Trouble creating key/CSR through iControl as user with Certificate Manager role
We have to create a key and CSR separately, instead of using the gen-scr option when creating the key. This works fine when run as an administrator, but when using the same REST-calls as a user with Certificate Manager role we get different errors depending on version used.
On version 13.1.1.5 the key-creation fails with a 400-error - "Key management library returned bad status: -4, Invalid Parameter"
On version 14.1.2.1 key-creation works fine, but CSR-creation fails with a different 400-error - "Key management library returned bad status: -7, error:0906D06C:PEM routines:PEM_read_bio:no start line"
We're using the f5-icontrol-rest-python library directly, since the f5-python-sdk doesn't seem to have any methods for generation CSRs as far as we can see.
Code:
icr_session = iControlRESTSession(bigip_username, bigip_password, token=True)
icr_session.post('https://'+bigip_host+'/mgmt/tm/sys/crypto/key/',\
json={'name':cn+'.key',
'commonName':cn,
'partition':partition,
})
icr_session.post('https://'+bigip_host+'/mgmt/tm/sys/crypto/csr',\
json={'name':cn+'.csr',
'commonName':cn,
'partition':partition,
'key':cn+'.key',
})