Forum Discussion

Aaron_McMahon_2's avatar
Aaron_McMahon_2
Icon for Nimbostratus rankNimbostratus
Jun 07, 2006

Problems adding SSL certs through iControl

I'm uploading an SSL certificate and a key separately using the "upload_file()" command. That works fine.

 

 

But when I use "certificate_import_from_file()", I get a faultcode response from the server with this error_string:

 

 

PEM routines:PEM_read_bio:no start line

 

 

The primary_error_code is -7.

 

 

This same error occurs on both the .crt and .key files (the latter uses the key_import_from_file(), of course). At first, I had been base64 encoding the files until I opened them in a text editor and noticed they already were base64 encoded. So I tried sending them straight through without encoding during the upload process, then running the import commands. Exact same error.

 

 

Any ideas?

 

 

Thanks...

 

- Aaron

 

dev
devops
iControl

1 Reply

Sort By
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Jun 13, 2006
    Are your certificates in PEM format?

     

     

    This is from the Local Traffic Configuration Guide for BIG-IP v9.2.2

     

     

    Importing keys, certificates, and archives

     

     

    If you have transferred a key/certificate pair, a certificate, or a key/certificate archive onto the LTM system from another system, and the certificate or archive is in the form of a file or a base-64 encoded text string, you can import this certificate or archive into the Configuration utility. By importing a certificate or archive into the Configuration utility, you ease the task of managing that certificate or archive. You can use the Import SSL Certificates and Keys screen only when the certificate you are importing is in Privacy Enhanced Mail (PEM) format.

     

     

    From the looks of your error message, the input format is incorrect. If I were you I'd try to get the import working from the GUI first. There may be some more error reporting in there. If all else fails, F5 Product Technical Support could probably help you out.

     

     

    -Joe