I know there is a way to upload and import key/cert to F5 either fromFile or fromUrl.
I also know that there is a way to download files from /mgmt/tm/asm/file-transfer/downloads/fooFile.txt using iControl REST.
Is there a way to download/export the actual Key / Certificate files from BIG-IP, using the iControl REST service?
if not directly, is there any way to export Key/Cert under F5_IP:/ts/var/rest/ download those files using the download REST call?
I do not believe there is any way to download systems files via REST API. I would recommend using SFTP/SCP. They live in
The SOAP iControl API has this functionality, but obviously it will add complexity to your application.
I had thought about using a deployment script to place the file in the web server's directory at some path, make the call on the REST API, and then delete the file afterward, possibly throwing in a htaccess file to restrict access to the F5's source IP. I'll see about working on a proof of concept for that.
Is there any news on this item. I need the same functionality. I want to download the key with the REST API to install the key on an other loadbalancer.
I see I can download the key with the F5 IControl GUI but I need this function programmatically.
Demystifying iControl REST Part 5: Transferring Files describes the method to download a file from BIG-IP.
Because the API only allows you to download files under
, you need to make a copy of the target file there. Unfortunately,
) does not have a copy function (it does have
tmsh run sys util
though), you need to use
to run the Unix
command before calling the download request.
I personally recommend the scp/sftp method Brad Parker mentioned. You do not need to worry about tidying the shared directory.
I have managed it. I use sftp with the following url's
to download the keys and certificates. I use this in a .NET c application.
The only trick is to find the right file because of the postfix with a random number. You don't know this number after generation of the Key
anyway thanks for your help