Forum Discussion
Rest API generate key with passphrase
How can I generate a key with passphrase through the REST API. I do the following :
POST mgmt/tm/sys/crypto/key
{
"name": "/Common/test.domain.nl123.key",
"keyType": "rsa-private",
"securityType": "password",
"password": "$M$1p$1JabAKC3V/riq3CHKwBNCw=="
}
RESPONSE
{
"kind": "tm:sys:crypto🔑keystate",
"name": "/Common/test.domain.nl123.key",
"fullPath": "/Common/test.domain.nl123.key",
"generation": 5164,
"selfLink": "https://localhost/mgmt/tm/sys/crypto/key/~Common~test.domain.nl123.key?ver=12.1.3.2",
"keySize": "2048",
"keyType": "rsa-private",
"securityType": "normal"
}
The securityType is still "normal". Try also with "passphrase": "$M$1p$1JabAKC3V/riq3CHKwBNCw==" but then the response is:
{
"code": 400,
"message": "\"passphrase\" may not be specified in the context of the \"create\" command.
\"passphrase\" may be specified using the following commands: install",
"errorStack": [],
`text`"apiError": 26214401
}
- Dario_Garrido
Noctilucent
Check this out -> https://devcentral.f5.com/questions/upload-ssl-keys-certs-via-icontrol-rest-api
KR, Dario.
Fiddled around a bit in my lab and it does not seem to be possible the way you want it to.
Even via TMSH you are forced to enter it manually by using prompt-for-password (although you might be able to pipe input there via bash):
(/Common)(tmos) create sys crypto key test3 key-type rsa-private security-type password key-size 2048 ? Options: gen-certificate also generate a self signed certificate gen-csr also generate a certificate signing request and display it prompt-for-password Use password for key. Properties: consumer Specifies the TMOS component which will be making use of this. curve-name Specifies the curve name to create elliptic curve (EC) key.
So the only way left as far as I can see is to upload a locally generated file, or do some work around with bash (you can run bash commands via REST).
/Patrik
I think you got the syntax wrong for the command:
This worked fine for me:
curl -sku admin:admin https://192.168.10.23/mgmt/tm/util/bash -H "content-type:application/json" -d " { \"command\": \"run\", \"utilCmdArgs\": \"-c 'openssl genrsa -aes256 -passout pass:DitIsEenTest123 -out /config/ssl/ssl.key/f5test.com_2015.key 2048'\" } "
Result:
{"kind":"tm:util:bash:runstate","command":"run","utilCmdArgs":"-c 'openssl genrsa -aes256 -passout pass:DitIsEenTest123 -out /config/ssl/ssl.key/f5test.com_2015.key 2048'","commandResult":"Generating RSA private key, 2048 bit long modulus\n.......................+++++\n..................+++++\nunable to write 'random state'\ne is 65537 (0x10001)\n"}`
And file exists:
[root@f5yp01:Active:Disconnected] config ls /config/ssl/ssl.key/ default.key f5test.com_2015.key
- Tom_Rogers
Employee
>> How can I generate a key with passphrase through the REST API.
Currently you can't use a pure REST API command to generate a private SSL key that uses a passphrase.
F5 has RFE ID832649 to allow this, but it has not been implemented in any version of code (yet).
If your business requirements dictate this functionality, please open a support ticket with F5, and have your ticket associated with the RFE ID
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com