Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot assign non-RSA (ECC) certificate and key to client ssl profile #839

Open
gliwka opened this issue Jul 25, 2023 · 3 comments
Open

Cannot assign non-RSA (ECC) certificate and key to client ssl profile #839

gliwka opened this issue Jul 25, 2023 · 3 comments
Labels
Backlog issue will be tracked by JIRA in backlog bug

Comments

@gliwka
Copy link

gliwka commented Jul 25, 2023
edited
Loading

Environment

  • TMOS/Bigip Version: BIG-IP 16.1.2.2 Build 0.0.28 Point Release 2
  • Terraform Version: 1.5.1
  • Terraform bigip provider Version: 1.18.0

Summary

I'm trying to use terraform to create client-ssl profiles like this:

variable "tls_domains_dev" {
  type    = list(string)
  default = ["example.com", "example.org"]
}

resource "bigip_ltm_profile_client_ssl" "client_ssl_dev" {
  for_each      = toset(var.tls_domains_dev)
  name          = "/Common/${each.key}"
  defaults_from = "/Common/company-default"
  key           = "/Common/auto_le_${each.key}.key"
  cert          = "/Common/auto_le_${each.key}.crt"
}

When I use RSA certificates/keys, everything works fine. However, when I attempt the same with ECC certificates, it fails with the following error message:

 Error: HTTP 400 :: {"code":400,"message":"01b40029:3: Client SSL profile (/Common/example.org): /Common/example.org.key is not RSA key. To add non-RSA cert/key, please use [cert-key-chain add].","errorStack":[],"apiError":3}
│ 
│   with bigip_ltm_profile_client_ssl.client_ssl_dev["example.org"],
│   on dev.tf line 47, in resource "bigip_ltm_profile_client_ssl" "client_ssl_dev":
│   47: resource "bigip_ltm_profile_client_ssl" "client_ssl_dev" {

It works using the WebUI, but fails with the terraform provider.

Expected Behavior

RSA Keys and ECC keys behave the same. From a user perspective, there should be no difference in using this provider.

Actual Behavior

Terraform fails to apply the changes with the error above.
@gliwka gliwka added the bug label Jul 25, 2023
@pgouband
Copy link
Collaborator

pgouband commented Aug 2, 2023

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1254.

@pgouband pgouband added the Backlog issue will be tracked by JIRA in backlog label Aug 2, 2023
@psjolin67
Copy link

Hi,
What is the status of this, when do you think this can be resolved?
We have also this problem. Switching from RSA and want to be able to use ECDSA keys. But receives

"Error: 01b40029:3: Client SSL profile ......is not RSA key. To add non-RSA cert/key, please use [cert-key-chain add]."

as @gliwka

/Peter

@pgouband
Copy link
Collaborator

pgouband commented Feb 3, 2025

Hi @psjolin67,

This issue is in our backlog and there is no ETA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Backlog issue will be tracked by JIRA in backlog bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gliwka @pgouband @psjolin67