Forum Discussion

JoaquinSilvaRCCL's avatar
JoaquinSilvaRCCL
Icon for Nimbostratus rankNimbostratus
Apr 24, 2024

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

We have more than 160 BIG-IP Virtual Edition with version 15.1.10.3 build 0.0.12. We need to import, in each one, an SSL Certificate in PFX/PKCS 12 format in the path System ›› Certificate Management: Device Certificate Management: Device Certificate. We looked in the documentation and the KB but we couldn't find a way to do it.
Has anyone dealt with this and have a solution to do it via Script, CLI or API?
Thank you.

  • Just few days ago I saw some example somebody imported PFX via API, but we do it the way that we firstly reformat PFX to PEM (openssl, cryptography in python, choose what you need).

    Then we import PEM cert/key via SFTP to F5 (/var/tmp for example, it's just temporary, you'll delete that) and then we install it so its accessible for TMOS:

    POST /sys/crypto/cert
    POST /sys/crypto/key

    {"command": "install",
    "name": <cert/key_name>,
    "partition": <partition_name>,
    "from-local-file": <file_name>}

     

    Hope this helps