Forum Discussion
AltostratusAdding metadata to certificates objects
Hello.
In order to make renewing easier, we'd like to add custom metadata to certificates objects, such as contact information (we have a lot of customer-provided certificates). However, it seems to be impossible via tmsh, ie:
# modify /sys crypto cert domain.tld metadata add { foo { value bar }}
Syntax Error: "foo" unknown property
# edit /sys crypto cert domain.tld
Authorization Error: user rousse with role admin doesn't have access to "cert"
Did anyone try something similar ?
6 Replies
- Kevin_Stewart
Employee
Can you elaborate on what you mean by "metadata" here?
The properties you can edit are these:sys crypto cert mycert.f5labs.com { cert-validation-options none cert-validators { { } } certificate-key-size 2048 city common-name mycert.f5labs.com country US email-address expiration Mar 28 20:31:18 2036 GMT fingerprint SHA256/EB:7B:72:9C:98:89:5B:A6:8F:58:B4:F2:81:34:D8:F8:E0:7E:13:21:08:C4:F0:05:D0:39:1D:F1:F1:B6:4C:77 issuer CN=ca.f5labs.com,OU=Subordinate Authority,O=f5labs.com,C=US issuer-certificate organization f5labs.com ou Web Server Certificate public-key-type RSA state subject-alternative-name DNS:test.f5labs.com, DNS:test1.f5labs.com, DNS:test2.f5labs.com, DNS:test3.f5labs.com, DNS:test4.f5labs.com }- Guillaume_Rouss
metadata are arbitrary key/value pairs that can be added to many objects, for instance virtual servers, such as:
metadata { contact { value equipe-myservice@domain.tld } service { value myservice } }This helps keeping data needed for integration duties at source.
- boneyard
MVP
yeah, as you say, many objects, so not all. documentation lists it as on virtual server, but not on crypto certificate.
https://clouddocs.f5.com/cli/tmsh-reference/v16/modules/ltm/ltm_virtual.html
https://clouddocs.f5.com/cli/tmsh-reference/v16/modules/sys/sys_crypto_cert.html
would certainly be a nice feature request.
- Kevin_Stewart
To my knowledge, additional metadata injection is not supported on these objects.
- Guillaume_Rouss
Thanks for your nice answers. Is there a dedicated way to raise feature requests, apart though our usual support contracts ? The only entry I found in documentation was related to something called "F5 Distributed Cloud Services", which seems quite unrelated.
- Kevin_Stewart
Yes, reach out to your local F5 representation and make the request that way. They'll submit your feedback into the correct product channels.
