cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Gregory_Robinso
F5 Employee
F5 Employee

Problem this snippet solves:

Generate a private key w/ CSR

How to use this snippet:

To create a private key with a CSR via iControl REST:

 

POST URL: https://10.1.1.165/mgmt/tm/sys/crypto/key

Use the data below as your payload.


For the name field, it must end in .key or you will get a false 404!

Code :

{  
"name":"www.testing.com.key",  
"commonName":"www.testing.com",  
"keySize":"4096",  
"keyType":"rsa-private",  
"options":[{"gen-csr":"www.testing.com"}],  
"organization":"Let It Snow Corp.",  
"ou":"Ice Engineering",  
"city":"Calhoun",  
"state":"AZ",  
"admin-email-address":"jerry@letit.snow",  
"email-address":"beth@letit.snow",  
"subject-alternative-name":"DNS:www.testing.com",  
"challenge-password":"myP4ssword"  
}

Tested this on version:

13.0
Comments
Tushar_Jagdale
Nimbostratus
Nimbostratus

Hi Gregory,

Thanks for the post! is there a GET or any other API to pull the newly created/generated CSR?

Regards,

Gregory_Robinso
F5 Employee
F5 Employee

Tushar,

 

Take a look at this: https://devcentral.f5.com/s/question/0D51T00006i7del/export-a-fips-based-csr-certificate-signing-request-via-icontrol

 

Let me know if that doesn't help.

Abdessamad1
Cirrostratus
Cirrostratus

The same can be done with python SDK:

mgmt.tm.sys.crypto.keys.key.create(name='www.testing.com.key', options=[{"gen-csr":"www.testing.com"}], commonName='www.testing.com', country='BE', city='Brussels', organization='AEL Lab', ou='IT', subjectAlternativeName='DNS:www.testing.com, DNS:testing.com')

But couldn't find a way to retrieve the CSR file or text directly with SDK? I guess we have to go via mgmt.tm.util.bash.exec_cmd

newbieF5guy
Nimbostratus
Nimbostratus

This helped me a lot!

 

Gregory do you know from here how I could retrieve the CSR and key text directly using the iControl RestAPI?

Gregory_Robinso
F5 Employee
F5 Employee

Check out this post: https://devcentral.f5.com/s/question/0D51T00006i7d2P/is-there-a-way-to-download-export-the-actual-ke...

 

Unfortunately I don't think there is a way to do it via iControl REST.

Zdenda
Cirrus
Cirrus

How can I specify a partition? When added to JSON it seems to be ignored

Muhammad_Rafi
Nimbostratus
Nimbostratus

 add the following key pair in the above payload, it works for me

"partition":"PART1",

 

note: replace PART1 with your partition you want to generate the key on.

ishhyd82
Nimbostratus
Nimbostratus

  Can you please share the code which worked for you?

Muhammad_Rafi
Nimbostratus
Nimbostratus

 Here is the pay payload and URI for the CSR generations

https://{{bigip}}/mgmt/tm/sys/crypto/csr

Please note, you need to have key generated before prior to create the CSR.

 

{ "name": "www.example.com", "commonName": "www.example.com", "partition":"TENANT_2", "key": "www.example.com.key", "organization": "Cutomer4", "ou": "Engineering", "city": "London", "state_or_province_name": "England", "country": "UK", "email-address": "customer4@example2.com" }

 

Version history
Last update:
‎13-Aug-2019 06:10
Updated by:
Contributors