Forum Discussion

Patrik_Jonsson1's avatar
Patrik_Jonsson1
Icon for Altocumulus rankAltocumulus
Apr 26, 2017

Demystifying the iControl Rest API documentation

Hi!

 

Just started to dabble with the REST interface and so far it's been going great, but I've run into some problems with decrypting the API documentation.

 

Looking at the doc for client SSL profiles I can see many options and I assume that most of them is just a matter of adding a key/value. However, when looking at the cert, key and chain they have been deprecated in favor of cert-key-chain.

 

And information regarding that one is kept at the bottom of the page. The information says "array_structure". Not very helpful.

 

So, could anyone please help me by explaining how to interpret the page? My end-goal is to create a client SSL profile with a certificate, key and chain.

 

https://devcentral.f5.com/wiki/iControlREST.APIRef_tm_ltm_profile_client-ssl.ashx

 

/Patrik

 

Ps. The property called authenticate does not have a default, but the description says "Specifies frequency of authentication. The default value is once.". Sounds like a default to me? Ds.

 

devops
iControlREST

3 Replies

Sort By
  • Ed_Summers's avatar
    Ed_Summers
    Icon for Nimbostratus rankNimbostratus
    Apr 26, 2017

    I'm probably no help at all here as my iCR skills are still budding. I lean heavily on the Python SDK and haven't touched raw iCR calls in a while. The Py SDK returns this as a list of dicts. I believe iCR uses json so this may simply be a json array with each element holding the values for the cert-key-chain (key, cert, chain, name) (There is also a reference link for the cert and key).

     

    Keeping an eye on this for the smart answers that come in.

     

  • Patrik_Jonsson's avatar
    Patrik_Jonsson
    Icon for MVP rankMVP
    Apr 28, 2017

    Hi Ed!

     

    That's a good idea! Reverse engineering is bound to give me the answers. If that's the main go-to solution I'd be a bit disappointed though.

     

    /Patrik

     

  • Patrik_Jonsson's avatar
    Patrik_Jonsson
    Icon for MVP rankMVP
    Jun 21, 2017

    To anyone reading this in the same situation. Might seem obvious (I missed it though), but the easiest way is to reverse engineer the objects by retrieving current configuration.

    Example:

    curl -sku user:password https://localhost/mgmt/tm/ltm/profile/client-ssl/ | json-format

      ...Previous config omitted
      "certKeyChain": [
        {
          "name": "default",
          "cert": "/Common/default.crt",
          "certReference": {
            "link": "https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~default.crt?ver\u003d12.1.2"
          },
          "key": "/Common/default.key",
          "keyReference": {
            "link": "https://localhost/mgmt/tm/sys/file/ssl-key/~Common~default.key?ver\u003d12.1.2"
          }
        }

    Remove the reference properties and you are good to go!

    /Patrik