BIG-IQ & AS3 Template using Certificates uploaded to BIG-IQ

Question

Good Day -Currently I am running BIG-IQ version 8.2.x, and we are deploying / migrating all legacy applications over to BIG-IQ AS3 templates.Currently we utilize a BYOC (Bring your own Certificate) model, where end users will need to download certs, copy and past into the applicaiton via BIG-IQ. I do not have the API process setup just yet, but they are bound by the AS3 template created in BIG-IQ.We are now looking at intergrating BIG-IQ with Venafi 22.4.1.2245.What I am trying to figure out is the following?My thought would be Venafi automated process to import/upload as in the link below into BIG-IQ, and then with the Veanfi intergration certificates could be set to auto renew, and the app owner would just need to republish their applicaiton to update certificate.https://clouddocs.f5.com/products/big-iq/mgmt-api/v0.0/HowToSamples/bigiq_public_api_wf/t_import_cert_and_key.htmlBut now I am trying to how to link the AS3 templates for the applications to the certificate now imported into BIG-IQ.The values I have within the Certificate section of the AS3 template are the following:Base64 (We are not using this)Text (this what we are using for BYOC process where users copy and paste txt version of cert but looking to improve with the process above)Resource URL (I tried using similar for my cert like the below links from the above import article, but this is not working, for it is giving a pointer error) (Question? could this be a url to Venafi where it could download the certificate automatically?)https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-key/ed0168ee-696f-3036-8266-7b81c4840246https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-cert/9c6dfe1c-7d89-3447-bf35-e58c88904a7cCopy from (I tried this with all different variants from the import document, but I just keep getting F5pointer error) Does anybody know how to use this to pull the certificate in?BIG-IP component pathname (This will not work as the cert would need to be pushed to the BIG-IP)Anybody have any thoughts on this? My goal is to not have to do any Certificate Management apsect, just either profile the link to where cert can be pulled from via BIG-IQ or Venafi when a user deploys the application. Ideally would be using the process to import the cert, and referencing this cert on BIG-IQ at deployment time?Any help would be greatly appreciated.Thx&nbsp;

leslie_hubertus · Answer

richard_polyak&nbsp;I think your question got caught in quarter-end madness. I've escalated your question again to try to find you an answer. Sorry for the delay!

leslie_hubertus · Answer

Hi&nbsp;richard_polyak&nbsp;- I see nobody has answered you yet. I've called out your post in this week's&nbsp;Community Highlights, Week 9 '23&nbsp;article to increase visibility, and forwarded this link to a colleague to see if they can help.&nbsp;

richard_polyak · Answer

Thank you for assistance.

Forum Discussion

BIG-IQ & AS3 Template using Certificates uploaded to BIG-IQ

3 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

File upload and ASM

File Uploads and ASM

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

External Monitor Information and Templates