Forum Discussion

Wyko's avatar
Wyko
Icon for Altostratus rankAltostratus
May 09, 2024

Certificate Automation and AS3

Hey everyone! 

 

At my company we have a policy that all private crypto objects must be generated on the target device and never leave it. I am creating a REST-based automation system for the LTM devices, and I am struggling to see how to achieve this using AS3. My desired workflow, from an external server running a python script to send REST commands:

  1. Have the LTM generate a key and store it. This key may never leave the device.
  2. On the device, create a CSR.
  3. Get that CSR and read it from the script, which signs it. 
  4. Upload the signed cert to the device.
  5. Somehow incorporate this into or make it available for use by an AS3 declaration.

Any ideas?

Thanks!

  • Zdenek's avatar
    Zdenek
    Icon for Cirrostratus rankCirrostratus

    There is one small consequence of using AS3 - all SSL certs and keys which are not part of declaration must be stored in Common partition. If you're going to use multitenancy with partitions, this is quite a complication.