Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Daniel_Tremmel's avatar
Daniel_Tremmel
Icon for Altostratus rankAltostratus
Jul 29, 2017

edit ClientSSL profile using Python SDK

Hi,

 

is there a way to edit a ClientSSL profile using the Python SDK? For example, changing the assigned certificates and keys?

 

regards Daniel

 

1 Reply

  • Ed_Summers's avatar
    Ed_Summers
    Icon for Nimbostratus rankNimbostratus
    Jul 31, 2017

    I encountered a small issue and haven't worked out the proper (per SDK) way to handle it yet.

    The config has both the cert-key-chain field that holds the cert, key, and chain-cert as one item. But the config also has what I believe are the 'legacy' cert, key, and chain fields. In the SDK these are represented by attributes certKeyChain, cert, key, and chain, respectively.

    I have not been able to update a profile by only updating the certKeyChain. I've tried various ways of 'blanking' out the other fields, or even deleting the attributes entirely before performing an update. All result in error. The only success I've had is to update both certKeyChain and the cert, key, and chain fields with the same value. I assume there's a cleaner way to do this.

    Note: Output heavily trimmed for brevity:

    >>> pprint(my_profile.raw)
{'_meta_data': {'allowed_commands': [],
[...]
 u'cert': u'/Common/second-test-key.crt',
 u'certExtensionIncludes': [u'basic-constraints', u'subject-alternative-name'],
 u'certKeyChain': [{u'appService': u'none',
                    u'cert': u'/Common/second-test-key.crt',
                    u'certReference': {u'link': u'https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~second-test-key.crt?ver=13.0.0'},
                    u'chain': u'none',
                    u'key': u'/Common/second-test-key.key',
                    u'keyReference': {u'link': u'https://localhost/mgmt/tm/sys/file/ssl-key/~Common~second-test-key.key?ver=13.0.0'},
                    u'name': u'second-test-key'}],
 u'chain': u'none',
 u'key': u'/Common/second-test-key.key',
 u'name': u'my_profile',

>>> new_certificate = '/Common/first_test_key.crt'
>>> new_key = '/Common/first_test_key.key'
>>> new_certKeyChain = {'name': 'first_test_key',
...                     'cert': new_certificate,
...                     'key': new_key,
...                     }
>>> my_profile.certKeyChain.pop()
>>> my_profile.certKeyChain.append(new_certKeyChain)
>>> my_profile.cert = new_certificate
>>> my_profile.key = new_key
>>> my_profile.update()
>>> pprint(my_profile.raw)
{'_meta_data': {'allowed_commands': [],
 u'cert': u'/Common/first_test_key.crt',
 u'certExtensionIncludes': [u'basic-constraints', u'subject-alternative-name'],
 u'certKeyChain': [{u'appService': u'none',
                    u'cert': u'/Common/first_test_key.crt',
                    u'certReference': {u'link': u'https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~first_test_key.crt?ver=13.0.0'},
                    u'chain': u'none',
                    u'key': u'/Common/first_test_key.key',
                    u'keyReference': {u'link': u'https://localhost/mgmt/tm/sys/file/ssl-key/~Common~first_test_key.key?ver=13.0.0'},
                    u'name': u'first_test_key'}],
 u'chain': u'none',
 u'key': u'/Common/first_test_key.key',
 u'name': u'my_profile',