Options

Upload SSL certs via axapi v3.0

agomezagomez Member
edited December 2019 in ADC - Application Delivery

I have tried using the file/ssl-cert AXAPI 3.0 endpoint to upload an SSL cert, and have so far been unable to with either curl or Ansible.

curl -k -X POST -v \
  https://a10.example./axapi/v3/file/ssl-cert \
  -H "Authorization: A10 ${SIG}" \
  -H 'content-type: application/json' \
  -d '{
"ssl-cert": {
  "file": "example.com.crt",
  "certificate-type":"pem",
  "file-handle": "example.com.crt",
  "action": "import"
  }
}'

The response:

{ 
"response": {
  "status": "fail",
  "err": {
  "code": 1023590403,
  "from": "JSON",
  "msg": "Failed to handle field \"file-handle\". Incorrect file value.",
  "location": "ssl-cert.file-handle"
  }
  }

I see how this would fail, how could curl possibly know to upload this file handle, more so how would the API know to pull that file sitting on my local machine?

Is it not possible to upload an SSL cert via AXAPI? I see remote-file is an option but this does not work for us in our environment.

Tagged:

Answers

  • Options
    mdunnmdunn Member ✭✭

    I had a customer exploring this, and ultimately we came up with the following. The cert and key are pushed in two separate calls:

    SSL Cert Push

    curl -vvv -k -H "Authorization: A10 `./APIauthv3.sh 10.22.10.54`" -F "json=@filessl.json;type=application/json"  -F "file=@local_cert.pem;type=application/octet-stream" https://10.22.10.54/axapi/v3/file/ssl-cert


    SSL Key Push

    curl -vvv -k -H "Authorization: A10 `./APIauthv3.sh 10.22.10.54`" -F "json=@filessl_key.json;type=application/json"  -F "file=@local_key.pem;type=application/octet-stream" https://10.22.10.54/axapi/v3/file/ssl-key


    Attached is the Auth script as well as the filessl and filessl_key json files. The expected response is a HTTP/204. 

    axapi-files.zip


  • Options
    tacketacke Member

    Hi!

    This looks much like what I would like to accomplish. Thanks for the zip file with the helpful ideas.

    Here's, what's happening for me:

        - endpoint: /axapi/v3/file/ssl-cert
      http_method: POST
      request_body:
        file_name: test-hades-db-cert-2023
        ssl-cert:
          action: import
          file: test-hades-db-cert-2023
          file-handle: hades-db.gsi.de.pem
      response_body:
        response:
          err:
            code: 1023524874
            from: JSON
            location: ssl-cert.action
            msg: Failed to handle json field "action". JSON field cannot be handled. It might be undefined or disabled by other fields.
          status: fail
      status_code: 400

    If I remove the action field I get nearly the same error, just for file-handle. If I remove that, I get this:

          response_body:
        response:
          err:
            code: 1023459337
            from: BACKEND
            msg: Backend Error
          status: fail
      status_code: 400

    How is this supposed to work?

    (This is on ACOS 4.1.4, if that's important?)

  • Options
    mdunnmdunn Member ✭✭

    How are you performing the HTTP Request? I successfully tested this with CURL, but I have not extended the testing to other tools.

  • Options
    tacketacke Member

    I am using ansible with the official ansible collection from a10 https://galaxy.ansible.com/a10/acos_axapi.

    A kind engineer from A10 helped us analyze this in more detail and we finally we found, that the respective module needs file and file_handle being the same.

    This looks like this then:

        - name: "Configure SSL Certificate"
      a10.acos_axapi.a10_file_ssl_cert:
        state: present
        action: import
        certificate_type: pem
        file:        "test-cert-2023"
        file_handle: "test-cert-2023"
        file_path: "/tmp/netlb-certs/sometest.pem"

    file_handle usually should be the name of the uploaded (source) file. But the ansible module sets the source file name in the POST to be the value of the file attribute here.

Sign In or Register to comment.