Forum Discussion

Stefan_Engel's avatar
Stefan_Engel
Icon for Cirrus rankCirrus
Jun 01, 2021

Extract content of Certificate key file with REST or Ansible

Hi Community, I'm working on an automation for renewing Certificates on multiple BIG-IP's using Ansible. As not all available Ansible F5 modules provide what is required, I'm currently using a m...
Ansible
BIG-IP
devops
iControl
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP

Hi Stefan,

 

I guess using SOAP is not an option: https://clouddocs.f5.com/api/icontrol-soap/Management__KeyCertificate.html ?

 

Another option, but that is also sort of working around the problem, you can download files like described here: https://support.f5.com/csp/article/K41763344#download_generic

Means the private key file must exist in https://<ip address>/mgmt/shared/file-transfer/uploads/<filename>, maybe as a copy.

 

KR

Daniel

 

 

Stefan_Engel's avatar
Stefan_Engel
Icon for Cirrus rankCirrus
Jun 04, 2021

Thanks Daniel.

https://support.f5.com/csp/article/K41763344#download_generic might work, but not supported in v15.x.x or later anymore.

I solved it like this..may not the prettiest, but works:

- name: Extract Certificate Private Key
    raw: cat /config/filestore/files_d/Common_d/certificate_key_d/\:Common:vanity_{{request_id}}.key*
    register: vanity_key
    become: yes
    delegate_to: "{{ provider.server }}"
    vars:
      ansible_ssh_user: "{{ provider.user }}"
      ansible_ssh_pass: "{{ provider.password }}"
 
- name: Import Cert Key
    bigip_ssl_key:
      name: "vanity_{{ request_id }}"
      state: present
      content: "{{ vanity_key.stdout }}"
      provider: "{{ provider }}"