Forum Discussion

Shereif's avatar
Shereif
Icon for Altostratus rankAltostratus
2 years ago

Upload LTM SSL Certificate and Key using REST API

I'm trying to upload and existing certificate and key using the API but I can't find a working way so far.

The Idea is to upload the cert and key, then later reference them in an AS3 declaration. I am aware that I can directly reference the cert and key content in AS3 but due to how the process works, I want to upload the files first then later reference them in an AS3 declaration.

Thank yo in advance

Regards,

Shereif

 

5 Replies

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    2 years ago

    Hi Shereif, from AS3, you can reference them in the declaration as BIG-IP objects like this:

     

    "certs_on_bigip": {
    "class": "Certificate",
    "certificate": {
        "bigip":"/Common/my.test.local.crt"
    },
    "privateKey": {
        "bigip":"/Common/my.test.local.key"
    }
}

     

    As far as uploading them with iControl REST directly, you need to upload the files, then use the

    • /mgmt/tm/sys/file/ssl-key
    • /mgmt/tm/sys/file/ssl-cert

    endpoints to "import" them as BIG-IP objects. Note that you'll need to do any updates to cert/key pairs in use as BIG-IP objects on ssl profiles in a transaction. (there are definitely benefits to managing this in AS3 instead)

    Anyway, here's an example of how that's done in python in my Let's Encrypt cert automation repo on Github:

    https://github.com/f5devcentral/lets-encrypt-python/blob/main/hook_script.py#L74-L108

     

    • Shereif's avatar
      Shereif
      Icon for Altostratus rankAltostratus
      2 years ago

      Thank you  for getting back.

      I probably should have elaborated a little bit more on my scenario

      I have my own python wrapper for the BIGIP API ( not using the SDK ), assuming that there is a platform that I can API to generate certificates and keys ( not F5 ), now in my program I have the actual cert and key text in memory and I don't want to write them on disc and then upload them

      given the two API endpoints you mentioned

      /mgmt/tm/sys/file/ssl-key
      /mgmt/tm/sys/file/ssl-cert

      what would the API call look like, there are a few keys that should be sent in the POST body here APIRef_tm_sys_file_ssl-key (f5.com) but I can't figure out thow to just send the cert and key text, without refering to a file on disc

      hypothetical call using /mgmt/tm/sys/file/ssl-key and using a partition that is not Common

      POST request with JSON body as following

      {
    "name": "mykey.key",
    "tmPartition": "Partition1",
    "whatkey?": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA6E4h6p1AaatxTQ0BZqEu987eMMz+embO+VBtrlnVddsdXdc-----END RSA PRIVATE KEY-----\n"
}

      after making that hypothetical call, the key should now be recognized on the F5 as mykey.key and I can reference it in the AS3 as you mentioned earlier.

      I hope that cleared the scenario.

      note: if there's a postman request example for the above scenario that would be great

      Regards,

      Shereif

      • JRahm's avatar
        JRahm
        Icon for Admin rankAdmin
        2 years ago

        Hi Shereif I don't think that won't work in the icontrol rest interface, but I'll do a little digging.

        you can do this directly with an AS3 declaration though.