Forum Discussion
How to make a password-protected private key via REST
Hi Wyko, I could be off-base, but I don't think you can create the key this way. I believe you need to create the key from command line, either locally on a box and upload it to BIG-IP, or create it on command line on BIG-IP itself. Once that step is done, then you can create the file reference to that key with the REST methods.
That said, I would not recommend using the /tm/sys/crypto/key method, as the /tm/sys/crypto methods have been deprecated for a while, but rather the /tm/sys/file/ssl-key method instead. When using the latter method, you'll want to define sourcePath attribute like "file:///var/config/rest/downloads/my.key" or whereever you uploaded/created the key. So the data that you would POST to /tm/sys/file/ssl-key would look something like (using the bigrest python iControl REST wrapper here):
from bigrest.bigip import BIGIP
b = BIGIP('mybigip.local', 'admin', 'admin', session_verify=False)
key_data = {'name': 'testkey.key',
'keySize': 2048,
'keyType': 'rsa-private',
'passphrase': 'encrypted passphrase here',
'securityType': 'password',
'sourcePath': 'file:///var/config/rest/downloads/mytestkey.key'
}
response = b.create('/mgmt/tm/sys/file/ssl-key', key_data)
This assumes of course you've created the key and moved it or uploaded it to the BIG-IP /var/config/rest/downloads folder.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com