Forum Discussion
dacrud_18985
Nimbostratus
Nimbostratusadd ssl cert through command line
Hi all,
Is there anyway to import an ssl cert, and then add it to a VIP through the command line? The interface seems to take a while.
Thanks!
hoolio
Cirrostratus
CirrostratusHi there,
You can copy the cert/key to the filesystem using SCP. The cert directory is /config/ssl/ssl.crt/ and the key directory is /config/ssl/ssl.key/. You could then define a clientSSL profile which references the crt and key using bigpipe. You might want to create one profile via the GUI with the custom options you want specified and then run 'b profile CLIENTSSL_PROFILE_NAME list' to view how it is set in the configuration. Here's an example of how to run the command via the CLI:
b profile clientssl httpsvip_clientssl {\
defaults from clientssl\
key "httpsvip.example.com.key"\
cert "httpsvip.example.com.crt"\
chain "ca-bundle.crt"\
ca file none\
ciphers "DEFAULT"\
options\
dont insert empty fragments\
no sslv2\
modssl methods disable\
cache size 20K\
cache timeout 3600\
renegotiate period indefinite\
renegotiate size indefinite\
renegotiate max record delay 10\
handshake timeout 60\
alert timeout 60\
unclean shutdown enable\
strict resume disable\
nonssl disable\
}
bigpipe makes the change to the config running in memory. To write the changes to the bigip.conf file, run 'b save'.
You might also want to look into why the GUI is slow. There was a recent post with some suggestions (Click here). Else, you could open a case with F5 Support and ask them to help investigate the issue.
Aaron
