"code":404,"message":"Failed to open REST when trying to install certificate

Question

I am trying to install SSL certificate and key using a rest call:&nbsp;
https://devcentral.f5.com/questions/upload-ssl-keys-certs-via-icontrol-rest-api&nbsp;
but i keep getting this error:&nbsp;
{"code":404,"message":"Failed to open /var/tmp/certname.crt,"errorStack":[]}&nbsp;

prole92_221949 · Answer

I know it's a longshot, but does the user that you are using have access rights for that file?

ianb · Answer

Just to confirm, is the file /var/tmp/test.crt located on the BigIP that you sent the request to ?&nbsp;This is what should happen - perhaps it will help identify what's different in your scenario:&nbsp; Initially no certificate exists, and when we make that REST call, we get the 404 error that you're seeing, as expected:

[root@ltm-1160-pair-61:Active:Changes Pending] config  ls -l /var/tmp/test.crt
ls: /var/tmp/test.crt: No such file or directory

[root@ltm-1160-pair-61:Active:Changes Pending] config  curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://localhost/mgmt/tm/sys/crypto/cert -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}'
{"code":404,"message":"Failed to open /var/tmp/test.crt","errorStack":[]}

Now I feed it an invalid (empty file) certificate, and get a 400 result:

[root@ltm-1160-pair-61:Active:Changes Pending] config  touch /var/tmp/test.crt

[root@ltm-1160-pair-61:Active:Changes Pending] config  curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://localhost/mgmt/tm/sys/crypto/cert -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}'
{"code":400,"message":"01070712:3: unable to validate certificate, invalid x509 file (/Common/test.crt).","errorStack":[]}

Then I create a valid certificate, and give it that, and we get a successful result ...

[root@ltm-1160-pair-61:Active:Changes Pending] config  cp /config/ssl/ssl.crt/default.crt /var/tmp/test.crt
[root@ltm-1160-pair-61:Active:Changes Pending] config  curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://localhost/mgmt/tm/sys/crypto/cert -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}'
{"kind":"tm:sys:crypto:cert:installstate","command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}

.. which can be verified using tmsh:

[root@ltm-1160-pair-61:Active:Changes Pending] config  tmsh list sys file ssl-cert test.crt issuer
sys file ssl-cert test.crt {
    issuer emailAddress=root@localhost.localdomain,CN=localhost.localdomain,OU=IT,O=MyCompany,L=Seattle,ST=WA,C=US
}

steve_laffan_11 · Answer

Do you have the cert / key already in /var/tmp ?
This method requires the cert / key to already been uploaded into the F5
If it's there, then the permissions of the cert / key are the issue

Cheers
Steve

Forum Discussion

"code":404,"message":"Failed to open REST when trying to install certificate

3 Replies

Recent Discussions

About custome Response Blocking Page

About IPI check ip list

Cookie Violation - Expired TimeStamp.

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

CGNAT with DS-lite and LSN

Related Content

"code":404,"message":"Failed to open REST when trying to install certificate

Client ssl certification bulk installation

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP