Forum Discussion
IanB
Mar 19, 2016Employee
Just to confirm, is the file /var/tmp/test.crt located on the BigIP that you sent the request to ?
This is what should happen - perhaps it will help identify what's different in your scenario:
Initially no certificate exists, and when we make that REST call, we get the 404 error that you're seeing, as expected:
[root@ltm-1160-pair-61:Active:Changes Pending] config ls -l /var/tmp/test.crt
ls: /var/tmp/test.crt: No such file or directory
[root@ltm-1160-pair-61:Active:Changes Pending] config curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://localhost/mgmt/tm/sys/crypto/cert -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}'
{"code":404,"message":"Failed to open /var/tmp/test.crt","errorStack":[]}
Now I feed it an invalid (empty file) certificate, and get a 400 result:
[root@ltm-1160-pair-61:Active:Changes Pending] config touch /var/tmp/test.crt
[root@ltm-1160-pair-61:Active:Changes Pending] config curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://localhost/mgmt/tm/sys/crypto/cert -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}'
{"code":400,"message":"01070712:3: unable to validate certificate, invalid x509 file (/Common/test.crt).","errorStack":[]}
Then I create a valid certificate, and give it that, and we get a successful result ...
[root@ltm-1160-pair-61:Active:Changes Pending] config cp /config/ssl/ssl.crt/default.crt /var/tmp/test.crt
[root@ltm-1160-pair-61:Active:Changes Pending] config curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://localhost/mgmt/tm/sys/crypto/cert -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}'
{"kind":"tm:sys:crypto:cert:installstate","command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}
.. which can be verified using tmsh:
[root@ltm-1160-pair-61:Active:Changes Pending] config tmsh list sys file ssl-cert test.crt issuer
sys file ssl-cert test.crt {
issuer emailAddress=root@localhost.localdomain,CN=localhost.localdomain,OU=IT,O=MyCompany,L=Seattle,ST=WA,C=US
}