Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Export/Import ssl certificate from python f5-sdk

romio28
Altostratus
Altostratus

‎12-Jan-2023 03:15

Hi,

How to automate the export/import of ssl certificates from python sdk?

 Thanks in advance.

Labels:
0 Kudos
3 REPLIES 3

ahmad24954
Nimbostratus
Nimbostratus

‎12-Jan-2023 04:08

Hi try below script 

import f5-sdk
mgmt = f5-sdk.ManagementRoot("<IP_ADDRESS>", "<USERNAME>", "<PASSWORD>")

# Import a certificate and key from drive
mgmt.ssl.import_key("D:\\<CERTIFICATE_FILE>", "D:\\<KEY_FILE>")

0 Kudos

xuwen
MVP
MVP

‎12-Jan-2023 18:35 - edited ‎13-Jan-2023 04:49

Export the key and crt contents of the certificate in the system. There is no quick interface. The key and crt files are stored in:

/config/filestore/files_ d/Common_ d/certificate_ d/

/config/filestore/files_d/Common_d/certificate_key_d/

you can use the until.bash interface of the api to execute the cat command to view the corresponding file contents

Here is code to import local desk crt and key to F5:

 

from f5.bigip import ManagementRoot

mgmt = ManagementRoot('192.168.100.7', 'admin', 'xt3211@2020')

client_crt_name = 'gtm-client.crt'
client_key_name = 'gtm-client.key'
try:
    mgmt.shared.file_transfer.uploads.upload_file(
                                    filepathname=r'C:\Users\xuwen\Documents\{}'.format(client_crt_name),
                                    target=client_crt_name)
except Exception as e:
    print('import {} to F5 /var/config/rest/downloads/ failed, reason is '.format(client_crt_name) + str(e))
try:
    mgmt.shared.file_transfer.uploads.upload_file(
                                    filepathname=r'C:\Users\xuwen\Documents\{}'.format(client_key_name),
                                    target=client_key_name)
except Exception as e:
    print('import {} to F5 /var/config/rest/downloads/ failed, reason is '.format(client_key_name) + str(e))
else:
    # create crt and key in GUI Web System  ››  Certificate Management : Traffic Certificate Management : SSL Certificate List
    if mgmt.tm.sys.file.ssl_certs.ssl_cert.exists(
            name=client_crt_name,
            partition='Common') is False:
        try:
            mgmt.tm.sys.file.ssl_certs.ssl_cert.create(
                name=client_crt_name,
                partition='Common',
                sourcePath='file:/var/config/rest/downloads/{}'.format(
                    client_crt_name))
        except Exception as e:
            print('create crt in GUI Web System  ››  Certificate Management : '
                  'Traffic Certificate Management : SSL Certificate Listt {} failed!'
                  ' reason is: '.format(client_crt_name) + str(e))
        try:
            mgmt.tm.sys.file.ssl_keys.ssl_key.create(
                name=client_key_name,
                partition='Common',
                sourcePath='file:/var/config/rest/downloads/{}'.format(
                    client_key_name))
        except Exception as e:
            print('create key in GUI Web System  ››  Certificate Management {} failed! reason is:'
                  ' '.format(client_key_name) + str(e))

 

 

0 Kudos

romio28
Altostratus
Altostratus
In response to xuwen

‎05-Apr-2023 05:06

It works as admin role but I cat upload files as Certificate Manager, it’s a big security issuefor us!
Any idea to solve the problem?

thanks

0 Kudos
Copyright © 2023 Khoros, LLC