Forum Discussion

Aravind's avatar
Aravind
Icon for Nimbostratus rankNimbostratus
Sep 01, 2021

Patching additional TLS certificate to the existing virtual server

Hi,

I am New to AS3.

tried following json file to patch the new TLS certificate to the existing virtual server however its not working. can you let me know what is the correct procedure ?

{
  "class": "AS3",
  "action": "patch",
  "patchBody": [
    {
      "op": "add",
      "path": "/tenanat/Application/private-vip/front-cert",
      "value": {
        
          "class": "TLS_Server",
          "certificates": [
          {
          "certificate": "frontend-cert"
          }
          ],
          "ciphers": "DEFAULT",          
          "frontend-cert": {
          "class": "Certificate",
          "certificate": "-----BEGIN CERTIFICATE-----fsdfsdfdshfd-----END CERTIFICATE-----\n",
          "privateKey": "-----BEGIN PRIVATE KEY-----edfddsfdsfds-----END PRIVATE KEY-----\n"
          },
          "private-vip": {
            "layer4": "tcp",            
            "class": "Service_HTTPS",        
            "ServerTLS" : "front-cert",
            "redirect80": false,
            "shareAddresses": true,
            "virtualAddresses": [
              "192.168.1.x"
            ]
          }
      }
    }
    
  ]
}
application delivery
AS3
BIG-IP
new_TLS_CERT
patch
  • Aravind's avatar
    Aravind
    Icon for Nimbostratus rankNimbostratus
    Sep 01, 2021

    after a little bit tweaking in the json file, i could see the new certificate and ssl profile is created in F5 however the association to the virtual server is not happening. following is the updated json file. 

    {
  "class": "AS3",
  "action": "patch",
  "patchBody": [
    {
      "op": "add",
      "path": "/tenant/Application/front-cert",
      "value": {
        
          "class": "TLS_Server",
          
          "certificates": [
          {
          "certificate": "frontend-cert"
          }
          ],
          "ciphers": "DEFAULT"          
        }
    },
    {
      "op": "add",
      "path": "/tenant/Application/frontend-cert",
      "value": {          
          "class": "Certificate",
          "certificate": "-----BEGIN CERTIFICATE-----ffddedddd---END CERTIFICATE-----\n",
          "privateKey": "-----BEGIN PRIVATE KEY-----ffdddeeessddd-----END PRIVATE KEY-----\n"
          },
          "Application":{    
          "class": "Application",
          "private-vip-0.4": {
            "layer4": "tcp",            
            "class": "Service_HTTPS",        
            "serverTLS": "front-cert",
             "shareAddresses": true,
            "virtualAddresses": [
              "192.168.1.x"
            ]                     
          }
          }
    }
    
  ]
}

    I guess, by default this parameter is enabled " default SSL profile for SNI" in TLS_Server profile. due to this, the new ssl profile is not associated. tried looking at the api document for this parameter but could not find the specific key.