For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Martin_Kaiser_1's avatar
Martin_Kaiser_1
Icon for Nimbostratus rankNimbostratus
Jul 19, 2013

Bulk import SSL keys and certs from cisco ACE

Hi all,

 

I have to migrate lots of virtual servers from a Cisco ACE to an F5 BigIP V11.2.1.

 

On the ACE, there are several hundred pairs of SSL Certs and keys that I want to bulk import into specific partitions of the Big IP.

 

I managed to extract all the certs and keys from an backup tarball of the ACE and have them stored in an temporary directory on the Big IP.

 

Now, I want to bulk import them using "tmsh install /sys crypto" commands. The problem here is, I want to have them installed in different partitions. Hence, I cannot create a small shell script reading

 

tmsh install /sys crypto key key1.key

 

tmsh install /sys crypto cert crt1.crt

 

tmsh create /ltm profile clientssl foo bar

 

because that would put all the config items into the /Common partition.

 

I also cannot create a merge file for use within the tmsh shell (after changing the partition), because "install /sys config merge" will not accept "install" commands.

 

Anyone experiencing the same problems? Any hint is appreciated! many thanks in advance!

 

Martin

 

app sec
BIG-IP Access Policy Manager (APM)
security

1 Reply

  • Martin_Kaiser_1's avatar
    Martin_Kaiser_1
    Icon for Nimbostratus rankNimbostratus
    Jul 19, 2013
    I obviously tend to think too compilcated....

     

    tmsh install crypto key /partition/keyname keyfile.key solved the "problem"....