Forum Discussion

mhite_60883's avatar
mhite_60883
Icon for Cirrocumulus rankCirrocumulus
Dec 30, 2012

certificate_check_validity() fails when not in folder

I'm trying to run:

 

Management::KeyCertificate::certificate_check_validity()

 

with an active folder of '/'. The list of certificates I pass to this method, however, includes certificates in various folders. (In other words, the certificates aren't in '/').

 

I receive an error of "Not found."

 

However, if I rewrite my code to iterate through each folder and perform the certificate_check_validity() while in the folder of the certificate, it works.

 

Bug? Am I approaching this wrong? My intent was to write the code to pull all certificates using "b.Management.KeyCertificate.get_certificate_list(mode="MANAGEMENT_MODE_DEFAULT")" while in "/" after having run "b.System.Session.set_recursive_query_state(state='STATE_ENABLED')". I then pull the cert_ids out of that and pass the list of those to certificate_check_validity(). My workaround of entering each individual folder is very slow, especially when run against my very large production clusters.

 

Thanks,

 

-M

 

3 Replies

  • Example debug logging:

     

     

     

     2012-12-30 10:56:00 DEBUG: Executing iControl method: Management.KeyCertificate.certificate_check_validity((), {'cert_ids': ['/Common/default', '/Common/ca-bundle', '/Common/f5-irule', '/Common/shared/digicert-intermediate', '/test1/wildcard.test1.test.com', '/test2/wildcard.test2.test.com', '/test2/wildcard.dev2-02.test.test.com', '/test/wildcard.test.test.test.com', '/sdaf/wildcard.test.test.com', '/test22/wildcard.test.test.com', '/test23/wildcard.test.test.com', '/test123/wildcard.test123.test.com', '/test123/wildcard.test123.test.com', '/test12345/wildcard.test12345.test.com', '/test1111/wildcard.test1111.test.com', '/test11112/wildcard.test11112.com', '/yaya/wildcard.dev1.yayya.test.com', '/lalalal/wildcard.lalala.test.com', '/yayayayay/wildcard.yayaya.test.com', '/jayaya/wildcard.jaye.test.com', '/asfdsaf/wildcard.asfsadfs.test.com', '/asdfsadfsa/wildcard.asdfsadfas.test.com', '/asdfasdfsda/wildcard.asdfsadfewqrwqe.test.com', '/sdfasdfasdfasdf/wildcard.sle.test.com', '/wqerweqr/wildcard.qwereqwr.test.com', '/sqwerile/wildcard.qwerqwerqwer.test.com', '/sqwerwqerqwertg/wildcard.qwerweqre.test.com', '/weqrewqrwqer/wildcard.qwerwqerqwer.test.com', '/qwerqwerqwer/wildcard.weqrweqrqwer.test.com', '/rtyrtyretyen/wildcard.retyrety.test.com', '/treyretye/wildcard.zoertyretyr.test.com', '/testcom/code.test.com'], 'mode': 'MANAGEMENT_MODE_DEFAULT', 'watermark_days': [30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30]}) 2012-12-30 10:56:01 ERROR: Server raised fault: 'Exception caught in Management::urn:iControl:Management/KeyCertificate::certificate_check_validity() Exception: Common::OperationFailed primary_error_code : -2 (0xFFFFFFFE) secondary_error_code : 0 error_string : Not Found' 

     

  • I just experienced the same problem and found this thread. Based upon your debugging output and the fact that I wrote my code (in perl) the same general way that you did, I'd say that we're definitely looking at a bug here. It certainly makes writing code to get a full list of certificates and exp dates on a partitioned system a pain.

     

    The question now is whether the good people here at DevCentral would be willing to fix it or tell us the reason that it is the way it is if not.