Forum Discussion

Sean_Powell's avatar
Sean_Powell
Icon for Nimbostratus rankNimbostratus
Apr 08, 2016

How to Create a CSR in Powershell/iControl using an Existing Key

Hello,

I am trying to automate CSR creation on the BigIP with iControl/Powershell. I can easily create new CSRs using new keys, but I can't figure out how to generate a CSR using an existing key. We need to do this so that we can update our SAN certs without invalidating the existing Certificate/key pair while we process the request with our provider.

I use this to create a new key for a brand new CSR/Certificate request ... 

  $CSRKey = New-Object -TypeName iControl.ManagementKeyCertificateKey_v2;
  $CSRKey.id = 'www.sitename.com';
  $CSRKey.key_type = 'KTYPE_RSA_PUBLIC';
  $CSRKey.bit_length = 2048;
  $CSRKey.security = 'STYPE_NORMAL';

... but I can't find any functions in the iControl Reference Wiki to grab an existing key to use for the CSR.

Can anyone point me in the right direction?

Thanks!, Sean

certificate
csr
devops
iControl
LTM
ssl

1 Reply

Sort By
  • Sean_Powell's avatar
    Sean_Powell
    Icon for Nimbostratus rankNimbostratus
    Apr 14, 2016

    So I answered my own question by re-reading the description of the function more clearly ...

     

    From: https://devcentral.f5.com/wiki/iControl.Management__KeyCertificate__certificate_request_generate.ashx

     

    “Generates the specified certificate signing requests. This assumes that each of the associated keys, having the same identification as each certificate request, has already been created.”

     

    So it turns out you don't need to create a new key at all, as you don't specifically need to reference it when creating the CSR, you just need to create the CSR with the same name as an existing key.