For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ripkey_120880's avatar
Ripkey_120880
Icon for Nimbostratus rankNimbostratus
Jan 30, 2014

Bulk move SSL Certs

Hi, I'm currently doing an LTM migration from 2 3400's running 10.2.2 to a new pair running 11.4.1. I was wondering if there is a way to bulk export all the certs and then import them into the new L...
deployment
Kevin_K_51432's avatar
Kevin_K_51432
Historic F5 Account
Jan 30, 2014

Hi Jason, I'm not aware of any easy way to do this. If I had to perform a bulk upload myself, I'd use a combination of bash and tmsh.

  1. Create a /var/tmp/key directory and move all the keys there using SCP.
  2. Create a /var/tmp/crt directory and move all the certs there using SCP.
  3. Once all the certs and keys are in place you should be able to run these:
    for i in `ls -1 /var/tmp/key`; do tmsh install sys crypto key $i from-local-file /var/tmp/key/$i; done
    for i in `ls -1 /var/tmp/crt`; do tmsh install sys crypto cert $i from-local-file /var/tmp/crt/$i; done
    tmsh save sys config

I tried this with three cert / key pairs:

 tmsh list sys crypt key
sys crypto key siteone.key {
    key-size 2048
    key-type rsa-private
    security-type normal
}
sys crypto key sitethree.key {
    key-size 2048
    key-type rsa-private
    security-type normal
}
sys crypto key sitetwo.key {
    key-size 2048
    key-type rsa-private
    security-type normal
}

 tmsh list sys crypto cert
sys crypto cert siteone.crt {
    certificate-key-size 2048
    city Seattle
    common-name localhost.localdomain
    country US
    email-address root@localhost.localdomain
    expiration Dec 25 10:13:15 2023 GMT
    organization MyCompany
    ou IT
    state WA
    subject-alternative-name
}
sys crypto cert sitethree.crt {
    certificate-key-size 2048
    city Seattle
    common-name localhost.localdomain
    country US
    email-address root@localhost.localdomain
    expiration Dec 25 10:13:15 2023 GMT
    organization MyCompany
    ou IT
    state WA
    subject-alternative-name
}
sys crypto cert sitetwo.crt {
    certificate-key-size 2048
    city Seattle
    common-name localhost.localdomain
    country US
    email-address root@localhost.localdomain
    expiration Dec 25 10:13:15 2023 GMT
    organization MyCompany
    ou IT
    state WA
    subject-alternative-name
}
  • Sec-Enabled_658's avatar
    Sec-Enabled_658
    Icon for Cirrostratus rankCirrostratus
    Aug 16, 2014
    Those commands worked great for importing on the box, but is there is a command to export the key/certs in bulk? In the GUI, you can export as an "archive" but it would be nice via CLI. I dont see a way to do through tmsh