Upload SSL certs via axapi v3.0

agomez

I have tried using the file/ssl-cert AXAPI 3.0 endpoint to upload an SSL cert, and have so far been unable to with either curl or Ansible.

curl -k -X POST -v \
  https://a10.example./axapi/v3/file/ssl-cert \
  -H "Authorization: A10 ${SIG}" \
  -H 'content-type: application/json' \
  -d '{
"ssl-cert": {
  "file": "example.com.crt",
  "certificate-type":"pem",
  "file-handle": "example.com.crt",
  "action": "import"
  }
}'

The response:

{ 
"response": {
  "status": "fail",
  "err": {
  "code": 1023590403,
  "from": "JSON",
  "msg": "Failed to handle field \"file-handle\". Incorrect file value.",
  "location": "ssl-cert.file-handle"
  }
  }

I see how this would fail, how could curl possibly know to upload this file handle, more so how would the API know to pull that file sitting on my local machine?

Is it not possible to upload an SSL cert via AXAPI? I see remote-file is an option but this does not work for us in our environment.

mdunn

I had a customer exploring this, and ultimately we came up with the following. The cert and key are pushed in two separate calls:

SSL Cert Push

curl -vvv -k -H "Authorization: A10 `./APIauthv3.sh 10.22.10.54`" -F "json=@filessl.json;type=application/json"  -F "file=@local_cert.pem;type=application/octet-stream" https://10.22.10.54/axapi/v3/file/ssl-cert

SSL Key Push

curl -vvv -k -H "Authorization: A10 `./APIauthv3.sh 10.22.10.54`" -F "json=@filessl_key.json;type=application/json"  -F "file=@local_key.pem;type=application/octet-stream" https://10.22.10.54/axapi/v3/file/ssl-key

Attached is the Auth script as well as the filessl and filessl_key json files. The expected response is a HTTP/204. 

axapi-files.zip

tacke

Hi!

This looks much like what I would like to accomplish. Thanks for the zip file with the helpful ideas.

Here's, what's happening for me:

    - endpoint: /axapi/v3/file/ssl-cert
      http_method: POST
      request_body:
        file_name: test-hades-db-cert-2023
        ssl-cert:
          action: import
          file: test-hades-db-cert-2023
          file-handle: hades-db.gsi.de.pem
      response_body:
        response:
          err:
            code: 1023524874
            from: JSON
            location: ssl-cert.action
            msg: Failed to handle json field "action". JSON field cannot be handled. It might be undefined or disabled by other fields.
          status: fail
      status_code: 400

If I remove the action field I get nearly the same error, just for file-handle. If I remove that, I get this:

      response_body:
        response:
          err:
            code: 1023459337
            from: BACKEND
            msg: Backend Error
          status: fail
      status_code: 400

How is this supposed to work?

(This is on ACOS 4.1.4, if that's important?)

mdunn

How are you performing the HTTP Request? I successfully tested this with CURL, but I have not extended the testing to other tools.

tacke

I am using ansible with the official ansible collection from a10 https://galaxy.ansible.com/a10/acos_axapi.

A kind engineer from A10 helped us analyze this in more detail and we finally we found, that the respective module needs file and file_handle being the same.

This looks like this then:

    - name: "Configure SSL Certificate"
      a10.acos_axapi.a10_file_ssl_cert:
        state: present
        action: import
        certificate_type: pem
        file:        "test-cert-2023"
        file_handle: "test-cert-2023"
        file_path: "/tmp/netlb-certs/sometest.pem"

file_handle usually should be the name of the uploaded (source) file. But the ansible module sets the source file name in the POST to be the value of the file attribute here.