Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Patching additional TLS certificate to the existing virtual server

Aravind
Nimbostratus
Nimbostratus

‎01-Sep-2021 03:59 - last edited on ‎04-Jun-2023 19:19 by Fog

Hi,

I am New to AS3.

tried following json file to patch the new TLS certificate to the existing virtual server however its not working. can you let me know what is the correct procedure ?

{
  "class": "AS3",
  "action": "patch",
  "patchBody": [
    {
      "op": "add",
      "path": "/tenanat/Application/private-vip/front-cert",
      "value": {
        
          "class": "TLS_Server",
          "certificates": [
          {
          "certificate": "frontend-cert"
          }
          ],
          "ciphers": "DEFAULT",          
          "frontend-cert": {
          "class": "Certificate",
          "certificate": "-----BEGIN CERTIFICATE-----fsdfsdfdshfd-----END CERTIFICATE-----\n",
          "privateKey": "-----BEGIN PRIVATE KEY-----edfddsfdsfds-----END PRIVATE KEY-----\n"
          },
          "private-vip": {
            "layer4": "tcp",            
            "class": "Service_HTTPS",        
            "ServerTLS" : "front-cert",
            "redirect80": false,
            "shareAddresses": true,
            "virtualAddresses": [
              "192.168.1.x"
            ]
          }
      }
    }
    
  ]
}
Labels:
0 Kudos
1 REPLY 1

Aravind
Nimbostratus
Nimbostratus

‎01-Sep-2021 06:42 - last edited on ‎04-Jun-2023 19:19 by Fog

after a little bit tweaking in the json file, i could see the new certificate and ssl profile is created in F5 however the association to the virtual server is not happening. following is the updated json file. 

{
  "class": "AS3",
  "action": "patch",
  "patchBody": [
    {
      "op": "add",
      "path": "/tenant/Application/front-cert",
      "value": {
        
          "class": "TLS_Server",
          
          "certificates": [
          {
          "certificate": "frontend-cert"
          }
          ],
          "ciphers": "DEFAULT"          
        }
    },
    {
      "op": "add",
      "path": "/tenant/Application/frontend-cert",
      "value": {          
          "class": "Certificate",
          "certificate": "-----BEGIN CERTIFICATE-----ffddedddd---END CERTIFICATE-----\n",
          "privateKey": "-----BEGIN PRIVATE KEY-----ffdddeeessddd-----END PRIVATE KEY-----\n"
          },
          "Application":{    
          "class": "Application",
          "private-vip-0.4": {
            "layer4": "tcp",            
            "class": "Service_HTTPS",        
            "serverTLS": "front-cert",
             "shareAddresses": true,
            "virtualAddresses": [
              "192.168.1.x"
            ]                     
          }
          }
    }
    
  ]
}

I guess, by default this parameter is enabled " default SSL profile for SNI" in TLS_Server profile. due to this, the new ssl profile is not associated. tried looking at the api document for this parameter but could not find the specific key.

0 Kudos
Copyright © 2023 Khoros, LLC