Generate private key w/ CSR via iControl REST

Problem this snippet solves: Generate a private key w/ CSR How to use this snippet: To create a private key with a CSR via iControl REST:   POST URL: https://10.1.1.165/mgmt/tm/sys/crypto/key ...
Published Aug 13, 2019
Version 1.0
application delivery
iControl
iControlREST
ssl
B_Earp's avatar
B_Earp
Icon for Altocumulus rankAltocumulus
Apr 24, 2024

    Tested Version 16.1.3

#!/bin/bash

### Set Variables ###
fqdn="www.testing1.com"
bigip="mybigip.company.com"
partition="myPartition"
username="myUsername"
password="myPassword"
subjectAlternativeName="DNS:www.testing2.com,DNS:www.testing3.com""

### Set Data ###
data='{
"name":"'"$fqdn"'.key",
"commonName":"'"$fqdn"'",
"partition":"'"$partition"'",
"keySize":"4096",
"keyType":"rsa-private",
"options":[{"gen-csr":"'"$fqdn"'"}],
"organization":"ACME Inc ",
"ou":"IT Security",
"city":"Houston",
"state":"Texas",
"country":"US",
"subject-alternative-name":"DNS:'"$fqdn"','"$subjectAlternativeName"'"
}'

### Create Key & CSR ###
curl -sku $username:$password -X POST -H "Content-Type: application/json" -d "$data" https://$bigip/mgmt/tm/sys/crypto/key

### Download CSR ###
function list_csr() {
    data="{\"command\":\"run\",\"utilCmdArgs\":\"-c 'tmsh list sys crypto csr /"$partition"/"$fqdn".key \| grep -ve \'sys crypto\' -ve \'}\' -ve \' \' '\"}"
    curl -sku $username:$password -H "Content-Type: application/json" -X POST https://$bigip/mgmt/tm/util/bash -d "$data" | jq -r '.commandResult' | awk '/-----BEGIN CERTIFICATE REQUEST-----/,/-----END CERTIFICATE REQUEST-----/'
}

### Write CSR to a file ###
list_csr > "$fqdn".csr

### new line ###
echo -e "\n"

### Verify CSR ###
openssl req -text -noout -verify -in "$fqdn".csr

### Open CSR in default program ###
explorer "$fqdn".csr

 

  • Samir's avatar
    Samir
    Icon for MVP rankMVP
    Jul 11, 2024

    It is failing when we use wildcard common name i.e '*.abc.example.com'. Appreciate your help.