Forum Discussion

dmacika_116140's avatar
dmacika_116140
Icon for Nimbostratus rankNimbostratus
May 19, 2014

iControl and Powershell - key import and certificate import

I am attempting to script out importing a SSL crt/key pair into a new F5 running 11.3. I'm using iControl within Powershell. I've successfully used iControl and Powershell for other tasks on this n...
crt
devops
iControl
key
management
ssl
dmacika_116140's avatar
dmacika_116140
Icon for Nimbostratus rankNimbostratus
Feb 11, 2015

Worked with F5 support and came up with a working solution. Import_from_pem was failing for me at first. Key is to use the -raw flag on the get-content. Hope this helps others in the future.

 $url is the common name of the certificate.
 .crt and .key files are stored as $url.crt and $url.key
$url = "www.mydomain.com"

 IP address of the F5
$srv = "1.2.3.4"

 Directory where the crt and key files are placed
$SSLDir = "D:\temp" 

Add-PSSnapIn iControlSnapIn -ErrorAction SilentlyContinue
Initialize-F5.iControl -Hostname $srv -Credentials (Get-Credential)

(Get-F5.iControl).ManagementPartition.Set_active_partition("Common")

$crtfilename = $url + ".crt" 
$keyfilename = $url + ".key" 
$keyfile = $SSLDir + "\" + $keyfilename 
$crtfile = $SSLDir + "\" + $crtfilename

$key_pem = get-content $keyfile -raw
$crt_pem = get-content $crtfile -raw

if ( (test-path $keyfile) -and (test-path $crtfile) ) {
      (Get-F5.iControl).ManagementKeyCertificate.Key_import_from_pem("MANAGEMENT_MODE_DEFAULT",$url,$key_pem,1)
      (Get-F5.iControl).ManagementKeyCertificate.certificate_import_from_pem("MANAGEMENT_MODE_DEFAULT",$url,$crt_pem,1)
} else {
      write-host "Missing Files"
}