Automate import of SSL Certificate, Key & CRL from BIG-IP to BIG-IQ

The functionality to automate the import of SSL cert & key from BIG-IP to BIG-IQ is available in the product starting BIG-IQ 7.0 and above. This script should not be used on BIG-IQ 7.0+ as it h...
Updated Jun 06, 2023
Version 3.0
application delivery
BIG-IP
BIG-IQ
certificate
ssl
megakoresh's avatar
megakoresh
Icon for Nimbostratus rankNimbostratus
Mar 19, 2019

Helow, we have also issue running the script on BigIQ. When we run the script from bigiq, it throws pickle EOF exception. So we took the lines that are to be evaluated on the BigIP:

import f5.mcp, pickle;
 Include only the few attributes we care about, since not everything
 can be pickled/unpickled.
attrs=["cache_path","name","checksum","passphrase"];
 Function to translate objects into a pickleable form.
m=lambda d: dict((k,v) for (k,v) in d.items() if k in attrs);
 Stub just to test
object_type = 'certificate_key_file_object'
r=f5.mcp.MCPConnection().query_all("' + object_type + '");
print pickle.dumps([m(o) for o in r])

And tried running that on BigIP to see what happens and got

    r=f5.mcp.MCPConnection().query_all("' + object_type + '");
  File "/usr/lib/python2.6/f5/mcp/__init__.py", line 182, in __call__
    raise McpError, "Incompatible Version"
_pymcp.McpError: Incompatible Version

Google is for once completely useless, seems we are the first to have this issue. The mcp submodule does not have any documentation either. Can you help? We have around 500 certs on 20+ loadbalancers and we really need this script to bulk-import them all.