Forum Discussion
Upload LTM SSL Certificate and Key using REST API
Hi Shereif, from AS3, you can reference them in the declaration as BIG-IP objects like this:
"certs_on_bigip": {
"class": "Certificate",
"certificate": {
"bigip":"/Common/my.test.local.crt"
},
"privateKey": {
"bigip":"/Common/my.test.local.key"
}
}
As far as uploading them with iControl REST directly, you need to upload the files, then use the
- /mgmt/tm/sys/file/ssl-key
- /mgmt/tm/sys/file/ssl-cert
endpoints to "import" them as BIG-IP objects. Note that you'll need to do any updates to cert/key pairs in use as BIG-IP objects on ssl profiles in a transaction. (there are definitely benefits to managing this in AS3 instead)
Anyway, here's an example of how that's done in python in my Let's Encrypt cert automation repo on Github:
https://github.com/f5devcentral/lets-encrypt-python/blob/main/hook_script.py#L74-L108
- ShereifNov 21, 2023Altostratus
Thank you for getting back.
I probably should have elaborated a little bit more on my scenario
I have my own python wrapper for the BIGIP API ( not using the SDK ), assuming that there is a platform that I can API to generate certificates and keys ( not F5 ), now in my program I have the actual cert and key text in memory and I don't want to write them on disc and then upload them.
given the two API endpoints you mentioned
/mgmt/tm/sys/file/ssl-key
/mgmt/tm/sys/file/ssl-certwhat would the API call look like, there are a few keys that should be sent in the POST body here APIRef_tm_sys_file_ssl-key (f5.com) but I can't figure out thow to just send the cert and key text, without refering to a file on disc
hypothetical call using /mgmt/tm/sys/file/ssl-key and using a partition that is not Common
POST request with JSON body as following
{ "name": "mykey.key", "tmPartition": "Partition1", "whatkey?": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA6E4h6p1AaatxTQ0BZqEu987eMMz+embO+VBtrlnVddsdXdc-----END RSA PRIVATE KEY-----\n" }
after making that hypothetical call, the key should now be recognized on the F5 as mykey.key and I can reference it in the AS3 as you mentioned earlier.
I hope that cleared the scenario.
note: if there's a postman request example for the above scenario that would be great
Regards,
Shereif
- JRahmNov 21, 2023Admin
Hi Shereif I don't think that won't work in the icontrol rest interface, but I'll do a little digging.
you can do this directly with an AS3 declaration though.
- JRahmNov 21, 2023Admin
you can reference a sourcePath object from cert/key creation, but that has to exist in a file or from ftp/http target. If your python wrapper wanted to serve up that cert/key as a web route in flask/fastapi/pyramid, etc...that might work for you, otherwise you'll need to use AS3 declaration to send as strings.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com