Forum Discussion
NimbostratusTrying to Set Certificate and Key for ClientSSLProfile Using Powershell
Hello,
I am trying to create a profile with an existing certificate and key on version 11.4.1. I have found a number of examples similar to this that correctly create the profile ...
$ProfileName = "TestProfile"
$Cert = New-Object -TypeName iControl.LocalLBProfileString;
$Cert.value = "default";
$Cert.default_flag = "true";
$Key = New-Object -TypeName iControl.LocalLBProfileString;
$Key.value = "default";
$Key.default_flag = "true";
(Get-F5.iControl).LocalLBProfileClientSSL.create( $ProfileName, (, $Key), (, $Cert) );
... but they only ever seem to set the certificate and key to "default". It doesn't matter what value I put in the ProfileString 'value' parameter. I have tried the file name provided by Management::KeyCertificate::CertificateInformation_v2 and the object name, and nothing seems to work.
I have also tried using LocalLBProfileClientSSL.set_key_certificate_file as I saw an article that said there was a but in the create method, but that performs exactly the same way and does not set the certificate or key.
Could someone please point me in the right direction? I'm sure I'm missing something simple, but I'm just not seeing it.
Thanks!, Sean
7 Replies
Michael_JenkinsCirrostratus
I tried to recreate the same issue you're having, and was able to get this to work
$ProfileName = "ProfileName"; $Cert = New-Object -TypeName iControl.LocalLBProfileString; $Cert.value = "/Common/CERT_NAME.crt"; $Key = New-Object -TypeName iControl.LocalLBProfileString; $Key.value = "/Common/KEY_NAME.key"; $b.LocalLBProfileClientSSL.create_v2( $ProfileName, (, $Key), (, $Cert) );Things I changed were taking out the
denotation, because that will mark that part to be be the default instead of the value you're trying to set it as. The other thing is using the full name of the cert and key, complete with the file extension. And I changed it todefault-flag
. I'm not really sure of the differences but I always use the v2 methods.create_v2Hope this helps.
Sean_Powell_821Thanks Michael.
I originally tried _v2, as I usually use those too, and it failed. I found in the wiki it is for version 11.5 and later, I'm using 11.4.1.
I had tried removing the default flag in my testing, and not setting the flag produces errors. Setting the flag to false does't seem to change the behavior either, it's still set as default.
What I ended up doing was creating an SSLProfile with the default cert/key and then immediately changing it with the set_key_certificate_file function. Omitting the default_flag for the set_key_certificate_file function does work as expected.
Thank you very much for your help.
Sean
- Michael_JenkinsWeird. I'm using 11.5 so that would explain why mine works. Sorry.
- Sean_Powell_821Well, you confirmed what the values should be set so that helped a lot, thank you. I have a working solution, so it's all good :)
Ansh_Jain_36819Hi Michael, Thanks for the script. It is creating a profile with an existing certificate and key successfully on F5. But I have a doubt, how this script is connecting to F5 LTM link without specifying the link and credentials in it? Could you please share your knowledge on this ?
- Michael_Jenkins
If you're referring to how you would connect to the specific F5 device, you can see an example of how to connect to a device on the iControl PowerShell page. If i remember right (it's been a while since I've used iControl), you may try
to see if that gets you what you're looking for.$b = (Get-F5) 
khaleel_374654Hi Micheal...Thanks for script. I also need help for the same(posted by Ansh) issue. How you are passing the F5 name and credentials?
