Upload SSL certs via axapi v3.0

I have tried using the file/ssl-cert AXAPI 3.0 endpoint to upload an SSL cert, and have so far been unable to with either curl or Ansible.

curl -k -X POST -v \
  https://a10.example./axapi/v3/file/ssl-cert \
  -H "Authorization: A10 ${SIG}" \
  -H 'content-type: application/json' \
  -d '{
"ssl-cert": {
  "file": "example.com.crt",
  "certificate-type":"pem",
  "file-handle": "example.com.crt",
  "action": "import"
  }
}'

The response:

{ 
"response": {
  "status": "fail",
  "err": {
  "code": 1023590403,
  "from": "JSON",
  "msg": "Failed to handle field \"file-handle\". Incorrect file value.",
  "location": "ssl-cert.file-handle"
  }
  }

I see how this would fail, how could curl possibly know to upload this file handle, more so how would the API know to pull that file sitting on my local machine?
Is it not possible to upload an SSL cert via AXAPI? I see remote-file is an option but this does not work for us in our environment.

I had a customer exploring this, and ultimately we came up with the following. The cert and key are pushed in two separate calls:

SSL Cert Push

curl -vvv -k -H "Authorization: A10 `./APIauthv3.sh 10.22.10.54`" -F "json=@filessl.json;type=application/json"  -F "file=@local_cert.pem;type=application/octet-stream" https://10.22.10.54/axapi/v3/file/ssl-cert

SSL Key Push

curl -vvv -k -H "Authorization: A10 `./APIauthv3.sh 10.22.10.54`" -F "json=@filessl_key.json;type=application/json"  -F "file=@local_key.pem;type=application/octet-stream" https://10.22.10.54/axapi/v3/file/ssl-key

Attached is the Auth script as well as the filessl and filessl_key json files. The expected response is a HTTP/204.

axapi-files.zip (676 Bytes)

Hi!
This looks much like what I would like to accomplish. Thanks for the zip file with the helpful ideas.
Here’s, what’s happening for me:

    - endpoint: /axapi/v3/file/ssl-cert
      http_method: POST
      request_body:
        file_name: test-hades-db-cert-2023
        ssl-cert:
          action: import
          file: test-hades-db-cert-2023
          file-handle: hades-db.gsi.de.pem
      response_body:
        response:
          err:
            code: 1023524874
            from: JSON
            location: ssl-cert.action
            msg: Failed to handle json field "action". JSON field cannot be handled. It might be undefined or disabled by other fields.
          status: fail
      status_code: 400

If I remove the action field I get nearly the same error, just for file-handle. If I remove that, I get this:

      response_body:
        response:
          err:
            code: 1023459337
            from: BACKEND
            msg: Backend Error
          status: fail
      status_code: 400

How is this supposed to work?
(This is on ACOS 4.1.4, if that’s important?)

How are you performing the HTTP Request? I successfully tested this with CURL, but I have not extended the testing to other tools.

I am using ansible with the official ansible collection from a10 https://galaxy.ansible.com/a10/acos_axapi.
A kind engineer from A10 helped us analyze this in more detail and we finally we found, that the respective module needs file and file_handle being the same.
This looks like this then:

    - name: "Configure SSL Certificate"
      a10.acos_axapi.a10_file_ssl_cert:
        state: present
        action: import
        certificate_type: pem
        file:        "test-cert-2023"
        file_handle: "test-cert-2023"
        file_path: "/tmp/netlb-certs/sometest.pem"

file_handle usually should be the name of the uploaded (source) file. But the ansible module sets the source file name in the POST to be the value of the file attribute here.

Did you managed to upload the cert file using CURL? can you share the command you used?

Can you try these CURL commands?

SSL Cert Push
curl -vvv -k -H "Authorization: A10 ./APIauthv3.sh 10.22.10.54" -F "json=@filessl.json;type=application/json" -F "file=@local_cert.pem;type=application/octet-stream" https://10.22.10.54/axapi/v3/file/ssl-cert

SSL Key Push
curl -vvv -k -H "Authorization: A10 ./APIauthv3.sh 10.22.10.54" -F "json=@filessl_key.json;type=application/json" -F "file=@local_key.pem;type=application/octet-stream" https://10.22.10.54/axapi/v3/file/ssl-key

The APIauth script is posted above in the answers section as well.

Thanks for the fast reply, but the axapi-file.zip file is not reachable… so I can’t tell what is:

filessl_key.json

No issue for APIauthv3.sh script, as this just get a TOKEN from A10, which I know how to get it.

@filessl.json contains something like this:

{ “ssl-cert”: { “certificate-type”: “pem”, “file”: “cert1”, “file-handle”: “lab1.pem”, “action”: “import” }}

Or you can just add the JSON directly as long as the quotes are properly escaped.

@filessl_key.json contains something like this:

{ “ssl-key”: { “file”: “cert1-key”, “file-handle”: “lab1-key.pem”, “action”: “import” }}

‘file’ will be the name on the Thunder node, ‘file-handle’ is the name of the local file defined in the second part of the call.

Thanks it is working now.

Just one note, file-handle value on json file should be the file name only without the full path.

Thanks for your help!

Yes, thank you for clarifying These are multi-part HTTP calls: first part is the JSON struct, and the second part is the actual file contents.