f5-appsvcs-extension icon indicating copy to clipboard operation
f5-appsvcs-extension copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

Unable to import ssl certificate

Open cceaood opened this issue 3 years ago • 0 comments

Environment

  • Application Services Version: 3.38.0
  • BIG-IP Version: 15.115

We're in the middle of working out a plan for out migration from physical appliances to as3 managed vm's however I've just hit a snag with the certificate handling, after updating to 3.38.0 to get around a problem importing one particular cert bundle we're now experiencing issues with another bundle, the base64 data for the cert has been been checked to ensure it's not a error that's occurred during encoding but the cert bundle decodes without issue and is verified by openssl.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Submit the following declaration:
{
	"class": "ADC",
	"schemaVersion": "3.23.0",
	"id": "shared",
	"Common": {
		"class": "Tenant",
		"Shared": {
			"class": "Application",
			"quovadis.crt": {
				"class": "CA_Bundle",
				"bundle": {
					"base64": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGVERDQ0F6U2dBd0lCQWdJVVNKZ3Q0cWtzc3puaHlQa3pOWUoxMCtUNGdsVXdEUVlKS29aSWh2Y05BUUVMDQpCUUF3UlRFTE1Ba0dBMVVFQmhNQ1FrMHhHVEFYQmdOVkJBb1RFRkYxYjFaaFpHbHpJRXhwYldsMFpXUXhHekFaDQpCZ05WQkFNVEVsRjFiMVpoWkdseklGSnZiM1FnUTBFZ01qQWVGdzB4TXpBMk1ERXhNek0xTURWYUZ3MHlNekEyDQpNREV4TXpNMU1EVmFNRTB4Q3pBSkJnTlZCQVlUQWtKTk1Sa3dGd1lEVlFRS0V4QlJkVzlXWVdScGN5Qk1hVzFwDQpkR1ZrTVNNd0lRWURWUVFERXhwUmRXOVdZV1JwY3lCSGJHOWlZV3dnVTFOTUlFbERRU0JITWpDQ0FTSXdEUVlKDQpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPSGhoV21Vd0k5WCtqVCt3YmhvNUptUXFZaDZ6bGUzDQowT1MxVk1JWWZkRERHZWlwWTREM3Q5elNHYU5hc0dEWmRyUWRNbFkxOFd5am5FS2hpNG9qTlpkQmV3VnBoQ2lPDQp6aDVOaTJBazhiU0kvc0JROXNLUHJwZDArVUNxYnZhR3M2VHB4MTkwWlJUMFBkeStUcU9ZWkYvakJtekJqN1lmDQpYSm1XeGxmQ3k2MlVpUTZ0dnYrNEM2VzJPUHUxUjRIVUQ4b0o4UW83RWcwY0QrR0ZzQk0ydzhzb2ZmeWwrRGM2DQpwS3RBUm1PQ2xVQzdFcXlXUDBWOTk1M2xBMzRrdUpabFl4eGRnZ2hCVG45cldvYVF3L0xyNUZuMFhnZDdmWVMzDQovekdobVhZdlZzdUF4SW44R2srWWFlb0xaOEg5dFV2bkREM2xFSHp2SXNNUHhxdGQ3SWdjVmFNQ0F3RUFBYU9DDQpBU293Z2dFbU1CSUdBMVVkRXdFQi93UUlNQVlCQWY4Q0FRQXdFUVlEVlIwZ0JBb3dDREFHQmdSVkhTQUFNSElHDQpDQ3NHQVFVRkJ3RUJCR1l3WkRBcUJnZ3JCZ0VGQlFjd0FZWWVhSFIwY0RvdkwyOWpjM0F1Y1hWdmRtRmthWE5uDQpiRzlpWVd3dVkyOXRNRFlHQ0NzR0FRVUZCekFDaGlwb2RIUndPaTh2ZEhKMWMzUXVjWFZ2ZG1Ga2FYTm5iRzlpDQpZV3d1WTI5dEwzRjJjbU5oTWk1amNuUXdEZ1lEVlIwUEFRSC9CQVFEQWdFR01COEdBMVVkSXdRWU1CYUFGQnFFDQpZcnhJVERNbEJOVHUwUFlEeEJsRzBaUnJNRGtHQTFVZEh3UXlNREF3THFBc29DcUdLR2gwZEhBNkx5OWpjbXd1DQpjWFZ2ZG1Ga2FYTm5iRzlpWVd3dVkyOXRMM0YyY21OaE1pNWpjbXd3SFFZRFZSME9CQllFRkpFWllxMWJGNmN3DQorL0RlT1NXeHZZeTV1RkVuTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElDQVFCOENtQ0NBRUcxTGN3NTVmVGJhODRBDQppcHdNaWVaeWRGTzViY0loNVV5WFdnV1o2T1A0amIvNkxhaWZFTUxqUkNDMG1VMTRHNlByUFUraVpRaUlhZTdYDQo1RWF2aG1FVEVBOEpiTElDamlENGM5WTYrYmdNdDRzekVQaVoyU0FMT1FqMTBCcjRIS1FmeS9PdmJlZFJiTGF4DQpwOXFsREc0cUpnU3QzdWlrRElKU2FyeDZtcGdFUVh1MDBVWk5raUVZVWZlTzhoWEdYclpidERua3VhaVZEdE02DQpzOXlZcGNveUZ4Rk9yT1JyRWdWaWFJN1AzRUphRFltSTZJRFVJUGFTQk02R3JWTWlhSU5ZRU1CTDF2MmpaaThyDQpYRFkweVZzWi8wREFJUWlDQk5OdlQxTmpRNVNuMUUrTytaQmlxREQrckJ2Qm9Qc0k2eWRmZEt0SnVyNVlMK09vDQprSksyZUxyY2U4Mjg3YXdJY2Q4Rk1SRGNady9OWDFiYzh1S3llNU9DdHdwUTBkNGpMNGVtdVh3RnY4VHFVYlpoDQoyeEpTaHl5NTdjcXczcVdvQk9zL1dXemEyOS9IdW44UFhrUW9aZXB3WS94Yys5bkkxTmFLTThOcWhTcUpOVEpsDQp2WGo3emIzbWRwYmUzWVI5QmtTWFByb2xON2w1S094NTRnSjdrSjdyNnFKWUp1eDAzSHlQTTExS3A0d2ZkbjFSDQpzQzJVUTVhd0M2ZmcvM1hFMkhaVmt5cUpqS3dxaDRuRmFpSzVFTVY3REhRNG9KeDlja21EdzZwQnZEYW9Qb2tYDQp5emRmSjcybisxSmZIR1Ard29ya2NpS05sZGdxWVg2SjRqUHJDSUVJQnJ0RHRhNFF4UDEwVHlkOVJGdTEzWG1FDQo4U1lpL1ZYdnJmM25yaVFmQVovblNBPT0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQ0KTUlJRnR6Q0NBNStnQXdJQkFnSUNCUWt3RFFZSktvWklodmNOQVFFRkJRQXdSVEVMTUFrR0ExVUVCaE1DUWsweA0KR1RBWEJnTlZCQW9URUZGMWIxWmhaR2x6SUV4cGJXbDBaV1F4R3pBWkJnTlZCQU1URWxGMWIxWmhaR2x6SUZKdg0KYjNRZ1EwRWdNakFlRncwd05qRXhNalF4T0RJM01EQmFGdzB6TVRFeE1qUXhPREl6TXpOYU1FVXhDekFKQmdOVg0KQkFZVEFrSk5NUmt3RndZRFZRUUtFeEJSZFc5V1lXUnBjeUJNYVcxcGRHVmtNUnN3R1FZRFZRUURFeEpSZFc5Vw0KWVdScGN5QlNiMjkwSUVOQklESXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFDYQ0KR01wTGxBMEFMYThES1lyd0Q0SElya3daaFIwSW42c3BSSVh6TDRHdE1oNlFScitqaGlZYUh2NStIQmc2WEp4Zw0KRnlvNmRJTXpNSDFoVkJITDdhdmc1dEtpZnZWcmJ4aTNDZ3N0L2VrKzd3ckdzeERwM01KR0YvaGQvYVRhLzU1Sg0KV3B6bU0rWWtsdmMvdWxzckhIbzF3dFpuL3F0bVVJdHRLR0FyNzlkZ3c4ZVR2STAya2ZOLytOc1JFOFNjZDNiQg0KcnJjQ2FvRjZxVVdENGdYbXVWYkJsRGVQU0hGakl1d1haUWVWaWt2Zmo4WmFDdVd3NDE5ZWF4R3JEUG1GNjBUcA0KK0FSejh1bitYSmlNOVhPdmE3Uit6ZFJjQWl0TU9lR3lsWlV0UW9mWDFiT1FRN2RzRS9IZTNmYkUrSWsvMFhYMQ0Ka3NPUjFZcUkwSkRzM0czZWljSmxjWmFMRFFQOW5MOWJGcXlTMityK2VYeXQ2Ni8zRnN2YnpTVXI1Ui83bXAvaQ0KVWN3NlV3eEk1ZzY5eWJSMkJsTG1FUk9GY21NREJPQUVOaXNnR1FMb2RLY2Z0c2xXWnZCMUpkeG53UTVoWUlpeg0KUHRHby9LUGFIYkRSc1NOVTMwUjJiZTFCMk1HeUlyWlRITjgxSGR5aGR5b3g1QzMxNWVYYnlPRC81WURYQzJPZw0KL3pPaEQ3b3NGUlhxbDdQU29yVys4b3lXSGhxUEhXeWtZVGU1aG5NejE1ZVduaU45Z3FSTWdlS2gwYnBuWDVVSA0Kb3ljUjdoWVFlN3hGU2t5eUJOS3I3OVg5REZIT1VHb0lNZm1SMmd5UFpGd0R3enFMSUQ5dWpXYzlPdGIrZlZ1SQ0KeVY3N3pHSGNpek4zMDBReU5RbGlCSklXRU5pZUowZjdPeUhqK09zZFd3SURBUUFCbzRHd01JR3RNQThHQTFVZA0KRXdFQi93UUZNQU1CQWY4d0N3WURWUjBQQkFRREFnRUdNQjBHQTFVZERnUVdCQlFhaEdLOFNFd3pKUVRVN3REMg0KQThRWlJ0R1VhekJ1QmdOVkhTTUVaekJsZ0JRYWhHSzhTRXd6SlFUVTd0RDJBOFFaUnRHVWE2RkpwRWN3UlRFTA0KTUFrR0ExVUVCaE1DUWsweEdUQVhCZ05WQkFvVEVGRjFiMVpoWkdseklFeHBiV2wwWldReEd6QVpCZ05WQkFNVA0KRWxGMWIxWmhaR2x6SUZKdmIzUWdRMEVnTW9JQ0JRa3dEUVlKS29aSWh2Y05BUUVGQlFBRGdnSUJBRDRLRmsyZg0KQmx1b3JuRmRMd1V2WitZVFJZUEVOdmJ6d0NZTURiVkhaRjM0dEhMSlJxVURHQ2RWaVhoOWR1cVdOSUFYSU56bg0KZy9pTi9BZTQybDlOTG1leWhQM1pSUHgzVUlIbWZMVEpEUXR5VS9oMkJ3ZEJSNVlNKytDQ0pwTlZqUDRpSDJCbA0KZkYvbkpyUDNNcENZVU5RM2NWWDJraUY0OTVWNSt2Z3RKb2RtVmpCM3BqZDRNMUlRV0s0L1lZN3lhckh2R0g1Sw0KV1dQS2phSlcxYWN2dkZZZnp6bkI0dnNLcUJVc2ZVMTZZOFpzbDBRODBtL0RTaGNLK0pEU1Y2SVpVYVV0bDBIYQ0KQjArcFVOcVFqWlJHNFQ3d2xQMFFBRGoxTytoQTRiUnVWaG9nekc5WWplMHVSWS9XNlpNLzU3RXMzenJXSW96Yw0KaExzaWI5RDQ1TVk1NlFTSVBNTzY2MVY2YllDWkpQVnNBZnY0bDdDVVcrdjkwbS94ZDJnTk5XUWpyTGhWb1FQUg0KVFVJWjNQaDFXVmFqK2FoSmVmaXZEcmtSb0h5M2F1MDAwTFltWWpnYWh3ejQ2UDB1MDVCL0I1RXFIZForWElXRA0KbWJBNENEL3BYdmsxQitUSlltNVhmNmRRbGZlNnlKdm1qcUlCeGRabXYzbGg4endjNGJtQ1hGMmd3K25ZU0wwWg0Kb2hFVUdXNnloaHRvUGtnM0dvaTNYWlplbk1mdkoySUk0cEVaWE5MeElkMjZGMEtDbDNHQlV6R3BuL1o5WXI5eQ0KNGFPVEhjeUtKbG9KT05ETzF3MkFGclI0cFRxSFRJMktwZFZHbC9Jc0VMbThWQ0xBQVZCcFE1NzBzdTl0K096YQ0KOGVPeDc5K1JqMVFxQ3lYQkpobkVVaEFGWmRXQ0VPckNNYzB1DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo="
				}
			},
			"template": "shared"
		}
	}
}
  1. Observe the following error response:
        {
            "code": 422,
            "message": "declaration failed",
            "response": "01070712:3: unable to validate certificate, invalid x509 file (/Common/Shared/quovadis.crt).",
            "host": "localhost",
            "tenant": "Common",
            "runTime": 2235
        },

Expected Behavior

Addition of the cert to common

Actual Behavior

Cert fails validation but checking the data shows no issue with the base64 encoded version (as mentioned this has been verified by decoding the data and using openssl to verify)

cceaood avatar Jul 27 '22 13:07 cceaood