Uploading/creating SSL cert+key using iControlREST

Question

Hi,&nbsp;
The documentation available seem to say that to actually add an SSL private key and certificate to BigIP using tmsh you need to generate them somewhere and manually copy them to  /config/ssl/ssl.key/, only after that it is possible to 'add' them on tmsh.&nbsp;
Is it also the case with iControl(REST) ? if so that's quite a limitation ...&nbsp;

kunjan · Answer

Yes, need to upload some temp directory, may be using scp. Then use RestAPi to create the cert/key pair and then SSL profile.&nbsp;

benoit_9199 · Answer

Well apparently you can create a crypto key using "create /sys crypto key gen-csr" so it should be possible to do this with the iControl api&nbsp;
I'll look further in this direction, i would preferer not to mix scp and RestAPI ...&nbsp;

benoit_9199 · Answer

Apparement quelques questions sans réponses existent sur le sujet:&nbsp;
https://devcentral.f5.com/questions/generate-a-csr-with-icontrol-rest
https://devcentral.f5.com/questions/generate-csr-and-upload-new-cert-through-icontrolrest-api&nbsp;

benoit_9199 · Answer

Well, after asking F5 support it is a referenced bug ID489843: "A GET on some file object configurations (for example tm/sys/crypto/key) does not return all of the properties of the file object."
And the expected way to use it will be:
POST //mgmt/tm/sys/crypto/key HTTP/1.1
Host: 10.208.102.28
Authorization: Basic YWRtaW46YWRtaW4=
Content-Type: application/json
Cache-Control: no-cache

{ "name":"test001", "options":[{"get-csr":"test001"}], "common-name":"rest.test.com" }

mayouche_162667 · Answer

Hi,

I was able to create a key using rest api calls, but i'm unable to generate the CSR. Could you please clarify whether this is a known f5 bug?

Forum Discussion

Uploading/creating SSL cert+key using iControlREST

8 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

F5 BIG-IP and ENTRUST nShield HSM SSL key/cert auto synchronization between HA peers with iCall

extract LTM VS ssl profile binding cert and key information to generate a json with python f5-sdk

iControlREST Swagger File

Connection list via iControlREST API

iControlREST Auth Token and Transaction Example (Postman)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS