Forum Discussion

dfosborne2_2224's avatar
dfosborne2_2224
Icon for Nimbostratus rankNimbostratus
Apr 20, 2014

Upload SSL keys/certs via iControl REST API?

Is there a PUT method (but I'll take a POST!) to upload SSL keys/certs into BigIP LTM 11.5? Im moving from ancient 9.4 code and would love to be able to pull down my keys and certs and upload them via REST to 11.5. I was going to just scp them up to the filestorage location within 11.5 and update bigip.conf but it appears that something internally appends a generated number when importing keys/certs via the UI provide copy/paste.

 

application delivery
devops
iControl
LTM

6 Replies

Sort By
  • dfosborne2_2224's avatar
    dfosborne2_2224
    Icon for Nimbostratus rankNimbostratus
    Apr 20, 2014
    Ok, well I found a doc where, via, tmsh I created the key/cert (scp'd them into /config/ssl/ssl.{key,crt} ) and then also created the client-ssl profile for that cert. Pretty sure I can translate those commands into something via REST.
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Apr 21, 2014

    1. Upload the certs and keys to the BIG-IP - some temporary directory will do.

    2. REST call to create certificate and key:

      curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/mgmt/tm/sys/crypto/cert -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}'

curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/mgmt/tm/sys/crypto/key -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.key"}'

    3. Create the client SSL profile:

      curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/mgmt/tm/ltm/profile/client-ssl -d '{"name":"test","cert":"test.crt","key":"test.key"}'
  • kchristidis_249's avatar
    kchristidis_249
    Icon for Nimbostratus rankNimbostratus
    Mar 09, 2016

    Hi all, is there a way to download/export the actual Key / Certificate files from BIG-IP, using the iControl REST?

     

  • tlian_321947's avatar
    tlian_321947
    Icon for Nimbostratus rankNimbostratus
    Jun 22, 2017

    With from-url pointing the file location, How to pass credential (username and password) as the URL location is a protected resource and required authentication?

     

  • Phanish_342711's avatar
    Phanish_342711
    Icon for Nimbostratus rankNimbostratus
    Dec 01, 2017

    Hi all,is anyone aware of loading certs on appliances like IBM DataPower from Venafi over REST??Could you please let me know of the way to do it