Forum Discussion
3 Replies
Sort By
- I know it's a longshot, but does the user that you are using have access rights for that file?
- IanBEmployee
Just to confirm, is the file /var/tmp/test.crt located on the BigIP that you sent the request to ?
This is what should happen - perhaps it will help identify what's different in your scenario:
Initially no certificate exists, and when we make that REST call, we get the 404 error that you're seeing, as expected: [root@ltm-1160-pair-61:Active:Changes Pending] config ls -l /var/tmp/test.crt ls: /var/tmp/test.crt: No such file or directory [root@ltm-1160-pair-61:Active:Changes Pending] config curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://localhost/mgmt/tm/sys/crypto/cert -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}' {"code":404,"message":"Failed to open /var/tmp/test.crt","errorStack":[]} Now I feed it an invalid (empty file) certificate, and get a 400 result: [root@ltm-1160-pair-61:Active:Changes Pending] config touch /var/tmp/test.crt [root@ltm-1160-pair-61:Active:Changes Pending] config curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://localhost/mgmt/tm/sys/crypto/cert -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}' {"code":400,"message":"01070712:3: unable to validate certificate, invalid x509 file (/Common/test.crt).","errorStack":[]} Then I create a valid certificate, and give it that, and we get a successful result ... [root@ltm-1160-pair-61:Active:Changes Pending] config cp /config/ssl/ssl.crt/default.crt /var/tmp/test.crt [root@ltm-1160-pair-61:Active:Changes Pending] config curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://localhost/mgmt/tm/sys/crypto/cert -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}' {"kind":"tm:sys:crypto:cert:installstate","command":"install","name":"test","from-local-file":"/var/tmp/test.crt"} .. which can be verified using tmsh: [root@ltm-1160-pair-61:Active:Changes Pending] config tmsh list sys file ssl-cert test.crt issuer sys file ssl-cert test.crt { issuer emailAddress=root@localhost.localdomain,CN=localhost.localdomain,OU=IT,O=MyCompany,L=Seattle,ST=WA,C=US }
- Do you have the cert / key already in /var/tmp ? This method requires the cert / key to already been uploaded into the F5 If it's there, then the permissions of the cert / key are the issue Cheers Steve