Automate import of SSL Certificate, Key & CRL from BIG-IP to BIG-IQ

acurry583,

It's strange that you would encounter a diff here. The keys and certs can only be imported from BIG-IP into BIG-IQ when the checksum matches, so I think the checksums must have been the same at the time you ran the import script. Typical workflow would go something like this:

1. Discover & Import LTM from the BIG-IP to BIG-IQ. At this time the BIG-IQ and BIG-IP will have the same checksum for the file, but BIG-IQ will not have the file content.

    

2. Run the import script. The script will copy the file content from BIG-IP and add it to the storage on BIG-IQ.

    

Step 2 will only succeed if the file content matches the checksum that originally came from BIG-IP during step 1.

This suggests that somewhere along the line you have modified the certificate. This does not appear to be related to passwords, since certificates don't use passwords (as far as I'm aware, anyway).

The data we can see for the cert looks the same on both sides, so it may be that the meaningful file content is identical, but the actual bytes of the files differ (for example, whitespace could have been added or removed). If you are inclined, you could examine the two versions of the file (from BIG-IP and from BIG-IQ) and see what has changed (though I'm not sure there's an easy way to fetch the file data on BIG-IQ--I could get you details on how to locate it if necessary). However, if you are confident that the file on BIG-IP is correct then I would suggest just accepting the BIG-IP version (which should import the file metadata and leave it unmanaged on BIG-IQ) then re-running the file import script to pull in the file content. Or, alternatively, delete the BIG-IQ object, import LTM, then run the import script.