SSL certificate automation

Hi johnestate, in case I had to handle 2k cert renewals I would definitely invest into a commercial solution or spend some time in writing a script. The summary above is a first shot how it could look like. By now I haven´t touched BIG-IQ and perhaps your peers at F5 can give a demo or tell if the aspect of certificate handling is included or planned to be. I saw a demo of AppViewX a while ago (they are partnering with F5 and are providing a 3rd party management application for ADCs) but cannot remember, if this aspect is covered. If not, they seem to flexible enough to build something quickly. Certificate handling is a very sensitive task. Piping all private keys through an external tool written by somebody else requires high attention. Ideally private keys never leave your BIG-IPs except for backup in a password protected .ucs archive. Btw, I just entered the search term "certificate authority certificate request application programming interface" and got a hit. So obviously some certificate authorities are prepared to handle this process in an automated way. Anyway, my first choice would be an own scripted solution and if there is some spare time, I will try to write some lines. How are you currently handling this process? Using the WebUI or CLI (openssl or tmsh) based CSR generation? Import to TMOS filestore (assuming you are on TMOS v11 already) via WebUI or CLI (tmsh)? Replacement of cert, key and chain in client-ssl profile via WebUI or CLI (tmsh)? Using a database to handle certificate parameters? Thanks, Stephan