SRX

I had gotten the REST API working with HTTPS when I had a standalone server. When I set up an SRX cluster (1 pair), junos is giving me an error when attempting to commit:

# commit
error: rest-api: Failed to open private key file
error: commit failed: daemon file propagation failed

Steps to reproduce:

run request security pki generate-key-pair certificate-id srx_2dae09f3 type rsa size 2048
run request security pki local-certificate generate-self-signed certificate-id srx_2dae09f3 subject CN=srx domain-name srx

set system services rest https server-certificate srx_2dae09f3
set system services rest https addresses 10.60.0.1
set system services rest https port 8443

I can confirm that both of these files are present on both SRXs:

root@srx1% find /var/db/certs/ | grep 2dae09f3
/var/db/certs/common/key-pair/srx_2dae09f3.privenc
/var/db/certs/common/local/srx_2dae09f3.cert

I had gotten the REST API working with HTTPS when I had a standalone server. When I set up an SRX cluster (1 pair), junos is giving me an error when attempting to commit:

# commit
error: rest-api: Failed to open private key file
error: commit failed: daemon file propagation failed

Steps to reproduce:

run request security pki generate-key-pair certificate-id srx_2dae09f3 type rsa size 2048
run request security pki local-certificate generate-self-signed certificate-id srx_2dae09f3 subject CN=srx domain-name srx

set system services rest https server-certificate srx_2dae09f3
set system services rest https addresses 10.60.0.1
set system services rest https port 8443

I can confirm that both of these files are present on both SRXs:

root@srx1% find /var/db/certs/ | grep 2dae09f3
/var/db/certs/common/key-pair/srx_2dae09f3.privenc
/var/db/certs/common/local/srx_2dae09f3.cert

I've seen this happen when creating the certificates as a non-root user, even though the user account had super-user class access.  Not sure if that is the case for you.  But something I've seen in the past.  Logging in as root and creating the certificates worked just fine for me after that.

Regards,

I had gotten the REST API working with HTTPS when I had a standalone server. When I set up an SRX cluster (1 pair), junos is giving me an error when attempting to commit:

# commit
error: rest-api: Failed to open private key file
error: commit failed: daemon file propagation failed

Steps to reproduce:

run request security pki generate-key-pair certificate-id srx_2dae09f3 type rsa size 2048
run request security pki local-certificate generate-self-signed certificate-id srx_2dae09f3 subject CN=srx domain-name srx

set system services rest https server-certificate srx_2dae09f3
set system services rest https addresses 10.60.0.1
set system services rest https port 8443

I can confirm that both of these files are present on both SRXs:

root@srx1% find /var/db/certs/ | grep 2dae09f3
/var/db/certs/common/key-pair/srx_2dae09f3.privenc
/var/db/certs/common/local/srx_2dae09f3.cert

Both files are present on both nodes, owned by root:wheel and I repeated the process after SSHing as the root user. No luck so far.

I've seen this happen when creating the certificates as a non-root user, even though the user account had super-user class access.  Not sure if that is the case for you.  But something I've seen in the past.  Logging in as root and creating the certificates worked just fine for me after that.

Regards,

I had gotten the REST API working with HTTPS when I had a standalone server. When I set up an SRX cluster (1 pair), junos is giving me an error when attempting to commit:

# commit
error: rest-api: Failed to open private key file
error: commit failed: daemon file propagation failed

Steps to reproduce:

run request security pki generate-key-pair certificate-id srx_2dae09f3 type rsa size 2048
run request security pki local-certificate generate-self-signed certificate-id srx_2dae09f3 subject CN=srx domain-name srx

set system services rest https server-certificate srx_2dae09f3
set system services rest https addresses 10.60.0.1
set system services rest https port 8443

I can confirm that both of these files are present on both SRXs:

root@srx1% find /var/db/certs/ | grep 2dae09f3
/var/db/certs/common/key-pair/srx_2dae09f3.privenc
/var/db/certs/common/local/srx_2dae09f3.cert