f5-appsvcs-extension icon indicating copy to clipboard operation
f5-appsvcs-extension copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

Import pkcs12 bundle - fails with 'Unable to fetch value. Unable to extract pkcs12 contents. Details: Failed decrypting cloud credentials'

Open ajgerace opened this issue 1 year ago • 0 comments

Environment

  • Application Services Version: 3.45.0
  • BIG-IP Version: 17.1.1.3

Summary

Attempting to pull pkcs12 bundle from a repo. The declaration fails with a status 500. Unable to fetch value. Unable to extract pkcs12 contents.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Submit the following declaration:
{
    "pkcs": {
        "class": "Tenant",
        "certs": {
            "class": "Application",
            "template": "shared",
            "pkcs-bundle": {
                "class": "Certificate",
                "passphrase": {
                    "ciphertext": "cGFzc3dvcmQ=",
                    "protected": "eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0",
                    "ignoreChanges": true  
                },
                "pkcs12": {
                    "url": "https://<url>/certificateStore/src/branch/master/<domain>-02dec24-password.p12"              

                }
            }
        }
    },
    "class": "ADC",
    "label": "Common/Shared Declaration",
    "schemaVersion": "3.45.0",
    "updateMode": "selective"
}
  1. Observe the following error response:
{
    "code": 500,
    "declarationFullId": "",
    "message": "Unable to fetch value. Unable to extract pkcs12 contents. Details: Failed decrypting cloud credentials: POST http://admin:XXXXXX@localhost:8100/mgmt/shared/service-discovery/encryption response=404 body={\"code\":404,\"message\":\"\",\"referer\":\"Unknown\",\"errorStack\":[]}"
}

Expected Behavior

I would expect the pkcs bundle to be imported.

Actual Behavior

receive an error ""Unable to fetch value. Unable to extract pkcs12 contents. Details: Failed decrypting cloud credentials"

output in restnoded.log: Fri, 27 Sep 2024 15:07:13 GMT - severe: [RestOperationDispatcher] 'shared/service-discovery/encryption' not found. Fri, 27 Sep 2024 15:07:13 GMT - severe: [ErrorHandlingModule] RestOperation failed: "/shared/service-discovery/encryption". {"code":404,"message":"","referer":"Unknown","originalRequestBod y":"{"action":"decrypt","data":"$M$ES$32alth0vrA4av0MtvS7h0Q=="}","errorStack":[]} Fri, 27 Sep 2024 15:07:13 GMT - severe: [appsvcs] {"message":"Unable to fetch value. Unable to extract pkcs12 contents. Details: Failed decrypting cloud credentials: POST http://admin:XXXX XX@localhost:8100/mgmt/shared/service-discovery/encryption response=404 body={"code":404,"message":"","referer":"Unknown","errorStack":[]}","level":"error"} Fri, 27 Sep 2024 15:07:13 GMT - warning: [appsvcs] {"message":"unable to digest declaration. Error: Unable to fetch value. Unable to extract pkcs12 contents. Details: Failed decrypting clo ud credentials: POST http://admin:XXXXXX@localhost:8100/mgmt/shared/service-discovery/encryption response=404 body={"code":404,"message":"","referer":"Unknown","errorStack":[]} ","level":"warning"}

ajgerace avatar Sep 27 '24 15:09 ajgerace