Forum Discussion
Replacing vserver certificates (say for SSL offload) via CLI?
- Oct 25, 2021
Yes, there is a way where you can update the certificates in the SSL profiles via cli. But you need to have the new certificate uploaded on the F5. If certificate is already uploaded on the F5, you can use below command to update new certificate under selected client and/or server SSL profile. Once you have proper certificate, key & profile name selected, you can update multiple certificates & key under ssl profiles in below commands in one go.
tmsh modify ltm profile <SSL-Profile-Type> <SSL-Profile-Name> cert <SSL-Certificate-Name> key <SSL-Key-Name>
If you are looking for importing certificate first (not using WebUI), then you can use SCP transfer. Once certificate & key file is transferred, first you need to install those files using below given commands. Once it is installed, you can use above command to update the certificate & key files under ssl profiles.
tmsh install sys crypto cert <SSL-certificate-name> from-local-file <path-to-certificate-file>
tmsh install sys crypto key <SSL-key-name> from-local-file <path-to-key-file>
Ref. article for more details -
https://support.f5.com/csp/article/K14031
NOTE- After installing the certificates and/or keys, you must verify cert & key if it is properly installed before applying same under profiles.
This way you can manage these configurations via cli.
Hope it helps!
Yes, there is a way where you can update the certificates in the SSL profiles via cli. But you need to have the new certificate uploaded on the F5. If certificate is already uploaded on the F5, you can use below command to update new certificate under selected client and/or server SSL profile. Once you have proper certificate, key & profile name selected, you can update multiple certificates & key under ssl profiles in below commands in one go.
tmsh modify ltm profile <SSL-Profile-Type> <SSL-Profile-Name> cert <SSL-Certificate-Name> key <SSL-Key-Name>
If you are looking for importing certificate first (not using WebUI), then you can use SCP transfer. Once certificate & key file is transferred, first you need to install those files using below given commands. Once it is installed, you can use above command to update the certificate & key files under ssl profiles.
tmsh install sys crypto cert <SSL-certificate-name> from-local-file <path-to-certificate-file>
tmsh install sys crypto key <SSL-key-name> from-local-file <path-to-key-file>
Ref. article for more details -
https://support.f5.com/csp/article/K14031
NOTE- After installing the certificates and/or keys, you must verify cert & key if it is properly installed before applying same under profiles.
This way you can manage these configurations via cli.
Hope it helps!
- Fallout1984Nov 02, 2021Cirrocumulus
Thanks for the info!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com