Forum Discussion
NimbostratusRest API to Upload Certificate TO BIG IP LTM from my Local Machine(local path) & not from BIG IP LTM device
Hi,
I want to upload certificate to LTM from my local machine using Rest API.
Case 1:: I am able to upload certificate to LTM where the .crt file is present on LTM Machine itself using below Rest Call.
Body is as below e.g.{"command":"install","name":"alice","from-local-file":"/var/mycert/alice.crt"} In above call the path is from LTM Device.Certificate file is present on LTM device.
Case 2 :: Is it possible to upload certificate from my local machine to LTM.
e.g.If i changed above path /var/mycert/alice.crt to D:/mycert/... etc.etc.
Please help if anyone has solution to this.
Thanks,
Aaron_NewberryI was looking for a way to copy the certification to the LTM using REST, but I didn’t find anything. So, what I ended up doing was I wrote a python script that used paramiko and scp to copy the cert and install it. I was able to copy and install an intermediate cert to 170 LTMs running various versions of 11.5.x, 12.x and 13 in about 30 minutes. Script below, it’s not elegant but it worked.
Another thing I looked at was just using scp to copy the cert then using the following commands to install via the api.
curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/mgmt/tm/sys/crypto/cert -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}' curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/mgmt/tm/sys/crypto/key -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.key"}'!/usr/bin/env python import paramiko from scp import SCPClient import time username = "" password = "" command1 = "tmsh list sys crypto cert " command2 = "tmsh install sys crypto cert from-local-file /var/tmp/" f1 = open("lb_in.txt", "r") f2 = open("fail.txt", "a") f3 = open("copy_status.txt", "a") Creates list based on f1 devices = f1.readlines() commands = f3.readlines() def dev_ssh(device): device = device.rstrip() try: ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(device, username=username, password=password, timeout=15) scp = SCPClient(ssh.get_transport()) status = "auth-success" except paramiko.AuthenticationException: status = "auth-failed" except: status = "ssh-failed" return ssh, status for device in devices: device = device.rstrip() ssh, status = dev_ssh(device) if "failed" not in status: stdin, stdout, stderr = ssh.exec_command(command1) output = stdout.read() if b"" not in output: scp = SCPClient(ssh.get_transport()) scp.put("", "/var/tmp/") stdin, stdout, stderr = ssh.exec_command(command2) time.sleep(3) f3.writelines("{0} {1}\n".format(device, "copied successful")) else: print( "{0} {1}\n".format( device, " already exists" ) ) f3.writelines( "{0} {1}\n".format( device, " already exists" ) ) else: print(device, status) f2.writelines("{0} {1}\n".format(device, status))