NimbostratusHi,
The documentation available seem to say that to actually add an SSL private key and certificate to BigIP using tmsh you need to generate them somewhere and manually copy them to /config/ssl/ssl.key/, only after that it is possible to 'add' them on tmsh.
Is it also the case with iControl(REST) ? if so that's quite a limitation ...
NimbostratusYes, need to upload some temp directory, may be using scp. Then use RestAPi to create the cert/key pair and then SSL profile.
NimbostratusWell apparently you can create a crypto key using "create /sys crypto key gen-csr" so it should be possible to do this with the iControl api
I'll look further in this direction, i would preferer not to mix scp and RestAPI ...
NimbostratusApparement quelques questions sans réponses existent sur le sujet:
https://devcentral.f5.com/questions/generate-a-csr-with-icontrol-rest https://devcentral.f5.com/questions/generate-csr-and-upload-new-cert-through-icontrolrest-api
NimbostratusWell, after asking F5 support it is a referenced bug ID489843: "A GET on some file object configurations (for example tm/sys/crypto/key) does not return all of the properties of the file object."
And the expected way to use it will be:
POST //mgmt/tm/sys/crypto/key HTTP/1.1
Host: 10.208.102.28
Authorization: Basic YWRtaW46YWRtaW4=
Content-Type: application/json
Cache-Control: no-cache
{ "name":"test001", "options":[{"get-csr":"test001"}], "common-name":"rest.test.com" }
NimbostratusNimbostratusNimbostratus