Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

sak's avatar
sak
Icon for Nimbostratus rankNimbostratus
Nov 23, 2018

Rest API to Upload Certificate TO BIG IP LTM from my Local Machine(local path) & not from BIG IP LTM device

Hi,   I want to upload certificate to LTM from my local machine using Rest API.   Case 1:: I am able to upload certificate to LTM where the .crt file is present on LTM Machine itself using belo...
cloud
LTM
TMOS
Aaron_Newberry's avatar
Aaron_Newberry
Icon for Nimbostratus rankNimbostratus
Jan 24, 2019

I was looking for a way to copy the certification to the LTM using REST, but I didn’t find anything. So, what I ended up doing was I wrote a python script that used paramiko and scp to copy the cert and install it. I was able to copy and install an intermediate cert to 170 LTMs running various versions of 11.5.x, 12.x and 13 in about 30 minutes. Script below, it’s not elegant but it worked.

Another thing I looked at was just using scp to copy the cert then using the following commands to install via the api.

curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/mgmt/tm/sys/crypto/cert -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}'

curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/mgmt/tm/sys/crypto/key -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.key"}'

!/usr/bin/env python
import paramiko
from scp import SCPClient
import time

username = ""
password = ""
command1 = "tmsh list sys crypto cert "
command2 = "tmsh install sys crypto cert  from-local-file /var/tmp/"
f1 = open("lb_in.txt", "r")
f2 = open("fail.txt", "a")
f3 = open("copy_status.txt", "a")

 Creates list based on f1
devices = f1.readlines()
 commands = f3.readlines()


def dev_ssh(device):
    device = device.rstrip()
    try:
        ssh = paramiko.SSHClient()
        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
        ssh.connect(device, username=username, password=password, timeout=15)
         scp = SCPClient(ssh.get_transport())
        status = "auth-success"
    except paramiko.AuthenticationException:
        status = "auth-failed"
    except:
        status = "ssh-failed"
    return ssh, status


for device in devices:
    device = device.rstrip()
    ssh, status = dev_ssh(device)

    if "failed" not in status:
        stdin, stdout, stderr = ssh.exec_command(command1)
        output = stdout.read()
        if b"" not in output:
            scp = SCPClient(ssh.get_transport())
            scp.put("", "/var/tmp/")
            stdin, stdout, stderr = ssh.exec_command(command2)
            time.sleep(3)
            f3.writelines("{0} {1}\n".format(device, "copied successful"))
        else:
            print(
                "{0} {1}\n".format(
                    device, " already exists"
                )
            )
            f3.writelines(
                "{0} {1}\n".format(
                    device, " already exists"
                )
            )
    else:
        print(device, status)
        f2.writelines("{0} {1}\n".format(device, status))