Forum Discussion
Steve_Brown_882
Dec 30, 2010Historic F5 Account
pycontrol 2 and key_generate
Hey Guys,
I just started playing with pycontrol 2 and I am also trying to generate an ssl key and csr using icontrol. I have a bit of code, but I just can't seem to make it all work. Anyone want to take a peak and let me know what you think? This is cut from ipython so I left out the basics.
key_types = b.Management.KeyCertificate.typefactory.create('Management.
KeyCertificate.KeySequence')
key_types.id = 'testkey.domain.com'
key_types.key_type = 'KTYPE_RSA_PRIVATE'
key_types.bit_length = 1024
key_types.security = 'STYPE_NORMAL'
x509data = b.Management.KeyCertificate.typefactory.create('Management.K
eyCertificate.X509DataSequence')
x509data.common_name = 'testkey.deloitte.com'
x509data.country_name = 'US'
x509data.state_name = 'New York'
x509data.locality_name = 'New York'
x509data.organization_name = 'Company'
x509data.division_name = 'Team'
b.Management.KeyCertificate.key_generate( mode = ['MANAGEMENT_MODE_DEFAULT'], keys = [key_types], x509_data = [x509data], create_optional_cert_csr = True, overwrite = False)
- L4L7_53191NimbostratusOk, this should get you working. Notice a few things - if a kwarg is singular, it's not a list. So 'mode' here doesn't expect to be a list. Also, for simply 'Sequence' types like these, you don't have to create that type explicitly. Just wrap it in a list bracket and you're off and rolling. Anyhow, here's the way to generate this, with some notes added.
In [58]: km.key_generate.params Let's check out the params we expect to pass in. Notice that the "mode" param isn't a sequence, so it's not a list... Out[58]: [(mode, u'Management.KeyCertificate.ManagementModeType'), (keys, u'Management.KeyCertificate.KeySequence'), (x509_data, u'Management.KeyCertificate.X509DataSequence'), (create_optional_cert_csr, u'boolean'), (overwrite, u'boolean')] Cool, now let's start creating some objects to pass into the keys, x509_data kwargs. In [62]: key = km.typefactory.create('Management.KeyCertificate.Key') NOTE: I didn't create the sequence. If you do a dir() on this key object, you'll see all of the attributes listed in the SDK. Let's set them now. In [63]: key.id = 'tetkey.domain.com' In [65]: key.key_type = 'KTYPE_RSA_PRIVATE' In [66]: key.bit_length = 1024 In [67]: key.security = 'STYPE_NORMAL' Same routine exactly for the x509 stuff. Notice I didn't create the 'Sequence' object here either...The actual XML data is marshalled into the object below as attributes. In [68]: x509data = km.typefactory.create('Management.KeyCertificate.X509Data') In [69]: x509data.common_name = 'testkey.deloitte.com' In [70]: x509data.country_name = 'US' In [71]: x509data.state_name = 'New York' In [72]: x509data.locality_name = 'New York' In [73]: x509data.organization_name = 'Company' In [75]: x509data.division_name = 'Team' Let's see what happens with the generation now! In [76]: km.key_generate(mode = 'MANAGEMENT_MODE_DEFAULT',keys = [key],x509_data = [x509data],create_optional_cert_csr = True,overwrite = False) Let's confirm: In [79]: km.get_certificate_request_list(mode = 'MANAGEMENT_MODE_DEFAULT') Out[79]:[(Management.KeyCertificate.CertificateRequestInformation){ csr_info = (Management.KeyCertificate.CertificateRequest){ id = "default" email = None challenge_password = None } title = None serial_number = None file_name = "/config/ssl/ssl.csr/default.csr" key_type = "KTYPE_RSA_PUBLIC" bit_length = 1024 subject = (Management.KeyCertificate.X509Data){ common_name = "localhost.localdomain" country_name = "US" state_name = "WA" locality_name = "Seattle" organization_name = "MyCompany" division_name = "IT" } }, (Management.KeyCertificate.CertificateRequestInformation){ csr_info = (Management.KeyCertificate.CertificateRequest){ id = "tetkey.domain.com" email = None challenge_password = None } title = None serial_number = None file_name = "/config/ssl/ssl.csr/tetkey.domain.com.csr" key_type = "KTYPE_RSA_PUBLIC" bit_length = 1024 subject = (Management.KeyCertificate.X509Data){ common_name = "testkey.deloitte.com" country_name = "US" state_name = "New York" locality_name = "New York" organization_name = "Company" division_name = "Team" } }] Ding!
- Steve_Brown_882Historic F5 AccountThanks for helping me out with this, makes me feel like I accomplished soemthing the day before New Years. The comments really helped straighten some of it our in general.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects