\" "
f"common-name \"{csr['commonName']}\" "
f"country \"{csr['country']}\" "
f"email-address \"{csr['emailAddress']}\" "
f"key \"{csr['key']}\" "
f"organization \"{csr['organization']}\" "
f"state \"{csr['state']}\" "
f"subject-alternative-name \"{csr['subjectAlternativeName']}\" "

f"'")

i use the python f5.bigip library

thanks

VernonWells
F5 Employee
F5 Employee

Have you tried using the DELETE method on the existing CSR, rather than deleting it using tmsh?  The iControlREST API for /tm/sys/crypto/csr appears to support that method.

oh! yes I understood the process.

to Renew the csr and keep the same key and cert,  delete the csr and create a new one :

1) delete the old CSR:

csr1 = mgmt.tm.sys.file.ssl_csrs.ssl_csr.load(name=csr_found['name'], partition=partition_name)
csr1.delete()

2) create a new one,  by specifying the key location

csr = mgmt.tm.util.bash.exec_cmd('run',
utilCmdArgs=f"-c 'tmsh create sys crypto csr /{name[1]}/{name[2]} "
f"admin-email-address \"{email}\" "
f"city \"{cert_found['city']}\" "
f"common-name \"{name[2]}\" "
f"country \"{cert_found['country']}\" "
f"email-address \"{email}\" "
f"key \"{key_found['name']}\" "
f"organization \"{cert_found['organization']}\" "
f"state \"{cert_found['state']}\" "
f"subject-alternative-name \"{cert_found['subjectAlternativeName']}\" "
f"'")

 

Thank you @VernonWells