Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Cert Invalid Parameter

I am getting a 400 response from the /mgmt/tm/sys/crypto/cert endpoint.

The body I am passing is: {"command":"install","name":"testdomain","from-local-file":"/var/config/rest/downloads/testdomain.key"}. The file exists and if I remove the file, I get an error that the file could not be copied, so I think this actually is copying this file.

The response body is: Key management library returned bad status: -4, Invalid Parameter.

Any help would be really appreciated. I am following the instruction here, but I am using token auth: https://devcentral.f5.com/questions/upload-ssl-keys-certs-via-icontrol-rest-api

This could be related to the issue I am having with uploading files, I opened a question here: https://devcentral.f5.com/questions/unable-to-upload-file-through-icontrol-rest-interface-49232

0
Rate this Question
Comments on this Question
Comment made 12-Oct-2016 by Jason Rahm

I'm not sure what version you are on, but I had problems with the sys/crypto methods. Try using the /sys/file/ssl-key and /sys/file/ssl-cert methods instead.

0
Comment made 14-Oct-2016 by Grant Joy 85

This has been tested on 12 and 12.1. It seems to work fine without token auth (see my other comment). I can try your recommended method instead though and see what happens.

0
Comment made 14-Oct-2016 by Jason Rahm

i'll test with tacacs on Monday and let you know as well. Away from office today.

0
Comment made 16-Oct-2016 by Robert 534

Hi,Jason

TMSH command :delete net ipsec ipsec-sa

I want to delete all spi or esp under :

https://1.1.1.1/mgmt/tm/net/ipsec/ipsec-sa/

it seems delete https://1.1.1.1/mgmt/tm/net/ipsec/ipsec-sa/ doesn't work

which URL should I use?

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I believe this was a permission issue. I believe that the user I was trying failed. I ended up abandoning token auth and used a different user with basic auth and this started working.

0