Upload SSL certs via axapi v3.0

agomezagomez Member
edited December 2019 in ADC - Application Delivery

I have tried using the file/ssl-cert AXAPI 3.0 endpoint to upload an SSL cert, and have so far been unable to with either curl or Ansible.

curl -k -X POST -v \
  https://a10.example./axapi/v3/file/ssl-cert \
  -H "Authorization: A10 ${SIG}" \
  -H 'content-type: application/json' \
  -d '{
"ssl-cert": {
  "file": "example.com.crt",
  "certificate-type":"pem",
  "file-handle": "example.com.crt",
  "action": "import"
  }
}'

The response:

{ 
"response": {
  "status": "fail",
  "err": {
  "code": 1023590403,
  "from": "JSON",
  "msg": "Failed to handle field \"file-handle\". Incorrect file value.",
  "location": "ssl-cert.file-handle"
  }
  }

I see how this would fail, how could curl possibly know to upload this file handle, more so how would the API know to pull that file sitting on my local machine?

Is it not possible to upload an SSL cert via AXAPI? I see remote-file is an option but this does not work for us in our environment.

Tagged:

Answers

  • mdunnmdunn Member, A10ers ✭✭✭

    I had a customer exploring this, and ultimately we came up with the following. The cert and key are pushed in two separate calls:

    SSL Cert Push

    curl -vvv -k -H "Authorization: A10 `./APIauthv3.sh 10.22.10.54`" -F "json=@filessl.json;type=application/json"  -F "file=@local_cert.pem;type=application/octet-stream" https://10.22.10.54/axapi/v3/file/ssl-cert


    SSL Key Push

    curl -vvv -k -H "Authorization: A10 `./APIauthv3.sh 10.22.10.54`" -F "json=@filessl_key.json;type=application/json"  -F "file=@local_key.pem;type=application/octet-stream" https://10.22.10.54/axapi/v3/file/ssl-key


    Attached is the Auth script as well as the filessl and filessl_key json files. The expected response is a HTTP/204. 

    axapi-files.zip


  • tacketacke Member

    Hi!

    This looks much like what I would like to accomplish. Thanks for the zip file with the helpful ideas.

    Here's, what's happening for me:

        - endpoint: /axapi/v3/file/ssl-cert
      http_method: POST
      request_body:
        file_name: test-hades-db-cert-2023
        ssl-cert:
          action: import
          file: test-hades-db-cert-2023
          file-handle: hades-db.gsi.de.pem
      response_body:
        response:
          err:
            code: 1023524874
            from: JSON
            location: ssl-cert.action
            msg: Failed to handle json field "action". JSON field cannot be handled. It might be undefined or disabled by other fields.
          status: fail
      status_code: 400

    If I remove the action field I get nearly the same error, just for file-handle. If I remove that, I get this:

          response_body:
        response:
          err:
            code: 1023459337
            from: BACKEND
            msg: Backend Error
          status: fail
      status_code: 400

    How is this supposed to work?

    (This is on ACOS 4.1.4, if that's important?)

  • mdunnmdunn Member, A10ers ✭✭✭

    How are you performing the HTTP Request? I successfully tested this with CURL, but I have not extended the testing to other tools.

  • tacketacke Member

    I am using ansible with the official ansible collection from a10 https://galaxy.ansible.com/a10/acos_axapi.

    A kind engineer from A10 helped us analyze this in more detail and we finally we found, that the respective module needs file and file_handle being the same.

    This looks like this then:

        - name: "Configure SSL Certificate"
      a10.acos_axapi.a10_file_ssl_cert:
        state: present
        action: import
        certificate_type: pem
        file:        "test-cert-2023"
        file_handle: "test-cert-2023"
        file_path: "/tmp/netlb-certs/sometest.pem"

    file_handle usually should be the name of the uploaded (source) file. But the ansible module sets the source file name in the POST to be the value of the file attribute here.

  • lavilavi Member

    Did you managed to upload the cert file using CURL? can you share the command you used?

  • mdunnmdunn Member, A10ers ✭✭✭
    edited March 31

    Can you try these CURL commands?

    SSL Cert Push
    curl -vvv -k -H "Authorization: A10 ./APIauthv3.sh 10.22.10.54" -F "json=@filessl.json;type=application/json" -F "file=@local_cert.pem;type=application/octet-stream" https://10.22.10.54/axapi/v3/file/ssl-cert

    SSL Key Push
    curl -vvv -k -H "Authorization: A10 ./APIauthv3.sh 10.22.10.54" -F "json=@filessl_key.json;type=application/json" -F "file=@local_key.pem;type=application/octet-stream" https://10.22.10.54/axapi/v3/file/ssl-key

    The APIauth script is posted above in the answers section as well.

  • lavilavi Member

    Thanks for the fast reply, but the axapi-file.zip file is not reachable… so I can't tell what is:

    filessl_key.json

    No issue for APIauthv3.sh script, as this just get a TOKEN from A10, which I know how to get it.

  • john_allenjohn_allen Member, A10ers ✭✭
    edited April 2

    @filessl.json contains something like this:

    { "ssl-cert": { "certificate-type": "pem", "file": "cert1", "file-handle": "lab1.pem", "action": "import" }}

    Or you can just add the JSON directly as long as the quotes are properly escaped.

    @filessl_key.json contains something like this:

    { "ssl-key": { "file": "cert1-key", "file-handle": "lab1-key.pem", "action": "import" }}

    'file' will be the name on the Thunder node, 'file-handle' is the name of the local file defined in the second part of the call.

  • lavilavi Member

    Thanks it is working now.

    Just one note, file-handle value on json file should be the file name only without the full path.

    Thanks for your help!

  • john_allenjohn_allen Member, A10ers ✭✭

    Yes, thank you for clarifying :) These are multi-part HTTP calls: first part is the JSON struct, and the second part is the actual file contents.

Sign In or Register to comment.

© Copyright 2025 - A10 Networks Community - All Rights Reserved. | Legal