Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

is there a way to download / export the actual Key / RSA Certificate files from BIG-IP, using the iControl REST?

kchristidis_249
Nimbostratus
Nimbostratus

‎09-Mar-2016 03:07

Hi all,

 

I know there is a way to upload and import key/cert to F5 either fromFile or fromUrl.

 

I also know that there is a way to download files from /mgmt/tm/asm/file-transfer/downloads/fooFile.txt using iControl REST.

 

Is there a way to download/export the actual Key / Certificate files from BIG-IP, using the iControl REST service?

 

if not directly, is there any way to export Key/Cert under F5_IP:/ts/var/rest/ download those files using the download REST call?

 

Labels:
5 REPLIES 5

Brad_Parker
Cirrus
Cirrus

‎09-Mar-2016 11:27 - last edited on ‎05-Jun-2023 16:13 by Fog

I do not believe there is any way to download systems files via REST API. I would recommend using SFTP/SCP. They live in 

/config/filestore/files_d/(PartitionName)_d/certificate_d
and 
/config/filestore/files_d/(PartitionName)_d/certificate_key_d

0 Kudos

JoshBecigneul
MVP
MVP

‎09-Mar-2016 19:41

The SOAP iControl API has this functionality, but obviously it will add complexity to your application.

 

https://devcentral.f5.com/wiki/iControl.Management__KeyCertificate.ashx

 

I had thought about using a deployment script to place the file in the web server's directory at some path, make the call on the REST API, and then delete the file afterward, possibly throwing in a htaccess file to restrict access to the F5's source IP. I'll see about working on a proof of concept for that.

 

0 Kudos

martijnbrands_3
Nimbostratus
Nimbostratus

‎18-Feb-2019 05:11

Is there any news on this item. I need the same functionality. I want to download the key with the REST API to install the key on an other loadbalancer.

 

I see I can download the key with the F5 IControl GUI but I need this function programmatically.

 

0 Kudos

Satoshi_Toyosa1
F5 Employee
F5 Employee

‎18-Feb-2019 14:20 - last edited on ‎05-Jun-2023 11:28 by Fog

Demystifying iControl REST Part 5: Transferring Files describes the method to download a file from BIG-IP.

Because the API only allows you to download files under 

/shared/images
, you need to make a copy of the target file there. Unfortunately, 
/mgmt/tm/sys/util
(or 
tmsh run sys util
) does not have a copy function (it does have 
mv
and 
rm
though), you need to use 
/mgmt/tm/sys/util/bash
to run the Unix 
cp
command before calling the download request.

I personally recommend the scp/sftp method Brad Parker mentioned. You do not need to worry about tidying the shared directory.

0 Kudos

martijnbrands_3
Nimbostratus
Nimbostratus

‎20-Feb-2019 06:27 - last edited on ‎05-Jun-2023 11:28 by Fog

I have managed it. I use sftp with the following url's 

/config/filestore/files_d/Common_d/certificate_key_d/
and 
/config/filestore/files_d/Common_d/certificate_d/
to download the keys and certificates. I use this in a .NET c application.

The only trick is to find the right file because of the postfix with a random number. You don't know this number after generation of the Key 

:Common:default.key_19751_1
.

anyway thanks for your help

0 Kudos
Copyright © 2023 Khoros, LLC