terraform-provider-bigip
terraform-provider-bigip copied to clipboard
Published
20 hours ago •
F5Networks
F5Networks
Cannot assign non-RSA (ECC) certificate and key to client ssl profile
Environment
- TMOS/Bigip Version: BIG-IP 16.1.2.2 Build 0.0.28 Point Release 2
- Terraform Version: 1.5.1
- Terraform bigip provider Version: 1.18.0
Summary
I'm trying to use terraform to create client-ssl profiles like this:
variable "tls_domains_dev" {
type = list(string)
default = ["example.com", "example.org"]
}
resource "bigip_ltm_profile_client_ssl" "client_ssl_dev" {
for_each = toset(var.tls_domains_dev)
name = "/Common/${each.key}"
defaults_from = "/Common/company-default"
key = "/Common/auto_le_${each.key}.key"
cert = "/Common/auto_le_${each.key}.crt"
}
When I use RSA certificates/keys, everything works fine. However, when I attempt the same with ECC certificates, it fails with the following error message:
Error: HTTP 400 :: {"code":400,"message":"01b40029:3: Client SSL profile (/Common/example.org): /Common/example.org.key is not RSA key. To add non-RSA cert/key, please use [cert-key-chain add].","errorStack":[],"apiError":3}
│
│ with bigip_ltm_profile_client_ssl.client_ssl_dev["example.org"],
│ on dev.tf line 47, in resource "bigip_ltm_profile_client_ssl" "client_ssl_dev":
│ 47: resource "bigip_ltm_profile_client_ssl" "client_ssl_dev" {
It works using the WebUI, but fails with the terraform provider.
Expected Behavior
RSA Keys and ECC keys behave the same. From a user perspective, there should be no difference in using this provider.
Actual Behavior
Terraform fails to apply the changes with the error above.
Hi,
Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1254.
