Forum Discussion

Steve_Brown_882's avatar
Historic F5 Account
Dec 30, 2010

pycontrol 2 and key_generate

Hey Guys,


I just started playing with pycontrol 2 and I am also trying to generate an ssl key and csr using icontrol. I have a bit of code, but I just can't seem to make it all work. Anyone want to take a peak and let me know what you think? This is cut from ipython so I left out the basics.



key_types = b.Management.KeyCertificate.typefactory.create('Management.


KeyCertificate.KeySequence') = ''


key_types.key_type = 'KTYPE_RSA_PRIVATE'


key_types.bit_length = 1024 = 'STYPE_NORMAL'


x509data = b.Management.KeyCertificate.typefactory.create('Management.K




x509data.common_name = ''


x509data.country_name = 'US'


x509data.state_name = 'New York'


x509data.locality_name = 'New York'


x509data.organization_name = 'Company'


x509data.division_name = 'Team'


b.Management.KeyCertificate.key_generate( mode = ['MANAGEMENT_MODE_DEFAULT'], keys = [key_types], x509_data = [x509data], create_optional_cert_csr = True, overwrite = False)


2 Replies

  • Ok, this should get you working. Notice a few things - if a kwarg is singular, it's not a list. So 'mode' here doesn't expect to be a list. Also, for simply 'Sequence' types like these, you don't have to create that type explicitly. Just wrap it in a list bracket and you're off and rolling. Anyhow, here's the way to generate this, with some notes added.

    In [58]: km.key_generate.params  Let's check out the params we expect to pass in. Notice that the "mode" param isn't a sequence, so it's not a list...
    [(mode, u'Management.KeyCertificate.ManagementModeType'),
     (keys, u'Management.KeyCertificate.KeySequence'),
     (x509_data, u'Management.KeyCertificate.X509DataSequence'),
     (create_optional_cert_csr, u'boolean'),
     (overwrite, u'boolean')]
     Cool, now let's start creating some objects to pass into the keys, x509_data kwargs.
    In [62]: key = km.typefactory.create('Management.KeyCertificate.Key')  NOTE: I didn't create the sequence. If you do a dir() on this key object, you'll see all of the attributes listed in the SDK. Let's set them now.
    In [63]: = ''
    In [65]: key.key_type = 'KTYPE_RSA_PRIVATE'
    In [66]: key.bit_length = 1024
    In [67]: = 'STYPE_NORMAL'
     Same routine exactly for the x509 stuff. Notice I didn't create the 'Sequence' object here either...The actual XML data is marshalled into the object below as attributes.
    In [68]: x509data = km.typefactory.create('Management.KeyCertificate.X509Data')
    In [69]: x509data.common_name = ''
    In [70]: x509data.country_name = 'US'
    In [71]: x509data.state_name = 'New York'
    In [72]: x509data.locality_name = 'New York'
    In [73]: x509data.organization_name = 'Company'
    In [75]: x509data.division_name = 'Team'
     Let's see what happens with the generation now!
    In [76]:  km.key_generate(mode = 'MANAGEMENT_MODE_DEFAULT',keys = [key],x509_data = [x509data],create_optional_cert_csr = True,overwrite = False)
     Let's confirm:
    In [79]: km.get_certificate_request_list(mode = 'MANAGEMENT_MODE_DEFAULT')
       csr_info =
             id = "default"
             email = None
             challenge_password = None
       title = None
       serial_number = None
       file_name = "/config/ssl/ssl.csr/default.csr"
       key_type = "KTYPE_RSA_PUBLIC"
       bit_length = 1024
       subject =
             common_name = "localhost.localdomain"
             country_name = "US"
             state_name = "WA"
             locality_name = "Seattle"
             organization_name = "MyCompany"
             division_name = "IT"
       csr_info =
             id = ""
             email = None
             challenge_password = None
       title = None
       serial_number = None
       file_name = "/config/ssl/ssl.csr/"
       key_type = "KTYPE_RSA_PUBLIC"
       bit_length = 1024
       subject =
             common_name = ""
             country_name = "US"
             state_name = "New York"
             locality_name = "New York"
             organization_name = "Company"
             division_name = "Team"

    Hope this helps. Please post back any questions you've got as it relates to the types. Also, if you've not had a look at the pycontrol tutorial videos it may be worth looking; I go into a little bit of how the types work, as well as the SDK's semantics.


  • Steve_Brown_882's avatar
    Historic F5 Account
    Thanks for helping me out with this, makes me feel like I accomplished soemthing the day before New Years. The comments really helped straighten some of it our in general.


    Before last week I was running the old pycontrol but I blew my enviroment up so I switched to '2'. I have to say that I really like this version better so far.