Certificate Automation and AS3

Question

Hey everyone!&nbsp;&nbsp;At my company we have a policy that all private crypto objects must be generated on the target device and never leave it. I am creating a REST-based automation system for the LTM devices, and I am struggling to see how to achieve this using AS3. My desired workflow, from an external server running a python script to send REST commands:Have the LTM generate a key and store it. This key may never leave the device.On the device, create a CSR.Get that CSR and read it from the script, which signs it.&nbsp;Upload the signed cert to the device.Somehow incorporate this into or make it available for use by an AS3 declaration.Any ideas?Thanks!

zdenek · Answer

There is one small consequence of using AS3 - all SSL certs and keys which are not part of declaration must be stored in Common partition. If you're going to use multitenancy with partitions, this is quite a complication.

Forum Discussion

Certificate Automation and AS3

Recent Discussions

BIG-IP SysLog appearing in ossec.log

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

dynamic signature detection

Related Content

Automating ACMEv2 Certificate Management on BIG-IP

Automate Let's Encrypt Certificates on BIG-IP

Automating NGINX Certificate Rotation on AWS

Automating certificate lifecycle management with HashiCorp Vault

BIG-IP Next Automation: AS3 Basics

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS