Forum Discussion

romio28's avatar
romio28
Icon for Altostratus rankAltostratus
Jan 12, 2023

Export/Import ssl certificate from python f5-sdk

Hi,

How to automate the export/import of ssl certificates from python sdk?

 Thanks in advance.

application delivery
devops

3 Replies

Sort By
  • ahmad24954's avatar
    ahmad24954
    Icon for Nimbostratus rankNimbostratus
    Jan 12, 2023

    Hi try below script 

    import f5-sdk
    mgmt = f5-sdk.ManagementRoot("<IP_ADDRESS>", "<USERNAME>", "<PASSWORD>")

    # Import a certificate and key from drive
    mgmt.ssl.import_key("D:\\<CERTIFICATE_FILE>", "D:\\<KEY_FILE>")

  • xuwen's avatar
    xuwen
    Icon for Cumulonimbus rankCumulonimbus
    Jan 13, 2023

    Export the key and crt contents of the certificate in the system. There is no quick interface. The key and crt files are stored in:

    /config/filestore/files_ d/Common_ d/certificate_ d/

    /config/filestore/files_d/Common_d/certificate_key_d/

    you can use the until.bash interface of the api to execute the cat command to view the corresponding file contents

    Here is code to import local desk crt and key to F5:

     

    from f5.bigip import ManagementRoot

mgmt = ManagementRoot('192.168.100.7', 'admin', 'xt3211@2020')

client_crt_name = 'gtm-client.crt'
client_key_name = 'gtm-client.key'
try:
    mgmt.shared.file_transfer.uploads.upload_file(
                                    filepathname=r'C:\Users\xuwen\Documents\{}'.format(client_crt_name),
                                    target=client_crt_name)
except Exception as e:
    print('import {} to F5 /var/config/rest/downloads/ failed, reason is '.format(client_crt_name) + str(e))
try:
    mgmt.shared.file_transfer.uploads.upload_file(
                                    filepathname=r'C:\Users\xuwen\Documents\{}'.format(client_key_name),
                                    target=client_key_name)
except Exception as e:
    print('import {} to F5 /var/config/rest/downloads/ failed, reason is '.format(client_key_name) + str(e))
else:
    # create crt and key in GUI Web System  ››  Certificate Management : Traffic Certificate Management : SSL Certificate List
    if mgmt.tm.sys.file.ssl_certs.ssl_cert.exists(
            name=client_crt_name,
            partition='Common') is False:
        try:
            mgmt.tm.sys.file.ssl_certs.ssl_cert.create(
                name=client_crt_name,
                partition='Common',
                sourcePath='file:/var/config/rest/downloads/{}'.format(
                    client_crt_name))
        except Exception as e:
            print('create crt in GUI Web System  ››  Certificate Management : '
                  'Traffic Certificate Management : SSL Certificate Listt {} failed!'
                  ' reason is: '.format(client_crt_name) + str(e))
        try:
            mgmt.tm.sys.file.ssl_keys.ssl_key.create(
                name=client_key_name,
                partition='Common',
                sourcePath='file:/var/config/rest/downloads/{}'.format(
                    client_key_name))
        except Exception as e:
            print('create key in GUI Web System  ››  Certificate Management {} failed! reason is:'
                  ' '.format(client_key_name) + str(e))

     

     

    • romio28's avatar
      romio28
      Icon for Altostratus rankAltostratus
      Apr 05, 2023

      It works as admin role but I cat upload files as Certificate Manager, it’s a big security issuefor us!
      Any idea to solve the problem?

      thanks