f5-appsvcs-extension: Unable to import ssl certificate

Environment

  • Application Services Version: 3.38.0
  • BIG-IP Version: 15.115

We’re in the middle of working out a plan for out migration from physical appliances to as3 managed vm’s however I’ve just hit a snag with the certificate handling, after updating to 3.38.0 to get around a problem importing one particular cert bundle we’re now experiencing issues with another bundle, the base64 data for the cert has been been checked to ensure it’s not a error that’s occurred during encoding but the cert bundle decodes without issue and is verified by openssl.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Submit the following declaration:
{
	"class": "ADC",
	"schemaVersion": "3.23.0",
	"id": "shared",
	"Common": {
		"class": "Tenant",
		"Shared": {
			"class": "Application",
			"quovadis.crt": {
				"class": "CA_Bundle",
				"bundle": {
					"base64": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGVERDQ0F6U2dBd0lCQWdJVVNKZ3Q0cWtzc3puaHlQa3pOWUoxMCtUNGdsVXdEUVlKS29aSWh2Y05BUUVMDQpCUUF3UlRFTE1Ba0dBMVVFQmhNQ1FrMHhHVEFYQmdOVkJBb1RFRkYxYjFaaFpHbHpJRXhwYldsMFpXUXhHekFaDQpCZ05WQkFNVEVsRjFiMVpoWkdseklGSnZiM1FnUTBFZ01qQWVGdzB4TXpBMk1ERXhNek0xTURWYUZ3MHlNekEyDQpNREV4TXpNMU1EVmFNRTB4Q3pBSkJnTlZCQVlUQWtKTk1Sa3dGd1lEVlFRS0V4QlJkVzlXWVdScGN5Qk1hVzFwDQpkR1ZrTVNNd0lRWURWUVFERXhwUmRXOVdZV1JwY3lCSGJHOWlZV3dnVTFOTUlFbERRU0JITWpDQ0FTSXdEUVlKDQpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPSGhoV21Vd0k5WCtqVCt3YmhvNUptUXFZaDZ6bGUzDQowT1MxVk1JWWZkRERHZWlwWTREM3Q5elNHYU5hc0dEWmRyUWRNbFkxOFd5am5FS2hpNG9qTlpkQmV3VnBoQ2lPDQp6aDVOaTJBazhiU0kvc0JROXNLUHJwZDArVUNxYnZhR3M2VHB4MTkwWlJUMFBkeStUcU9ZWkYvakJtekJqN1lmDQpYSm1XeGxmQ3k2MlVpUTZ0dnYrNEM2VzJPUHUxUjRIVUQ4b0o4UW83RWcwY0QrR0ZzQk0ydzhzb2ZmeWwrRGM2DQpwS3RBUm1PQ2xVQzdFcXlXUDBWOTk1M2xBMzRrdUpabFl4eGRnZ2hCVG45cldvYVF3L0xyNUZuMFhnZDdmWVMzDQovekdobVhZdlZzdUF4SW44R2srWWFlb0xaOEg5dFV2bkREM2xFSHp2SXNNUHhxdGQ3SWdjVmFNQ0F3RUFBYU9DDQpBU293Z2dFbU1CSUdBMVVkRXdFQi93UUlNQVlCQWY4Q0FRQXdFUVlEVlIwZ0JBb3dDREFHQmdSVkhTQUFNSElHDQpDQ3NHQVFVRkJ3RUJCR1l3WkRBcUJnZ3JCZ0VGQlFjd0FZWWVhSFIwY0RvdkwyOWpjM0F1Y1hWdmRtRmthWE5uDQpiRzlpWVd3dVkyOXRNRFlHQ0NzR0FRVUZCekFDaGlwb2RIUndPaTh2ZEhKMWMzUXVjWFZ2ZG1Ga2FYTm5iRzlpDQpZV3d1WTI5dEwzRjJjbU5oTWk1amNuUXdEZ1lEVlIwUEFRSC9CQVFEQWdFR01COEdBMVVkSXdRWU1CYUFGQnFFDQpZcnhJVERNbEJOVHUwUFlEeEJsRzBaUnJNRGtHQTFVZEh3UXlNREF3THFBc29DcUdLR2gwZEhBNkx5OWpjbXd1DQpjWFZ2ZG1Ga2FYTm5iRzlpWVd3dVkyOXRMM0YyY21OaE1pNWpjbXd3SFFZRFZSME9CQllFRkpFWllxMWJGNmN3DQorL0RlT1NXeHZZeTV1RkVuTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElDQVFCOENtQ0NBRUcxTGN3NTVmVGJhODRBDQppcHdNaWVaeWRGTzViY0loNVV5WFdnV1o2T1A0amIvNkxhaWZFTUxqUkNDMG1VMTRHNlByUFUraVpRaUlhZTdYDQo1RWF2aG1FVEVBOEpiTElDamlENGM5WTYrYmdNdDRzekVQaVoyU0FMT1FqMTBCcjRIS1FmeS9PdmJlZFJiTGF4DQpwOXFsREc0cUpnU3QzdWlrRElKU2FyeDZtcGdFUVh1MDBVWk5raUVZVWZlTzhoWEdYclpidERua3VhaVZEdE02DQpzOXlZcGNveUZ4Rk9yT1JyRWdWaWFJN1AzRUphRFltSTZJRFVJUGFTQk02R3JWTWlhSU5ZRU1CTDF2MmpaaThyDQpYRFkweVZzWi8wREFJUWlDQk5OdlQxTmpRNVNuMUUrTytaQmlxREQrckJ2Qm9Qc0k2eWRmZEt0SnVyNVlMK09vDQprSksyZUxyY2U4Mjg3YXdJY2Q4Rk1SRGNady9OWDFiYzh1S3llNU9DdHdwUTBkNGpMNGVtdVh3RnY4VHFVYlpoDQoyeEpTaHl5NTdjcXczcVdvQk9zL1dXemEyOS9IdW44UFhrUW9aZXB3WS94Yys5bkkxTmFLTThOcWhTcUpOVEpsDQp2WGo3emIzbWRwYmUzWVI5QmtTWFByb2xON2w1S094NTRnSjdrSjdyNnFKWUp1eDAzSHlQTTExS3A0d2ZkbjFSDQpzQzJVUTVhd0M2ZmcvM1hFMkhaVmt5cUpqS3dxaDRuRmFpSzVFTVY3REhRNG9KeDlja21EdzZwQnZEYW9Qb2tYDQp5emRmSjcybisxSmZIR1Ard29ya2NpS05sZGdxWVg2SjRqUHJDSUVJQnJ0RHRhNFF4UDEwVHlkOVJGdTEzWG1FDQo4U1lpL1ZYdnJmM25yaVFmQVovblNBPT0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQ0KTUlJRnR6Q0NBNStnQXdJQkFnSUNCUWt3RFFZSktvWklodmNOQVFFRkJRQXdSVEVMTUFrR0ExVUVCaE1DUWsweA0KR1RBWEJnTlZCQW9URUZGMWIxWmhaR2x6SUV4cGJXbDBaV1F4R3pBWkJnTlZCQU1URWxGMWIxWmhaR2x6SUZKdg0KYjNRZ1EwRWdNakFlRncwd05qRXhNalF4T0RJM01EQmFGdzB6TVRFeE1qUXhPREl6TXpOYU1FVXhDekFKQmdOVg0KQkFZVEFrSk5NUmt3RndZRFZRUUtFeEJSZFc5V1lXUnBjeUJNYVcxcGRHVmtNUnN3R1FZRFZRUURFeEpSZFc5Vw0KWVdScGN5QlNiMjkwSUVOQklESXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFDYQ0KR01wTGxBMEFMYThES1lyd0Q0SElya3daaFIwSW42c3BSSVh6TDRHdE1oNlFScitqaGlZYUh2NStIQmc2WEp4Zw0KRnlvNmRJTXpNSDFoVkJITDdhdmc1dEtpZnZWcmJ4aTNDZ3N0L2VrKzd3ckdzeERwM01KR0YvaGQvYVRhLzU1Sg0KV3B6bU0rWWtsdmMvdWxzckhIbzF3dFpuL3F0bVVJdHRLR0FyNzlkZ3c4ZVR2STAya2ZOLytOc1JFOFNjZDNiQg0KcnJjQ2FvRjZxVVdENGdYbXVWYkJsRGVQU0hGakl1d1haUWVWaWt2Zmo4WmFDdVd3NDE5ZWF4R3JEUG1GNjBUcA0KK0FSejh1bitYSmlNOVhPdmE3Uit6ZFJjQWl0TU9lR3lsWlV0UW9mWDFiT1FRN2RzRS9IZTNmYkUrSWsvMFhYMQ0Ka3NPUjFZcUkwSkRzM0czZWljSmxjWmFMRFFQOW5MOWJGcXlTMityK2VYeXQ2Ni8zRnN2YnpTVXI1Ui83bXAvaQ0KVWN3NlV3eEk1ZzY5eWJSMkJsTG1FUk9GY21NREJPQUVOaXNnR1FMb2RLY2Z0c2xXWnZCMUpkeG53UTVoWUlpeg0KUHRHby9LUGFIYkRSc1NOVTMwUjJiZTFCMk1HeUlyWlRITjgxSGR5aGR5b3g1QzMxNWVYYnlPRC81WURYQzJPZw0KL3pPaEQ3b3NGUlhxbDdQU29yVys4b3lXSGhxUEhXeWtZVGU1aG5NejE1ZVduaU45Z3FSTWdlS2gwYnBuWDVVSA0Kb3ljUjdoWVFlN3hGU2t5eUJOS3I3OVg5REZIT1VHb0lNZm1SMmd5UFpGd0R3enFMSUQ5dWpXYzlPdGIrZlZ1SQ0KeVY3N3pHSGNpek4zMDBReU5RbGlCSklXRU5pZUowZjdPeUhqK09zZFd3SURBUUFCbzRHd01JR3RNQThHQTFVZA0KRXdFQi93UUZNQU1CQWY4d0N3WURWUjBQQkFRREFnRUdNQjBHQTFVZERnUVdCQlFhaEdLOFNFd3pKUVRVN3REMg0KQThRWlJ0R1VhekJ1QmdOVkhTTUVaekJsZ0JRYWhHSzhTRXd6SlFUVTd0RDJBOFFaUnRHVWE2RkpwRWN3UlRFTA0KTUFrR0ExVUVCaE1DUWsweEdUQVhCZ05WQkFvVEVGRjFiMVpoWkdseklFeHBiV2wwWldReEd6QVpCZ05WQkFNVA0KRWxGMWIxWmhaR2x6SUZKdmIzUWdRMEVnTW9JQ0JRa3dEUVlKS29aSWh2Y05BUUVGQlFBRGdnSUJBRDRLRmsyZg0KQmx1b3JuRmRMd1V2WitZVFJZUEVOdmJ6d0NZTURiVkhaRjM0dEhMSlJxVURHQ2RWaVhoOWR1cVdOSUFYSU56bg0KZy9pTi9BZTQybDlOTG1leWhQM1pSUHgzVUlIbWZMVEpEUXR5VS9oMkJ3ZEJSNVlNKytDQ0pwTlZqUDRpSDJCbA0KZkYvbkpyUDNNcENZVU5RM2NWWDJraUY0OTVWNSt2Z3RKb2RtVmpCM3BqZDRNMUlRV0s0L1lZN3lhckh2R0g1Sw0KV1dQS2phSlcxYWN2dkZZZnp6bkI0dnNLcUJVc2ZVMTZZOFpzbDBRODBtL0RTaGNLK0pEU1Y2SVpVYVV0bDBIYQ0KQjArcFVOcVFqWlJHNFQ3d2xQMFFBRGoxTytoQTRiUnVWaG9nekc5WWplMHVSWS9XNlpNLzU3RXMzenJXSW96Yw0KaExzaWI5RDQ1TVk1NlFTSVBNTzY2MVY2YllDWkpQVnNBZnY0bDdDVVcrdjkwbS94ZDJnTk5XUWpyTGhWb1FQUg0KVFVJWjNQaDFXVmFqK2FoSmVmaXZEcmtSb0h5M2F1MDAwTFltWWpnYWh3ejQ2UDB1MDVCL0I1RXFIZForWElXRA0KbWJBNENEL3BYdmsxQitUSlltNVhmNmRRbGZlNnlKdm1qcUlCeGRabXYzbGg4endjNGJtQ1hGMmd3K25ZU0wwWg0Kb2hFVUdXNnloaHRvUGtnM0dvaTNYWlplbk1mdkoySUk0cEVaWE5MeElkMjZGMEtDbDNHQlV6R3BuL1o5WXI5eQ0KNGFPVEhjeUtKbG9KT05ETzF3MkFGclI0cFRxSFRJMktwZFZHbC9Jc0VMbThWQ0xBQVZCcFE1NzBzdTl0K096YQ0KOGVPeDc5K1JqMVFxQ3lYQkpobkVVaEFGWmRXQ0VPckNNYzB1DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo="
				}
			},
			"template": "shared"
		}
	}
}
  1. Observe the following error response:
        {
            "code": 422,
            "message": "declaration failed",
            "response": "01070712:3: unable to validate certificate, invalid x509 file (/Common/Shared/quovadis.crt).",
            "host": "localhost",
            "tenant": "Common",
            "runTime": 2235
        },

Expected Behavior

Addition of the cert to common

Actual Behavior

Cert fails validation but checking the data shows no issue with the base64 encoded version (as mentioned this has been verified by decoding the data and using openssl to verify)

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 18 (5 by maintainers)

Most upvoted comments

Thank you. I have added this issue to our internal product backlog as AUTOTOOL-3408

+2
sunitharonan on Aug 25, 2022

This has been resolved and it would be available in AS3 40.0

+1
sunitharonan on Sep 6, 2022
Read more comments on GitHub
← f5-appsvcs-extension: Pool members cannot be given object names other than their IP addresses
f5-common-python: Add list of supported TMOS versions in the Returned Exception →