Modify SSL profiles via REST API
Hi wiz's
I have been spending some time on automating certificate maintenance.
This has brought my attention to this documentation: https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_ltm_profile_client-ssl.html
In the table descriping "cert", "chain" and "key" it states in the notes that they are depricated and I should use certKeyChain option instead.
However no matter what I construct of calls which makes changes to an already existing clientssl profile (PATCH and PUT) I'm told:
{"code":403,"message":"Operation is not supported on component /ltm/profile/client-ssl.","errorStack":[],"apiError":1}
Example code:
curl -sk -H "X-F5-Auth-Token: $TOKEN" -X PATCH https://$f5/mgmt/tm/ltm/profile/client-ssl/ --header 'Content-Type: application/json' --data-raw '{
"name":"sletmig",
"certKeyChain":[{"name":"default","cert":"hest.dk_2023","key":"hest.dk_2023","chain":"My_CA"}]
}'
{"code":403,"message":"Operation is not supported on component /ltm/profile/client-ssl.","errorStack":[],"apiError":1}
I can make the change via this syntax:
curl -sk -H "X-F5-Auth-Token: $TOKEN" -X PATCH https://$f5/mgmt/tm/ltm/profile/client-ssl/~Common~sletmig -H "Content-Type: application/json" -d '{
"key":"/Common/hest.dk_2023",
"cert":"/Common/hest.dk_2023",
"chain":"/Common/My_CA"
}'|jq
Do I read the documentation wrong or am I missing something else?
JRahm any hints?
Hi lnxgeek that's correct, you can't PATCH a collection, just the resources within that collection. From that doc, the methods support are shown one the resource, not the collection:
Resource URI /mgmt/tm/ltm/profile/client-ssl/~resource id Resource Methods OPTIONS, GET, PUT, PATCH, DELETE, POST
Let me know if I'm misunderstanding the issue. Also, check your DM, I sent you something that might be of interest to you, but I'm equally interested in your test feedback if you have the time to check it out.