Forum Discussion

rob_carr's avatar
Icon for Cirrostratus rankCirrostratus
Jan 20, 2012

Importing SSL Certs and Keys via TMSH

According to this topic ( there exists a 'TMSH install cert' command that presumably imports SSL certs and keys. I'm working with LTM's running 10.2.2, and I can't find said command, and I would really like to. I have to produce change-control documents with instructions for an operations group to execute, and being able to do all desired actions from within tmsh would be a really positive step.



3 Replies

  • You could do it this way in tmsh:

    create /sys file ssl-cert blah.crt { source-path http://foo/blah.crt}

    You've to provide a URL reachable by bigip which delivers the pem-encoded certificate. This works the same with keys.
  • For version 10, you can just copy the files into the matching directories:


    Payload certs:








    HTTPD certs for management:








    For version 11 (maybe someone can update this to be more specific), these files are managed by TMOS requiring you to import the certificate and key data.


    The following was done with 11.5. This command will create test.crt and test.key as the managed prefix names. The source file is default.crt or key.


    tmsh create /sys file ssl-cert test.crt source-path


    tmsh create /sys file ssl-key test.key source-path


  • Kevin_K_51432's avatar
    Historic F5 Account

    It has been a while, but with 10.2.2, can't you just put them (scp) in the appropriate directory and they then become available for selection by the SSL profile?