Hi rashid,
i managed to make things work by using the following REST API entry:
do a GET on the following:
https://{{BIGIP}}/mgmt/tm/sys/crypto/ca-bundle-manager/~Common~MyCABundle
where of course you replace the {BIGIP} with your BBIG-IP IP address and add the relevant AUTH headers and so on (but you know that, based on what you sent in your question).
this assumes that you have created your own ca-bundle (not the default one i mean).
it should provide a list like this one :
{
"kind": "tm:sys:crypto:ca-bundle-manager:ca-bundle-managerstate",
"name": "MyCABundle",
"partition": "Common",
"fullPath": "/Common/MyCABundle",
"generation": 43,
"selfLink": "https://localhost/mgmt/tm/sys/crypto/ca-bundle-manager/~Common~MyCABundle?ver=14.1.0.3",
"proxyPort": 3128,
"timeOut": 8,
"trustedCaBundle": "/Common/ca-bundle.crt",
"trustedCaBundleReference": {
"link": "https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~ca-bundle.crt?ver=14.1.0.3"
},
"updateInterval": 0,
"includeBundle": [
"/Common/default.crt",
"/Common/f5-ca-bundle.crt",
"/Common/f5-irule.crt"
],
"includeBundleReference": [
{
"link": "https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~default.crt?ver=14.1.0.3"
},
{
"link": "https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~f5-ca-bundle.crt?ver=14.1.0.3"
},
{
"link": "https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~f5-irule.crt?ver=14.1.0.3"
}
]
}
and then you take what is needed to be removed (for example here, i will remove f5-irule.crt from this list)
and craft a PATCH REST call to your BIG-IP:
PATCH https://{{BIGIP}}/mgmt/tm/sys/crypto/ca-bundle-manager/~Common~MyCABundle
{
"includeBundle": [
"/Common/default.crt",
"/Common/f5-ca-bundle.crt"
]
}
Result should look like this:
{
"kind": "tm:sys:crypto:ca-bundle-manager:ca-bundle-managerstate",
"name": "MyCABundle",
"partition": "Common",
"fullPath": "/Common/MyCABundle",
"generation": 44,
"selfLink": "https://localhost/mgmt/tm/sys/crypto/ca-bundle-manager/~Common~MyCABundle?ver=14.1.0.3",
"proxyPort": 3128,
"timeOut": 8,
"trustedCaBundle": "/Common/ca-bundle.crt",
"trustedCaBundleReference": {
"link": "https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~ca-bundle.crt?ver=14.1.0.3"
},
"updateInterval": 0,
"includeBundle": [
"/Common/default.crt",
"/Common/f5-ca-bundle.crt"
],
"includeBundleReference": [
{
"link": "https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~default.crt?ver=14.1.0.3"
},
{
"link": "https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~f5-ca-bundle.crt?ver=14.1.0.3"
}
]
}
HTH